Files
@ 41b47733baf8
Branch filter:
Location: pomerium/make_global.py - annotation
41b47733baf8
1.7 KiB
text/x-python
turn off debug
b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 b53ab97e8979 | #!/usr/bin/python3
import json
import subprocess
import sys
import time
def getSuffixedName() -> str:
ns = 'pomerium'
j = json.loads(subprocess.check_output(["kubectl", "get", "-n", ns, "secret", "-o", "json"]).decode('utf8'))
for item in j['items']:
name = item['metadata']['name']
if name.startswith('pomerium-proxy-tls-'):
return ns + '/' + name
raise ValueError()
config = {
'apiVersion': "ingress.pomerium.io/v1",
'kind': "Pomerium",
'metadata': {
'name': "global"
},
'spec': {
'secrets': "pomerium/bootstrap",
'authenticate': {
'url': "https://authenticate.bigasterisk.com"
},
'cookie': {
'expire': "20h"
},
'identityProvider': {
'provider': "oidc",
'url': "https://accounts.google.com",
'scopes': [
"openid",
"email",
"profile" # adds name+locale to user details
],
'secret': "pomerium/idp"
},
'storage': {
'postgres': {
'secret': "pomerium/postgres-connection-key"
}
},
}
}
# Old note: pom won't start up if this cert doesn't exist, so you have to run once
# with it commented out, then after cert success, run again with it enabled.
sys.stderr.write("wait for secret: ")
for tries in range(100):
try:
config['spec']['certificates'] = [
#getSuffixedName()
'pomerium/pomerium-proxy-tls'
]
except ValueError:
sys.stderr.write('.')
sys.stderr.flush()
time.sleep(10)
else:
break
else:
raise ValueError
sys.stderr.write('\n')
print(json.dumps(config))
|