Joseph Schorr
parent
53ce4de6aa
commit
2cbdecb043
23 changed files with 584 additions and 116 deletions
39
boot.py
39
boot.py
|
|
@ -5,8 +5,9 @@ from urlparse import urlunparse
|
|||
|
||||
from jinja2 import Template
|
||||
from cachetools import lru_cache
|
||||
import release
|
||||
|
||||
import release
|
||||
import os.path
|
||||
|
||||
from app import app
|
||||
from data.model.release import set_region_release
|
||||
|
|
@ -37,49 +38,49 @@ def get_audience():
|
|||
return urlunparse((scheme, hostname + ':' + port, '', '', '', ''))
|
||||
|
||||
|
||||
def create_quay_service_key():
|
||||
def setup_jwt_proxy():
|
||||
"""
|
||||
Creates a service key for quay to use in the jwtproxy
|
||||
Creates a service key for quay to use in the jwtproxy and generates the JWT proxy configuration.
|
||||
"""
|
||||
if os.path.exists('conf/jwtproxy_conf.yaml'):
|
||||
# Proxy is already setup.
|
||||
return
|
||||
|
||||
# Generate the key for this Quay instance to use.
|
||||
minutes_until_expiration = app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 120)
|
||||
expiration = datetime.now() + timedelta(minutes=minutes_until_expiration)
|
||||
quay_key, key_id = generate_key('quay', get_audience(), expiration_date=expiration)
|
||||
quay_key, quay_key_id = generate_key('quay', get_audience(), expiration_date=expiration)
|
||||
|
||||
with open('/conf/quay.kid', mode='w') as f:
|
||||
with open('conf/quay.kid', mode='w') as f:
|
||||
f.truncate(0)
|
||||
f.write(key_id)
|
||||
f.write(quay_key_id)
|
||||
|
||||
with open('/conf/quay.pem', mode='w') as f:
|
||||
with open('conf/quay.pem', mode='w') as f:
|
||||
f.truncate(0)
|
||||
f.write(quay_key.exportKey())
|
||||
|
||||
return key_id
|
||||
|
||||
|
||||
def create_jwtproxy_conf(quay_key_id):
|
||||
"""
|
||||
Generates the jwtproxy conf from the jinja template
|
||||
"""
|
||||
# Generate the JWT proxy configuration.
|
||||
audience = get_audience()
|
||||
registry = audience + '/keys'
|
||||
security_issuer = app.config.get('SECURITY_SCANNER_ISSUER_NAME', 'security_scanner')
|
||||
|
||||
with open("/conf/jwtproxy_conf.yaml.jnj") as f:
|
||||
with open("conf/jwtproxy_conf.yaml.jnj") as f:
|
||||
template = Template(f.read())
|
||||
rendered = template.render(
|
||||
audience=audience,
|
||||
registry=registry,
|
||||
key_id=quay_key_id
|
||||
key_id=quay_key_id,
|
||||
security_issuer=security_issuer,
|
||||
)
|
||||
|
||||
with open('/conf/jwtproxy_conf.yaml', 'w') as f:
|
||||
with open('conf/jwtproxy_conf.yaml', 'w') as f:
|
||||
f.write(rendered)
|
||||
|
||||
|
||||
def main():
|
||||
if app.config.get('SETUP_COMPLETE', False):
|
||||
sync_database_with_config(app.config)
|
||||
quay_key_id = create_quay_service_key()
|
||||
create_jwtproxy_conf(quay_key_id)
|
||||
setup_jwt_proxy()
|
||||
|
||||
# Record deploy
|
||||
if release.REGION and release.GIT_HEAD:
|
||||
|
|
|
|||
Reference in a new issue