fix: Add authentication to reporting-api

redhat-cop · Dec 24, 2024 · e7863f4 · e7863f4
1 parent 0f667b1
commit e7863f4
Show file tree

Hide file tree

Showing 7 changed files with 32 additions and 1 deletion.
diff --git a/catalog-manager/helm/templates/_helpers.tpl b/catalog-manager/helm/templates/_helpers.tpl
@@ -88,3 +88,9 @@ Define the image to deploy
     {{- end -}}
   {{- end -}}
 {{- end -}}
+{{/*
+Saleforce API secret name
+*/}}
+{{- define "babylon-catalog-manager.salesforceApiSecretName" -}}
+  {{- .Values.salesforceApi.secretName }}
+{{- end -}}
diff --git a/catalog-manager/helm/templates/deployment.yaml b/catalog-manager/helm/templates/deployment.yaml
@@ -25,6 +25,11 @@ spec:
           value: "--log-format=json"
         - name: KOPF_PEERING
           value: {{ include "babylon-catalog-manager.name" . }}
+        - name: SALESFORCE_AUTHORIZATION_TOKEN
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "babylon-catalog-manager.salesforceApiSecretName" . }}
+              key: salesforce-api-token
         image: {{ include "babylon-catalog-manager.image" . | quote }}
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         resources:

diff --git a/catalog-manager/helm/templates/salesforce-api-secret.yaml b/catalog-manager/helm/templates/salesforce-api-secret.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.salesforceApi.deploy }}
+apiVersion: bitwarden-k8s-secrets-manager.demo.redhat.com/v1
+kind: BitwardenSyncSecret
+metadata:
+  name: {{ .Values.salesforceApi.secretName | default "babylon-catalog-manager-salesforce-api" }}
+  namespace: {{ include "babylon-catalog-manager.namespaceName" . }}
+spec:
+  data:
+    salesforce-api-token: 
+      secret: salesforce_api_login_token
+      key: service_token
+{{- end }}
diff --git a/catalog-manager/helm/values.yaml b/catalog-manager/helm/values.yaml
@@ -46,3 +46,8 @@ image:
   repository: quay.io/redhat-gpte/babylon-catalog-manager
   pullPolicy: Always
   tagOverride: ""
+
+
+salesforceApi:
+  deploy: true
+  secretName: salesforce-api
diff --git a/catalog-manager/operator/babylon.py b/catalog-manager/operator/babylon.py
@@ -13,6 +13,7 @@ class Babylon:
     reporting_api = os.environ.get(
         "REPORTING_API", "http://reporting-api.demo-reporting.svc.cluster.local:8080"
     )
+    reporting_api_authorization_token = os.environ.get('SALESFORCE_AUTHORIZATION_TOKEN')
     demo_domain = "demo.redhat.com"
     catalog_manager_domain = f"catalog-manager.{demo_domain}"
     catalog_display_name_annotation = f"{babylon_domain}/catalogDisplayName"

diff --git a/catalog-manager/operator/catalog_item_service.py b/catalog-manager/operator/catalog_item_service.py
@@ -72,6 +72,8 @@ async def get_is_disabled(self):
                     async with session.get(
                         f"{Babylon.reporting_api}/catalog_incident/last-incident/{self.catalog_item.labels['gpte.redhat.com/asset-uuid']}/{self.catalog_item.labels['babylon.gpte.redhat.com/stage']}",
                         ssl=False,
+                        headers={"Authorization": f"Bearer {Babylon.reporting_api_authorization_token}"}
+
                     ) as resp:
                         if resp.status == 200:
                             self.logger.info(

diff --git a/catalog-manager/operator/operator.py b/catalog-manager/operator/operator.py
@@ -15,7 +15,7 @@
 
 async def manage_catalog_item_is_disabled(catalog_item, logger):
     is_disabled = await CatalogItemService(catalog_item, logger=logger).get_is_disabled()
-    if is_disabled != catalog_item.is_disabled:
+    if is_disabled != catalog_item.is_disabled and is_disabled is not None:
         patch = {
             "metadata": {
                 "labels": {Babylon.catalog_item_is_disabled_label: str(is_disabled)}