quay/boot.py

#!/usr/bin/env python

from datetime import datetime, timedelta
from urlparse import urlunparse
import json

from jwkest.jwk import RSAKey
from jinja2 import Template
import release

from app import app
from data.database import ServiceKeyApprovalType
from data.model.release import set_region_release
from data.model.service_keys import generate_service_key, approve_service_key
from util.config.database import sync_database_with_config


def create_quay_service_key(seconds_until_expiration):
  expiration = timedelta(seconds=seconds_until_expiration)
  private_key, service_key = generate_service_key('quay', datetime.now()+expiration)
  approve_service_key(service_key.kid, None, ServiceKeyApprovalType.SUPERUSER)

  private_key_file = {
    'KeyID': service_key.kid,
    'PrivateKey': {
      'N': int(private_key._n),
      'E': int(private_key._e),
      'D': int(private_key._d),
      'Primes': [int(private_key._p), int(private_key._q)],
      'Precomputed': {
        'Dp': None,
        'Dq': None,
        'Quinv': None,
        'CRTValues': []
      }
    }
  }

  with open('/conf/quay.jwk', mode='w') as f:
    f.truncate(0)
    f.write(json.dumps(private_key_file))


def create_jwtproxy_conf():
  audience = urlunparse((
    app.config.get('PREFERRED_URL_SCHEME'),
    app.config.get('SERVER_HOSTNAME'), '', '', '', ''))

  registry = audience + '/keys'

  with open("/conf/jwtproxy_conf.yaml.jnj") as f:
    template = Template(f.read())
    rendered = template.render(
      audience=audience,
      registry=registry
    )

  with open('/conf/jwtproxy_conf.yaml', 'w') as f:
    f.write(rendered)


def main():
  create_jwtproxy_conf()

  if app.config.get('SETUP_COMPLETE', False):
    sync_database_with_config(app.config)
    create_quay_service_key(app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 500))

  # Record deploy
  if release.REGION and release.GIT_HEAD:
    set_region_release(release.SERVICE, release.REGION, release.GIT_HEAD)


if __name__ == '__main__':
  main()