diff --git a/Dockerfiles/Dockerfile.cloud_run_tipg b/Dockerfiles/Dockerfile.cloud_run_tipg index 0a809b11..7867262b 100644 --- a/Dockerfiles/Dockerfile.cloud_run_tipg +++ b/Dockerfiles/Dockerfile.cloud_run_tipg @@ -9,9 +9,6 @@ ENV APP_HOME /app WORKDIR $APP_HOME COPY cerulean_cloud/ /app/cerulean_cloud/ -# Copy .env file -COPY cerulean_cloud/cloud_run_tipg/.env.tipg /app/.env - # Install production dependencies. RUN pip install -r cerulean_cloud/cloud_run_tipg/requirements.txt diff --git a/cerulean_cloud/cloud_run_tipg/.env.tipg b/cerulean_cloud/cloud_run_tipg/.env.tipg deleted file mode 100644 index c63887e3..00000000 --- a/cerulean_cloud/cloud_run_tipg/.env.tipg +++ /dev/null @@ -1,21 +0,0 @@ -TIPG_NAME="Cerulean API" -TIPG_TABLE_CONFIG__public_sentinel1_grd__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_orchestrator_run__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_slick__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_aoi__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_slick_plus__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_source_infra__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_slick_to_source__GEOMCOL="geometry" -TIPG_TABLE_CONFIG__public_layer__DATETIMECOL="update_time" -TIPG_TABLE_CONFIG__public_model__DATETIMECOL="update_time" -TIPG_TABLE_CONFIG__public_subscription__DATETIMECOL="update_time" -TIPG_TABLE_CONFIG__public_magic_link__DATETIMECOL="update_time" -TIPG_TABLE_CONFIG__public_aoi_type__DATETIMECOL="update_time" -TIPG_TABLE_CONFIG__public_sentinel1_grd__DATETIMECOL="start_time" -TIPG_TABLE_CONFIG__public_orchestrator_run__DATETIMECOL="inference_start_time" -TIPG_TABLE_CONFIG__public_slick__DATETIMECOL="slick_timestamp" -TIPG_TABLE_CONFIG__public_slick_plus__DATETIMECOL="slick_timestamp" -TIPG_MAX_FEATURES_PER_QUERY=50000 -TIPG_DB_EXCLUDE_TABLES='["public.aoi_user", "public.filter", "public.frequency", "public.magic_link", "public.subscription", "public.user", "public.slick_to_source", "public.source", "public.source_infra", "public.source_type", "public.source_vessel"]' -TIPG_DB_EXCLUDE_FUNCTIONS='["public.get_slicks_by_source", "public.get_slicks_by_aoi_or_source"]' -SECRET_API_KEY="XXX_SECRET_API_KEY" diff --git a/cerulean_cloud/cloud_run_tipg/handler.py b/cerulean_cloud/cloud_run_tipg/handler.py index bad60019..c391a397 100644 --- a/cerulean_cloud/cloud_run_tipg/handler.py +++ b/cerulean_cloud/cloud_run_tipg/handler.py @@ -17,7 +17,8 @@ import asyncpg import jinja2 import pydantic -from fastapi import FastAPI, HTTPException +from fastapi import FastAPI +from fastapi.responses import JSONResponse from mangum import Mangum from starlette.middleware.base import BaseHTTPMiddleware from starlette.middleware.cors import CORSMiddleware @@ -101,26 +102,21 @@ async def dispatch(self, request: Request, call_next): Returns: Response: The outgoing FastAPI response object. """ - - print( - "XXX os.environ.get(SECRET_API_KEY)", - os.environ.get("SECRET_API_KEY", "NO SECRET KEY FOUND!!!"), - ) - print("XXX request", request) - print("XXX request.headers.get('X-API-Key')", request.headers.get("X-API-Key")) table = extract_table_from_request(request) - print("XXX table", table) - excluded_collections = get_env_list("TIPG_DB_EXCLUDE_TABLES") + get_env_list( - "TIPG_DB_EXCLUDE_FUNCTIONS" - ) - print("XXX excluded_collections", excluded_collections) + excluded_collections = get_env_list("RESTRICTED_COLLECTIONS") if table in excluded_collections: - print("XXX table in excluded_collections", table) + print(f"XXX {table} is in excluded_collections") api_key = request.headers.get("X-API-Key") - if api_key != os.environ.get("SECRET_API_KEY", "XXX_SECRET_API_KEY"): - raise HTTPException( - status_code=403, detail="Access to table restricted" + if api_key != os.environ.get("SECRET_API_KEY"): + print(f"XXX {api_key} is invalid") + return JSONResponse( + status_code=403, + content={ + "message": f"Access to {table} is restricted.", + "request_key": api_key, + }, ) + print(f"XXX {api_key} is VALID") response = await call_next(request) return response diff --git a/stack/cloud_run_tipg.py b/stack/cloud_run_tipg.py index 95cce096..41dca8d3 100644 --- a/stack/cloud_run_tipg.py +++ b/stack/cloud_run_tipg.py @@ -25,6 +25,65 @@ name="DATABASE_URL", value=sql_instance_url, ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_NAME", value="Cerulean OGC API" + ), + *[ + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name=f"TIPG_TABLE_CONFIG__public_{geom_table}__GEOMCOL", + value="geometry", + ) + for geom_table in [ + "sentinel1_grd", + "orchestrator_run", + "slick", + "aoi", + "slick_plus", + "source_infra", + "slick_to_source", + ] + ], + *[ + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name=f"TIPG_TABLE_CONFIG__public_{datetime_table}__DATETIMECOL", + value="update_time", + ) + for datetime_table in [ + "layer", + "model", + "subscription", + "magic_link", + "aoi_type", + ] + ], + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_TABLE_CONFIG__public_sentinel1_grd__DATETIMECOL", + value="start_time", + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_TABLE_CONFIG__public_orchestrator_run__DATETIMECOL", + value="inference_start_time", + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_TABLE_CONFIG__public_slick__DATETIMECOL", + value="slick_timestamp", + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_TABLE_CONFIG__public_slick_plus__DATETIMECOL", + value="slick_timestamp", + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="TIPG_MAX_FEATURES_PER_QUERY", + value=50000, + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="RESTRICTED_COLLECTIONS", + value='["public.aoi_user","public.filter", "public.frequency", "public.magic_link", "public.subscription", "public.user", "public.slick_to_source", "public.source", "public.source_infra", "public.source_type", "public.source_vessel", "public.get_slicks_by_source", "public.get_slicks_by_aoi_or_source"]', + ), + gcp.cloudrun.ServiceTemplateSpecContainerEnvArgs( + name="SECRET_API_KEY", + value=pulumi.Config("cerulean-cloud").require("apikey"), + ), ], resources=dict(limits=dict(memory="8Gi", cpu="6000m")), ),