clue-api 1.0.0.dev14__tar.gz → 1.0.0.dev34__tar.gz

{clue_api-1.0.0.dev14 → clue_api-1.0.0.dev34}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: clue-api
-Version: 1.0.0.dev14
+Version: 1.0.0.dev34
 Summary: Clue distributed enrichment service
 License: MIT
 License-File: LICENSE
@@ -31,9 +31,8 @@ Requires-Dist: flask-caching (>=2.1.0,<3.0.0)
 Requires-Dist: flask-cors (>=4.0.1,<5.0.0) ; extra == "server"
 Requires-Dist: gevent (>=24.2.1,<25.0.0)
 Requires-Dist: geventhttpclient (>=2.3.1,<3.0.0)
-Requires-Dist: gunicorn (>=22.0.0,<23.0.0)
+Requires-Dist: gunicorn (>=22,<24)
 Requires-Dist: imgkit (>=1.2.3,<2.0.0)
-Requires-Dist: netifaces (>=0.11.0,<0.12.0) ; extra == "server"
 Requires-Dist: passlib (>=1.7.4,<2.0.0) ; extra == "server"
 Requires-Dist: pillow (>=11.1.0,<12.0.0)
 Requires-Dist: prometheus-client (>=0.20.0,<0.21.0) ; extra == "server"

{clue_api-1.0.0.dev14 → clue_api-1.0.0.dev34}/clue/models/config.py

@@ -378,7 +378,6 @@ class API(BaseModel):
     validate_session_xsrf_token: bool = Field(
         description="Validate if the XSRF token matches the randomly generated token for the session", default=True
     )
-    vault_url: str = Field(default="https://vault.vault.svc.cluster.local:8200")
 
 
 root_path = Path("/etc") / APP_NAME

{clue_api-1.0.0.dev14 → clue_api-1.0.0.dev34}/clue/plugin/interactive.py

@@ -229,14 +229,6 @@ def main():  # noqa: C901
             Environment variable CLUE_ACCESS_TOKEN not set!
 
             It is highly likely your plugin will not work if it connects to an external service.
-
-            You'll need to generate a matching token. If on jupyhub, run:
-
-            export CLUE_ACCESS_TOKEN=$(python -c "from hogwarts.auth.vault.credentials import ClueTokenCredential; print(ClueTokenCredential().get_token().token)")
-
-            If you need a different token use the corresponding credential (i.e., trino -> TrinoTokenCredential, howler -> HowlerTokenCredential).
-
-            If you're developing on your local machine, talk to Matthew Rafuse <Matthew.Rafuse@cyber.gc.ca> on Teams.
             """).strip()  # noqa: E501
         )
 

{clue_api-1.0.0.dev14 → clue_api-1.0.0.dev34}/clue/security/obo.py

@@ -1,8 +1,6 @@
 from datetime import datetime
 from typing import Optional
 
-# from hogwarts.auth.vault.exceptions import VaultRequestException
-# from hogwarts.auth.vault.vault_client import VaultClient
 from clue.common.exceptions import InvalidDataException
 from clue.common.logging import get_logger
 from clue.config import config, get_redis
@@ -34,7 +32,7 @@ def _get_token_raw(service: str, user: str) -> Optional[str]:
 
 
 def get_obo_token(service: str, access_token: str, user: str, force_refresh: bool = False):
-    """Gets an On-Behalf-Of token from either the Redis cache or from the Vault API.
+    """Gets an On-Behalf-Of token from either the Redis cache or from the provided authentication plugin.
 
     Args:
         service (str): The target application we want a token for.
@@ -71,13 +69,7 @@ def get_obo_token(service: str, access_token: str, user: str, force_refresh: boo
         if obo_access_token is None:
             logger.info(f"Fetching OBO token for user {user} to service {service}")
 
-            logger.debug("Contacting vault for new OBO token")
-            # vault_client = VaultClient(url=config.api.vault_url)
-            # obo_access_token, _ = vault_client.on_behalf_of(
-            #     config.api.obo_targets[service].scope,
-            #     access_token,
-            #     token_client_name=APP_NAME.replace("-dev", ""),
-            # )
+            # TODO: figure out plugin-based OBO system
             obo_access_token = None
 
             if obo_access_token:
@@ -85,11 +77,11 @@ def get_obo_token(service: str, access_token: str, user: str, force_refresh: boo
                 service_token_store.pop_all()
                 service_token_store.add(obo_access_token)
             else:
-                logger.error("Vault OBO failed, no token received.")
+                logger.error("OBO failed, no token received.")
         else:
             logger.debug("Using cached OBO token")
 
         return obo_access_token
     except Exception:
-        # except VaultRequestException:
-        logger.exception("VaultRequestException on OBO:")
+        logger.exception("Exception on OBO:")
+        return None

{clue_api-1.0.0.dev14 → clue_api-1.0.0.dev34}/pyproject.toml

@@ -164,7 +164,7 @@ log_cli_level = "INFO"
 [tool.poetry]
 package-mode = true
 name = "clue-api"
-version = "1.0.0.dev14"
+version = "1.0.0.dev34"
 description = "Clue distributed enrichment service"
 authors = ["Canadian Centre for Cyber Security <contact@cyber.gc.ca>"]
 license = "MIT"
@@ -199,7 +199,7 @@ python = "^3.12"
 elastic-apm = "^6.22.0"
 flask = "<3.0.0"
 flask-caching = "^2.1.0"
-gunicorn = "^22.0.0"
+gunicorn = ">=22,<24"
 gevent = "^24.2.1"
 pydantic = "^2.7.1"
 geventhttpclient = "^2.3.1"
@@ -217,7 +217,6 @@ Werkzeug = { version = "^3.0.2", optional = true }
 bcrypt = { version = "^4.1.2", optional = true }
 PyYAML = { version = "^6.0.1", optional = true }
 python-baseconv = { version = "^1.2.2", optional = true }
-netifaces = { version = "^0.11.0", optional = true }
 pyroute2 = { version = "^0.7.12", optional = true }
 pyjwt = { version = "^2.8.0", optional = true }
 prometheus-client = { version = "^0.20.0", optional = true }
@@ -235,7 +234,6 @@ server = [
   "bcrypt",
   "PyYAML",
   "python-baseconv",
-  "netifaces",
   "pyroute2",
   "pyjwt",
   "prometheus-client",