Remove the use of keyvault

Author: Christdej

pyproject.toml

@@ -27,7 +27,6 @@ classifiers = [
 dependencies = [
     "alitra>=1.1.3",
     "azure-identity",
-    "azure-keyvault-secrets",
     "azure-storage-blob",
     "backoff",
     "click",

requirements.txt

@@ -20,7 +20,6 @@ azure-core==1.38.0
     # via
     #   azure-core-tracing-opentelemetry
     #   azure-identity
-    #   azure-keyvault-secrets
     #   azure-monitor-opentelemetry
     #   azure-monitor-opentelemetry-exporter
     #   azure-storage-blob
@@ -31,8 +30,6 @@ azure-identity==1.25.1
     # via
     #   azure-monitor-opentelemetry-exporter
     #   isar (pyproject.toml)
-azure-keyvault-secrets==4.10.0
-    # via isar (pyproject.toml)
 azure-monitor-opentelemetry==1.8.2
     # via isar (pyproject.toml)
 azure-monitor-opentelemetry-exporter==1.0.0b45
@@ -101,7 +98,6 @@ importlib-metadata==8.7.1
     # via opentelemetry-api
 isodate==0.7.2
     # via
-    #   azure-keyvault-secrets
     #   azure-storage-blob
     #   msrest
 msal==1.34.0
@@ -290,7 +286,6 @@ typing-extensions==4.15.0
     # via
     #   azure-core
     #   azure-identity
-    #   azure-keyvault-secrets
     #   azure-storage-blob
     #   fastapi
     #   grpcio

src/isar/apis/api.py

@@ -17,7 +17,6 @@
 from isar.apis.robot_control.robot_controller import RobotController
 from isar.apis.schedule.scheduling_controller import SchedulingController
 from isar.apis.security.authentication import Authenticator
-from isar.config.keyvault.keyvault_service import Keyvault
 from isar.config.settings import settings
 from robot_interface.telemetry.mqtt_client import MqttClientInterface
 from robot_interface.telemetry.payloads import StartUpMessagePayload
@@ -30,14 +29,12 @@ def __init__(
         authenticator: Authenticator,
         scheduling_controller: SchedulingController,
         robot_controller: RobotController,
-        keyvault: Keyvault,
         mqtt_publisher: MqttClientInterface,
         port: int = settings.API_PORT,
     ) -> None:
         self.authenticator: Authenticator = authenticator
         self.scheduling_controller: SchedulingController = scheduling_controller
         self.robot_controller: RobotController = robot_controller
-        self.keyvault: Keyvault = keyvault
         self.host: str = "0.0.0.0"  # Locking uvicorn to use 0.0.0.0
         self.port: int = port
         self.mqtt_publisher: MqttClientInterface = mqtt_publisher

src/isar/config/keyvault/__init__.py

@@ -126,16 +126,17 @@ class Settings(BaseSettings):
     MQTT_HOST: str = Field(default="localhost")
     MQTT_PORT: int = Field(default=1883)
 
-    # Keyvault name
-    KEYVAULT_NAME: str = Field(default="IsarDevKv")
-
     # Determines whether inspections are uploaded asynchronously or get_inspections in robotinterface
     UPLOAD_INSPECTIONS_ASYNC: bool = Field(default=False)
 
     # URL to storage account for Azure Blob Storage
     BLOB_STORAGE_ACCOUNT_DATA: str = Field(default="")
     BLOB_STORAGE_ACCOUNT_METADATA: str = Field(default="")
 
+    # Blob storage connection strings for Azure Blob Storage
+    BLOB_STORAGE_CONNECTION_STRING_DATA: str = Field(default="")
+    BLOB_STORAGE_CONNECTION_STRING_METADATA: str = Field(default="")
+
     # Name of blob container in Azure Blob Storage [slimm test]
     BLOB_CONTAINER: str = Field(default="test")
 

src/isar/config/keyvault/keyvault_service.py

@@ -1,4 +1,3 @@
-import os
 from importlib import import_module
 
 from dependency_injector import containers, providers
@@ -7,7 +6,6 @@
 from isar.apis.robot_control.robot_controller import RobotController
 from isar.apis.schedule.scheduling_controller import SchedulingController
 from isar.apis.security.authentication import Authenticator
-from isar.config.keyvault.keyvault_service import Keyvault
 from isar.config.settings import settings
 from isar.models.events import Events, SharedState
 from isar.robot.robot import Robot
@@ -23,15 +21,6 @@
 class ApplicationContainer(containers.DeclarativeContainer):
     config = providers.Configuration(pydantic_settings=[settings])
 
