Use the instance service key for registry JWT signing

2016-05-31 16:48:19 -04:00 · 2016-05-31 16:48:19 -04:00 · 8887f09ba8
commit 8887f09ba8
parent a4aa5cc02a
26 changed files with 457 additions and 278 deletions
--- a/workers/service_key_worker.py
+++ b/workers/service_key_worker.py
@ -1,7 +1,7 @@
 import logging
 from datetime import datetime, timedelta

-from app import app
+from app import app, instance_keys
 from data.model.service_keys import set_key_expiration
 from workers.worker import Worker

@ -17,14 +17,9 @@ class ServiceKeyWorker(Worker):
    """
    Refreshes active service keys so they don't get garbage collected.
    """
-    with open("/conf/quay.kid") as f:
-      kid = f.read()
-
-    minutes_until_expiration = app.config.get('INSTANCE_SERVICE_KEY_EXPIRATION', 120)
-    expiration = timedelta(minutes=minutes_until_expiration)
-
+    expiration = timedelta(minutes=instance_keys.service_key_expiration)
    logger.debug('Starting refresh of automatic service keys')
-    set_key_expiration(kid, datetime.now() + expiration)
+    set_key_expiration(instance_keys.local_key_id, datetime.now() + expiration)
    logger.debug('Finished refresh of automatic service keys')

 if __name__ == "__main__":