address review comments

- more inline documentation - don't explicitly specify audience - approver is optional in `generate_key` - ADD -> RUN for better caching of jwtproxy
2016-04-28 20:10:28 -05:00 · 2016-04-28 20:10:28 -05:00 · c766727d1d
commit c766727d1d
parent 9df650688b
5 changed files with 41 additions and 11 deletions
--- a/boot.py
+++ b/boot.py
@ -1,23 +1,22 @@
 #!/usr/bin/env python

-from datetime import datetime, timedelta
+from datetime import datetime
 from urlparse import urlunparse
-import json

-from jwkest.jwk import RSAKey
 from jinja2 import Template
 import release

 from app import app
-from data.database import ServiceKeyApprovalType
 from data.model.release import set_region_release
-from data.model.service_keys import generate_service_key, approve_service_key
 from util.config.database import sync_database_with_config
 from util.generatepresharedkey import generate_key


 def create_quay_service_key():
-  quay_key, key_id = generate_key(None, 'quay', 'quay')
+  """
+  Creates a service key for quay to use in the jwtproxy
+  """
+  quay_key, key_id = generate_key('quay', 'quay')

  with open('/conf/quay.pem', mode='w') as f:
    f.truncate(0)
@ -26,8 +25,33 @@ def create_quay_service_key():
  return key_id


-def create_jwtproxy_conf(quay_key_id):
+def get_audience():
  audience = app.config.get('JWTPROXY_AUDIENCE')
+
+  if audience:
+    return audience
+
+  scheme = app.config.get('PREFERRED_URL_SCHEME')
+  hostname = app.config.get('SERVER_HOSTNAME')
+
+  # hostname includes port, use that
+  if ':' in hostname:
+    return urlunparse((scheme, hostname, '', '', '', ''))
+
+  # no port, guess based on scheme
+  if scheme == 'https':
+    port = '443'
+  else:
+    port = '80'
+
+  return urlunparse((scheme, hostname + ':' + port, '', '', '', ''))
+
+
+def create_jwtproxy_conf(quay_key_id):
+  """
+  Generates the jwtproxy conf from the jinja template
+  """
+  audience = get_audience()
  registry = audience + '/keys'

  with open("/conf/jwtproxy_conf.yaml.jnj") as f: