From 41b3325b1a4b543ce76da5e0949a2edcaf3f4059 Mon Sep 17 00:00:00 2001 From: Doug Lovett Date: Wed, 24 Jan 2024 12:09:58 -0800 Subject: [PATCH] Update assets api/job notify api configuration (#1703) Signed-off-by: Doug Lovett --- .../src/ppr_discharges_for_mhr/config.py | 3 ++ .../src/ppr_discharges_for_mhr/job.py | 6 ++- .../services/notify/__init__.py | 40 +++++++++++++++++-- .../src/ppr_discharges_for_mhr/version.py | 2 +- .../src/mhr_api/services/notify/__init__.py | 11 +++-- mhr_api/src/mhr_api/version.py | 2 +- 6 files changed, 53 insertions(+), 11 deletions(-) diff --git a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/config.py b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/config.py index 25f81fd39..fb25d083b 100644 --- a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/config.py +++ b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/config.py @@ -65,3 +65,6 @@ class Config(BaseConfig): TRACKER_DATABASE_URI = f'postgresql://{TRACKER_DB_USER}:{TRACKER_DB_PASSWORD}@/{TRACKER_DB_NAME}?host={TRACKER_DB_UNIX_SOCKET}' else: TRACKER_DATABASE_URI = f'postgresql://{TRACKER_DB_USER}:{TRACKER_DB_PASSWORD}@{TRACKER_DB_HOST}:{TRACKER_DB_PORT}/{TRACKER_DB_NAME}' + ACCOUNT_SVC_CLIENT_ID = os.getenv('ACCOUNT_SVC_CLIENT_ID') + ACCOUNT_SVC_CLIENT_SECRET = os.getenv('ACCOUNT_SVC_CLIENT_SECRET') + JWT_OIDC_TOKEN_URL = os.getenv('JWT_OIDC_TOKEN_URL') diff --git a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/job.py b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/job.py index e76c2d3e0..de61236b0 100644 --- a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/job.py +++ b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/job.py @@ -110,7 +110,11 @@ def job(config): } # Send email - notify = Notify(**{'url': config.NOTIFY_URL}) + # notify = Notify(**{'url': config.NOTIFY_URL}) + notify = Notify(**{'url': config.NOTIFY_URL, + 'oidc_url': config.JWT_OIDC_TOKEN_URL, + 'sa_client_id': config.ACCOUNT_SVC_CLIENT_ID, + 'sa_secret': config.ACCOUNT_SVC_CLIENT_SECRET}) ret = notify.send_email(email_data) logging.info(f'Email sent, return code: {ret}') if ret != HTTPStatus.OK: diff --git a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/services/notify/__init__.py b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/services/notify/__init__.py index 4637986ca..6ebe2b8c5 100644 --- a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/services/notify/__init__.py +++ b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/services/notify/__init__.py @@ -13,11 +13,15 @@ # limitations under the License. """This module contains the services used by the Delivery Service.""" from http import HTTPStatus +import json -import google.auth.transport.requests -import google.oauth2.id_token +# Don't need GCP tokens until completetly off of OpenShift +# import google.auth.transport.requests +# import google.oauth2.id_token import requests +from ppr_discharges_for_mhr.services.logging import logging + class Notify: """Notify calls the GCNotify service.""" @@ -30,12 +34,16 @@ def __init__(self, **kwargs): def setup(self, **kwargs): """Setup the attributes needed for notify to work.""" self.notify_url = kwargs.get('url') + self.oidc_url = kwargs.get('oidc_url') + self.client_id = kwargs.get('sa_client_id') + self.secret = kwargs.get('sa_secret') def send_email(self, payload: dict) -> HTTPStatus: """Create and send the email payload to the Notify service.""" - auth_req = google.auth.transport.requests.Request() - id_token = google.oauth2.id_token.fetch_id_token(auth_req, self.notify_url) + # auth_req = google.auth.transport.requests.Request() + # id_token = google.oauth2.id_token.fetch_id_token(auth_req, self.notify_url) + id_token = self.get_oidc_sa_token() # Use the PPR/MHR service account to create a JWT. headers = {'Authorization': 'Bearer ' + id_token, 'Content-Type': 'application/json'} @@ -45,3 +53,27 @@ def send_email(self, payload: dict) -> HTTPStatus: json=payload) return res.status_code + + def get_oidc_sa_token(self) -> str: + """Generate an OIDC PPR service account token (JWT). Request one from the OIDC service.""" + logging.info(f'Calling OIDC api to get token: URL = {self.oidc_url}, client_id={self.client_id}.') + token = '' + headers = { + 'Accept': 'application/json', + 'Content-Type': 'application/x-www-form-urlencoded' + } + data = f'grant_type=client_credentials&scope=openid&client_id={self.client_id}&client_secret={self.secret}' + response = requests.request('post', + self.oidc_url, + data=data, + params=None, + headers=headers) + + if not response or not response.ok: + logging.error(f'No sa token from OIDC: return status {response.status_code}.') + return token + + response_json = json.loads(response.text) + token = response_json.get('access_token') + logging.info(f'Have new sa token from OIDC: {token}') + return token diff --git a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/version.py b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/version.py index 9cb4a31ca..18ebd601a 100644 --- a/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/version.py +++ b/jobs/permanent/ppr-discharges-for-mhr/src/ppr_discharges_for_mhr/version.py @@ -1,2 +1,2 @@ -__version__ = '0.1.0' # pylint: disable=invalid-name \ No newline at end of file +__version__ = '0.1.1' # pylint: disable=invalid-name \ No newline at end of file diff --git a/mhr_api/src/mhr_api/services/notify/__init__.py b/mhr_api/src/mhr_api/services/notify/__init__.py index 9c2567988..a01218bf7 100644 --- a/mhr_api/src/mhr_api/services/notify/__init__.py +++ b/mhr_api/src/mhr_api/services/notify/__init__.py @@ -14,11 +14,13 @@ """This module contains the services used by the Delivery Service.""" from http import HTTPStatus -import google.auth.transport.requests -import google.oauth2.id_token +# Don't need GCP tokens until completetly off of OpenShift +# import google.auth.transport.requests +# import google.oauth2.id_token import requests from flask import current_app +from mhr_api.services.payment.client import SBCPaymentClient class Notify: """Notify calls the GCNotify service.""" @@ -34,8 +36,9 @@ def setup(self, **kwargs): def send_email(self, payload: dict) -> HTTPStatus: """Create and send the email payload to the Notify service.""" - auth_req = google.auth.transport.requests.Request() - id_token = google.oauth2.id_token.fetch_id_token(auth_req, self.notify_url) + # auth_req = google.auth.transport.requests.Request() + # id_token = google.oauth2.id_token.fetch_id_token(auth_req, self.notify_url) + id_token = SBCPaymentClient.get_sa_token() # Use the PPR/MHR service account to create a JWT. current_app.logger.debug(id_token) headers = {'Authorization': 'Bearer ' + id_token, 'Content-Type': 'application/json'} diff --git a/mhr_api/src/mhr_api/version.py b/mhr_api/src/mhr_api/version.py index a55cfe9b7..e5a57d9af 100644 --- a/mhr_api/src/mhr_api/version.py +++ b/mhr_api/src/mhr_api/version.py @@ -22,4 +22,4 @@ Development release segment: .devN """ -__version__ = '1.6.8' # pylint: disable=invalid-name +__version__ = '1.6.9' # pylint: disable=invalid-name