dasunhegoda
commented
1 month ago @gonzalesedwin1123 @reichie020212 : Is this due to the same issue we discussed? Setting up of the tokens in the pod.
Closed anthonymarkQA closed 1 month ago
dasunhegoda
commented
1 month ago @gonzalesedwin1123 @reichie020212 : Is this due to the same issue we discussed? Setting up of the tokens in the pod.
reichie020212
commented
1 month ago yes @dasunhegoda
dasunhegoda
commented
1 month ago @reichie020212 : can you set it up when possible to unblock @anthonymarkQA?
reichie020212
commented
1 month ago @dasunhegoda I do not have access to the instance's ssh
dasunhegoda
commented
1 month ago As per the discussion with @kneckinator, @reichie020212 will be given SSH access to the pod to set up the keys to unblock the QA team.
A proper mechanism to set up the key should be considered in the long run.
Note: The keys will be lost if the pod is destroyed.
dasunhegoda
commented
1 month ago In a meeting with @renceInbox @kneckinator @atelal @dasunhegoda, It was discussed and agreed to improve the API when @reichie020212 is back next week on how to setup the keys without SSHing to the instance.
cc: @anthonymarkQA @celinenilla
kneckinator
commented
1 month ago @reichie020212 please take a look at the following modules:
Convert the direct read of files within the addons to reading the location of the pem/pub pair through an environment variable. Let's use:
SPP_OAUTH_RSA_PRIV_KEY_PATH="....."
SPP_OAUTH_RSA_PUB_KEY_PATH="...."In spp_import_dci_api/tools/calculate_signature.py this is duplicated from spp_oauth/tools/rsa_encode_decode.py. If there is no specific reason to keep both, let's standardize on using spp_oauth.
In spp_base_gis_rest/models/api_client_credentials.py the TOKEN_EXPIRATION_MIN is hard-coded.
This should be read from an environment variable. I suggest SPP_BASE_GIS_TOKEN_EXP_MIN.
In spp_dci_api_server/models/client_credentials.py, the TOKEN_EXPIRATION_MIN is hard-coded.
This should be read from an environment variable. I suggest SPP_DCI_API_SERVER_TOKEN_EXP_MIN.
The exception handler in spp_oauth.tools.rsa_encode_decode.verify_and_decode_signature should not swallow the exception like it does today, as it makes debugging hard. It should raise any JWT validation issues in the OpenSPP log on the error level. Once the log message has been emitted, raise an exception OpenSPPOAuthJWTException. The caller will have to handle this exception, which it can do similar as it is done today.
Example:
In spp_dci_api_server/controllers/controllers.py:144 change
verified, payload = verify_and_decode_signature(access_token)
if not verified:
return error_wrapper(401, "Invalid Access Token.")to something like:
try:
payload = verify_and_decode_signature(access_token)
except OpenSPPOAuthJWTException:
return error_wrapper(401, "Invalid Access Token.")
jannahadlaon
commented
1 month ago Findings during local testing: Works as expected. QA PASSED
Tests conducted: TSOS-414 : Create Client Credentials TSOS-396 : DCI Get Access Token TSOS-397 : DCI Search Registry
cc: @reichie020212
Describe the bug the module DCI API can be installed in openspp but is not working. postman is unable to retrieve data from openspp. To Reproduce
POST get access tokenrequest body tab, paste client ID and secretAdditional context
🔔 Note: This ticket should address common considerations without including country-specific content. Please ensure all references are generic and applicable across various contexts.