vbatts/quay
Archived
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Generate private key on startup

Browse source
This commit is contained in:
Evan Cordell 2016-04-27 13:39:01 -05:00 committed by Jimmy Zelinskie
parent 85667a9cf6
commit 668ce2c7cd
5 changed files with 41 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

34
boot.py
View file

@ -1,15 +1,46 @@
#!/usr/bin/env python
from datetime import datetime, timedelta
from urlparse import urlunparse
import json
import release
from jwkest.jwk import RSAKey
from jinja2 import Template
import release
from app import app
from data.database import ServiceKeyApprovalType
from data.model.release import set_region_release
from data.model.service_keys import generate_service_key, approve_service_key
from util.config.database import sync_database_with_config
def create_quay_service_key(seconds_until_expiration):
expiration = timedelta(seconds=seconds_until_expiration)
private_key, service_key = generate_service_key('quay', datetime.now()+expiration)
approve_service_key(service_key.kid, None, ServiceKeyApprovalType.SUPERUSER)
private_key_file = {
'KeyID': service_key.kid,
'PrivateKey': {
'N': int(private_key._n),
'E': int(private_key._e),
'D': int(private_key._d),
'Primes': [int(private_key._p), int(private_key._q)],
'Precomputed': {
'Dp': None,
'Dq': None,
'Quinv': None,
'CRTValues': []
}
}
}
with open('/conf/quay.jwk', mode='w') as f:
f.truncate(0)
f.write(json.dumps(private_key_file))
def create_jwtproxy_conf():
audience = urlunparse((
app.config.get('PREFERRED_URL_SCHEME'),
@ -33,6 +64,7 @@ def main():
if app.config.get('SETUP_COMPLETE', False):
sync_database_with_config(app.config)
create_quay_service_key(app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 500))
# Record deploy
if release.REGION and release.GIT_HEAD: