Simplify management of tokens

We are no longer using the refresh style
EGI-Federation · May 23, 2024 · 65e5ca1 · 65e5ca1
1 parent 5440905
commit 65e5ca1
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 233 deletions.
diff --git a/cloud-info/ams-wrapper.sh b/cloud-info/ams-wrapper.sh
@@ -60,23 +60,8 @@ if test "$CHECKIN_SECRETS_PATH" = ""; then
 		--middleware "$CLOUD_INFO_MIDDLEWARE" \
 		--ignore-share-errors \
 		--format glue21 >cloud-info.out
-elif test "$USE_ACCESS_TOKEN" -eq 1; then
-	# Case 2: access token style
-	cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-		--middleware "$CLOUD_INFO_MIDDLEWARE" \
-		--ignore-share-errors \
-		--auth-refresher accesstoken \
-		--format glue21 >cloud-info.out
-	# Produce the json output also
-	if test "$RCLONE_CONFIG_S3_TYPE" != ""; then
-		cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
-			--middleware "$CLOUD_INFO_MIDDLEWARE" \
-			--ignore-share-errors \
-			--auth-refresher accesstoken \
-			--format glue21json >site.json
-	fi
 else
-	# Let's use the service account directly on the info provider
+	# use service account for everyone
 	CHECKIN_DISCOVERY="https://aai.egi.eu/auth/realms/egi/.well-known/openid-configuration"
 	CLIENT_ID="$(yq -r '.fedcloudops.client_id' <"$CHECKIN_SECRETS_FILE")"
 	CLIENT_SECRET="$(yq -r '.fedcloudops.client_secret' <"$CHECKIN_SECRETS_FILE")"
@@ -90,6 +75,14 @@ else
 		--os-access-token-type access_token \
 		--os-openid-scope "openid profile eduperson_entitlement email" \
 		--format glue21 >cloud-info.out
+	# Produce the json output also
+	if test "$RCLONE_CONFIG_S3_TYPE" != ""; then
+		cloud-info-provider-service --yaml-file "$CLOUD_INFO_CONFIG" \
+			--middleware "$CLOUD_INFO_MIDDLEWARE" \
+			--ignore-share-errors \
+			--auth-refresher accesstoken \
+			--format glue21json >site.json
+	fi
 fi
 
 # Fail if there are no shares

diff --git a/cloud-info/cloud_info_catchall/share_discovery.py b/cloud-info/cloud_info_catchall/share_discovery.py
@@ -100,8 +100,3 @@ class AccessTokenShareDiscovery(ShareDiscovery):
 
     def get_token(self):
         return self.secret["access_token"]
-
-    def build_share(self, project, access_token):
-        s = super().build_share(project, access_token)
-        s["auth"].update({"access_token": access_token})
-        return s
diff --git a/cloud-info/cloud_info_catchall/test_share_discovery.py b/cloud-info/cloud_info_catchall/test_share_discovery.py
@@ -162,7 +162,7 @@ def test_build_share(self):
         project = {"id": "foobar"}
         self.assertEqual(
             self.discoverer.build_share(project, "token"),
-            {"auth": {"project_id": "foobar", "access_token": "token"}},
+            {"auth": {"project_id": "foobar"}},
         )
 
 

diff --git a/deploy/deploy.sh b/deploy/deploy.sh
@@ -17,7 +17,6 @@ echo "cloud_info_image: \"ghcr.io/egi-federation/fedcloud-cloud-info:sha-$SHORT_
 if ansible-playbook -i inventory.yaml \
 	--extra-vars @secrets.yaml \
 	--extra-vars @extra-vars.yaml \
-	--extra-vars @vos.yaml \
 	playbook.yaml >ansible.log 2>&1; then
 	status_summary="success"
 	color="#6DBF59"

diff --git a/deploy/vos.yaml b/deploy/vos.yaml