Skip to content
Snippets Groups Projects
Commit 56aee67c authored by Pierre Ecarlat's avatar Pierre Ecarlat
Browse files

chore: Set GRDF token refresh as an option

parent 1eea0e88
Branches
No related tags found
1 merge request!117chore: Set GRDF token refresh as an option
...@@ -22,5 +22,6 @@ DATABASE_NAME ...@@ -22,5 +22,6 @@ DATABASE_NAME
BO_API_TOKEN BO_API_TOKEN
FETCH_GRDF_TOKEN=true
GRDF_CLIENT_ID GRDF_CLIENT_ID
GRDF_CLIENT_SECRET GRDF_CLIENT_SECRET
...@@ -25,7 +25,7 @@ stages: ...@@ -25,7 +25,7 @@ stages:
- deploy - deploy
import-convert-assets: import-convert-assets:
image: alpine:3.16.2 image: alpine:3.20.3
stage: import-convert-assets stage: import-convert-assets
before_script: before_script:
- apk add inkscape curl - apk add inkscape curl
...@@ -142,6 +142,7 @@ deploy_rec: ...@@ -142,6 +142,7 @@ deploy_rec:
- sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{CLIENT_ID}}/$REC_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{CLIENT_SECRET}}/$REC_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{BO_API_TOKEN}}/$REC_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{FETCH_GRDF_TOKEN}}/\"$REC_FETCH_GRDF_TOKEN\"/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{HOSTNAME}}/ecolyo-agent-rec.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
...@@ -152,7 +153,7 @@ deploy_rec: ...@@ -152,7 +153,7 @@ deploy_rec:
script: script:
- find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \; - find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \;
- oc create secret -n $NAMESPACE docker-registry llle-project --docker-server=$CI_REGISTRY --docker-username=llle-project --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f - - oc create secret -n $NAMESPACE docker-registry forge-secret --docker-server=$CI_REGISTRY --docker-username=read_registry --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
- oc apply -f k8s/secrets - oc apply -f k8s/secrets
- oc apply -f k8s/deployments - oc apply -f k8s/deployments
...@@ -174,6 +175,7 @@ deploy_prod: ...@@ -174,6 +175,7 @@ deploy_prod:
- sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{CLIENT_ID}}/$PROD_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{CLIENT_SECRET}}/$PROD_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{BO_API_TOKEN}}/$PROD_BO_API_TOKEN/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{FETCH_GRDF_TOKEN}}/\"$PROD_FETCH_GRDF_TOKEN\"/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{GRDF_CLIENT_ID}}/$GRDF_CLIENT_ID/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{GRDF_CLIENT_SECRET}}/$GRDF_CLIENT_SECRET/" ./k8s/secrets/ecolyo-agent-server-config.yml
- sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml - sed -i "s/{{HOSTNAME}}/ecolyo-agent.apps.grandlyon.com/g" ./k8s/secrets/ecolyo-agent-server-config.yml
...@@ -184,7 +186,7 @@ deploy_prod: ...@@ -184,7 +186,7 @@ deploy_prod:
script: script:
- find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \; - find k8s/ -name '*.yml' -exec sed -i "s/{{NS}}/$NAMESPACE/g" {} \;
- oc create secret -n $NAMESPACE docker-registry llle-project --docker-server=$CI_REGISTRY --docker-username=llle-project --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f - - oc create secret -n $NAMESPACE docker-registry forge-secret --docker-server=$CI_REGISTRY --docker-username=read_registry --docker-password=$READ_REGISTRY_TOKEN --dry-run=client -o yaml | oc apply -f -
- oc apply -f k8s/secrets - oc apply -f k8s/secrets
- oc apply -f k8s/deployments - oc apply -f k8s/deployments
......
...@@ -48,7 +48,7 @@ RUN chown -Rf "${UID}" ./* ...@@ -48,7 +48,7 @@ RUN chown -Rf "${UID}" ./*
############################## ##############################
# STEP 2 build a small image # # STEP 2 build a small image #
############################## ##############################
FROM curlimages/curl:8.00.1 FROM curlimages/curl:8.11.0
WORKDIR /app WORKDIR /app
......
