Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from sandwichcloud/security
update deps, add security-data endpoint, fix docker image
- Loading branch information
Showing
7 changed files
with
80 additions
and
21 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,17 @@ | ||
# Copy this to .env | ||
|
||
#################### | ||
# DATABASE # | ||
#################### | ||
|
||
DATABASE_HOST=127.0.0.1 | ||
DATABASE_USERNAME=sandwich | ||
DATABASE_PASSWORD=hunter2 | ||
DATABASE_PASSWORD=hunter2 | ||
|
||
#################### | ||
# Auth # | ||
#################### | ||
|
||
# This NEED to match what is given to deli-counter | ||
# See deli-counter for explanation of usage | ||
AUTH_FERNET_KEYS= |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
import json | ||
|
||
import arrow | ||
import cherrypy | ||
from cryptography.fernet import Fernet | ||
from simple_settings import settings | ||
|
||
from ingredients_db.models.authn import AuthNServiceAccount | ||
from ingredients_db.models.instance import Instance | ||
from ingredients_http.route import Route | ||
from ingredients_http.router import Router | ||
|
||
|
||
class SecurityDataRouter(Router): | ||
def __init__(self): | ||
super().__init__(uri_base='security-data') | ||
|
||
@Route() | ||
@cherrypy.tools.json_out() | ||
def get(self): | ||
with cherrypy.request.db_session() as session: | ||
instance = session.query(Instance).filter(Instance.id == cherrypy.request.instance_id).first() | ||
service_account: AuthNServiceAccount = session.query(AuthNServiceAccount).filter( | ||
AuthNServiceAccount.id == instance.service_account_id).first() | ||
|
||
fernet = Fernet(settings.AUTH_FERNET_KEYS[0]) | ||
|
||
token_data = { | ||
# Token only lasts 30 minutes. This should be more than enough | ||
'expires_at': arrow.now().shift(minute=+30), | ||
'service_account_id': service_account.id, | ||
'project_id': instance.project_id, | ||
'roles': { | ||
'global': [], | ||
'project': [service_account.role_id] | ||
} | ||
} | ||
|
||
# TODO: these will be generated every time an instance asks for it | ||
# Should be cached these somewhere? | ||
return { | ||
"token": fernet.encrypt(json.dumps(token_data).encode()).decode() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,5 +1,6 @@ | ||
pbr==3.1.1 # Apache 2.0 | ||
python-dotenv==0.7.1 # BSD 3-clause | ||
pyyaml==3.12 # MIT | ||
cryptography==2.1.4 # Apache 2.0 or BSD | ||
ingredients.http==0.0.12 # MIT | ||
ingredients.db==0.0.9 # MIT | ||
ingredients.db==0.0.11 # MIT |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters