feat(sol): align canary ingestor and api auth
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m14s
All checks were successful
deploy-trade-r001-canary / apply (push) Successful in 6m14s
This commit is contained in:
76
environments/sol/trade-r001-canary/api-token-seed-job.yaml
Normal file
76
environments/sol/trade-r001-canary/api-token-seed-job.yaml
Normal file
@@ -0,0 +1,76 @@
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: api-token-seed
|
||||
namespace: trade-r001-canary
|
||||
spec:
|
||||
backoffLimit: 1
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
containers:
|
||||
- name: seed
|
||||
image: postgres:16-alpine
|
||||
imagePullPolicy: IfNotPresent
|
||||
command:
|
||||
- sh
|
||||
- -lc
|
||||
- |
|
||||
set -euo pipefail
|
||||
|
||||
read_json="$(tr -d '\n' </tokens/read.json)"
|
||||
token="$(printf '%s' "$read_json" | sed -E 's/.*"token"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
|
||||
name="$(printf '%s' "$read_json" | sed -E 's/.*"name"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
|
||||
|
||||
test -n "$token"
|
||||
test -n "$name"
|
||||
|
||||
token_hash="$(printf '%s' "$token" | sha256sum | awk '{print $1}')"
|
||||
export PGPASSWORD="$POSTGRES_PASSWORD"
|
||||
|
||||
psql "host=$PGHOST port=$PGPORT dbname=$POSTGRES_DB user=$POSTGRES_USER" \
|
||||
-v token_name="$name" \
|
||||
-v token_hash="$token_hash" \
|
||||
-v token_meta='{"seed":"trade-frontend-tokens/read.json","namespace":"trade-r001-canary","scopes":["read"]}' <<'SQL'
|
||||
INSERT INTO api_tokens (name, token_hash, scopes, meta, revoked_at)
|
||||
VALUES (
|
||||
:'token_name',
|
||||
:'token_hash',
|
||||
ARRAY['read'],
|
||||
(:'token_meta')::jsonb,
|
||||
NULL
|
||||
)
|
||||
ON CONFLICT (token_hash) DO UPDATE
|
||||
SET name = EXCLUDED.name,
|
||||
scopes = EXCLUDED.scopes,
|
||||
meta = EXCLUDED.meta,
|
||||
revoked_at = NULL;
|
||||
SQL
|
||||
env:
|
||||
- name: PGHOST
|
||||
value: postgres
|
||||
- name: PGPORT
|
||||
value: "5432"
|
||||
- name: POSTGRES_USER
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: trade-postgres
|
||||
key: POSTGRES_USER
|
||||
- name: POSTGRES_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: trade-postgres
|
||||
key: POSTGRES_PASSWORD
|
||||
- name: POSTGRES_DB
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: trade-postgres
|
||||
key: POSTGRES_DB
|
||||
volumeMounts:
|
||||
- name: frontend-tokens
|
||||
mountPath: /tokens
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: frontend-tokens
|
||||
secret:
|
||||
secretName: trade-frontend-tokens
|
||||
Reference in New Issue
Block a user