Use the instance service key for registry JWT signing
This commit is contained in:
Joseph Schorr
parent
a4aa5cc02a
commit
8887f09ba8
26 changed files with 457 additions and 278 deletions
9
boot.py
9
boot.py
|
|
@ -47,15 +47,16 @@ def setup_jwt_proxy():
|
|||
return
|
||||
|
||||
# Generate the key for this Quay instance to use.
|
||||
minutes_until_expiration = app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 120)
|
||||
minutes_until_expiration = app.config.get('INSTANCE_SERVICE_KEY_EXPIRATION', 120)
|
||||
expiration = datetime.now() + timedelta(minutes=minutes_until_expiration)
|
||||
quay_key, quay_key_id = generate_key('quay', get_audience(), expiration_date=expiration)
|
||||
quay_key, quay_key_id = generate_key(app.config['INSTANCE_SERVICE_KEY_SERVICE'],
|
||||
get_audience(), expiration_date=expiration)
|
||||
|
||||
with open('conf/quay.kid', mode='w') as f:
|
||||
with open(app.config['INSTANCE_SERVICE_KEY_KID_LOCATION'], mode='w') as f:
|
||||
f.truncate(0)
|
||||
f.write(quay_key_id)
|
||||
|
||||
with open('conf/quay.pem', mode='w') as f:
|
||||
with open(app.config['INSTANCE_SERVICE_KEY_LOCATION'], mode='w') as f:
|
||||
f.truncate(0)
|
||||
f.write(quay_key.exportKey())
|
||||
|
||||
|
|
|
|||
Reference in a new issue