Merge "Authenticate RHDL requests"

redhat-cip · Oct 24, 2024 · 297e390 · 297e390
2 parents 17b823b + 0605550
commit 297e390
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 3 deletions.
diff --git a/dci/api/v2/components.py b/dci/api/v2/components.py
@@ -27,6 +27,7 @@
 from dci.common import exceptions as dci_exc
 from dci.dci_config import CONFIG
 from dci.db import models2
+from dciauth.signature import HmacAuthBase
 
 
 logger = logging.getLogger(__name__)
@@ -51,9 +52,19 @@ def get_component_file_from_rhdl(user, c_id, filepath):
     rhdl_file_url = os.path.join(
         CONFIG["RHDL_API_URL"], "components", normalized_rhdl_component_filepath
     )
-
+    auth = HmacAuthBase(
+        access_key=CONFIG["RHDL_SERVICE_ACCOUNT_ACCESS_KEY"],
+        secret_key=CONFIG["RHDL_SERVICE_ACCOUNT_SECRET_KEY"],
+        region="us-east-1",
+        service="api",
+        service_key="aws4_request",
+        algorithm="AWS4-HMAC-SHA256",
+    )
     redirect = requests.get(
-        rhdl_file_url, allow_redirects=False, timeout=CONFIG["REQUESTS_TIMEOUT"]
+        rhdl_file_url,
+        allow_redirects=False,
+        auth=auth,
+        timeout=CONFIG["REQUESTS_TIMEOUT"],
     )
     if redirect.status_code != 302:
         raise dci_exc.DCIException(

diff --git a/dci/settings.py b/dci/settings.py
@@ -116,6 +116,8 @@
 
 CERTIFICATION_URL = "https://access.stage.redhat.com/hydra/rest/cwe/xmlrpc/v2"
 
-RHDL_API_URL = "https://rhdl.distributed-ci.io/api/v1"
+RHDL_API_URL = "https://api.rhdl.distributed-ci.io/api/v1"
+RHDL_SERVICE_ACCOUNT_ACCESS_KEY = os.getenv("RHDL_SERVICE_ACCOUNT_ACCESS_KEY", "")
+RHDL_SERVICE_ACCOUNT_SECRET_KEY = os.getenv("RHDL_SERVICE_ACCOUNT_SECRET_KEY", "")
 
 REQUESTS_TIMEOUT = (3.0, 10.0)