feat(hub): switch to using robot account for hub auth build_image

PrivateAIM · Apr 30, 2024 · 8269126 · 8269126
1 parent edda180
commit 8269126
Show file tree

Hide file tree

Showing 5 changed files with 13 additions and 19 deletions.
diff --git a/hub_adapter/auth.py b/hub_adapter/auth.py
@@ -99,16 +99,12 @@ async def verify_idp_token(token: str = Security(idp_oauth2_scheme)) -> dict:
 
 
 async def get_hub_token() -> dict:
-    """Automated method for getting a token from the central Hub service."""
-    hub_user, hub_pwd = hub_adapter_settings.HUB_USERNAME, hub_adapter_settings.HUB_PASSWORD
-    payload = {"username": hub_user, "password": hub_pwd}  # For testing
+    """Automated method for getting a robot token from the central Hub service."""
+    robot_user, robot_secret = hub_adapter_settings.HUB_ROBOT_USER, hub_adapter_settings.HUB_ROBOT_SECRET
+    #  {"grant_type": 'robot_credentials', "id": '<robot-id>|<robot-name>', "secret": '<robot-secret>'}
+    payload = {"grant_type": 'robot_credentials', "id": robot_user, "secret": robot_secret}
 
-    # TODO move to robot
-    # robot_user, robot_secret = hub_adapter_settings.HUB_ROBOT_USER, hub_adapter_settings.HUB_ROBOT_SECRET
-    # {"grant_type": 'robot_credentials', "id": '<robot-id>|<robot-name>', "secret": '<robot-secret>'}
-    # payload = {"grant_type": 'robot_credentials', "id": robot_user, "secret": robot_secret}
-
-    if not hub_user or not hub_pwd:
+    if not robot_user or not robot_secret:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="No credentials provided for the hub. Check that the environment variables are set properly",

diff --git a/hub_adapter/conf.py b/hub_adapter/conf.py
@@ -31,8 +31,6 @@ class Settings(BaseModel):
     # Hub
     HUB_AUTH_SERVICE_URL: str = os.getenv("HUB_AUTH_SERVICE_URL", "https://privateaim.net/auth")
     HUB_SERVICE_URL: str = os.getenv("HUB_SERVICE_URL", "https://privateaim.net/core")
-    HUB_USERNAME: str = os.getenv("HUB_USERNAME")
-    HUB_PASSWORD: str = os.getenv("HUB_PASSWORD")
     HUB_ROBOT_USER: str = os.getenv("HUB_ROBOT_USER")
     HUB_ROBOT_SECRET: str = os.getenv("HUB_ROBOT_SECRET")
 

diff --git a/hub_adapter/models/conf.py b/hub_adapter/models/conf.py
@@ -25,5 +25,5 @@ class Token(BaseModel):
     access_token: str
     token_type: str
     expires_in: int
-    refresh_token: str
+    refresh_token: str | None = None
     refresh_expires_in: int | None = None
diff --git a/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml b/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml
@@ -50,10 +50,10 @@ spec:
               value: {{ .Values.hub.coreApi | default "https://privateaim.net/core" | quote }}
             - name: HUB_AUTH_SERVICE_URL
               value: {{ .Values.hub.authApi | default "https://privateaim.net/auth" | quote }}
-            - name: HUB_USERNAME
-              value: {{ .Values.hub.auth.username | default "" | quote }}  # To be properly filled in
-            - name: HUB_PASSWORD
-              value: {{ .Values.hub.auth.password | default "" | quote }}
+            - name: HUB_ROBOT_USER
+              value: {{ .Values.hub.auth.robotuser | default "" | quote }}  # To be properly filled in
+            - name: HUB_ROBOT_SECRET
+              value: {{ .Values.hub.auth.robotpwd | default "" | quote }}
           livenessProbe:
             httpGet:
               path: /healthz

diff --git a/k8s/helm/hub-adapter/values.yaml b/k8s/helm/hub-adapter/values.yaml
@@ -38,7 +38,7 @@ hub:
   coreApi: https://privateaim.net/core
   ## @param hub.authApi Hub auth API endpoint
   authApi: https://privateaim.net/auth
-  ## Credentials used for retrieving a valid token from the hub
+  ## Credentials used for retrieving a valid robot token from the hub
   auth:
-    username: ""
-    password: ""
+    robotuser: ""
+    robotpwd: ""