diff --git a/cg/apps/tb/api.py b/cg/apps/tb/api.py index 4bbcc0719b..7eaa9966e8 100644 --- a/cg/apps/tb/api.py +++ b/cg/apps/tb/api.py @@ -4,8 +4,8 @@ import logging from typing import Any -from google.auth import jwt -from google.auth.crypt import RSASigner +from google.auth.transport.requests import Request +from google.oauth2 import service_account from cg.apps.tb.dto.create_job_request import CreateJobRequest from cg.apps.tb.dto.summary_response import AnalysisSummary, SummariesResponse @@ -46,14 +46,17 @@ class TrailblazerAPI: def __init__(self, config: dict): self.service_account = config["trailblazer"]["service_account"] self.service_account_auth_file = config["trailblazer"]["service_account_auth_file"] + self.google_client_id = config["trailblazer"]["google_client_id"] self.host = config["trailblazer"]["host"] @property def auth_header(self) -> dict: - signer = RSASigner.from_service_account_file(self.service_account_auth_file) - payload = {"email": self.service_account} - jwt_token = jwt.encode(signer=signer, payload=payload).decode("ascii") - return {"Authorization": f"Bearer {jwt_token}"} + credentials = service_account.IDTokenCredentials.from_service_account_file( + self.service_account_auth_file, + target_audience=self.google_client_id, + ) + credentials.refresh(Request()) + return {"Authorization": f"Bearer {credentials.token}"} def query_trailblazer( self, command: str, request_body: dict, method: str = APIMethods.POST diff --git a/cg/models/cg_config.py b/cg/models/cg_config.py index bab7e52a26..7ccdbfdf6e 100644 --- a/cg/models/cg_config.py +++ b/cg/models/cg_config.py @@ -129,6 +129,7 @@ class ClientConfig(BaseModel): class TrailblazerConfig(BaseModel): service_account: str service_account_auth_file: str + google_client_id: str host: str diff --git a/cg/server/app_config.py b/cg/server/app_config.py index 97f38b3235..dc3bcfc81d 100644 --- a/cg/server/app_config.py +++ b/cg/server/app_config.py @@ -21,6 +21,7 @@ class AppConfig(BaseSettings): trailblazer_host: str = "trailblazer_host" trailblazer_service_account: str = "service_account" trailblazer_service_account_auth_file: str = "auth_file.json" + trailblazer_google_client_id: str = "google_client_id" freshdesk_url: str = "https://company.freshdesk.com" freshdesk_api_key: str = "freshdesk_api_key" freshdesk_order_email_id: int = 10 diff --git a/cg/server/ext.py b/cg/server/ext.py index a69f9ec573..bb77a7467c 100644 --- a/cg/server/ext.py +++ b/cg/server/ext.py @@ -68,11 +68,13 @@ def __init__(self, app=None): def init_app(self, app): service_account: str = app.config["trailblazer_service_account"] service_account_auth_file: str = app.config["trailblazer_service_account_auth_file"] + google_client_id: str = app.config["trailblazer_google_client_id"] host: str = app.config["trailblazer_host"] config = { "trailblazer": { "service_account": service_account, "service_account_auth_file": service_account_auth_file, + "google_client_id": google_client_id, "host": host, } } diff --git a/tests/conftest.py b/tests/conftest.py index 79b389e3dd..fc4ea1992e 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -2185,6 +2185,7 @@ def context_config( "host": "https://trailblazer.scilifelab.se/", "service_account": "SERVICE", "service_account_auth_file": "trailblazer-auth.json", + "google_client_id": "client_id", }, "arnold": {"api_url": "https://arnold.scilifelab.se/"}, "janus": {"host": "https://janus.sys.scilifelab.se/"}, diff --git a/tests/server/conftest.py b/tests/server/conftest.py index 373bf4dea8..b723db0163 100644 --- a/tests/server/conftest.py +++ b/tests/server/conftest.py @@ -25,6 +25,7 @@ os.environ["GOOGLE_OAUTH_CLIENT_SECRET"] = "dummy_value" os.environ["TRAILBLAZER_SERVICE_ACCOUNT"] = "dummy_value" os.environ["TRAILBLAZER_SERVICE_ACCOUNT_AUTH_FILE"] = "dummy_value" +os.environ["TRAILBLAZER_GOOGLE_CLIENT_ID"] = "dummy_value" os.environ["TRAILBLAZER_HOST"] = "dummy_value" os.environ["CG_SECRET_KEY"] = "dummy_value" os.environ["GUNICORN_BIND"] = "0.0.0.0:8000"