-
Notifications
You must be signed in to change notification settings - Fork 15
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Check in the initial working version of octo-sts
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
- Loading branch information
Showing
11 changed files
with
1,098 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
package main | ||
|
||
import ( | ||
"context" | ||
"log" | ||
"log/slog" | ||
"net/http" | ||
"os" | ||
"os/signal" | ||
|
||
"chainguard.dev/go-grpc-kit/pkg/duplex" | ||
pboidc "chainguard.dev/sdk/proto/platform/oidc/v1" | ||
kms "cloud.google.com/go/kms/apiv1" | ||
"github.com/bradleyfalzon/ghinstallation/v2" | ||
"github.com/chainguard-dev/clog" | ||
"github.com/kelseyhightower/envconfig" | ||
"github.com/mattmoor/octo-sts/pkg/gcpkms" | ||
"github.com/mattmoor/octo-sts/pkg/octosts" | ||
"google.golang.org/grpc" | ||
"google.golang.org/grpc/credentials/insecure" | ||
) | ||
|
||
type envConfig struct { | ||
Port int `envconfig:"PORT" required:"true"` | ||
KMSKey string `envconfig:"KMS_KEY" required:"true"` | ||
AppID int64 `envconfig:"GITHUB_APP_ID" required:"true"` | ||
} | ||
|
||
func main() { | ||
ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt) | ||
defer cancel() | ||
ctx = clog.WithLogger(ctx, clog.New(slog.Default().Handler())) | ||
|
||
var env envConfig | ||
if err := envconfig.Process("", &env); err != nil { | ||
log.Panicf("failed to process env var: %s", err) | ||
} | ||
|
||
client, err := kms.NewKeyManagementClient(ctx) | ||
if err != nil { | ||
log.Panicf("could not create kms client: %v", err) | ||
} | ||
|
||
signer, err := gcpkms.New(ctx, client, env.KMSKey) | ||
if err != nil { | ||
log.Panicf("error creating signer: %v", err) | ||
} | ||
|
||
atr, err := ghinstallation.NewAppsTransportWithOptions(http.DefaultTransport, env.AppID, ghinstallation.WithSigner(signer)) | ||
if err != nil { | ||
log.Panicf("error creating GitHub App transport: %v", err) | ||
} | ||
|
||
d := duplex.New( | ||
env.Port, | ||
// grpc.StatsHandler(otelgrpc.NewServerHandler()), | ||
// grpc.ChainStreamInterceptor(grpc_prometheus.StreamServerInterceptor), | ||
// grpc.ChainUnaryInterceptor(grpc_prometheus.UnaryServerInterceptor, interceptors.ServerErrorInterceptor), | ||
grpc.WithTransportCredentials(insecure.NewCredentials()), | ||
) | ||
|
||
pboidc.RegisterSecurityTokenServiceServer(d.Server, octosts.NewSecurityTokenServiceServer(atr)) | ||
if err := d.RegisterHandler(ctx, pboidc.RegisterSecurityTokenServiceHandlerFromEndpoint); err != nil { | ||
log.Panicf("failed to register gateway endpoint: %v", err) | ||
} | ||
|
||
if err := d.ListenAndServe(ctx); err != nil { | ||
log.Panicf("ListenAndServe() = %v", err) | ||
} | ||
|
||
// This will block until a signal arrives. | ||
<-ctx.Done() | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,83 @@ | ||
module github.com/mattmoor/octo-sts | ||
|
||
go 1.21.2 | ||
|
||
toolchain go1.21.6 | ||
|
||
require ( | ||
chainguard.dev/go-grpc-kit v0.17.2 | ||
chainguard.dev/sdk v0.1.14 | ||
cloud.google.com/go/kms v1.15.5 | ||
github.com/bradleyfalzon/ghinstallation/v2 v2.9.0 | ||
github.com/chainguard-dev/clog v1.2.3-0.20240118163743-fec25b637dd2 | ||
github.com/coreos/go-oidc/v3 v3.9.0 | ||
github.com/golang-jwt/jwt/v4 v4.5.0 | ||
github.com/google/go-github/v57 v57.0.0 | ||
github.com/kelseyhightower/envconfig v1.4.0 | ||
google.golang.org/grpc v1.60.1 | ||
sigs.k8s.io/yaml v1.4.0 | ||
) | ||
|
||
require ( | ||
cloud.google.com/go/compute v1.23.3 // indirect | ||
cloud.google.com/go/compute/metadata v0.2.3 // indirect | ||
cloud.google.com/go/iam v1.1.5 // indirect | ||
github.com/beorn7/perks v1.0.1 // indirect | ||
github.com/blendle/zapdriver v1.3.1 // indirect | ||
github.com/cenkalti/backoff/v4 v4.2.1 // indirect | ||
github.com/cespare/xxhash/v2 v2.2.0 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.1 // indirect | ||
github.com/go-logr/logr v1.3.0 // indirect | ||
github.com/go-logr/stdr v1.2.2 // indirect | ||
github.com/gogo/protobuf v1.3.2 // indirect | ||
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect | ||
github.com/golang/protobuf v1.5.3 // indirect | ||
github.com/google/go-querystring v1.1.0 // indirect | ||
github.com/google/gofuzz v1.2.0 // indirect | ||
github.com/google/s2a-go v0.1.7 // indirect | ||
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect | ||
github.com/googleapis/gax-go/v2 v2.12.0 // indirect | ||
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect | ||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect | ||
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect | ||
github.com/json-iterator/go v1.1.12 // indirect | ||
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect | ||
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect | ||
github.com/modern-go/reflect2 v1.0.2 // indirect | ||
github.com/prometheus/client_golang v1.17.0 // indirect | ||
github.com/prometheus/client_model v0.5.0 // indirect | ||
github.com/prometheus/common v0.45.0 // indirect | ||
github.com/prometheus/procfs v0.12.0 // indirect | ||
go.opencensus.io v0.24.0 // indirect | ||
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect | ||
go.opentelemetry.io/otel v1.21.0 // indirect | ||
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect | ||
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect | ||
go.opentelemetry.io/otel/metric v1.21.0 // indirect | ||
go.opentelemetry.io/otel/sdk v1.21.0 // indirect | ||
go.opentelemetry.io/otel/trace v1.21.0 // indirect | ||
go.opentelemetry.io/proto/otlp v1.0.0 // indirect | ||
go.uber.org/multierr v1.11.0 // indirect | ||
go.uber.org/zap v1.26.0 // indirect | ||
golang.org/x/crypto v0.18.0 // indirect | ||
golang.org/x/net v0.20.0 // indirect | ||
golang.org/x/oauth2 v0.16.0 // indirect | ||
golang.org/x/sync v0.4.0 // indirect | ||
golang.org/x/sys v0.16.0 // indirect | ||
golang.org/x/text v0.14.0 // indirect | ||
google.golang.org/api v0.149.0 // indirect | ||
google.golang.org/appengine v1.6.8 // indirect | ||
google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect | ||
google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect | ||
google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect | ||
google.golang.org/protobuf v1.32.0 // indirect | ||
gopkg.in/inf.v0 v0.9.1 // indirect | ||
gopkg.in/yaml.v2 v2.4.0 // indirect | ||
k8s.io/api v0.28.4 // indirect | ||
k8s.io/apimachinery v0.28.4 // indirect | ||
k8s.io/klog/v2 v2.100.1 // indirect | ||
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect | ||
knative.dev/pkg v0.0.0-20231101193506-b09d4f2a2845 // indirect | ||
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect | ||
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect | ||
) |
Oops, something went wrong.