createToken.py: Allow specification of the JWT key file and output file

[landgraf]

Current version of the script assumes that jwt key file is located in the same directory as the script itself and token is written into the same directory as json specification. This is not convinient for binary distribution with key files placed under /etc and script under bin or libexec dirs. Allowing specification of key file and output files location fixes this and application token can be generated with [1] while keeping backward compatibility and existing behaviour (single argument to specify json policy definition)

[1] /usr/libexec/kuksa-createToken.py /usr/share/kuksa-val/jwt/all-read-write.json --key /etc/pki/kuksa/jwt.key --output /etc/xdg/AGL/%i/%i.token

[argerus]

The script supports multiple input files. So the output would need to either be a directory, or somehow specify how multiple input files would be named.

If I understand correctly, the code as suggested would cause the (single) output file to just be overwritten for every input file?

[landgraf]

The script supports multiple input files. So the output would need to either be a directory, or somehow specify how multiple input files would be named.

If I understand correctly, the code as suggested would cause the (single) output file to just be overwritten for every input file?

This is valid point. I'll add some logic to fix that.

[SebastianSchildt]

1. @erikbosch is this still relevant, it seems only blocked by linter issues

2. Is OP @landgraf still alive?

If 1==true and 2==false I migh just push another commit fixing the linter issues

[erikbosch]

@SebastianSchildt - we have as part of our migration to eclipse-kuksa copied this script and related data to https://github.com/eclipse-kuksa/kuksa-common/tree/main/jwt , but kept it here as well as both databroker and KUKSA Server references them. However the scripts does not need to exist in multiple locations, so if we should merge it then it should as I see it go to kuksa-common (and the scripts possibly removed here).

From a functional perspective - there is a problem as indicated by the last comments from John and Landgraf, the script loops over multiple input parameters but supports only one output parameter. This should better be fixed or at least marked/documented as a limitation

[landgraf]

1. @erikbosch is this still relevant, it seems only blocked by linter issues
2. Is OP @landgraf still alive?

If 1==true and 2==false I migh just push another commit fixing the linter issues

@landgraf is still alive :) I'm not working on the project anymore though. https://github.com/eclipse/kuksa.val/pull/676#issuecomment-1737136873 is valid point and have to be fixed. I've fixed this issue but apparently forgot to push.