#!/usr/bin/env python from datetime import datetime, timedelta from urlparse import urlunparse from jinja2 import Template from cachetools import lru_cache import release from app import app from data.model.release import set_region_release from util.config.database import sync_database_with_config from util.generatepresharedkey import generate_key @lru_cache(maxsize=1) def get_audience(): audience = app.config.get('JWTPROXY_AUDIENCE') if audience: return audience scheme = app.config.get('PREFERRED_URL_SCHEME') hostname = app.config.get('SERVER_HOSTNAME') # hostname includes port, use that if ':' in hostname: return urlunparse((scheme, hostname, '', '', '', '')) # no port, guess based on scheme if scheme == 'https': port = '443' else: port = '80' return urlunparse((scheme, hostname + ':' + port, '', '', '', '')) def create_quay_service_key(): """ Creates a service key for quay to use in the jwtproxy """ minutes_until_expiration = app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 120) expiration = datetime.now() + timedelta(minutes=minutes_until_expiration) quay_key, key_id = generate_key('quay', get_audience(), expiration_date=expiration) with open('/conf/quay.kid', mode='w') as f: f.truncate(0) f.write(key_id) with open('/conf/quay.pem', mode='w') as f: f.truncate(0) f.write(quay_key.exportKey()) return key_id def create_jwtproxy_conf(quay_key_id): """ Generates the jwtproxy conf from the jinja template """ audience = get_audience() registry = audience + '/keys' with open("/conf/jwtproxy_conf.yaml.jnj") as f: template = Template(f.read()) rendered = template.render( audience=audience, registry=registry, key_id=quay_key_id ) with open('/conf/jwtproxy_conf.yaml', 'w') as f: f.write(rendered) def main(): if app.config.get('SETUP_COMPLETE', False): sync_database_with_config(app.config) quay_key_id = create_quay_service_key() create_jwtproxy_conf(quay_key_id) # Record deploy if release.REGION and release.GIT_HEAD: set_region_release(release.SERVICE, release.REGION, release.GIT_HEAD) if __name__ == '__main__': main()