khuedoan-homelab/scripts/hacks

#!/usr/bin/env python

"""
Quick and dirty script for things that I can't/don't have time to do properly yet
TODO: retire this script
"""

import base64
import json
import requests
import sys
import urllib

from rich.console import Console
from kubernetes import client, config

# https://git.khuedoan.com/user/settings/applications
# Doing this properly inside the cluster requires:
# - Kubernetes service account
try:
    config.load_incluster_config()
except config.ConfigException:
    config.load_kube_config()

gitea_host = client.NetworkingV1Api().read_namespaced_ingress('gitea', 'gitea').spec.rules[0].host
gitea_user_secret = client.CoreV1Api().read_namespaced_secret('gitea-admin-secret', 'gitea')
gitea_user = base64.b64decode(gitea_user_secret.data['username']).decode("utf-8")
gitea_pass = base64.b64decode(gitea_user_secret.data['password']).decode("utf-8")
gitea_url = f"http://{gitea_user}:{urllib.parse.quote_plus(gitea_pass)}@{gitea_host}"

def create_secret(name: str, namespace: str, data: dict) -> None:
    try:
        client.CoreV1Api().read_namespaced_secret(name, namespace)
    except client.exceptions.ApiException:
        # Secret doesn't exist, create a new one
        new_secret = client.V1Secret(
            metadata=client.V1ObjectMeta(name=name),
            data=data,
        )
        client.CoreV1Api().create_namespaced_secret(namespace, new_secret)

def setup_gitea_access_token(name: str) -> None:
    current_tokens = requests.get(
        url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
    ).json()

    if not any(token['name'] == name for token in current_tokens):
        resp = requests.post(
            url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
            headers={
                'Content-Type': 'application/json'
            },
            data=json.dumps({
                'name': name
            })
        )

        if resp.status_code == 201:
            create_secret(
                f"gitea.{name}",
                "global-secrets",
                {
                    'token': base64.b64encode(resp.json()['sha1'].encode("utf-8")).decode("utf-8")
                }
            )
        else:
            print(f"Error creating access token {name} ({resp.status_code})")
            print(resp.content)
            sys.exit(1)

def setup_gitea_oauth_app(name: str, redirect_uri: str) -> None:
    current_apps = requests.get(
        url=f"{gitea_url}/api/v1/user/applications/oauth2",
    ).json()

    if not any(app['name'] == name for app in current_apps):
        resp = requests.post(
            url=f"{gitea_url}/api/v1/user/applications/oauth2",
            headers={
                'Content-Type': 'application/json'
            },
            data=json.dumps({
                'name': name,
                'redirect_uris': [redirect_uri]
            })
        )

        if resp.status_code == 201:
            create_secret(
                f"gitea.{name}",
                "global-secrets",
                {
                    'client_id': base64.b64encode(resp.json()['client_id'].encode("utf-8")).decode("utf-8"),
                    'client_secret': base64.b64encode(resp.json()['client_secret'].encode("utf-8")).decode("utf-8"),
                }
            )
        else:
            print(f"Error creating OAuth application {name} ({resp.status_code})")
            print(resp.content)
            sys.exit(1)

def main() -> None:
    with Console().status("Completing the remaining sorcery"):
        gitea_access_tokens = [
            'renovate'
        ]

        gitea_oauth_apps = [
            {'name': 'dex', 'redirect_uri': f"https://{client.NetworkingV1Api().read_namespaced_ingress('dex', 'dex').spec.rules[0].host}/callback"}
        ]

        for token_name in gitea_access_tokens:
            setup_gitea_access_token(token_name)

        for app in gitea_oauth_apps:
            setup_gitea_oauth_app(app['name'], app['redirect_uri'])

if __name__ == '__main__':
    main()
refactor(tools): switch to Nix - Nix is more reproducible (pinned to a specific hash) - Faster rebuild after changing the package list (due to /nix caching in volume) - Users can still use make tools (wrapped in Docker) without installing Nix - Using nix-shell will work if you have nix installed. 2022-08-26 19:08:52 +07:00			`#!/usr/bin/env python`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
			`"""`
			`Quick and dirty script for things that I can't/don't have time to do properly yet`
			`TODO: retire this script`
			`"""`

