Get secret key from charm config

canonical · Sep 16, 2024 · 7e76408 · 7e76408
1 parent 619007d
commit 7e76408
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 3 deletions.
diff --git a/server/charm/config.yaml b/server/charm/config.yaml
@@ -11,3 +11,7 @@ options:
     default: 100
     description: Maximum number of concurrent connections to the database
     type: int
+  jwt_signing_key:
+    default: ""
+    description: Secret key used for signing authorization tokens
+    type: string
diff --git a/server/charm/src/charm.py b/server/charm/src/charm.py
@@ -191,7 +191,10 @@ def _pebble_layer(self):
 
     @property
     def app_environment(self) -> dict:
-        """Get dict of env data for the mongodb credentials"""
+        """
+        Get dict of env data for the mongodb credentials
+        and other config variables
+        """
         db_data = self.fetch_mongodb_relation_data()
         env = {
             "MONGODB_HOST": db_data.get("db_host"),
@@ -200,6 +203,7 @@ def app_environment(self) -> dict:
             "MONGODB_PASSWORD": db_data.get("db_password"),
             "MONGODB_DATABASE": db_data.get("db_database"),
             "MONGODB_MAX_POOL_SIZE": str(self.config["max_pool_size"]),
+            "JWT_SIGNING_KEY": self.config["jwt_signing_key"],
         }
         return env
 

diff --git a/server/src/api/v1.py b/server/src/api/v1.py
@@ -17,9 +17,9 @@
 Testflinger v1 API
 """
 
+import os
 import uuid
 from datetime import datetime, timezone, timedelta
-import secrets
 
 import pkg_resources
 from apiflask import APIBlueprint, abort
@@ -692,7 +692,7 @@ def validate_client_key_pair(client_id: str, client_key: str):
     return permissions
 
 
-SECRET_KEY = secrets.token_hex(20)
+SECRET_KEY = os.environ.get("JWT_SIGNING_KEY")
 
 
 @v1.get("/authenticate/token/<client_id>")

diff --git a/server/tests/test_v1.py b/server/tests/test_v1.py
@@ -751,6 +751,7 @@ def test_generate_token():
 def test_authenticate_client_get(mongo_app):
     """Tests authentication endpoint which returns JWT with permissions"""
     app, mongo = mongo_app
+    v1.SECRET_KEY = "my_secret_key"
     client_id = "my_client_id"
     client_key = "my_client_key"
     client_salt = bcrypt.gensalt()
@@ -776,6 +777,7 @@ def test_authenticate_client_get(mongo_app):
         f"/v1/authenticate/token/{client_id}",
         headers={"client-key": client_key},
     )
+    assert output.status_code == 200
     token = output.data
     decoded_token = jwt.decode(token, v1.SECRET_KEY, algorithms="HS256")
     assert decoded_token["permissions"] == permissions