...@@ -3,12 +3,12 @@ module forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-serv ...@@ -3,12 +3,12 @@ module forge.grandlyon.com/web-et-numerique/factory/llle_project/backoffice-serv
go 1.18 go 1.18
require ( require (
github.com/go-chi/chi/v5 v5.0.11 github.com/go-chi/chi/v5 v5.1.0
github.com/google/uuid v1.5.0 github.com/google/uuid v1.5.0
golang.org/x/oauth2 v0.16.0 golang.org/x/oauth2 v0.16.0
gorm.io/driver/mysql v1.5.2 gorm.io/driver/mysql v1.5.7
gorm.io/driver/sqlite v1.5.4 gorm.io/driver/sqlite v1.5.4
gorm.io/gorm v1.25.5 gorm.io/gorm v1.25.7
) )
require ( require (
......
github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA= github.com/go-chi/chi/v5 v5.0.11 h1:BnpYbFZ3T3S1WMpD79r7R5ThWX40TaFB7L31Y8xqSwA=
github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8= github.com/go-chi/chi/v5 v5.0.11/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-chi/chi/v5 v5.1.0 h1:acVI1TYaD+hhedDJ3r54HyA6sExp3HfXq7QWEEY/xMw=
github.com/go-chi/chi/v5 v5.1.0/go.mod h1:DslCQbL2OYiznFReuXYUmQ2hGd1aDpCnlMNITLSKoi8=
github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI= github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI= github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
...@@ -52,8 +54,12 @@ google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7 ...@@ -52,8 +54,12 @@ google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs= gorm.io/driver/mysql v1.5.2 h1:QC2HRskSE75wBuOxe0+iCkyJZ+RqpudsQtqkp+IMuXs=
gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8= gorm.io/driver/mysql v1.5.2/go.mod h1:pQLhh1Ut/WUAySdTHwBpBv6+JKcj+ua4ZFx1QQTBzb8=
gorm.io/driver/mysql v1.5.7 h1:MndhOPYOfEp2rHKgkZIhJ16eVUIRf2HmzgoPmh7FCWo=
gorm.io/driver/mysql v1.5.7/go.mod h1:sEtPWMiqiN1N1cMXoXmBbd8C6/l+TESwriotuRRpkDM=
gorm.io/driver/sqlite v1.5.4 h1:IqXwXi8M/ZlPzH/947tn5uik3aYQslP9BVveoax0nV0= gorm.io/driver/sqlite v1.5.4 h1:IqXwXi8M/ZlPzH/947tn5uik3aYQslP9BVveoax0nV0=
gorm.io/driver/sqlite v1.5.4/go.mod h1:qxAuCol+2r6PannQDpOP1FP6ag3mKi4esLnB/jHed+4= gorm.io/driver/sqlite v1.5.4/go.mod h1:qxAuCol+2r6PannQDpOP1FP6ag3mKi4esLnB/jHed+4=
gorm.io/gorm v1.25.2-0.20230530020048-26663ab9bf55/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k= gorm.io/gorm v1.25.2-0.20230530020048-26663ab9bf55/go.mod h1:L4uxeKpfBml98NYqVqwAdmV1a2nBtAec/cf3fpucW/k=
gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls= gorm.io/gorm v1.25.5 h1:zR9lOiiYf09VNh5Q1gphfyia1JpiClIWG9hQaxB/mls=
gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8= gorm.io/gorm v1.25.5/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
gorm.io/gorm v1.25.7 h1:VsD6acwRjz2zFxGO50gPO6AkNs7KKnvfzUjHQhZDz/A=
gorm.io/gorm v1.25.7/go.mod h1:hbnx/Oo0ChWMn1BIhpy1oYozzpM15i4YPuHDmfYtwg8=
package models
import (
"log"
"time"
)
// deleteOutdatedConsents hard deletes outdated consents where end_date is more than 5 years old
func deleteOutdatedConsents[T GrdfConsent | SgeConsent](dh *DataHandler, model *T, consentType string) {
log.Printf("Running %v outdated consents cleanup", consentType)
cutoffDate := time.Now().AddDate(-5, 0, 0)
result := dh.sqlClient.Unscoped().
Where("end_date < ?", cutoffDate).
Delete(model)
log.Printf("nb of rows %v", result.RowsAffected)
if result.Error != nil {
log.Printf("Error deleting outdated %s consents: %v\n", consentType, result.Error)
return
}
if result.RowsAffected > 0 {
log.Printf("Successfully deleted %d outdated %s consent(s) created before %v\n",
result.RowsAffected,
consentType,
cutoffDate.Format("2006-01-02"))
}
}
func DeleteOutdatedConsents(dh *DataHandler) {
deleteOutdatedConsents(dh, &GrdfConsent{}, "GRDF")
deleteOutdatedConsents(dh, &SgeConsent{}, "SGE")
}
...@@ -31,10 +31,10 @@ Configuration: ...@@ -31,10 +31,10 @@ Configuration:
- Depuis la console Web, se rendre dans la section "Workloads > Secrets" - Depuis la console Web, se rendre dans la section "Workloads > Secrets"
- Cliquer sur le bouton bleu "Create" puis "Image pull secret" - Cliquer sur le bouton bleu "Create" puis "Image pull secret"
- Donner les informations : - Donner les informations :
- Secret name : llle-project - Secret name : forge-secret
- Authentification type : Image registry credentials - Authentification type : Image registry credentials
- Registry server address : registry.forge.grandlyon.com - Registry server address : registry.forge.grandlyon.com
- Username: llle-project - Username: read_registry
- Password: demander le password - Password: demander le password
- Cliquer sur Create - Cliquer sur Create
......
