Make secrets different between deployments

aws/auth.py

@@ -1,25 +1,9 @@
+import os
+
 import globus_sdk
 import boto3
 import json
-
-
-def get_secret():
-    secret_name = "Globus"
-    region_name = "us-east-1"
-
-    # Create a Secrets Manager client
-    session = boto3.session.Session()
-
-    client = session.client(
-        service_name='secretsmanager',
-        region_name=region_name
-    )
-
-    get_secret_value_response = client.get_secret_value(
-        SecretId=secret_name
-    )
-    return eval(get_secret_value_response['SecretString'])
-
+from utils import get_secret
 
 def generate_policy(principalId, effect, resource, message="", name=None, identities=[],
                     user_id=None, dependent_token=None, user_email=None):
@@ -47,10 +31,11 @@ def generate_policy(principalId, effect, resource, message="", name=None, identi
 
 
 def lambda_handler(event, context):
-    globus_secrets = get_secret()
+    globus_secrets = get_secret(secret_name=os.environ['MDF_SECRETS_NAME'],
+                                region_name=os.environ['MDF_AWS_REGION'])
 
     #Have to log the event to see why methodArn isn't appearing
-    print(json.dumps(event));
+    print(json.dumps(event))
 
     auth_client = globus_sdk.ConfidentialAppAuthClient(
         globus_secrets['API_CLIENT_ID'], globus_secrets['API_CLIENT_SECRET'])

aws/status.py

@@ -1,12 +1,15 @@
 import json
+import os
+
 from dynamo_manager import DynamoManager
 from automate_manager import AutomateManager
 from utils import get_secret
 
 
 def lambda_handler(event, context):
     dynamo_manager = DynamoManager()
-    automate_manager = AutomateManager(get_secret())
+    automate_manager = AutomateManager(get_secret(secret_name=os.environ['MDF_SECRETS_NAME'],
+                                                  region_name=os.environ['MDF_AWS_REGION']))
     automate_manager.authenticate()
 
     print(event)

aws/submissions.py

@@ -1,4 +1,6 @@
 import json
+import os
+
 from dynamo_manager import DynamoManager
 from automate_manager import AutomateManager
 from utils import get_secret
@@ -44,7 +46,8 @@ def lambda_handler(event, context):
 
     dynamo_manager = DynamoManager()
 
-    automate_manager = AutomateManager(get_secret())
+    automate_manager = AutomateManager(get_secret(secret_name=os.environ['MDF_SECRETS_NAME'],
+                                                  region_name=os.environ['MDF_AWS_REGION']))
     automate_manager.authenticate()
 
     if event["pathParameters"] and  "user_id" in event['pathParameters']:

aws/submit.py

@@ -302,7 +302,8 @@ def lambda_handler(event, context):
 
     print("status info", status_info)
 
-    automate_manager = AutomateManager(get_secret())
+    automate_manager = AutomateManager(get_secret(secret_name=os.environ['MDF_SECRETS_NAME'],
+                                                  region_name=os.environ['MDF_AWS_REGION']))
     automate_manager.authenticate()
 
     try:

aws/utils.py

@@ -93,10 +93,7 @@ def make_globus_app_link(globus_uri, config):
     return globus_link
 
 
-def get_secret():
-    secret_name = "Globus"
-    region_name = "us-east-1"
-
+def get_secret(secret_name, region_name):
     # Create a Secrets Manager client
     session = boto3.session.Session()
 

infra/mdf/lambda_environment_vars.tf

@@ -4,6 +4,8 @@ variable "prod_env_vars" {
   type = map
   default = {
         DYNAMO_STATUS_TABLE="MDF-Connect-prod"
+        MDF_SECRETS_NAME="Globus"
+        MDF_AWS_REGION="us-east-1"
         GDRIVE_EP="f00dfd6c-edf4-4c8b-a4b1-be6ad92a4fbb"
         GDRIVE_ROOT="/Shared With Me"
         MANAGE_FLOWS_SCOPE="https://auth.globus.org/scopes/eec9b274-0c81-4334-bdc2-54e90e689b9a/manage_flows"
@@ -23,6 +25,8 @@ variable "test_env_vars" {
   type = map
   default = {
         DYNAMO_STATUS_TABLE="MDF-Connect-test"
+        MDF_SECRETS_NAME="Globus"
+        MDF_AWS_REGION="us-east-1"
         GDRIVE_EP="f00dfd6c-edf4-4c8b-a4b1-be6ad92a4fbb"
         GDRIVE_ROOT="/Shared With Me"
         MANAGE_FLOWS_SCOPE="https://auth.globus.org/scopes/eec9b274-0c81-4334-bdc2-54e90e689b9a/manage_flows"