From e18deccab2b891cf7de75690b1054360243b139d Mon Sep 17 00:00:00 2001 From: Frederick Muriuki Muriithi Date: Fri, 19 Jul 2024 10:15:53 -0500 Subject: Remove the `CLIENTS_SSL_PUBLIC_KEYS_DIR` configuration Moving forward, each client will advertise it's current JWKs at a known endpoint, and we'll use those, rather than having a configuration that requires manual update of the certificates. This will make it easier to implement key rotation on the clients too. --- gn_auth/__init__.py | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) (limited to 'gn_auth/__init__.py') diff --git a/gn_auth/__init__.py b/gn_auth/__init__.py index ee7ceb1..973110a 100644 --- a/gn_auth/__init__.py +++ b/gn_auth/__init__.py @@ -24,7 +24,7 @@ def check_mandatory_settings(app: Flask) -> None: undefined = tuple( setting for setting in ( "SECRET_KEY", "SQL_URI", "AUTH_DB", "AUTH_MIGRATIONS", - "OAUTH2_SCOPE", "CLIENTS_SSL_PUBLIC_KEYS_DIR") + "OAUTH2_SCOPE") if not ((setting in app.config) and bool(app.config[setting]))) if len(undefined) > 0: raise ConfigurationError( @@ -51,20 +51,6 @@ def load_secrets_conf(app: Flask) -> None: app.config.from_pyfile(secretsfile) -def parse_ssl_keys(app): - """Parse the SSL keys.""" - def __parse_key__(keypath: Path) -> JsonWebKey: - with open(keypath) as _sslkey:# pylint: disable=[unspecified-encoding] - return JsonWebKey.import_key(_sslkey.read()) - - key_storage_dir = Path(app.config["CLIENTS_SSL_PUBLIC_KEYS_DIR"]) - key_storage_dir.mkdir(exist_ok=True) - app.config["SSL_PUBLIC_KEYS"] = { - _key.as_dict()["kid"]: _key for _key in ( - __parse_key__(Path(key_storage_dir).joinpath(key)) - for key in os.listdir(key_storage_dir))} - - def create_app( config: Optional[dict] = None, setup_logging: Callable[[Flask], None] = lambda appl: None @@ -83,7 +69,6 @@ def create_app( override_settings_with_envvars(app) load_secrets_conf(app) - parse_ssl_keys(app) # ====== END: Setup configuration ====== setup_logging(app) -- cgit v1.2.3