77 lines
2.5 KiB
YAML
77 lines
2.5 KiB
YAML
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: api-token-seed
|
|
namespace: trade-r001-canary
|
|
spec:
|
|
backoffLimit: 1
|
|
template:
|
|
spec:
|
|
restartPolicy: OnFailure
|
|
containers:
|
|
- name: seed
|
|
image: postgres:16-alpine
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- sh
|
|
- -lc
|
|
- |
|
|
set -euo pipefail
|
|
|
|
read_json="$(tr -d '\n' </tokens/read.json)"
|
|
token="$(printf '%s' "$read_json" | sed -E 's/.*"token"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
|
|
name="$(printf '%s' "$read_json" | sed -E 's/.*"name"[[:space:]]*:[[:space:]]*"([^"]+)".*/\1/')"
|
|
|
|
test -n "$token"
|
|
test -n "$name"
|
|
|
|
token_hash="$(printf '%s' "$token" | sha256sum | awk '{print $1}')"
|
|
export PGPASSWORD="$POSTGRES_PASSWORD"
|
|
|
|
psql "host=$PGHOST port=$PGPORT dbname=$POSTGRES_DB user=$POSTGRES_USER" \
|
|
-v token_name="$name" \
|
|
-v token_hash="$token_hash" \
|
|
-v token_meta='{"seed":"trade-frontend-tokens/read.json","namespace":"trade-r001-canary","scopes":["read"]}' <<'SQL'
|
|
INSERT INTO api_tokens (name, token_hash, scopes, meta, revoked_at)
|
|
VALUES (
|
|
:'token_name',
|
|
:'token_hash',
|
|
ARRAY['read'],
|
|
(:'token_meta')::jsonb,
|
|
NULL
|
|
)
|
|
ON CONFLICT (token_hash) DO UPDATE
|
|
SET name = EXCLUDED.name,
|
|
scopes = EXCLUDED.scopes,
|
|
meta = EXCLUDED.meta,
|
|
revoked_at = NULL;
|
|
SQL
|
|
env:
|
|
- name: PGHOST
|
|
value: postgres
|
|
- name: PGPORT
|
|
value: "5432"
|
|
- name: POSTGRES_USER
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: trade-postgres
|
|
key: POSTGRES_USER
|
|
- name: POSTGRES_PASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: trade-postgres
|
|
key: POSTGRES_PASSWORD
|
|
- name: POSTGRES_DB
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: trade-postgres
|
|
key: POSTGRES_DB
|
|
volumeMounts:
|
|
- name: frontend-tokens
|
|
mountPath: /tokens
|
|
readOnly: true
|
|
volumes:
|
|
- name: frontend-tokens
|
|
secret:
|
|
secretName: trade-frontend-tokens
|