remove pubsub audience check (#3080)

bcgov · Oct 16, 2024 · a590c00 · a590c00
1 parent 3be721a
commit a590c00
Show file tree

Hide file tree

Showing 8 changed files with 0 additions and 62 deletions.
diff --git a/auth-api/src/auth_api/services/gcp_queue/gcp_auth.py b/auth-api/src/auth_api/services/gcp_queue/gcp_auth.py
diff --git a/queue_services/account-mailer/devops/vaults.gcp.env b/queue_services/account-mailer/devops/vaults.gcp.env
@@ -16,8 +16,6 @@ NOTIFY_API_VERSION="op://API/$APP_ENV/notify-api/NOTIFY_API_VERSION"
 REPORT_API_URL="op://API/$APP_ENV/report-api/REPORT_API_URL"
 REPORT_API_VERSION="op://API/$APP_ENV/report-api/REPORT_API_VERSION"
 VPC_CONNECTOR="op://CD/$APP_ENV/account-mailer/VPC_CONNECTOR"
-ACCOUNT_MAILER_AUDIENCE_SUB="op://gcp-queue/$APP_ENV/authpay/ACCOUNT_MAILER_AUDIENCE_SUB"
-AUTHPAY_SERVICE_ACCOUNT="op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_SERVICE_ACCOUNT"
 MINIO_ENDPOINT="op://minio/$APP_ENV/base/MINIO_ENDPOINT"
 MINIO_ACCESS_KEY="op://minio/$APP_ENV/base/MINIO_ACCESS_KEY"
 MINIO_ACCESS_SECRET="op://minio/$APP_ENV/base/MINIO_ACCESS_SECRET"

diff --git a/queue_services/account-mailer/src/account_mailer/config.py b/queue_services/account-mailer/src/account_mailer/config.py
@@ -102,11 +102,6 @@ class _Config():  # pylint: disable=too-few-public-methods
     REPORT_API_URL = REPORT_API_URL + REPORT_API_VERSION
     REPORT_API_BASE_URL = f'{REPORT_API_URL}/reports'
 
-    # PUB/SUB - SUB: account-mailer-dev
-    # If blank in PUB/SUB, this should match the https endpoint the subscription is pushing to.
-    AUTH_AUDIENCE_SUB = os.getenv('ACCOUNT_MAILER_AUDIENCE_SUB')
-    VERIFY_PUBSUB_EMAILS = os.getenv('AUTHPAY_SERVICE_ACCOUNT', 'email1,email2').split(',')
-
     # Minio configuration values
     MINIO_ENDPOINT = os.getenv('MINIO_ENDPOINT')
     MINIO_ACCESS_KEY = os.getenv('MINIO_ACCESS_KEY')

diff --git a/queue_services/account-mailer/src/account_mailer/resources/worker.py b/queue_services/account-mailer/src/account_mailer/resources/worker.py
@@ -20,7 +20,6 @@
 from auth_api.models import db
 from auth_api.models.pubsub_message_processing import PubSubMessageProcessing
 from auth_api.services.gcp_queue import queue
-from auth_api.services.gcp_queue.gcp_auth import ensure_authorized_queue_user
 from auth_api.services.rest_service import RestService
 from auth_api.utils.roles import ADMIN, COORDINATOR
 from flask import Blueprint, request
@@ -42,7 +41,6 @@
 
 
 @bp.route('/', methods=('POST',))
-@ensure_authorized_queue_user
 def worker():
     """Worker to handle incoming queue pushes."""
     if not (event_message := queue.get_simple_cloud_event(request, wrapped=True)):

diff --git a/queue_services/auth-queue/devops/vaults.gcp.env b/queue_services/auth-queue/devops/vaults.gcp.env
@@ -12,6 +12,4 @@ JWT_OIDC_ISSUER="op://keycloak/$APP_ENV/jwt-base/JWT_OIDC_ISSUER"
 SBC_AUTH_ADMIN_CLIENT_ID="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_ID"
 SBC_AUTH_ADMIN_CLIENT_SECRET="op://keycloak/$APP_ENV/sbc-auth-admin/SBC_AUTH_ADMIN_CLIENT_SECRET"
 BUSINESS_SERVICE_ACCOUNT="op://gcp-queue/$APP_ENV/a083gt/BUSINESS_SERVICE_ACCOUNT"
-AUTHPAY_SERVICE_ACCOUNT="op://gcp-queue/$APP_ENV/gtksf3/AUTHPAY_SERVICE_ACCOUNT"
 VPC_CONNECTOR="op://CD/$APP_ENV/auth-queue/VPC_CONNECTOR"
-AUTH_QUEUE_AUDIENCE_SUB="op://gcp-queue/$APP_ENV/authpay/AUTH_QUEUE_AUDIENCE_SUB"
diff --git a/queue_services/auth-queue/src/auth_queue/config.py b/queue_services/auth-queue/src/auth_queue/config.py
@@ -79,9 +79,7 @@ class _Config:  # pylint: disable=too-few-public-methods
     # PUB/SUB - PUB: account-mailer-dev, SUB: auth-event-dev and namex-nr-state-dev
     ACCOUNT_MAILER_TOPIC = os.getenv('ACCOUNT_MAILER_TOPIC', 'account-mailer-dev')
     # If blank in PUB/SUB, this should match the https endpoint the subscription is pushing to.
-    AUTH_AUDIENCE_SUB = os.getenv('AUTH_QUEUE_AUDIENCE_SUB')
     GCP_AUTH_KEY = os.getenv('AUTHPAY_GCP_AUTH_KEY', None)
-    VERIFY_PUBSUB_EMAILS = f'{os.getenv("AUTHPAY_SERVICE_ACCOUNT")},{os.getenv("BUSINESS_SERVICE_ACCOUNT")}'.split(',')  # noqa: E231, E501
 
     PAY_API_URL = os.getenv('PAY_API_URL') + os.getenv('PAY_API_VERSION')
 

diff --git a/queue_services/auth-queue/src/auth_queue/resources/worker.py b/queue_services/auth-queue/src/auth_queue/resources/worker.py
@@ -24,7 +24,6 @@
 from auth_api.models import db
 from auth_api.models.pubsub_message_processing import PubSubMessageProcessing
 from auth_api.services.gcp_queue import queue
-from auth_api.services.gcp_queue.gcp_auth import ensure_authorized_queue_user
 from auth_api.services.rest_service import RestService
 from auth_api.utils.account_mailer import publish_to_mailer
 from auth_api.utils.enums import AccessType, ActivityAction, CorpType, OrgStatus, QueueSources
@@ -41,7 +40,6 @@
 
 
 @bp.route('/', methods=('POST',))
-@ensure_authorized_queue_user
 def worker():
     """Worker to handle incoming queue pushes."""
     if not (event_message := queue.get_simple_cloud_event(request, wrapped=True)):

diff --git a/queue_services/auth-queue/tests/conftest.py b/queue_services/auth-queue/tests/conftest.py
@@ -146,12 +146,6 @@ def restart_savepoint(sess2, trans):  # pylint: disable=unused-variable
         conn.close()
 
 
-@pytest.fixture(autouse=True)
-def mock_queue_auth(mocker):
-    """Mock queue authorization."""
-    mocker.patch('auth_api.services.gcp_queue.gcp_auth.verify_jwt', return_value='')
-
-
 @pytest.fixture(autouse=True)
 def mock_pub_sub_call(mocker):
     """Mock pub sub call."""