Authenticate in the other direction with jwtproxy

conf/init/service/jwtproxy/run

@@ -3,6 +3,6 @@
 echo 'Starting jwtproxy'
 
 cd /
-/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml
+/binary_dependencies/jwtproxy --config conf/jwtproxy_conf.yaml --log-level debug
 
 echo 'Jwtproxy exited'

conf/jwtproxy_conf.yaml.jnj

@@ -1,6 +1,18 @@
 jwtproxy:
   signer_proxy:
-    enabled: false
+    enabled: true
+    listen_addr: :8080
+    signer:
+      issuer: quay
+      expiration_time: 5m
+      max_skew: 1m
+      private_key:
+        type: autogenerated
+        options:
+          key_server:
+            type: keyregistry
+            options:
+              registry: {{ registry }}
   verifier_proxy:
     enabled: true
     listen_addr: unix:/tmp/jwtproxy_secscan.sock

config.py

@@ -288,6 +288,7 @@ class DefaultConfig(object):
     'API_VERSION': 'v1',
     'API_TIMEOUT_SECONDS': 10,
     'API_TIMEOUT_POST_SECONDS': 480,
+    'PROXY': 'http://localhost:8080',
   }
 
   # Torrent management flags

util/secscan/api.py

@@ -257,4 +257,5 @@ class SecurityScannerAPI(object):
     with CloseForLongOperation(self.config):
       logger.debug('%sing security URL %s', method.upper(), url)
       return client.request(method, url, json=body, params=params, timeout=timeout,
-                            cert=self._keys, verify=self._certificate, headers=headers)
+                            cert=self._keys, verify=self._certificate, headers=headers,
+                            proxies=security_config.get('PROXY'))