From 5b4e1876f44dd4e9cd4a67b463fc499548372be3 Mon Sep 17 00:00:00 2001 From: Denis Loginov <137337+dinvlad@users.noreply.github.com> Date: Mon, 8 Jan 2024 15:36:46 -0500 Subject: [PATCH] Remove and cleanup impersonation (#42) * Remove and cleanup impersonation * Don't set Firestore database if FIRESTORE_DATABASE isn't set --- src/__init__.py | 47 ++++-------------------------------------- src/utils/constants.py | 4 +--- 2 files changed, 5 insertions(+), 46 deletions(-) diff --git a/src/__init__.py b/src/__init__.py index 5264e79e..0ef01ed4 100644 --- a/src/__init__.py +++ b/src/__init__.py @@ -32,10 +32,7 @@ def create_app() -> Quart: app.config.from_mapping( SECRET_KEY=secrets.token_hex(16), - DATABASE=firestore.AsyncClient( - project=constants.FIREBASE_PROJECT_ID, - database=constants.FIRESTORE_DATABASE, - ), + DATABASE=firestore.AsyncClient(database=constants.FIRESTORE_DATABASE), ) app.register_blueprint(status.bp) @@ -50,48 +47,12 @@ def create_app() -> Quart: def initialize_firebase_app() -> None: key: str = ".serviceAccountKey.json" - options = { - 'projectId': constants.FIREBASE_PROJECT_ID, - } if os.path.exists(key): # local testing - firebase_admin.initialize_app(credential=firebase_admin.credentials.Certificate(key), - options=options) + firebase_admin.initialize_app(credential=firebase_admin.credentials.Certificate(key)) else: logger.info("No service account key found, using default for firebase_admin") - cred = firebase_admin.credentials.ApplicationDefault() - token = cred.get_access_token().access_token - logger.info(f'Firebase admin project_id: {cred.project_id}, token: {token}') - - if constants.TARGET_SERVICE_ACCOUNT: - gcred, _ = google.auth.default() - - # for testing - aud = "https://iam.googleapis.com" - token = google.oauth2.id_token.fetch_id_token(Request(), aud) - logger.info(f'Default Google token: {".".join(token.split(".")[:2])}') - - gcred = impersonated_credentials.Credentials( - source_credentials=gcred, - target_principal=constants.TARGET_SERVICE_ACCOUNT, - target_scopes=["https://www.googleapis.com/auth/cloud-platform"], - lifetime=500) - - # for testing - token = google.oauth2.id_token.fetch_id_token(Request(), aud) - logger.info(f'Impersonated Google token: {".".join(token.split(".")[:2])}') - - # https://github.com/firebase/firebase-admin-python/issues/698 - cred._g_credential = gcred - cred._project_id = constants.FIREBASE_PROJECT_ID - options['serviceAccountId'] = constants.TARGET_SERVICE_ACCOUNT - - # for testing - token = cred.get_access_token().access_token - logger.info(f'Impersonated Firebase project_id: {cred.project_id}, token: {token}') - - firebase_admin.initialize_app(credential=cred, options=options) + firebase_admin.initialize_app() # test firestore connection - db = firestore.Client(project=constants.FIREBASE_PROJECT_ID, - database=constants.FIRESTORE_DATABASE) + db = firestore.Client(database=constants.FIRESTORE_DATABASE) logger.info(f'Firestore test: {db.collection("test").document("test").get().exists}') diff --git a/src/utils/constants.py b/src/utils/constants.py index 3e87267f..f7660f1a 100644 --- a/src/utils/constants.py +++ b/src/utils/constants.py @@ -15,9 +15,7 @@ "419003787216-rcif34r976a9qm3818qgeqed7c582od6.apps.googleusercontent.com" ) MICROSOFT_CLIENT_ID = "a605ffae-592a-4096-b029-78ba66b6d614" # public; used for authentication -FIREBASE_PROJECT_ID = os.getenv("FIREBASE_PROJECT_ID", SERVER_GCP_PROJECT) -FIRESTORE_DATABASE = os.getenv("FIRESTORE_DATABASE", "(default)") -TARGET_SERVICE_ACCOUNT = os.getenv("TARGET_SERVICE_ACCOUNT") +FIRESTORE_DATABASE = os.getenv("FIRESTORE_DATABASE") MPCGWAS_SHARED_PARAMETERS = { "NUM_SNPS": {