createToken.py: Allow specification of the JWT key file and output file #676
Conversation
|
The script supports multiple input files. So the output would need to either be a directory, or somehow specify how multiple input files would be named. If I understand correctly, the code as suggested would cause the (single) output file to just be overwritten for every input file? |
|
|
||
| output_filename = input_filename[:-5] if input_filename.endswith(".json") else input_filename | ||
| output_filename += ".token" | ||
|
|
There was a problem hiding this comment.
The failed build is caused by trailing blanks on this line
This is valid point. I'll add some logic to fix that. |
If 1==true and 2==false I migh just push another commit fixing the linter issues |
|
@SebastianSchildt - we have as part of our migration to eclipse-kuksa copied this script and related data to https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt , but kept it here as well as both databroker and KUKSA Server references them. However the scripts does not need to exist in multiple locations, so if we should merge it then it should as I see it go to kuksa-common (and the scripts possibly removed here). From a functional perspective - there is a problem as indicated by the last comments from John and Landgraf, the script loops over multiple input parameters but supports only one output parameter. This should better be fixed or at least marked/documented as a limitation |
landgraf
force-pushed
the
createtoken
branch
from
b870544
to
f1c7e37
Compare
@landgraf is still alive :) I'm not working on the project anymore though. |
Current version of the script assumes that jwt key file is located in the same directory as the script itself and token is written into the same directory as json specification. This is not convinient for binary distribution with key files placed under /etc and script under bin or libexec dirs. Allowing specification of key file and output files location fixes this and application token can be generated with [1] while keeping backward compatibility and existing behaviour (single argument to specify json policy definition) Error out if both output option and multiple input files have been specified [1] /usr/libexec/kuksa-createToken.py /usr/share/kuksa-val/jwt/all-read-write.json --key /etc/pki/kuksa/jwt.key --output /etc/xdg/AGL/%i/%i.token
landgraf
force-pushed
the
createtoken
branch
from
f1c7e37
to
bd97386
Compare
There was a problem hiding this comment.
Looks good.
@SebastianSchildt - we need to agree on how to handle this improvement vs the migration to eclipse-kuksa. A possible workflow could be:
- Merge PR here
- Then include commit at https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt as well
- Then remove scripts from this repo, instead add reference to kuksa-common as needed
Current version of the script assumes that jwt key file is located in the same directory as the script itself and token is written into the same directory as json specification. This is not convinient for binary distribution with key files placed under /etc and script under bin or libexec dirs.
Allowing specification of key file and output files location fixes this and application token can be generated with [1] while keeping backward compatibility and existing behaviour (single argument to specify json policy definition)
[1]
/usr/libexec/kuksa-createToken.py /usr/share/kuksa-val/jwt/all-read-write.json --key /etc/pki/kuksa/jwt.key --output /etc/xdg/AGL/%i/%i.token