update oauth2 client id from 1password

MobilityData · Dec 4, 2024 · 2c89a5b · 2c89a5b
1 parent 8b1660c
commit 2c89a5b
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 5 deletions.
diff --git a/.github/workflows/api-deployer.yml b/.github/workflows/api-deployer.yml
@@ -56,6 +56,10 @@ on:
         description: Validator endpoint
         required: true
         type: string
+      OPERATIONS_OAUTH2_CLIENT_ID_1PASSWORD:
+        description: Oauth client id part of the authoriation for the operations API
+        required: true
+        type: string
 
 env:
   python_version: '3.11'
@@ -295,11 +299,12 @@ jobs:
         env:
           OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
           TRANSITLAND_API_KEY: "op://rbiv7rvkkrsdlpcrz3bmv7nmcu/TansitLand API Key/credential"
+          OPERATIONS_OAUTH2_CLIENT_ID: ${{ inputs.OPERATIONS_OAUTH2_CLIENT_ID_1PASSWORD }}
 
       - name: Populate Variables
         run: |
           scripts/replace-variables.sh -in_file infra/backend.conf.rename_me -out_file infra/backend.conf -variables BUCKET_NAME,OBJECT_PREFIX
-          scripts/replace-variables.sh -in_file infra/vars.tfvars.rename_me -out_file infra/vars.tfvars -variables PROJECT_ID,REGION,ENVIRONMENT,DEPLOYER_SERVICE_ACCOUNT,FEED_API_IMAGE_VERSION,OAUTH2_CLIENT_ID,OAUTH2_CLIENT_SECRET,GLOBAL_RATE_LIMIT_REQ_PER_MINUTE,ARTIFACT_REPO_NAME,VALIDATOR_ENDPOINT,TRANSITLAND_API_KEY
+          scripts/replace-variables.sh -in_file infra/vars.tfvars.rename_me -out_file infra/vars.tfvars -variables PROJECT_ID,REGION,ENVIRONMENT,DEPLOYER_SERVICE_ACCOUNT,FEED_API_IMAGE_VERSION,OAUTH2_CLIENT_ID,OAUTH2_CLIENT_SECRET,GLOBAL_RATE_LIMIT_REQ_PER_MINUTE,ARTIFACT_REPO_NAME,VALIDATOR_ENDPOINT,TRANSITLAND_API_KEY,OPERATIONS_OAUTH2_CLIENT_ID
 
       - uses: hashicorp/setup-terraform@v3
         with:

diff --git a/.github/workflows/api-dev.yml b/.github/workflows/api-dev.yml
@@ -22,6 +22,7 @@ jobs:
       GLOBAL_RATE_LIMIT_REQ_PER_MINUTE: ${{ vars.GLOBAL_RATE_LIMIT_REQ_PER_MINUTE }}
       TF_APPLY: true
       VALIDATOR_ENDPOINT: https://stg-gtfs-validator-web-mbzoxaljzq-ue.a.run.app
+      OPERATIONS_OAUTH2_CLIENT_ID_1PASSWORD: "op://rbiv7rvkkrsdlpcrz3bmv7nmcu/GCP_FEEDS_API_TOKEN_OAUTH2_DEV/username"
     secrets:
       GCP_MOBILITY_FEEDS_SA_KEY: ${{ secrets.DEV_GCP_MOBILITY_FEEDS_SA_KEY }}
       OAUTH2_CLIENT_ID: ${{ secrets.DEV_MOBILITY_FEEDS_OAUTH2_CLIENT_ID}}

diff --git a/infra/functions-python/main.tf b/infra/functions-python/main.tf
@@ -612,7 +612,7 @@ resource "google_cloudfunctions2_function" "operations_api" {
     environment_variables = {
       PROJECT_ID = var.project_id
       PYTHONNODEBUGRANGES = 0
-      GOOGLE_CLIENT_ID = var.authorization_google_client_id
+      GOOGLE_CLIENT_ID = var.operations_oauth2_client_id
     }
     available_memory = local.function_operations_api_config.memory
     timeout_seconds = local.function_operations_api_config.timeout

diff --git a/infra/functions-python/vars.tf b/infra/functions-python/vars.tf
@@ -70,7 +70,7 @@ variable "transitland_api_key" {
     description = "Transitland API key"
 }
 
-variable "authorization_google_client_id" {
+variable "operations_oauth2_client_id" {
   type = string
-  description = "Google client ID"
+  description = "value of the OAuth2 client id for the Operations API"
 }
diff --git a/infra/vars.tf b/infra/vars.tf
@@ -66,4 +66,9 @@ variable "validator_endpoint" {
 
 variable "transitland_api_key" {
   type = string
+}
+
+variable "operations_oauth2_client_id" {
+  type = string
+  description = "value of the OAuth2 client id for the Operations API"
 }
diff --git a/infra/vars.tfvars.rename_me b/infra/vars.tfvars.rename_me
@@ -17,4 +17,6 @@ oauth2_client_secret = {{OAUTH2_CLIENT_SECRET}}
 global_rate_limit_req_per_minute = {{GLOBAL_RATE_LIMIT_REQ_PER_MINUTE}}
 
 validator_endpoint = {{VALIDATOR_ENDPOINT}}
-transitland_api_key = {{TRANSITLAND_API_KEY}}
+transitland_api_key = {{TRANSITLAND_API_KEY}}
+
+operations_oauth2_client_id = {{OPERATIONS_OAUTH2_CLIENT_ID}}