habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2ee48cd0391207238917d37d6cdd5bdaa3ddb41a
authentik/authentik/outposts/docker_tls.py
Jens Langhammer 79b92e764e *: fix typos in code 
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-09-25 00:01:11 +02:00

57 lines
2.1 KiB
Python
Raw Blame History

"""Create Docker TLSConfig from CertificateKeyPair"""
from pathlib import Path
from tempfile import gettempdir
from typing import Optional
from docker.tls import TLSConfig
from authentik.crypto.models import CertificateKeyPair
class DockerInlineTLS:
"""Create Docker TLSConfig from CertificateKeyPair"""
verification_kp: Optional[CertificateKeyPair]
authentication_kp: Optional[CertificateKeyPair]
def __init__(
self,
verification_kp: Optional[CertificateKeyPair],
authentication_kp: Optional[CertificateKeyPair],
) -> None:
self.verification_kp = verification_kp
self.authentication_kp = authentication_kp
def write_file(self, name: str, contents: str) -> str:
"""Wrapper for mkstemp that uses fdopen"""
path = Path(gettempdir(), name)
with open(path, "w", encoding="utf8") as _file:
_file.write(contents)
return str(path)
def write(self) -> TLSConfig:
"""Create TLSConfig with Certificate Key pairs"""
# So yes, this is quite ugly. But sadly, there is no clean way to pass
# docker-py (which is using requests (which is using urllib3)) a certificate
# for verification or authentication as string.
# Because we run in docker, and our tmpfs is isolated to us, we can just
# write out the certificates and keys to files and use their paths
config_args = {}
if self.verification_kp:
ca_cert_path = self.write_file(
f"{self.verification_kp.pk.hex}-cert.pem",
self.verification_kp.certificate_data,
)
config_args["ca_cert"] = ca_cert_path
if self.authentication_kp:
auth_cert_path = self.write_file(
f"{self.authentication_kp.pk.hex}-cert.pem",
self.authentication_kp.certificate_data,
)
auth_key_path = self.write_file(
f"{self.authentication_kp.pk.hex}-key.pem",
self.authentication_kp.key_data,
)
config_args["client_cert"] = (auth_cert_path, auth_key_path)
return TLSConfig(**config_args)
Reference in New Issue View Git Blame Copy Permalink