Skip to content

Commit

Permalink
Re-implement JWT generation in SSH service using pyjwt
Browse files Browse the repository at this point in the history
  • Loading branch information
@smlx
smlx committed May 8, 2020
1 parent 0c7e96a commit c03b80b
Show file tree
Hide file tree
Showing 4 changed files with 14 additions and 47 deletions.
4 changes: 2 additions & 2 deletions services/ssh/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ ENV LAGOON=ssh \
COPY services/ssh/libnss-mysql-1.5.tar.gz /tmp/libnss-mysql-1.5.tar.gz

RUN apt-get update \
&& apt-get install -y curl build-essential libmysqlclient-dev ssh curl vim jq \
&& apt-get install -y curl build-essential libmysqlclient-dev ssh curl vim jq python3-jwt \
&& ln -s /usr/lib/x86_64-linux-gnu/libmysqlclient.so /usr/lib/libmysqlclient.so \
&& mkdir /tmp/libnss-mysql \
&& tar -xzf /tmp/libnss-mysql-1.5.tar.gz -C /tmp/libnss-mysql --strip-components=1 \
Expand Down Expand Up @@ -73,7 +73,7 @@ COPY services/ssh/authorize.sh /authorize.sh
RUN chmod 755 /authorize.sh

# create_60_sec_jwt to create a JWT Admin Token which is valid for 60 secs
COPY services/ssh/create_60_sec_jwt.sh /create_60_sec_jwt.sh
COPY services/ssh/create_60_sec_jwt.py /create_60_sec_jwt.py

# Create /authorize.env file and give api right to write it, it will be filled
# within docker-entrypoint with all environment variables and then sourced
Expand Down
2 changes: 1 addition & 1 deletion services/ssh/authorize.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# variables during the container entrypoint.
source /authorize.env

API_ADMIN_TOKEN=$(/create_60_sec_jwt.sh)
API_ADMIN_TOKEN=$(/create_60_sec_jwt.py)

# This token will be required for accessing the sshKeys in the lagoon api
bearer="Authorization: bearer $API_ADMIN_TOKEN"
Expand Down
11 changes: 11 additions & 0 deletions services/ssh/create_60_sec_jwt.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
#!/usr/bin/env python3

import os
import jwt
from datetime import datetime, timezone, timedelta

iat = datetime.now(timezone.utc)
exp = iat + timedelta(minutes=1)
payload = {'exp': exp, 'iat': iat, 'role': 'admin', 'aud': os.environ['JWTAUDIENCE'], 'sub': 'ssh'}

print(jwt.encode(payload, os.environ['JWTSECRET'], algorithm='HS256').decode())
44 changes: 0 additions & 44 deletions services/ssh/create_60_sec_jwt.sh
View file

This file was deleted.

0 comments on commit c03b80b

Please sign in to comment.