...@@ -40,7 +40,7 @@ spec: ...@@ -40,7 +40,7 @@ spec:
resources: resources:
limits: limits:
cpu: 100m cpu: 100m
memory: 512Mi memory: 1Gi
requests: requests:
cpu: 100m cpu: 100m
memory: 512Mi memory: 1Gi
...@@ -54,4 +54,4 @@ spec: ...@@ -54,4 +54,4 @@ spec:
cpu: 100m cpu: 100m
memory: 64Mi memory: 64Mi
imagePullSecrets: imagePullSecrets:
- name: llle-project - name: forge-secret
...@@ -20,6 +20,7 @@ stringData: ...@@ -20,6 +20,7 @@ stringData:
BO_API_TOKEN: {{BO_API_TOKEN}} BO_API_TOKEN: {{BO_API_TOKEN}}
TOKEN_URL: {{TOKEN_URL}} TOKEN_URL: {{TOKEN_URL}}
USERINFO_URL: {{USERINFO_URL}} USERINFO_URL: {{USERINFO_URL}}
FETCH_GRDF_TOKEN: {{FETCH_GRDF_TOKEN}}
GRDF_CLIENT_ID: {{GRDF_CLIENT_ID}} GRDF_CLIENT_ID: {{GRDF_CLIENT_ID}}
GRDF_CLIENT_SECRET: {{GRDF_CLIENT_SECRET}} GRDF_CLIENT_SECRET: {{GRDF_CLIENT_SECRET}}
type: Opaque type: Opaque
...@@ -16,14 +16,15 @@ import ( ...@@ -16,14 +16,15 @@ import (
) )
var ( var (
httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on httpsPort = common.IntValueFromEnv("HTTPS_PORT", 443) // HTTPS port to serve on
debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies debugMode = common.BoolValueFromEnv("DEBUG_MODE", false) // Debug mode, disable Secure attribute for cookies
mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login mockOAuth2 = common.BoolValueFromEnv("MOCK_OAUTH2", false) // Enable mock OAuth2 login
fetchGrdfToken = common.BoolValueFromEnv("FETCH_GRDF_TOKEN", true) // HTTPS port to serve on
) )
func main() { func main() {
log.Println("--- Server is starting ---") log.Printf("--- Server is starting on port %v ---", httpsPort)
// Initializations // Initializations
tokens.Init("./mnt/configs/tokenskey.json", debugMode) tokens.Init("./mnt/configs/tokenskey.json", debugMode)
...@@ -41,19 +42,38 @@ func main() { ...@@ -41,19 +42,38 @@ func main() {
fmt.Println("Mock OAuth2 server Listening on: http://localhost" + mockOAuth2Port) fmt.Println("Mock OAuth2 server Listening on: http://localhost" + mockOAuth2Port)
} }
// Call the function immediately when the server starts
models.FetchGRDFAuthAPI()
// then call GRDF auth api every two hours
ticker := time.NewTicker(time.Hour * 2)
quit := make(chan struct{}) quit := make(chan struct{})
// If needed, we shall request a new GRDF token every 2-hours
if fetchGrdfToken {
// Call the function immediately when the server starts
models.FetchGRDFAuthAPI()
// then call GRDF auth api every two hours
ticker := time.NewTicker(time.Hour * 2)
go func() {
for {
select {
case <-ticker.C:
models.FetchGRDFAuthAPI()
case <-quit:
ticker.Stop()
return
}
}
}()
}
// Deletes outdated consents every 24h
dh := models.NewDataHandler()
dailyTicker := time.NewTicker(time.Hour * 24)
go func() { go func() {
for { for {
select { select {
case <-ticker.C: case <-dailyTicker.C:
models.FetchGRDFAuthAPI() models.DeleteOutdatedConsents(dh)
case <-quit: case <-quit:
ticker.Stop() dailyTicker.Stop()
return return
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment