mirror of
https://github.com/valitydev/capi-v2.git
synced 2024-11-06 01:55:20 +00:00
CAPI-57 Add eternal auth key pulling and prohibit server start with no auth key (#21)
This commit is contained in:
parent
2a2f8d6898
commit
8a73c00372
@ -15,6 +15,7 @@
|
||||
-spec start_link() -> {ok, pid()} | {error, {already_started, pid()}}.
|
||||
|
||||
start_link() ->
|
||||
validate_auth_key(),
|
||||
supervisor:start_link({local, ?MODULE}, ?MODULE, []).
|
||||
|
||||
%%
|
||||
@ -59,3 +60,12 @@ get_cowboy_extra_opts() ->
|
||||
cowboy_handler
|
||||
]}
|
||||
].
|
||||
|
||||
validate_auth_key() ->
|
||||
PemFilePath = genlib_app:env(capi, api_secret_path),
|
||||
case filelib:is_regular(PemFilePath) of
|
||||
true -> ok;
|
||||
false ->
|
||||
_ = lager:error("Missing auth key, stopping the app..."),
|
||||
exit(no_auth_key)
|
||||
end.
|
||||
|
@ -8,18 +8,35 @@ KK_REALM=${KK_REALM:-external}
|
||||
TARGET=${TARGET:-var/secret}
|
||||
|
||||
CURL_OPTS=${CURL_OPTS:-}
|
||||
REALM_DATA=$(curl -s -m5 --fail ${CURL_OPTS} "http://${KK_HOST}:${KK_PORT}/auth/realms/${KK_REALM}")
|
||||
EXIT_CODE=$?
|
||||
MAX_RETRY_TIMEOUT=${MAX_RETRY_TIMEOUT:-10}
|
||||
|
||||
[ "${EXIT_CODE}" -ne "0" ] && {
|
||||
echo "$0: [ ERROR ] Keycloak realm data fetching failed"
|
||||
exit ${EXIT_CODE}
|
||||
}
|
||||
TIMEOUT=0
|
||||
|
||||
[ -z "${REALM_DATA}" ] && {
|
||||
echo "$0: [ ERROR ] Keycloak realm data is empty"
|
||||
exit -1
|
||||
}
|
||||
while true; do
|
||||
REALM_FAIL=false
|
||||
|
||||
echo "$0: [ INFO ] Attempting to fetch Keycloak key..."
|
||||
|
||||
REALM_DATA=$(curl -s -m5 --fail ${CURL_OPTS} "http://${KK_HOST}:${KK_PORT}/auth/realms/${KK_REALM}")
|
||||
EXIT_CODE=$?
|
||||
if [ "${EXIT_CODE}" -ne "0" ]; then
|
||||
REALM_FAIL=true
|
||||
echo "$0: [ ERROR ] Keycloak realm data fetching failed with exit code: ${EXIT_CODE}"
|
||||
fi
|
||||
if [ -z "${REALM_DATA}" ]; then
|
||||
REALM_FAIL=true
|
||||
echo "$0: [ ERROR ] Keycloak realm data is empty"
|
||||
fi
|
||||
if [ "$REALM_FAIL" == false ]; then
|
||||
break
|
||||
else
|
||||
TIMEOUT=$((TIMEOUT + 1))
|
||||
TIMEOUT=$([ $TIMEOUT -le $MAX_RETRY_TIMEOUT ] && echo "$TIMEOUT" || echo "$MAX_RETRY_TIMEOUT")
|
||||
fi
|
||||
|
||||
echo "$0: [ ERROR ] Keycloak request timeout: ${TIMEOUT}"
|
||||
sleep $TIMEOUT
|
||||
done
|
||||
|
||||
echo "$0: [ INFO ] Keycloak realm data fetched successfully"
|
||||
echo "$0: [ DEBUG ] ${REALM_DATA}"
|
||||
|
Loading…
Reference in New Issue
Block a user