Skip to content

Commit

Permalink
Changes in templates for deployment
Browse files Browse the repository at this point in the history
  • Loading branch information
pahatz committed Dec 15, 2023
1 parent eb96ab0 commit 4a9eb5f
Show file tree
Hide file tree
Showing 10 changed files with 29 additions and 62 deletions.
1 change: 0 additions & 1 deletion .github/integration/scripts/charts/dependencies.sh
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ C4GHPASSPHRASE="$(random-string)"
export C4GHPASSPHRASE
crypt4gh generate -n c4gh -p "$C4GHPASSPHRASE"
kubectl create secret generic c4gh --from-file="c4gh.sec.pem" --from-file="c4gh.pub.pem" --from-literal=passphrase="${C4GHPASSPHRASE}"

# secret for the OIDC keypair
openssl ecparam -name prime256v1 -genkey -noout -out "jwt.key"
openssl ec -in "jwt.key" -pubout -out "jwt.pub"
Expand Down
2 changes: 1 addition & 1 deletion .github/integration/scripts/charts/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ global:
secretName: c4gh
keyFile: c4gh.sec.pem
publicFile: c4gh.pub.pem
passphrase: PLACEHOLDER_VALUE
passphrase: PLACEHOLDER_VALUE
db:
host: "postgres-sda-db"
user: "postgres"
Expand Down
2 changes: 1 addition & 1 deletion charts/sda-svc/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ Parameter | Description | Default
`global.cega.password` | Password for the EGA user authentication service. |`""`
`global.c4gh.keyFile` | Private C4GH key. |`c4gh.key`
`global.c4gh.passphrase` | Passphrase for the private C4GH key. |`""`
`global.c4gh.publicFile` | Public key corresponding to the private key, provided in /info endpoint and neeeded for tests. |`""`
`global.c4gh.publicFile` | Public key corresponding to the private key, provided in /info endpoint. |`""`
`global.db.host` | Hostname for the database. |`""`
`global.db.name` | Database to connect to. |`lega`
`global.db.passIngest` | Password used for `data in` services. |`""`
Expand Down
15 changes: 14 additions & 1 deletion charts/sda-svc/templates/auth-deploy.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -138,7 +138,7 @@ spec:
- name: RESIGNJWT
value: {{ .Values.global.auth.resignJwt | quote }}
- name: PUBLICFILE
value: {{ .Values.global.c4gh.publicFile | quote }}
value: "{{ template "c4ghPath" . }}/{{ .Values.global.c4gh.publicFile }}"
{{- if .Values.global.tls.enabled}}
- name: SERVER_CERT
value: {{ template "tlsPath" . }}/tls.crt
Expand Down Expand Up @@ -186,6 +186,10 @@ spec:
- name: jwt
mountPath: {{ template "jwtPath" . }}
{{- end }}
{{- if not .Values.global.vaultSecrets }}
- name: c4gh
mountPath: {{ template "c4ghPath" . }}
{{- end }}
volumes:
{{- if and (.Values.global.auth.resignJwt) (not .Values.global.vaultSecrets) }}
- name: jwt
Expand All @@ -198,6 +202,15 @@ spec:
- key: {{ required "The name of the JWT signing key is needed" .Values.global.auth.jwtKey }}
path: {{ .Values.global.auth.jwtKey }}
{{- end }}
{{- if not .Values.global.vaultSecrets }}
- name: c4gh
secret:
defaultMode: 0440
secretName: {{ required "A secret for the C4GH public key is needed" .Values.global.c4gh.secretName }}
items:
- key: {{ required "The C4GH public key is needed" .Values.global.c4gh.publicFile }}
path: {{ .Values.global.c4gh.publicFile }}
{{- end }}
{{- if and (not .Values.global.pkiService) .Values.global.tls.enabled }}
- name: tls
projected:
Expand Down
1 change: 0 additions & 1 deletion charts/sda-svc/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -192,7 +192,6 @@ global:
passphrase: ""
backupPubKey: ""


db:
host: ""
name: "sda"
Expand Down
8 changes: 7 additions & 1 deletion sda-auth/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -174,12 +174,18 @@ func (c *Config) readConfig() error {
log.Printf("Setting log level to '%s'", stringLevel)
}

for _, s := range []string{"s3Inbox", "publicFile"} {
if viper.GetString(s) == "" {
return fmt.Errorf("%s not set", s)
}
}

// no need to check the variables for JWT generation if we won't use it
if (cega.ID == "" && cega.Secret == "") && !c.ResignJwt {
return nil
}

for _, s := range []string{"jwtIssuer", "JwtPrivateKey", "JwtSignatureAlg", "s3Inbox", "publicFile"} {
for _, s := range []string{"jwtIssuer", "JwtPrivateKey", "JwtSignatureAlg"} {
if viper.GetString(s) == "" {
return fmt.Errorf("%s not set", s)
}
Expand Down
1 change: 0 additions & 1 deletion sda-auth/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ type ConfigTests struct {
ResignJwt bool
InfoURL string
InfoText string
C4ghPubKeyFile string
PublicFile string
}

Expand Down
48 changes: 1 addition & 47 deletions sda-auth/go.sum
Original file line number Diff line number Diff line change
@@ -1,44 +1,5 @@
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
filippo.io/edwards25519 v1.0.0 h1:0wAIcmJUqRdI8IJ/3eGi5/HwXZWPujYXXlkrQogz0Ek=
filippo.io/edwards25519 v1.0.0/go.mod h1:N1IkdkCkiLB6tki+MYJoSx2JTY9NUlxZE7eHn5EwJns=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8=
github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ=
github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 h1:sR+/8Yb4slttB4vD+b9btVEnWgL3Q00OBTzVT8B9C0c=
Expand All @@ -64,12 +25,6 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a h1:saTgr5tMLFnmy/yg3qDTft4rE5DY2uJ/cCxCe3q0XTU=
github.com/dchest/bcrypt_pbkdf v0.0.0-20150205184540-83f37f9c154a/go.mod h1:Bw9BbhOJVNR+t0jCqx2GC6zv0TGBsShs56Y3gfSCvl0=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
Expand Down Expand Up @@ -253,8 +208,7 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
Expand Down
3 changes: 1 addition & 2 deletions sda-auth/info.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package main

import (
"fmt"
"os"
"path/filepath"

Expand All @@ -27,7 +26,7 @@ func readPublicKeyFile(filename string) (key *[32]byte, err error) {
defer file.Close()
publicKey, err := keys.ReadPublicKey(file)
if err != nil {
return nil, fmt.Errorf("error while reading public key file %s: %v", filename, err)
return nil, err
}

return &publicKey, err
Expand Down
10 changes: 4 additions & 6 deletions sda-auth/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -422,15 +422,13 @@ func main() {

publicKey, err := readPublicKeyFile(authHandler.Config.PublicFile)
if err != nil {
log.Info("Failure to get public key: ", err)
} else {
authHandler.pubKey = hex.EncodeToString(publicKey[:])
log.Fatalf("Failed to get public key: %s", err.Error())
}
authHandler.pubKey = hex.EncodeToString(publicKey[:])

// Endpoint for client login info
if publicKey != nil {
app.Get("/info", authHandler.getInfo)
}
app.Get("/info", authHandler.getInfo)

app.UseGlobal(globalHeaders)

if config.Server.Cert != "" && config.Server.Key != "" {
Expand Down

0 comments on commit 4a9eb5f

Please sign in to comment.