now using JWT for auth

control/Dockerfile

@@ -23,6 +23,7 @@ COPY ansible ansible
 RUN pip3 install pip credstash --upgrade
 RUN python3 -m pip install -e git+https://github.com/Phonebooth/api-client.git#egg=api-client
 RUN python3 -m pip install -e git+https://github.com/relaypro-open/dog_api_python.git#egg=dog_api_python
+RUN python3 -m pip install pyjwt cryptography ipython
 RUN ansible-galaxy collection install git+https://github.com/relaypro-open/community.dog.git
 COPY dog.yml /ansible/dog.yml
 

docker-compose.local_deploy.yml

@@ -7,9 +7,9 @@ services:
     ports:
       - "22:22"
     environment:
-      - DOG_API_KEY=guest
+      - DOG_API_TOKEN=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwZDY3NGRhNGFjNzYxMWVkYThmNzhmNzdmYTUyMWI2ZSJ9.PASNsZCTJihOO6ffBO2g-7N-OQWVI5KsnP7bq5Pi3aE
       - DOG_API_ENDPOINT=http://kong:8000/api/V2
-      - TF_VAR_dog_api_key_docker=guest
+      - TF_VAR_dog_api_token_docker=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiIwZDY3NGRhNGFjNzYxMWVkYThmNzhmNzdmYTUyMWI2ZSJ9.PASNsZCTJihOO6ffBO2g-7N-OQWVI5KsnP7bq5Pi3aE
     depends_on:
       - "dog_trainer"
       - "dog_agent"
@@ -108,6 +108,8 @@ services:
       - KONG_ADMIN_ERROR_LOG=/dev/stderr
       - KONG_ADMIN_LISTEN=0.0.0.0:8001, 0.0.0.0:8444 ssl
       - KONG_DECLARATIVE_CONFIG=/kong.yml
+    depends_on:
+      - "csc"
     ports:
       - "8000:8000"
       - "8443:8443"

kong/Dockerfile

@@ -1,14 +1,19 @@
-FROM kong
+FROM kong/kong:latest-ubuntu
 
 RUN whoami
 
 USER root
-RUN apk update && apk add curl vim httpie jq
+RUN apt-get update && apt-get install -y curl vim-tiny httpie jq
+#RUN luarocks install kong-upstream-jwt-extended
+#RUN apk update && apk add curl vim httpie jq
 COPY kong.yml kong.yml
+#COPY csc_certs.sh /usr/local/openresty/bin/csc_certs.sh
+#RUN chmod u+x /usr/local/openresty/bin/csc_certs.sh
 RUN chown kong:kong kong.yml
 
 USER kong
 RUN which kong
 RUN which http
 #CMD /usr/local/bin/kong start && sleep 10 && /usr/bin/http :8001/config [email protected]
 CMD kong start
+#CMD /bin/bash -c "/usr/local/openresty/bin/csc_certs.sh" && kong start

kong/csc_certs.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+HTTPD=`curl -A "Web Check" -sL --connect-timeout 3 -w "%{http_code}\n" "http://csc:9000/csc/register" -o /dev/null`
+until [ "$HTTPD" == "200" ]; do
+    printf '.'
+    sleep 3
+    HTTPD=`curl -A "Web Check" -sL --connect-timeout 3 -w "%{http_code}\n" "http://csc:9000/csc/register" -o /dev/null`
+done
+
+passkey=$(curl -s http://csc:9000/csc/register | jq -r .passkey)
+certs=$(curl -s -d '{"fqdn": "dog", "passkey": "'$passkey'"}' http://csc:9000/csc/cert)
+echo $certs | jq -r .server_key > /usr/local/openresty/server.key
+echo $certs | jq -r .server_crt > /usr/local/openresty/server.crt
+echo $certs | jq -r .ca_crt >  /usr/local/openresty/ca.crt

kong/kong.yml

@@ -8,21 +8,21 @@ services:
   - name: dog_trainer
     paths:
     - /
-  plugins:
-  - name: key-auth
-    service: dog_trainer
-    config: 
-      key_names:
-      - apikey
-      key_in_body: false
-      key_in_header: true
-      key_in_query: true
-      hide_credentials: false
-      run_on_preflight: true
+
+plugins:
+- name: jwt
+  service: dog_trainer
+  config:
+    secret_is_base64: false
+    run_on_preflight: true
 
 consumers:
 - username: guest
-  custom_id: ansible-id
-  keyauth_credentials:
-  - consumer: guest
-  - key: guest
+
+jwt_secrets:
+- consumer: guest
+  key: 0d674da4ac7611eda8f78f77fa521b6e
+  secret: guest
+  algorithm: HS256
+    #rsa_public_key: "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsY6kuaiLq3oiJlTaQgIe\n081Gs8ZEEAlFVdjc1Cjyz87ye7rCQGm35VgxfadQIIKNeP/Ec297lCbC14fG0Cmy\n35SeS/0JhBLYTfu5t296hgRx6IzvSkE1AS7pD4bY4KIbWtJsX4eJhzu/En18h950\nDtsOKdYr9uN1oYvIawlY90oIASaCk0O6c4QO2kaQWAEn0r4EoENcMbLT9ROa39YY\nEIHWHsbdYc0yRINAMAKtMqwfuHJLsELNrcew+QtCIox3NTSflgaRKboC9C5q9LFP\nurokTF1dHoDUmHVhTbaBbBTklD7uaKCoN2OKvACaZi2hJ+E0s5k8vE1e04aci6Re\nqQIDAQAB\n-----END PUBLIC KEY-----"
+    #algorithm: RS256