feat: get credentials automatically in post install script 2022-07-23 23:59:29 +07:00			`import base64`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`import json`
			`import requests`
feat: get credentials automatically in post install script 2022-07-23 23:59:29 +07:00			`import sys`
fix: URL encode Gitea password 2023-02-22 18:33:48 +07:00			`import urllib`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
feat: get credentials automatically in post install script 2022-07-23 23:59:29 +07:00			`from rich.console import Console`
			`from kubernetes import client, config`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
			`# https://git.khuedoan.com/user/settings/applications`
			`# Doing this properly inside the cluster requires:`
			`# - Kubernetes service account`
refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 02:35:19 +07:00			`try:`
			`config.load_incluster_config()`
			`except config.ConfigException:`
			`config.load_kube_config()`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
feat: get credentials automatically in post install script 2022-07-23 23:59:29 +07:00			`gitea_host = client.NetworkingV1Api().read_namespaced_ingress('gitea', 'gitea').spec.rules[0].host`
refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 02:35:19 +07:00			`gitea_user_secret = client.CoreV1Api().read_namespaced_secret('gitea-admin-secret', 'gitea')`
			`gitea_user = base64.b64decode(gitea_user_secret.data['username']).decode("utf-8")`
			`gitea_pass = base64.b64decode(gitea_user_secret.data['password']).decode("utf-8")`
fix: URL encode Gitea password 2023-02-22 18:33:48 +07:00			`gitea_url = f"http://{gitea_user}:{urllib.parse.quote_plus(gitea_pass)}@{gitea_host}"`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 02:35:19 +07:00			`def create_secret(name: str, namespace: str, data: dict) -> None:`
			`try:`
			`client.CoreV1Api().read_namespaced_secret(name, namespace)`
			`except client.exceptions.ApiException:`
			`# Secret doesn't exist, create a new one`
			`new_secret = client.V1Secret(`
			`metadata=client.V1ObjectMeta(name=name),`
			`data=data,`
			`)`
			`client.CoreV1Api().create_namespaced_secret(namespace, new_secret)`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00
			`def setup_gitea_access_token(name: str) -> None:`
			`current_tokens = requests.get(`
			`url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",`
			`).json()`

			`if not any(token['name'] == name for token in current_tokens):`
			`resp = requests.post(`
			`url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",`
			`headers={`
			`'Content-Type': 'application/json'`
			`},`
			`data=json.dumps({`
			`'name': name`
			`})`
			`)`

			`if resp.status_code == 201:`
refactor!: make secret generator write to k8s Secrets instead of Vault 2023-11-26 02:09:21 +07:00			`create_secret(`
			`f"gitea.{name}",`
			`"global-secrets",`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`{`
refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 02:35:19 +07:00			`'token': base64.b64encode(resp.json()['sha1'].encode("utf-8")).decode("utf-8")`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`}`
			`)`
			`else:`
			`print(f"Error creating access token {name} ({resp.status_code})")`
			`print(resp.content)`
			`sys.exit(1)`

			`def setup_gitea_oauth_app(name: str, redirect_uri: str) -> None:`
			`current_apps = requests.get(`
			`url=f"{gitea_url}/api/v1/user/applications/oauth2",`
			`).json()`

			`if not any(app['name'] == name for app in current_apps):`
			`resp = requests.post(`
			`url=f"{gitea_url}/api/v1/user/applications/oauth2",`
			`headers={`
			`'Content-Type': 'application/json'`
			`},`
			`data=json.dumps({`
			`'name': name,`
			`'redirect_uris': [redirect_uri]`
			`})`
			`)`

			`if resp.status_code == 201:`
refactor!: make secret generator write to k8s Secrets instead of Vault 2023-11-26 02:09:21 +07:00			`create_secret(`
			`f"gitea.{name}",`
			`"global-secrets",`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`{`
refactor!: update post install script to write to k8s secret instead of Vault 2023-11-26 02:35:19 +07:00			`'client_id': base64.b64encode(resp.json()['client_id'].encode("utf-8")).decode("utf-8"),`
			`'client_secret': base64.b64encode(resp.json()['client_secret'].encode("utf-8")).decode("utf-8"),`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`}`
			`)`
			`else:`
			`print(f"Error creating OAuth application {name} ({resp.status_code})")`
			`print(resp.content)`
			`sys.exit(1)`

			`def main() -> None:`
			`with Console().status("Completing the remaining sorcery"):`
			`gitea_access_tokens = [`
			`'renovate'`
			`]`

			`gitea_oauth_apps = [`
feat: get credentials automatically in post install script 2022-07-23 23:59:29 +07:00			`{'name': 'dex', 'redirect_uri': f"https://{client.NetworkingV1Api().read_namespaced_ingress('dex', 'dex').spec.rules[0].host}/callback"}`
feat: add script to setup Gitea tokens and OAuth apps 2022-07-18 03:48:15 +07:00			`]`

			`for token_name in gitea_access_tokens:`
			`setup_gitea_access_token(token_name)`

			`for app in gitea_oauth_apps:`
			`setup_gitea_oauth_app(app['name'], app['redirect_uri'])`

			`if __name__ == '__main__':`
			`main()`