GCP_CLOUD_RUN_ENDPOINT_TITILER_POSSIBLE_ORIGINS in .env

SchmidtDSE · Dec 13, 2024 · 6b5bd94 · 6b5bd94
1 parent 5a54cad
commit 6b5bd94
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 9 deletions.
diff --git a/.deployment/tofu/outputs.tf b/.deployment/tofu/outputs.tf
@@ -8,7 +8,7 @@ output "gcp_cloud_run_endpoint_titiler" {
     value       = module.titiler.titiler_server_endpoint
 }
 
-output "gcp_cloud_run_endpoint_titiler_origins" {
+output "gcp_cloud_run_endpoint_titiler_possible_origins" {
     description = "The endpoint of the Cloud Run titiler service"
     value       = module.titiler.titiler_server_endpoint_possible_origins
 }

diff --git a/.devcontainer/scripts/export_tofu_dotenv.sh b/.devcontainer/scripts/export_tofu_dotenv.sh
@@ -2,24 +2,35 @@ cd /workspace/.deployment/tofu
 tofu init
 tofu refresh
 
-export s3_from_gcp_role_arn="$(tofu output s3_from_gcp_role_arn)"
-
-# Remove quotes from the email to avoid issue with the impersonation below
-export gcp_service_account_s3_email=$(tofu output gcp_service_account_s3_email | tr -d '"')
-export s3_bucket_name=$(tofu output s3_bucket_name)
 
+# .env will always be LOCAL which uses localhost and various non-cloud infrastructure for development
 echo "# TOFU ENV VARS" >> /workspace/.devcontainer/.env
 echo "ENV=LOCAL" >> /workspace/.devcontainer/.env
 echo "DEPLOYMENT=DEV" >> /workspace/.devcontainer/.env
+
+# Change this to 'titiler' to attach to the titiler backend
+echo "DEBUG_SERVICE=BURN_BACKEND" >> /workspace/.devcontainer/.env
+
+# ARN to allow GCP to read from S3
+export s3_from_gcp_role_arn="$(tofu output s3_from_gcp_role_arn)"
 echo "S3_FROM_GCP_ROLE_ARN=$s3_from_gcp_role_arn" >> /workspace/.devcontainer/.env
+
+# S3 bucket name for burn analysis outputs
+export s3_bucket_name=$(tofu output s3_bucket_name)
 echo "S3_BUCKET_NAME=$s3_bucket_name" >> /workspace/.devcontainer/.env
+
+# SA for GCP to read from S3 (Remove quotes from the email to avoid issue with the impersonation below)
+export gcp_service_account_s3_email=$(tofu output gcp_service_account_s3_email | tr -d '"')
 echo "GCP_SERVICE_ACCOUNT_S3_EMAIL=$gcp_service_account_s3_email" >> /workspace/.devcontainer/.env
 
-# Backend
+# Burn backend endpoint
 export gcp_cloud_run_endpoint_burn_backend="$(tofu output gcp_cloud_run_endpoint_burn_backend)"
 echo "GCP_CLOUD_RUN_ENDPOINT_BURN_BACKEND=$gcp_cloud_run_endpoint_burn_backend" >> /workspace/.devcontainer/.env
 
-# Titiler
+# Titiler endpoint
 export gcp_cloud_run_endpoint_titiler="$(tofu output gcp_cloud_run_endpoint_titiler)"
 echo "GCP_CLOUD_RUN_ENDPOINT_TITILER=$gcp_cloud_run_endpoint_titiler" >> /workspace/.devcontainer/.env
+
+# Titiler possible origins
+export gcp_cloud_run_endpoint_titiler_possible_origins="$(tofu output gcp_cloud_run_endpoint_titiler_possible_origins)"
 echo "GCP_CLOUD_RUN_ENDPOINT_TITILER_POSSIBLE_ORIGINS=$gcp_cloud_run_endpoint_titiler_possible_origins" >> /workspace/.devcontainer/.env
diff --git a/src/burn_backend/app.py b/src/burn_backend/app.py
@@ -1,4 +1,5 @@
 import os
+import json
 from datetime import datetime
 
 import logging
@@ -65,7 +66,9 @@
         print("Debugger attached")
 
 else:
-    allowed_origins = [os.getenv("GCP_CLOUD_RUN_ENDPOINT_TITILER")]
+    allowed_origins = json.loads(
+        os.getenv("GCP_CLOUD_RUN_ENDPOINT_TITILER_POSSIBLE_ORIGINS")
+    )
 
 ## Debug: Log incoming request origins, to help debug CORS issues