Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'master' into backend-nullable
- Loading branch information
Showing
15 changed files
with
321 additions
and
51 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,12 +1,16 @@ | ||
src/resources/dictionaries/* linguist-detectable=false | ||
|
||
*.js eol=lf | ||
*.jsx eol=lf | ||
*.json eol=lf | ||
|
||
# Auto detect text files and perform LF normalization | ||
* text=auto | ||
|
||
# Force LF for shell scripts. | ||
# Without this, these can fail when passed from Windows into Docker. | ||
# Without this, these can fail when copied from Windows into Docker. | ||
*.sh text eol=lf | ||
*.py text eol=lf | ||
|
||
# Force LF for JavaScript/TypeScript files to conform with standards and not conflict with Prettier. | ||
*.js eol=lf | ||
*.jsx eol=lf | ||
*.ts eol=lf | ||
*.tsx eol=lf | ||
*.json eol=lf |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,10 +1,38 @@ | ||
FROM certbot/certbot:v1.8.0 | ||
# Dockerfile to build a Certificate Manager container. The certificate manager | ||
# shall generate self-signed certificates and/or it shall use certbot to get | ||
# certificates from letsencrypt. | ||
# | ||
# The certmgr may also be configured to push some of its certificates to an | ||
# Amazon Web Services S3 bucket for use by devices that need a certificate when | ||
# an internet connection is not always available. | ||
# | ||
# The container's entrypoint function and the modules that it calls are written | ||
# in Python. The Python modules use the following modules that are not explicitly | ||
# installed since they are currently installed with certbot: | ||
# - requests | ||
# - openssl | ||
|
||
RUN apk update && \ | ||
apk upgrade && \ | ||
apk add --no-cache bash && \ | ||
apk add --no-cache curl | ||
|
||
COPY scripts/*.sh /usr/bin/ | ||
FROM debian:buster | ||
|
||
ENTRYPOINT ["entrypoint.sh"] | ||
RUN apt-get update && \ | ||
apt-get install -y apt-utils curl certbot zip && \ | ||
apt-get autoremove && \ | ||
apt-get clean && \ | ||
rm -rf /var/lib/apt/lists/* && \ | ||
curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o awscliv2.zip && \ | ||
unzip awscliv2.zip && \ | ||
aws/install && \ | ||
rm -rf awscliv2.zip \ | ||
aws \ | ||
/usr/local/aws-cli/v2/*/dist/aws_completer \ | ||
/usr/local/aws-cli/v2/*/dist/awscli/data/ac.index \ | ||
/usr/local/aws-cli/v2/*/dist/awscli/examples | ||
|
||
RUN mkdir /scripts | ||
|
||
WORKDIR /scripts | ||
|
||
COPY scripts/*.py . | ||
|
||
ENTRYPOINT ["./entrypoint.py"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
from abc import ABC, abstractmethod | ||
|
||
|
||
class BaseCert(ABC): | ||
@abstractmethod | ||
def create(self, force: bool = False) -> None: | ||
pass | ||
|
||
@abstractmethod | ||
def renew(self) -> None: | ||
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/usr/bin/env python3 | ||
|
||
import os | ||
import sys | ||
import time | ||
from typing import Dict, Optional | ||
|
||
from base_cert import BaseCert | ||
from func import lookup_env | ||
from letsencrypt_cert import LetsEncryptCert | ||
from self_signed_cert import SelfSignedCert | ||
|
||
if __name__ == "__main__": | ||
|
||
mode_choices: Dict[str, Optional[BaseCert]] = { | ||
"self-signed": SelfSignedCert(), | ||
"letsencrypt": LetsEncryptCert(), | ||
} | ||
|
||
cert_store = lookup_env("CERT_STORE") | ||
for subdir in ("nginx", "selfsigned"): | ||
os.makedirs(f"{cert_store}/{subdir}", 0o755, True) | ||
|
||
cert_mode = lookup_env("CERT_MODE") | ||
print(f"Running in {cert_mode} mode") | ||
cert_obj = mode_choices.get(cert_mode, None) | ||
|
||
if cert_obj is not None: | ||
cert_obj.create() | ||
while True: | ||
# sleep for 12 hours before checking for renewal | ||
time.sleep(12 * 3600) | ||
cert_obj.renew() | ||
else: | ||
print(f"Cannot run {cert_mode} mode") | ||
sys.exit(99) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
import os | ||
from pathlib import Path | ||
from typing import Dict, Optional, Union | ||
|
||
env_defaults: Dict[str, Union[str, int]] = { | ||
"CERT_MODE": "self-signed", | ||
"CERT_STORE": "/etc/cert_store", | ||
"CERT_EMAIL": "", | ||
"CERT_STAGING": 0, | ||
"MAX_CONNECT_TRIES": 15, | ||
"CERT_DOMAINS": "", | ||
"SERVER_NAME": "", | ||
} | ||
|
||
|
||
def lookup_env(env_var: str) -> Optional[Union[str, int]]: | ||
""" | ||
Look up environment variable | ||
Look up an environment variable and return its value or its | ||
default value. It the variable is not set and is not listed | ||
in the defaults, then None is returned | ||
""" | ||
if env_var in os.environ: | ||
return os.environ[env_var] | ||
elif env_var in env_defaults: | ||
return env_defaults[env_var] | ||
else: | ||
return None | ||
|
||
|
||
def update_link(src: Path, dest: Path) -> None: | ||
""" | ||
Create/move a symbolic link at 'dest' to point to 'src' | ||
If dest already exists and is not a link, it is deleted | ||
first. | ||
""" | ||
print(f"linking {src} to {dest}") | ||
if dest.exists(): | ||
if dest.is_symlink(): | ||
link_target: str = dest.readlink() | ||
if link_target != src: | ||
dest.unlink() | ||
else: | ||
# src already points to the dest | ||
return | ||
else: | ||
print(f"{dest} exists and is not a link") | ||
dest.unlink() | ||
dest.symlink_to(src) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.