diff --git a/production_entrypoint.sh b/production_entrypoint.sh index afd588c..fd52900 100755 --- a/production_entrypoint.sh +++ b/production_entrypoint.sh @@ -10,8 +10,20 @@ fi if test -f "$DB_PASSWD_FILE"; then export DB_PASSWD=$(cat $DB_PASSWD_FILE) fi -if test -f "$GOOGLE_CREDS_FILE"; then - export GOOGLE_CREDS=$(cat $GOOGLE_CREDS_FILE) +if test -f "$G_PRIVATE_KEY_ID_FILE"; then + export G_PRIVATE_KEY_ID=$(cat $G_PRIVATE_KEY_ID_FILE) +fi +if test -f "$G_PRIVATE_KEY_FILE"; then + export G_PRIVATE_KEY=$(cat $G_PRIVATE_KEY_FILE) +fi +if test -f "$G_CLIENT_EMAIL_FILE"; then + export G_CLIENT_EMAIL=$(cat $G_CLIENT_EMAIL_FILE) +fi +if test -f "$G_CLIENT_ID_FILE"; then + export G_CLIENT_ID=$(cat $G_CLIENT_ID_FILE) +fi +if test -f "$G_CLIENT_URL_FILE"; then + export G_CLIENT_URL=$(cat $G_CLIENT_URL_FILE) fi if test -f "$GROUP_KEY_FILE"; then export GROUP_KEY=$(cat $GROUP_KEY_FILE) diff --git a/sikweb/settings.py b/sikweb/settings.py index 87a5e69..5580203 100644 --- a/sikweb/settings.py +++ b/sikweb/settings.py @@ -82,11 +82,19 @@ DATABASES = { # Google api settings GROUP_KEY = os.getenv("GROUP_KEY", "") -try: - GOOGLE_CREDS_JSON = json.loads(os.getenv("GOOGLE_CREDS", "{}")) -except: - GOOGLE_CREDS_JSON = json.loads("{}") +GOOGLE_CREDS = { + "type": "service_account", + "project_id": "web2-backend", + "private_key_id": os.getenv("G_PRIVATE_KEY_ID", ""), + "private_key": os.getenv("G_PRIVATE_KEY", ""), + "client_email": os.getenv("G_CLIENT_EMAIL", ""), + "client_id": os.getenv("G_CLIENT_ID", ""), + "auth_uri": "https://accounts.google.com/o/oauth2/auth", + "token_uri": "https://oauth2.googleapis.com/token", + "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs", + "client_x509_cert_url": os.getenv("G_CLIENT_URL", ""), +} # JWT authentication SIMPLE_JWT = { diff --git a/stack-compose-dev.yml b/stack-compose-dev.yml index ae075f6..ff3cc4c 100644 --- a/stack-compose-dev.yml +++ b/stack-compose-dev.yml @@ -29,20 +29,36 @@ services: - FRONTEND_URL=dev.sahkoinsinoorikilta.fi - DEBUG=True - EMAIL_API_KEY_FILE=/run/secrets/DJANGO_EMAIL_API_KEY - - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS + - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID + - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY + - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL + - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID + - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY - DB_HOST=db - DB_PORT=5432 secrets: - DJANGO_EMAIL_API_KEY - - BACKEND_GOOGLE_CREDS + - BACKEND_G_PRIVATE_KEY_ID + - BACKEND_G_PRIVATE_KEY + - BACKEND_G_CLIENT_EMAIL + - BACKEND_G_CLIENT_ID + - BACKEND_G_CLIENT_URL - BACKEND_GROUP_KEY secrets: DJANGO_EMAIL_API_KEY: external: true - BACKEND_GOOGLE_CREDS: + BACKEND_G_PRIVATE_KEY_ID: + external: true + BACKEND_G_PRIVATE_KEY: + external: true + BACKEND_G_CLIENT_EMAIL: + external: true + BACKEND_G_CLIENT_ID: + external: true + BACKEND_G_CLIENT_URL: external: true BACKEND_GROUP_KEY: external: true diff --git a/stack-compose.yml b/stack-compose.yml index 7f1bfc6..a336faf 100644 --- a/stack-compose.yml +++ b/stack-compose.yml @@ -34,14 +34,22 @@ services: - SECRET_KEY_FILE=/run/secrets/BACKEND_SECRET_KEY - DB_PASSWD_FILE=/run/secrets/BACKEND_DB_PASSWD - EMAIL_API_KEY_FILE=/run/secrets/BACKEND_EMAIL_API_KEY - - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS + - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID + - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY + - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL + - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID + - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY secrets: - BACKEND_SECRET_KEY - BACKEND_DB_PASSWD - BACKEND_EMAIL_API_KEY - - BACKEND_GOOGLE_CREDS + - BACKEND_G_PRIVATE_KEY_ID + - BACKEND_G_PRIVATE_KEY + - BACKEND_G_CLIENT_EMAIL + - BACKEND_G_CLIENT_ID + - BACKEND_G_CLIENT_URL - BACKEND_GROUP_KEY secrets: @@ -51,7 +59,15 @@ secrets: external: true BACKEND_EMAIL_API_KEY: external: true - BACKEND_GOOGLE_CREDS: + BACKEND_G_PRIVATE_KEY_ID: + external: true + BACKEND_G_PRIVATE_KEY: + external: true + BACKEND_G_CLIENT_EMAIL: + external: true + BACKEND_G_CLIENT_ID: + external: true + BACKEND_G_CLIENT_URL: external: true BACKEND_GROUP_KEY: external: true diff --git a/webapp/utils.py b/webapp/utils.py index 328874c..06cadb2 100644 --- a/webapp/utils.py +++ b/webapp/utils.py @@ -25,7 +25,7 @@ from sikweb.settings import ( DEFAULT_EMAIL_FROM_ADDR, ENABLE_AUTOMATIC_EMAILS, GROUP_KEY, - GOOGLE_CREDS_JSON, + GOOGLE_CREDS, ) from datetime import timedelta @@ -136,13 +136,17 @@ def add_to_mailinglist(email: str): # create credentials, with subject is used to impersonate admin account # jas_manager has groups editor rights in google admin credentials = service_account.Credentials.from_service_account_info( - info=GOOGLE_CREDS_JSON, scopes=SCOPES + info=GOOGLE_CREDS, scopes=SCOPES ).with_subject("jas_manager@sahkoinsinoorikilta.fi") service = build("admin", "directory_v1", credentials=credentials) service.members().insert(groupKey=GROUP_KEY, body={"email": email}).execute() except HttpError as err: # Already in list, do nothing + print() + print(err) + print() + if err.status_code == 409: pass else: @@ -157,7 +161,7 @@ def add_to_mailinglist(email: str): ) send_email(to, subject, body) - except ValueError as err: + """ except ValueError as err: logging.exception("Formatting of google credentials is incorrect") if DEPLOY_ENV == "production": @@ -167,4 +171,4 @@ def add_to_mailinglist(email: str): email ) - send_email(to, subject, body) + send_email(to, subject, body) """