Skip to content
This repository has been archived by the owner on Jun 28, 2023. It is now read-only.
/ nomad-deployer Public archive

Access control, Gitlab JWT check with Nomad Deployer

4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Toliak/nomad-deployer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
.misc
.misc
 
 
alembic
alembic
 
 
core
core
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
alembic.ini
alembic.ini
 
 
conftest.py
conftest.py
 
 
deployer.sh
deployer.sh
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

Config examples (and API docs)

PUT /config/

{
    "jwks_url": "https://gitlab.com/-/jwks",
    "bound_issuer": "gitlab.com"
}

GET /role/

Returns list of roles

GET /role/{role-name}

Returns role data

PUT or POST /role/{role-name}

Nomad claims validates via regexp

{
    "bound_claims": {
        "project_id": "77",
        "ref": "master"
    },
    "nomad_claims": {
        "Name": "^nomad-service$",
        "Type": "^service$",
        "TaskGroups": [
            {
                "Name": "^nomad-service$",
                "Tasks": [
                    {
                        "Name": "^nomad-service$",
                        "Driver": "^docker$",
                        "Config": {
                            "image": "^nomad-service",
                            "network_mode": "^custom-bridge$",
                            "network_aliases": [
                                "^nomad-service$"
                            ],
                            "port_map": [
                                {
                                    "http": 8080
                                }
                            ],
                            "volumes": [
                                "^NONE$"
                            ]
                        },
                        "Vault": {
                            "Policies": [
                                "^nomad-server$"
                            ]
                        }
                    }
                ]
            }
        ]
    }
}

POST /run/

{
   "role":"{role-name}",
   "job_hcl":"{job-hcl}",
   "jwt":"${CI_JOB_JWT}"
}

Ok some meme here

Meme

About

Access control, Gitlab JWT check with Nomad Deployer

Topics

ci cd deploy nomad nomad-deployer

Resources

Readme
Activity

Stars

4 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages