Mercurial > code > home > repos > pomerium
annotate make_global.py @ 25:41b47733baf8
turn off debug
| author | drewp@bigasterisk.com |
|---|---|
| date | Thu, 08 Jun 2023 11:27:18 -0700 |
| parents | b53ab97e8979 |
| children | 0f6176ce0b46 |
| rev | line source |
|---|---|
|
24
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
1 #!/usr/bin/python3 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
2 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
3 import json |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
4 import subprocess |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
5 import sys |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
6 import time |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
7 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
8 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
9 def getSuffixedName() -> str: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
10 ns = 'pomerium' |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
11 j = json.loads(subprocess.check_output(["kubectl", "get", "-n", ns, "secret", "-o", "json"]).decode('utf8')) |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
12 for item in j['items']: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
13 name = item['metadata']['name'] |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
14 if name.startswith('pomerium-proxy-tls-'): |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
15 return ns + '/' + name |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
16 raise ValueError() |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
17 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
18 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
19 config = { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
20 'apiVersion': "ingress.pomerium.io/v1", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
21 'kind': "Pomerium", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
22 'metadata': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
23 'name': "global" |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
24 }, |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
25 'spec': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
26 'secrets': "pomerium/bootstrap", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
27 'authenticate': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
28 'url': "https://authenticate.bigasterisk.com" |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
29 }, |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
30 'cookie': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
31 'expire': "20h" |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
32 }, |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
33 'identityProvider': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
34 'provider': "oidc", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
35 'url': "https://accounts.google.com", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
36 'scopes': [ |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
37 "openid", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
38 "email", |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
39 "profile" # adds name+locale to user details |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
40 ], |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
41 'secret': "pomerium/idp" |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
42 }, |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
43 'storage': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
44 'postgres': { |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
45 'secret': "pomerium/postgres-connection-key" |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
46 } |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
47 }, |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
48 } |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
49 } |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
50 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
51 # Old note: pom won't start up if this cert doesn't exist, so you have to run once |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
52 # with it commented out, then after cert success, run again with it enabled. |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
53 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
54 sys.stderr.write("wait for secret: ") |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
55 for tries in range(100): |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
56 try: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
57 config['spec']['certificates'] = [ |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
58 #getSuffixedName() |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
59 'pomerium/pomerium-proxy-tls' |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
60 ] |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
61 except ValueError: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
62 sys.stderr.write('.') |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
63 sys.stderr.flush() |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
64 time.sleep(10) |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
65 else: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
66 break |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
67 else: |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
68 raise ValueError |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
69 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
70 sys.stderr.write('\n') |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
71 |
|
b53ab97e8979
reorganize, and add two retry loops to try to get everything to startup in one 'inv run'
drewp@bigasterisk.com
parents:
diff
changeset
|
72 print(json.dumps(config)) |