signalapp/Signal-Calling-Service
signalapp/Signal-Calling-Service
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Docker: Fetch calling-frontend zkparams from GCP Secret Manager

Browse Source
This commit is contained in:
Jordan Rose 2023-05-03 11:19:21 -07:00
parent 86147eb72e
commit 5035243bf2
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
frontend/docker-entrypoint.sh
View File

@ -25,18 +25,31 @@ if [[ -z "${CALLING_AUTH_KEY}" ]]; then
echo "Error: AUTH_SECRET_NAME not defined but needed to get calling-auth-key!"
exit 1
fi
if [[ -z "${ZKPARAMS_SECRET_NAME}" ]]; then
echo "Error: ZKPARAMS_SECRET_NAME not defined but needed to get calling-zkparams!"
exit 1
fi
TOKEN="$(curl -Ss "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" -H "Metadata-Flavor: Google" | jq '.access_token')"
CALLING_AUTH_KEY="$(curl -Ss "https://secretmanager.googleapis.com/v1/projects/$SECRET_PROJECT/secrets/$AUTH_SECRET_NAME/versions/latest:access" -H "Metadata-Flavor: Google" -H "authorization: Bearer $TOKEN" | jq -r '.payload.data' | base64 --decode)"
if [[ -z "${CALLING_AUTH_KEY}" ]]; then
echo "Error: CALLING_AUTH_KEY not defined!"
exit 1
fi
# zkparams are expected to be base64, so we don't have to decode them.
ZKPARAMS="$(curl -Ss "https://secretmanager.googleapis.com/v1/projects/$SECRET_PROJECT/secrets/$ZKPARAMS_SECRET_NAME/versions/latest:access" -H "Metadata-Flavor: Google" -H "authorization: Bearer $TOKEN" | jq -r '.payload.data')"
fi
set -- calling_frontend \
if [[ -z "${ZKPARAMS}" ]]; then
echo "Error: ZKPARAMS not defined!"
exit 1
fi
calling_frontend \
--region "$REGION" \
--authentication-key "$CALLING_AUTH_KEY" \
--zkparams "$ZKPARAMS" \
"$@"
"$@"