Change google creds format. Ugly but works.

production_entrypoint.sh

@@ -10,8 +10,20 @@ fi
 if test -f "$DB_PASSWD_FILE"; then
   export DB_PASSWD=$(cat $DB_PASSWD_FILE)
 fi
-if test -f "$GOOGLE_CREDS_FILE"; then
+if test -f "$G_PRIVATE_KEY_ID_FILE"; then
-  export GOOGLE_CREDS=$(cat $GOOGLE_CREDS_FILE)
+  export G_PRIVATE_KEY_ID=$(cat $G_PRIVATE_KEY_ID_FILE)
+fi
+if test -f "$G_PRIVATE_KEY_FILE"; then
+  export G_PRIVATE_KEY=$(cat $G_PRIVATE_KEY_FILE)
+fi
+if test -f "$G_CLIENT_EMAIL_FILE"; then
+  export G_CLIENT_EMAIL=$(cat $G_CLIENT_EMAIL_FILE)
+fi
+if test -f "$G_CLIENT_ID_FILE"; then
+  export G_CLIENT_ID=$(cat $G_CLIENT_ID_FILE)
+fi
+if test -f "$G_CLIENT_URL_FILE"; then
+  export G_CLIENT_URL=$(cat $G_CLIENT_URL_FILE)
 fi
 if test -f "$GROUP_KEY_FILE"; then
   export GROUP_KEY=$(cat $GROUP_KEY_FILE)

sikweb/settings.py

@@ -82,11 +82,19 @@ DATABASES = {
 
 # Google api settings
 GROUP_KEY = os.getenv("GROUP_KEY", "")
-try:
-    GOOGLE_CREDS_JSON = json.loads(os.getenv("GOOGLE_CREDS", "{}"))
-except:
-    GOOGLE_CREDS_JSON = json.loads("{}")
 
+GOOGLE_CREDS = {
+    "type": "service_account",
+    "project_id": "web2-backend",
+    "private_key_id": os.getenv("G_PRIVATE_KEY_ID", ""),
+    "private_key": os.getenv("G_PRIVATE_KEY", ""),
+    "client_email": os.getenv("G_CLIENT_EMAIL", ""),
+    "client_id": os.getenv("G_CLIENT_ID", ""),
+    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
+    "token_uri": "https://oauth2.googleapis.com/token",
+    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
+    "client_x509_cert_url": os.getenv("G_CLIENT_URL", ""),
+}
 
 # JWT authentication
 SIMPLE_JWT = {

stack-compose-dev.yml

@@ -29,20 +29,36 @@ services:
       - FRONTEND_URL=dev.sahkoinsinoorikilta.fi
       - DEBUG=True
       - EMAIL_API_KEY_FILE=/run/secrets/DJANGO_EMAIL_API_KEY
-      - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS
+      - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID
+      - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY
+      - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL
+      - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID
+      - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL
       - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY
       - DB_HOST=db
       - DB_PORT=5432
 
     secrets:
       - DJANGO_EMAIL_API_KEY
-      - BACKEND_GOOGLE_CREDS
+      - BACKEND_G_PRIVATE_KEY_ID
+      - BACKEND_G_PRIVATE_KEY
+      - BACKEND_G_CLIENT_EMAIL
+      - BACKEND_G_CLIENT_ID
+      - BACKEND_G_CLIENT_URL
       - BACKEND_GROUP_KEY
 
 secrets:
   DJANGO_EMAIL_API_KEY:
     external: true
-  BACKEND_GOOGLE_CREDS:
+  BACKEND_G_PRIVATE_KEY_ID:
+    external: true
+  BACKEND_G_PRIVATE_KEY:
+    external: true
+  BACKEND_G_CLIENT_EMAIL:
+    external: true
+  BACKEND_G_CLIENT_ID:
+    external: true
+  BACKEND_G_CLIENT_URL:
     external: true
   BACKEND_GROUP_KEY:
     external: true

stack-compose.yml

@@ -34,14 +34,22 @@ services:
       - SECRET_KEY_FILE=/run/secrets/BACKEND_SECRET_KEY
       - DB_PASSWD_FILE=/run/secrets/BACKEND_DB_PASSWD
       - EMAIL_API_KEY_FILE=/run/secrets/BACKEND_EMAIL_API_KEY
-      - GOOGLE_CREDS_FILE=/run/secrets/BACKEND_GOOGLE_CREDS
+      - G_PRIVATE_KEY_ID_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY_ID
+      - G_PRIVATE_KEY_FILE=/run/secrets/BACKEND_G_PRIVATE_KEY
+      - G_CLIENT_EMAIL_FILE=/run/secrets/BACKEND_G_CLIENT_EMAIL
+      - G_CLIENT_ID_FILE=/run/secrets/BACKEND_G_CLIENT_ID
+      - G_CLIENT_URL_FILE=/run/secrets/BACKEND_G_CLIENT_URL
       - GROUP_KEY_FILE=/run/secrets/BACKEND_GROUP_KEY
 
     secrets:
       - BACKEND_SECRET_KEY
       - BACKEND_DB_PASSWD
       - BACKEND_EMAIL_API_KEY
-      - BACKEND_GOOGLE_CREDS
+      - BACKEND_G_PRIVATE_KEY_ID
+      - BACKEND_G_PRIVATE_KEY
+      - BACKEND_G_CLIENT_EMAIL
+      - BACKEND_G_CLIENT_ID
+      - BACKEND_G_CLIENT_URL
       - BACKEND_GROUP_KEY
 
 secrets:
@@ -51,7 +59,15 @@ secrets:
     external: true
   BACKEND_EMAIL_API_KEY:
     external: true
-  BACKEND_GOOGLE_CREDS:
+  BACKEND_G_PRIVATE_KEY_ID:
+    external: true
+  BACKEND_G_PRIVATE_KEY:
+    external: true
+  BACKEND_G_CLIENT_EMAIL:
+    external: true
+  BACKEND_G_CLIENT_ID:
+    external: true
+  BACKEND_G_CLIENT_URL:
     external: true
   BACKEND_GROUP_KEY:
     external: true

webapp/utils.py

@@ -25,7 +25,7 @@ from sikweb.settings import (
     DEFAULT_EMAIL_FROM_ADDR,
     ENABLE_AUTOMATIC_EMAILS,
     GROUP_KEY,
-    GOOGLE_CREDS_JSON,
+    GOOGLE_CREDS,
 )
 from datetime import timedelta
 
@@ -136,13 +136,17 @@ def add_to_mailinglist(email: str):
         # create credentials, with subject is used to impersonate admin account
         # jas_manager has groups editor rights in google admin
         credentials = service_account.Credentials.from_service_account_info(
-            info=GOOGLE_CREDS_JSON, scopes=SCOPES
+            info=GOOGLE_CREDS, scopes=SCOPES
         ).with_subject("jas_manager@sahkoinsinoorikilta.fi")
 
         service = build("admin", "directory_v1", credentials=credentials)
         service.members().insert(groupKey=GROUP_KEY, body={"email": email}).execute()
     except HttpError as err:
         # Already in list, do nothing
+        print()
+        print(err)
+        print()
+
         if err.status_code == 409:
             pass
         else:
@@ -157,7 +161,7 @@ def add_to_mailinglist(email: str):
                 )
 
                 send_email(to, subject, body)
-    except ValueError as err:
+    """ except ValueError as err:
         logging.exception("Formatting of google credentials is incorrect")
 
         if DEPLOY_ENV == "production":
@@ -167,4 +171,4 @@ def add_to_mailinglist(email: str):
                 email
             )
 
-            send_email(to, subject, body)
+            send_email(to, subject, body) """