feat: add script to setup Gitea tokens and OAuth apps

2024-12-22 20:24:32 +07:00 · 2022-07-18 03:48:15 +07:00 · 2022-07-18 03:48:15 +07:00 · c3f4433a1a
commit c3f4433a1a
parent 3bf72dfde3
1 changed files with 128 additions and 0 deletions
--- a/scripts/hacks
+++ b/scripts/hacks
@ -0,0 +1,128 @@
+#!/bin/python
+
+"""
+Quick and dirty script for things that I can't/don't have time to do properly yet
+TODO: retire this script
+
+export DOMAIN=khuedoan.com
+export GITEA_USER=gitea_admin
+export GITEA_PASSWORD='xxx'
+export GITEA_HOST='git.khuedoan.com'
+export VAULT_HOST='https://vault.khuedoan.com'
+export VAULT_TOKEN='s.xxx'
+./scripts/hacks
+"""
+
+import json
+import os
+import sys
+import requests
+import urllib.parse
+from rich.console import Console
+
+
+# https://git.khuedoan.com/user/settings/applications
+# Doing this properly inside the cluster requires:
+# - Kubernetes service account
+# - Vault Kubernetes auth
+domain = os.environ['DOMAIN']
+vault_host = os.environ['VAULT_HOST']
+vault_token = os.environ['VAULT_TOKEN']
+
+gitea_host = os.getenv('GITEA_HOST', "gitea-http:3000")
+gitea_user = os.environ['GITEA_USER']
+gitea_pass = urllib.parse.quote_plus(os.environ['GITEA_PASSWORD'])
+gitea_url = f"http://{gitea_user}:{gitea_pass}@{gitea_host}"
+
+
+def create_vault_secret(path: str, data) -> None:
+    requests.post(
+        url=f"{vault_host}/v1/secret/data/{path}",
+        headers={
+            'X-Vault-Token': vault_token
+        },
+        data=json.dumps({
+            'data': data
+        })
+    )
+
+
+def setup_gitea_access_token(name: str) -> None:
+    current_tokens = requests.get(
+        url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
+    ).json()
+
+    if not any(token['name'] == name for token in current_tokens):
+        resp = requests.post(
+            url=f"{gitea_url}/api/v1/users/{gitea_user}/tokens",
+            headers={
+                'Content-Type': 'application/json'
+            },
+            data=json.dumps({
+                'name': name
+            })
+        )
+
+        if resp.status_code == 201:
+            create_vault_secret(
+                f"gitea/{name}",
+                {
+                    'token': resp.json()['sha1']
+                }
+            )
+        else:
+            print(f"Error creating access token {name} ({resp.status_code})")
+            print(resp.content)
+            sys.exit(1)
+
+
+def setup_gitea_oauth_app(name: str, redirect_uri: str) -> None:
+    current_apps = requests.get(
+        url=f"{gitea_url}/api/v1/user/applications/oauth2",
+    ).json()
+
+    if not any(app['name'] == name for app in current_apps):
+        resp = requests.post(
+            url=f"{gitea_url}/api/v1/user/applications/oauth2",
+            headers={
+                'Content-Type': 'application/json'
+            },
+            data=json.dumps({
+                'name': name,
+                'redirect_uris': [redirect_uri]
+            })
+        )
+
+        if resp.status_code == 201:
+            create_vault_secret(
+                f"gitea/{name}",
+                {
+                    'client_id': resp.json()['client_id'],
+                    'client_secret': resp.json()['client_secret']
+                }
+            )
+        else:
+            print(f"Error creating OAuth application {name} ({resp.status_code})")
+            print(resp.content)
+            sys.exit(1)
+
+
+def main() -> None:
+    with Console().status("Completing the remaining sorcery"):
+        gitea_access_tokens = [
+            'renovate'
+        ]
+
+        gitea_oauth_apps = [
+            {'name': 'dex', 'redirect_uri': f"https://dex.{domain}/callback"}
+        ]
+
+        for token_name in gitea_access_tokens:
+            setup_gitea_access_token(token_name)
+
+        for app in gitea_oauth_apps:
+            setup_gitea_oauth_app(app['name'], app['redirect_uri'])
+
+
+if __name__ == '__main__':
+    main()