feat(IAM-SA): Removed AKID references to use IAM SA role instead

uc-cdis · May 22, 2023 · 5daffd6 · 5daffd6
1 parent 3782763
commit 5daffd6
Show file tree

Hide file tree

Showing 4 changed files with 2 additions and 29 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "poetry.lock",
     "lines": null
   },
-  "generated_at": "2020-10-19T22:23:04Z",
+  "generated_at": "2023-05-22T19:12:04Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -57,16 +57,7 @@
       "name": "TwilioKeyDetector"
     }
   ],
-  "results": {
-    "config.json": [
-      {
-        "hashed_secret": "1f5e25be9b575e9f5d39c82dfd1d9f4d73f1975c",
-        "is_verified": false,
-        "line_number": 3,
-        "type": "Secret Keyword"
-      }
-    ]
-  },
+  "results": {},
   "version": "0.13.1",
   "word_list": {
     "file": null,

diff --git a/config.json b/config.json
@@ -1,6 +1,4 @@
 {
-    "aws_access_key_id": "",
-    "aws_secret_access_key": "",
     "manifest_bucket_name" : "",
     "hostname": "",
     "prefix": ""

diff --git a/manifestservice/api.py b/manifestservice/api.py
@@ -37,15 +37,7 @@ def create_app():
     app.config["OIDC_ISSUER"] = "https://%s/user" % config_dict["hostname"]
     app.config["MANIFEST_BUCKET_NAME"] = config_dict["manifest_bucket_name"]
 
-    app.config["AWS_ACCESS_KEY_ID"] = config_dict["aws_access_key_id"].strip()
-    app.config["AWS_SECRET_ACCESS_KEY"] = config_dict["aws_secret_access_key"].strip()
-
-    os.environ["AWS_ACCESS_KEY_ID"] = config_dict["aws_access_key_id"].strip()
-    os.environ["AWS_SECRET_ACCESS_KEY"] = config_dict["aws_secret_access_key"].strip()
-
     required_config_variables = [
-        "AWS_SECRET_ACCESS_KEY",
-        "AWS_ACCESS_KEY_ID",
         "OIDC_ISSUER",
         "MANIFEST_BUCKET_NAME",
     ]

diff --git a/manifestservice/manifests/__init__.py b/manifestservice/manifests/__init__.py
@@ -210,8 +210,6 @@ def _add_manifest_to_bucket(current_token, manifest_json):
     """
     session = boto3.Session(
         region_name="us-east-1",
-        aws_access_key_id=app.config["AWS_ACCESS_KEY_ID"],
-        aws_secret_access_key=app.config["AWS_SECRET_ACCESS_KEY"],
     )
     s3 = session.resource("s3")
 
@@ -250,8 +248,6 @@ def _add_GUID_to_bucket(current_token, GUID):
     """
     session = boto3.Session(
         region_name="us-east-1",
-        aws_access_key_id=app.config["AWS_ACCESS_KEY_ID"],
-        aws_secret_access_key=app.config["AWS_SECRET_ACCESS_KEY"],
     )
     s3 = session.resource("s3")
 
@@ -361,8 +357,6 @@ def _list_files_in_bucket(bucket_name, folder):
     """
     session = boto3.Session(
         region_name="us-east-1",
-        aws_access_key_id=app.config["AWS_ACCESS_KEY_ID"],
-        aws_secret_access_key=app.config["AWS_SECRET_ACCESS_KEY"],
     )
     s3 = session.resource("s3")
 
@@ -408,8 +402,6 @@ def _get_file_contents(bucket_name, folder, filename):
     """
     client = boto3.client(
         "s3",
-        aws_access_key_id=app.config["AWS_ACCESS_KEY_ID"],
-        aws_secret_access_key=app.config["AWS_SECRET_ACCESS_KEY"],
     )
     obj = client.get_object(Bucket=bucket_name, Key=folder + "/" + filename)
     as_bytes = obj["Body"].read()