diff --git a/conf/init/service/jwtproxy/run b/conf/init/service/jwtproxy/run index 48613a7a9..24e5f0d5f 100755 --- a/conf/init/service/jwtproxy/run +++ b/conf/init/service/jwtproxy/run @@ -3,6 +3,6 @@ echo 'Starting jwtproxy' cd / -/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml +/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml --log-level debug echo 'Jwtproxy exited' diff --git a/conf/jwtproxy_conf.yaml.jnj b/conf/jwtproxy_conf.yaml.jnj index 969bbca14..83e21d3c8 100644 --- a/conf/jwtproxy_conf.yaml.jnj +++ b/conf/jwtproxy_conf.yaml.jnj @@ -1,6 +1,18 @@ jwtproxy: signer_proxy: - enabled: false + enabled: true + listen_addr: :8080 + signer: + issuer: quay + expiration_time: 5m + max_skew: 1m + private_key: + type: autogenerated + options: + key_server: + type: keyregistry + options: + registry: {{ registry }} verifier_proxy: enabled: true listen_addr: unix:/tmp/jwtproxy_secscan.sock diff --git a/config.py b/config.py index 65661637c..920fce825 100644 --- a/config.py +++ b/config.py @@ -288,6 +288,7 @@ class DefaultConfig(object): 'API_VERSION': 'v1', 'API_TIMEOUT_SECONDS': 10, 'API_TIMEOUT_POST_SECONDS': 480, + 'PROXY': 'http://localhost:8080', } # Torrent management flags diff --git a/util/secscan/api.py b/util/secscan/api.py index 65ff8b37a..2aa301ecf 100644 --- a/util/secscan/api.py +++ b/util/secscan/api.py @@ -257,4 +257,5 @@ class SecurityScannerAPI(object): with CloseForLongOperation(self.config): logger.debug('%sing security URL %s', method.upper(), url) return client.request(method, url, json=body, params=params, timeout=timeout, - cert=self._keys, verify=self._certificate, headers=headers) + cert=self._keys, verify=self._certificate, headers=headers, + proxies=security_config.get('PROXY'))