scality · Abubakarr99 · Aug 11, 2023 · Aug 4, 2023 · Aug 7, 2023 · Aug 7, 2023
@@ -27,7 +27,7 @@ jobs:
     env:
       REDIS_OM_URL: redis://localhost:6379/0
       GITHUB_BASE_URL: http://localhost:4010
-
+      API_KEY: ${{ secrets.API_KEY }}
     steps:
       - uses: actions/checkout@v3
       - name: Boot compose services

@@ -1,14 +1,36 @@
 import logging
 
-from fastapi import FastAPI, Response
+from fastapi import Depends, FastAPI, HTTPException, Response, Security, status
+from fastapi.security import APIKeyHeader, APIKeyQuery
 
-from runner_manager.dependencies import get_queue
+from runner_manager.dependencies import get_queue, get_settings
 from runner_manager.jobs.startup import startup
+from runner_manager.models.settings import Settings
 from runner_manager.routers import webhook
 
 log = logging.getLogger(__name__)
 
 app = FastAPI()
+api_key_query = APIKeyQuery(name="api-key", auto_error=False)
+api_key_header = APIKeyHeader(name="x-api-key", auto_error=False)
+
+
+def get_api_key(
+    api_key_query: str = Security(api_key_query),
+    api_key_header: str = Security(api_key_header),
+    settings: Settings = Depends(get_settings),
+) -> str:
+    if not settings.api_key:
+        return ""
+    if api_key_query in [settings.api_key.get_secret_value()]:
+        return api_key_query
+    if api_key_header in [settings.api_key.get_secret_value()]:
+        return api_key_header
+    raise HTTPException(
+        status_code=status.HTTP_401_UNAUTHORIZED,
+        detail="Invalid API Key",
+    )
+
 
 app.include_router(webhook.router)
 
@@ -24,3 +46,15 @@ def startup_event():
 @app.get("/_health")
 def health():
     return Response(status_code=200)
+
+
+@app.get("/public")
+def public():
+    """A public endpoint that does not require any authentication."""
+    return "Public Endpoint"
+
+
+@app.get("/private")
+def private(api_key: str = Security(get_api_key)):
+    """A private endpoint that requires a valid API key to be provided."""
+    return f"Private Endpoint. API Key: {api_key}"
@@ -2,7 +2,7 @@
 from typing import Any, Dict, Optional
 
 import yaml
-from pydantic import AnyHttpUrl, BaseSettings, RedisDsn
+from pydantic import AnyHttpUrl, BaseSettings, RedisDsn, SecretStr
 
 
 class ConfigFile(BaseSettings):
@@ -25,6 +25,7 @@ class Settings(BaseSettings):
     name: Optional[str] = "runner-manager"
     redis_om_url: Optional[RedisDsn] = None
     github_base_url: Optional[AnyHttpUrl] = None
+    api_key: Optional[SecretStr] = None
 
     class Config:
         smart_union = True

diff --git a/tests/api/tests_auth.py b/tests/api/tests_auth.py
@@ -0,0 +1,31 @@
+from functools import lru_cache
+
+from runner_manager.dependencies import get_settings
+from runner_manager.models.settings import Settings
+
+
+def test_public_endpoint(client):
+    response = client.get("/public")
+
+    assert response.status_code == 200
+
+
+def test_private_endpoint_without_api_key(client):
+    response = client.get("/private")
+    # for now we are not using api key
+    assert response.status_code == 200
+
+
+@lru_cache
+def settings_api_key():
+    return Settings(api_key="secret")
+
+
+def test_private_endpoint_with_valid_api_key(fastapp, client):
+    settings_api_key.cache_clear()
+    fastapp.dependency_overrides = {}
+    fastapp.dependency_overrides[get_settings] = settings_api_key
+    headers = {"x-api-key": "secret"}
+    response = client.get("/private", headers=headers)
+    print(response.text)
+    assert response.status_code == 200