From 8269126d8eb1d35c70f0566da5a8ee2dab2e95be Mon Sep 17 00:00:00 2001 From: Bruce Schultz Date: Tue, 30 Apr 2024 09:18:31 +0200 Subject: [PATCH] feat(hub): switch to using robot account for hub auth build_image --- hub_adapter/auth.py | 14 +++++--------- hub_adapter/conf.py | 2 -- hub_adapter/models/conf.py | 2 +- .../templates/hub-adapter-deployment.yaml | 8 ++++---- k8s/helm/hub-adapter/values.yaml | 6 +++--- 5 files changed, 13 insertions(+), 19 deletions(-) diff --git a/hub_adapter/auth.py b/hub_adapter/auth.py index 23f9f6d..15020dc 100644 --- a/hub_adapter/auth.py +++ b/hub_adapter/auth.py @@ -99,16 +99,12 @@ async def verify_idp_token(token: str = Security(idp_oauth2_scheme)) -> dict: async def get_hub_token() -> dict: - """Automated method for getting a token from the central Hub service.""" - hub_user, hub_pwd = hub_adapter_settings.HUB_USERNAME, hub_adapter_settings.HUB_PASSWORD - payload = {"username": hub_user, "password": hub_pwd} # For testing + """Automated method for getting a robot token from the central Hub service.""" + robot_user, robot_secret = hub_adapter_settings.HUB_ROBOT_USER, hub_adapter_settings.HUB_ROBOT_SECRET + # {"grant_type": 'robot_credentials', "id": '|', "secret": ''} + payload = {"grant_type": 'robot_credentials', "id": robot_user, "secret": robot_secret} - # TODO move to robot - # robot_user, robot_secret = hub_adapter_settings.HUB_ROBOT_USER, hub_adapter_settings.HUB_ROBOT_SECRET - # {"grant_type": 'robot_credentials', "id": '|', "secret": ''} - # payload = {"grant_type": 'robot_credentials', "id": robot_user, "secret": robot_secret} - - if not hub_user or not hub_pwd: + if not robot_user or not robot_secret: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="No credentials provided for the hub. Check that the environment variables are set properly", diff --git a/hub_adapter/conf.py b/hub_adapter/conf.py index dc33b63..050457f 100644 --- a/hub_adapter/conf.py +++ b/hub_adapter/conf.py @@ -31,8 +31,6 @@ class Settings(BaseModel): # Hub HUB_AUTH_SERVICE_URL: str = os.getenv("HUB_AUTH_SERVICE_URL", "https://privateaim.net/auth") HUB_SERVICE_URL: str = os.getenv("HUB_SERVICE_URL", "https://privateaim.net/core") - HUB_USERNAME: str = os.getenv("HUB_USERNAME") - HUB_PASSWORD: str = os.getenv("HUB_PASSWORD") HUB_ROBOT_USER: str = os.getenv("HUB_ROBOT_USER") HUB_ROBOT_SECRET: str = os.getenv("HUB_ROBOT_SECRET") diff --git a/hub_adapter/models/conf.py b/hub_adapter/models/conf.py index beb0dbb..bf2cb93 100644 --- a/hub_adapter/models/conf.py +++ b/hub_adapter/models/conf.py @@ -25,5 +25,5 @@ class Token(BaseModel): access_token: str token_type: str expires_in: int - refresh_token: str + refresh_token: str | None = None refresh_expires_in: int | None = None diff --git a/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml b/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml index 9a3725e..eae59bd 100644 --- a/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml +++ b/k8s/helm/hub-adapter/templates/hub-adapter-deployment.yaml @@ -50,10 +50,10 @@ spec: value: {{ .Values.hub.coreApi | default "https://privateaim.net/core" | quote }} - name: HUB_AUTH_SERVICE_URL value: {{ .Values.hub.authApi | default "https://privateaim.net/auth" | quote }} - - name: HUB_USERNAME - value: {{ .Values.hub.auth.username | default "" | quote }} # To be properly filled in - - name: HUB_PASSWORD - value: {{ .Values.hub.auth.password | default "" | quote }} + - name: HUB_ROBOT_USER + value: {{ .Values.hub.auth.robotuser | default "" | quote }} # To be properly filled in + - name: HUB_ROBOT_SECRET + value: {{ .Values.hub.auth.robotpwd | default "" | quote }} livenessProbe: httpGet: path: /healthz diff --git a/k8s/helm/hub-adapter/values.yaml b/k8s/helm/hub-adapter/values.yaml index 02cd73b..7a2b6fc 100644 --- a/k8s/helm/hub-adapter/values.yaml +++ b/k8s/helm/hub-adapter/values.yaml @@ -38,7 +38,7 @@ hub: coreApi: https://privateaim.net/core ## @param hub.authApi Hub auth API endpoint authApi: https://privateaim.net/auth - ## Credentials used for retrieving a valid token from the hub + ## Credentials used for retrieving a valid robot token from the hub auth: - username: "" - password: "" + robotuser: "" + robotpwd: ""