-    # Core services
-    keyvault = providers.Singleton(
-        Keyvault,
-        keyvault_name=settings.KEYVAULT_NAME,
-        client_id=settings.AZURE_CLIENT_ID,
-        client_secret=os.environ.get("AZURE_CLIENT_SECRET"),
-        tenant_id=settings.AZURE_TENANT_ID,
-    )
-
     # Events and shared state
     events = providers.Singleton(Events)
     shared_state = providers.Singleton(SharedState)
@@ -66,7 +55,6 @@ class ApplicationContainer(containers.DeclarativeContainer):
         authenticator=authenticator,
         scheduling_controller=scheduling_controller,
         robot_controller=robot_controller,
-        keyvault=keyvault,
         mqtt_publisher=mqtt_client,
     )
 
@@ -76,7 +64,7 @@ class ApplicationContainer(containers.DeclarativeContainer):
         local_storage = providers.Singleton(LocalStorage)
         storage_handlers_temp.append(local_storage)
     if settings.STORAGE_BLOB_ENABLED:
-        blob_storage = providers.Singleton(BlobStorage, keyvault=keyvault)
+        blob_storage = providers.Singleton(BlobStorage)
         storage_handlers_temp.append(blob_storage)
     storage_handlers = providers.List(*storage_handlers_temp)
 
@@ -111,7 +99,6 @@ def get_injector() -> ApplicationContainer:
     container = ApplicationContainer()
     container.init_resources()
     container.wire(modules=[__name__])
-    container.config.from_dict({"KEYVAULT_NAME": settings.KEYVAULT_NAME})
 
     print("Loaded the following module configurations:")
     for provider_name, provider in container.providers.items():

src/isar/config/settings.py

@@ -4,7 +4,6 @@
 from azure.core.exceptions import ResourceExistsError
 from azure.storage.blob import BlobServiceClient, ContainerClient
 
-from isar.config.keyvault.keyvault_service import Keyvault
 from isar.config.settings import settings
 from isar.storage.storage_interface import (
     BlobStoragePath,
@@ -18,27 +17,25 @@
 
 
 class BlobStorage(StorageInterface):
-    def __init__(self, keyvault: Keyvault) -> None:
+    def __init__(self) -> None:
         self.logger = logging.getLogger("uploader")
 
         self.container_client_data = self._get_container_client(
-            keyvault,
             settings.BLOB_STORAGE_ACCOUNT_DATA,
-            "AZURE-STORAGE-CONNECTION-STRING-DATA",
+            "BLOB_STORAGE_CONNECTION_STRING_DATA",
         )
         self.container_client_metadata = self._get_container_client(
-            keyvault,
             settings.BLOB_STORAGE_ACCOUNT_METADATA,
-            "AZURE-STORAGE-CONNECTION-STRING-METADATA",
+            "BLOB_STORAGE_CONNECTION_STRING_METADATA",
         )
 
     def _get_container_client(
-        self, keyvault: Keyvault, account_name: str, secret_name: str
+        self, account_name: str, setting_secret_name: str
     ) -> ContainerClient:
-        storage_connection_string = keyvault.get_secret(secret_name).value
+        storage_connection_string = settings[setting_secret_name]
 
-        if storage_connection_string is None:
-            raise RuntimeError(f"{secret_name} from keyvault is None")
+        if not storage_connection_string:
+            raise RuntimeError(f"{setting_secret_name} is Empty or None")
 
         try:
             blob_service_client = BlobServiceClient.from_connection_string(

src/isar/modules.py

@@ -17,7 +17,6 @@
 from testcontainers.mysql import MySqlContainer
 
 from isar.apis.security.authentication import Authenticator
-from isar.config.keyvault.keyvault_service import Keyvault
 from isar.config.settings import settings
 from isar.eventhandlers.eventhandler import State
 from isar.models.events import Events
@@ -127,12 +126,6 @@ def access_token() -> str:
     return "DummyToken"
 
 
-@pytest.fixture()
-def keyvault(container: ApplicationContainer) -> Singleton[Keyvault]:
-    """Fixture to provide the Keyvault instance."""
-    return container.keyvault()
-
-
 @pytest.fixture()
 def state_machine(
     container: ApplicationContainer, robot: RobotInterface