Merge pull request #59 from CanDIG/daisieh/no-service-token

Don't pass in OPA_SECRET anymore
CanDIG · May 28, 2024 · 9d1b724 · 9d1b724
2 parents b152150 + 2f303fb
commit 9d1b724
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 5 deletions.
diff --git a/candig_federation/authz.py b/candig_federation/authz.py
@@ -5,8 +5,6 @@
 
 app = Flask(__name__)
 TEST_KEY = os.getenv("TEST_KEY")
-CANDIG_OPA_URL = os.getenv("CANDIG_OPA_URL")
-CANDIG_OPA_SECRET = os.getenv("CANDIG_OPA_SECRET")
 TYK_FEDERATION_API_ID = os.getenv("TYK_FEDERATION_API_ID")
 
 
@@ -27,7 +25,7 @@ def is_site_admin(request):
         return True # no auth
     if "Authorization" in request.headers:
         try:
-            return authx.auth.is_site_admin(request, opa_url=CANDIG_OPA_URL, admin_secret=CANDIG_OPA_SECRET)
+            return authx.auth.is_site_admin(request)
         except Exception as e:
             print(f"Couldn't authorize site_admin: {type(e)} {str(e)}")
             app.logger.warning(f"Couldn't authorize site_admin: {type(e)} {str(e)}")

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -2,7 +2,6 @@
 
 set -Euo pipefail
 
-export OPA_SECRET=$(cat /run/secrets/opa-service-token)
 export TYK_SECRET_KEY=$(cat /run/secrets/tyk-secret-key)
 
 

diff --git a/requirements.txt b/requirements.txt
@@ -1,5 +1,5 @@
 attrs~=23.1.0
-candigv2-authx@git+https://github.com/CanDIG/candigv2-authx.git@v2.3.0
+candigv2-authx@git+https://github.com/CanDIG/candigv2-authx.git@v2.4.2
 connexion==2.14.1
 decorator==4.4.0
 flask==2.2.5
Original file line number	Diff line number	Diff line change
Expand Up		@@ -2,7 +2,6 @@

		set -Euo pipefail

		export OPA_SECRET=$(cat /run/secrets/opa-service-token)
		export TYK_SECRET_KEY=$(cat /run/secrets/tyk-secret-key)


Expand Down