Skip to content

Commit

Permalink
Check in the initial working version of octo-sts
Browse files Browse the repository at this point in the history
Signed-off-by: Matt Moore <mattmoor@chainguard.dev>
  • Loading branch information
mattmoor committed Jan 20, 2024
1 parent e90d1e9 commit e6d0bdf
Show file tree
Hide file tree
Showing 11 changed files with 1,098 additions and 0 deletions.
8 changes: 8 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,11 @@

# Go workspace file
go.work

# Terraform generated
.terraform/
terraform.tfstate
terraform.tfstate.backup
terraform.tfstate.*.backup
.terraform.tfstate.lock.*
.terraform.lock.hcl
73 changes: 73 additions & 0 deletions cmd/app/main.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
package main

import (
"context"
"log"
"log/slog"
"net/http"
"os"
"os/signal"

"chainguard.dev/go-grpc-kit/pkg/duplex"
pboidc "chainguard.dev/sdk/proto/platform/oidc/v1"
kms "cloud.google.com/go/kms/apiv1"
"github.com/bradleyfalzon/ghinstallation/v2"
"github.com/chainguard-dev/clog"
"github.com/kelseyhightower/envconfig"
"github.com/mattmoor/octo-sts/pkg/gcpkms"
"github.com/mattmoor/octo-sts/pkg/octosts"
"google.golang.org/grpc"
"google.golang.org/grpc/credentials/insecure"
)

type envConfig struct {
Port int `envconfig:"PORT" required:"true"`
KMSKey string `envconfig:"KMS_KEY" required:"true"`
AppID int64 `envconfig:"GITHUB_APP_ID" required:"true"`
}

func main() {
ctx, cancel := signal.NotifyContext(context.Background(), os.Interrupt)
defer cancel()
ctx = clog.WithLogger(ctx, clog.New(slog.Default().Handler()))

var env envConfig
if err := envconfig.Process("", &env); err != nil {
log.Panicf("failed to process env var: %s", err)
}

client, err := kms.NewKeyManagementClient(ctx)
if err != nil {
log.Panicf("could not create kms client: %v", err)
}

signer, err := gcpkms.New(ctx, client, env.KMSKey)
if err != nil {
log.Panicf("error creating signer: %v", err)
}

atr, err := ghinstallation.NewAppsTransportWithOptions(http.DefaultTransport, env.AppID, ghinstallation.WithSigner(signer))
if err != nil {
log.Panicf("error creating GitHub App transport: %v", err)
}

d := duplex.New(
env.Port,
// grpc.StatsHandler(otelgrpc.NewServerHandler()),
// grpc.ChainStreamInterceptor(grpc_prometheus.StreamServerInterceptor),
// grpc.ChainUnaryInterceptor(grpc_prometheus.UnaryServerInterceptor, interceptors.ServerErrorInterceptor),
grpc.WithTransportCredentials(insecure.NewCredentials()),
)

pboidc.RegisterSecurityTokenServiceServer(d.Server, octosts.NewSecurityTokenServiceServer(atr))
if err := d.RegisterHandler(ctx, pboidc.RegisterSecurityTokenServiceHandlerFromEndpoint); err != nil {
log.Panicf("failed to register gateway endpoint: %v", err)
}

if err := d.ListenAndServe(ctx); err != nil {
log.Panicf("ListenAndServe() = %v", err)
}

// This will block until a signal arrives.
<-ctx.Done()
}
83 changes: 83 additions & 0 deletions go.mod
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
module github.com/mattmoor/octo-sts

go 1.21.2

toolchain go1.21.6

require (
chainguard.dev/go-grpc-kit v0.17.2
chainguard.dev/sdk v0.1.14
cloud.google.com/go/kms v1.15.5
github.com/bradleyfalzon/ghinstallation/v2 v2.9.0
github.com/chainguard-dev/clog v1.2.3-0.20240118163743-fec25b637dd2
github.com/coreos/go-oidc/v3 v3.9.0
github.com/golang-jwt/jwt/v4 v4.5.0
github.com/google/go-github/v57 v57.0.0
github.com/kelseyhightower/envconfig v1.4.0
google.golang.org/grpc v1.60.1
sigs.k8s.io/yaml v1.4.0
)

require (
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.1.5 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/blendle/zapdriver v1.3.1 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-logr/logr v1.3.0 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.1-0.20210315223345-82c243799c99 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/prometheus/client_golang v1.17.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
go.opentelemetry.io/otel v1.21.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.19.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.19.0 // indirect
go.opentelemetry.io/otel/metric v1.21.0 // indirect
go.opentelemetry.io/otel/sdk v1.21.0 // indirect
go.opentelemetry.io/otel/trace v1.21.0 // indirect
go.opentelemetry.io/proto/otlp v1.0.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/crypto v0.18.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.16.0 // indirect
golang.org/x/sync v0.4.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
google.golang.org/api v0.149.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20231212172506-995d672761c0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 // indirect
google.golang.org/protobuf v1.32.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/api v0.28.4 // indirect
k8s.io/apimachinery v0.28.4 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/utils v0.0.0-20230505201702-9f6742963106 // indirect
knative.dev/pkg v0.0.0-20231101193506-b09d4f2a2845 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)
Loading

0 comments on commit e6d0bdf

Please sign in to comment.