Configure jwtproxy from stack/conf yaml
This commit is contained in:
Evan Cordell
Jimmy Zelinskie
parent
adc86456b5
commit
da0a988650
4 changed files with 29 additions and 6 deletions
23
boot.py
23
boot.py
|
|
@ -1,13 +1,36 @@
|
||||||
#!/usr/bin/env python
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
from urlparse import urlunparse
|
||||||
|
|
||||||
import release
|
import release
|
||||||
|
from jinja2 import Template
|
||||||
|
|
||||||
from app import app
|
from app import app
|
||||||
from data.model.release import set_region_release
|
from data.model.release import set_region_release
|
||||||
from util.config.database import sync_database_with_config
|
from util.config.database import sync_database_with_config
|
||||||
|
|
||||||
|
|
||||||
|
def create_jwtproxy_conf():
|
||||||
|
audience = urlunparse((
|
||||||
|
app.config.get('PREFERRED_URL_SCHEME'),
|
||||||
|
app.config.get('SERVER_HOSTNAME'), '', '', '', ''))
|
||||||
|
|
||||||
|
registry = audience + '/keys'
|
||||||
|
|
||||||
|
with open("/conf/jwtproxy_conf.yaml.jnj") as f:
|
||||||
|
template = Template(f.read())
|
||||||
|
rendered = template.render(
|
||||||
|
audience=audience,
|
||||||
|
registry=registry
|
||||||
|
)
|
||||||
|
|
||||||
|
with open('/conf/jwtproxy_conf.yaml', 'w') as f:
|
||||||
|
f.write(rendered)
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
create_jwtproxy_conf()
|
||||||
|
|
||||||
if app.config.get('SETUP_COMPLETE', False):
|
if app.config.get('SETUP_COMPLETE', False):
|
||||||
sync_database_with_config(app.config)
|
sync_database_with_config(app.config)
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -37,8 +37,8 @@ map $http_x_forwarded_proto $proper_scheme {
|
||||||
upstream web_app_server {
|
upstream web_app_server {
|
||||||
server unix:/tmp/gunicorn_web.sock fail_timeout=0;
|
server unix:/tmp/gunicorn_web.sock fail_timeout=0;
|
||||||
}
|
}
|
||||||
upstream jwtproxy {
|
upstream jwtproxy_secscan {
|
||||||
server unix:/tmp/jwtproxy.sock fail_timeout=0;
|
server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
|
||||||
}
|
}
|
||||||
upstream verbs_app_server {
|
upstream verbs_app_server {
|
||||||
server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
|
server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
|
||||||
|
|
|
||||||
|
|
@ -3,11 +3,11 @@ jwtproxy:
|
||||||
enabled: false
|
enabled: false
|
||||||
verifier_proxy:
|
verifier_proxy:
|
||||||
enabled: true
|
enabled: true
|
||||||
listen_addr: unix:/tmp/jwtproxy.sock
|
listen_addr: unix:/tmp/jwtproxy_secscan.sock
|
||||||
verifier:
|
verifier:
|
||||||
upstream: unix:/tmp/gunicorn_web.sock
|
upstream: unix:/tmp/gunicorn_web.sock
|
||||||
audience: quay
|
audience: {{ audience }}
|
||||||
key_server:
|
key_server:
|
||||||
type: keyregistry
|
type: keyregistry
|
||||||
options:
|
options:
|
||||||
registry: unix:/tmp/gunicorn_web.sock
|
registry: {{ registry }}
|
||||||
|
|
@ -50,7 +50,7 @@ location ~ ^/(v1/repositories|v2/auth)/ {
|
||||||
}
|
}
|
||||||
|
|
||||||
location /secscan/ {
|
location /secscan/ {
|
||||||
proxy_pass http://jwtproxy;
|
proxy_pass http://jwtproxy_secscan;
|
||||||
}
|
}
|
||||||
|
|
||||||
location ~ ^/v2 {
|
location ~ ^/v2 {
|
||||||
|
|
|
||||||
Reference in a new issue