auth_connection: just use authenticate_oidc with builtin client crede…

…ntials support (since openeo python client 0.18.0) #6
Open-EO · May 31, 2023 · e3fd7e8 · e3fd7e8
1 parent 37687d5
commit e3fd7e8
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 18 deletions.
diff --git a/setup.py b/setup.py
@@ -12,7 +12,7 @@
         "schema",
         "pytest-timeout",
         "shapely",
-        "openeo>=0.17.0a3.dev",
+        "openeo>=0.18.0",
         "openeo_driver>=0.39.1a1.*",
         "pytest-xdist",
         "xarray<2022.6.0",

diff --git a/tests/conftest.py b/tests/conftest.py
@@ -84,24 +84,11 @@ def is_sensitive_key(key: Any) -> bool:
 def auth_connection(connection) -> openeo.Connection:
     """
     Fixture to authenticate the connection,
-    attempting different methods to support multiple run modes:
-    automated jenkins/CI run (client credentials), developer running locally (device flow/refresh tokens)
+    uses `authenticate_oidc`, which works by default for local development (e.g. device flow or refresh tokens)
+    but also supports (since python client version 0.18.0) client credentials auth
+    if the appropriate env vars are set (OPENEO_AUTH_METHOD, OPENEO_AUTH_CLIENT_ID, OPENEO_AUTH_CLIENT_SECRET,
+    and OPENEO_AUTH_PROVIDER_ID)
     """
-    # Try to extract Jenkins service account credentials from env (e.g. set from Jenkinsfile)
-    service_account_creds = {
-        "provider_id": os.environ.get("OPENEO_JENKINS_SERVICE_ACCOUNT_PROVIDER_ID"),
-        "client_id": os.environ.get("OPENEO_JENKINS_SERVICE_ACCOUNT_CLIENT_ID"),
-        "client_secret": os.environ.get("OPENEO_JENKINS_SERVICE_ACCOUNT_CLIENT_SECRET"),
-    }
-    _log.info(f"Extracted Jenkins service account credentials: {_redact(service_account_creds)}")
-    if all(service_account_creds.values()):
-        _log.info(f"Using client credentials auth with Jenkins service account: {_redact(service_account_creds)}")
-        connection.authenticate_oidc_client_credentials(**service_account_creds)
-        return connection
-
-    # Try classic OIDC refresh tokens + device code flow:
-    # allows developers to run the integration tests locally with own user.
-    _log.info("Trying auth `connection.authenticate_oidc()` with refresh tokens + device code flow")
     connection.authenticate_oidc(
         # Note the really short default max poll time to fail fast by default
         # (when nobody is watching the device code flow instructions).