Re-implement JWT gen in api-data-watcher-pusher

uselagoon · May 8, 2020 · 7496d79 · 7496d79
1 parent d3e67ae
commit 7496d79
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 17 deletions.
diff --git a/local-dev/api-data-watcher-pusher/Dockerfile b/local-dev/api-data-watcher-pusher/Dockerfile
@@ -1,12 +1,10 @@
 FROM alpine:3.11
 
-RUN apk add --no-cache mysql-client tini openssl bash wget curl nodejs nodejs-npm \
-    && npm config set unsafe-perm true \
-    && npm -g install jwtgen
+RUN apk add --no-cache tini bash wget py3-jwt
 
 ENV JWTSECRET=super-secret-string \
     JWTAUDIENCE=api.dev
 
-COPY api-watch-push.sh create_jwt.sh /home/
+COPY api-watch-push.sh create_jwt.py /home/
 
 CMD ["tini", "--", "/home/api-watch-push.sh"]
diff --git a/local-dev/api-data-watcher-pusher/api-watch-push.sh b/local-dev/api-data-watcher-pusher/api-watch-push.sh
@@ -8,7 +8,7 @@ populate_kubernetes_gql_file_path="/api-data/03-populate-api-data-kubernetes.gql
 send_graphql_query() {
     local file_path=${1}
 
-    API_ADMIN_JWT_TOKEN=$(/home/create_jwt.sh)
+    API_ADMIN_JWT_TOKEN=$(/home/create_jwt.py)
 
     bearer="Authorization: bearer $API_ADMIN_JWT_TOKEN"
 

diff --git a/local-dev/api-data-watcher-pusher/create_jwt.py b/local-dev/api-data-watcher-pusher/create_jwt.py
@@ -0,0 +1,9 @@
+#!/usr/bin/env python3
+
+import os
+import jwt
+
+payload = {'role': 'admin', 'iss': 'api-data-watcher-pusher',
+           'aud': os.environ['JWTAUDIENCE'], 'sub': 'api-data-watcher-pusher'}
+
+print(jwt.encode(payload, os.environ['JWTSECRET'], algorithm='HS256').decode())
diff --git a/local-dev/api-data-watcher-pusher/create_jwt.sh b/local-dev/api-data-watcher-pusher/create_jwt.sh