fix: add proper authentication in metrics.py for .net env

robotoff/metrics.py

@@ -8,7 +8,7 @@
 from influxdb_client.client.write_api import SYNCHRONOUS
 
 from robotoff import settings
-from robotoff.utils import get_logger
+from robotoff.utils import get_logger, http_session
 
 logger = get_logger(__name__)
 
@@ -94,8 +94,9 @@ def ensure_influx_database():
 
 
 def get_product_count(country_tag: str) -> int:
-    r = requests.get(
-        settings.BaseURLProvider().country(country_tag).get() + "/3.json?fields=null"
+    r = http_session.get(
+        settings.BaseURLProvider().country(country_tag).get() + "/3.json?fields=null",
+        auth=settings._off_request_auth,
     ).json()
     return int(r["count"])
 
@@ -150,7 +151,7 @@ def generate_metrics_from_path(
         facet = get_facet_name(url)
 
     try:
-        r = requests.get(url, timeout=60)
+        r = http_session.get(url, timeout=60, auth=settings._off_request_auth)
     except requests.exceptions.Timeout:
         logger.error("OFF request timeout (60s): {}".format(url))
         return inserts

robotoff/off.py

@@ -3,7 +3,7 @@
 import enum
 import re
 from pathlib import Path
-from typing import Dict, List, Optional, Tuple, Union
+from typing import Dict, List, Optional, Union
 from urllib.parse import urlparse
 
 from robotoff import settings
@@ -412,14 +412,12 @@ def update_product(
         raise ValueError(
             "a password or a session cookie is required to update a product"
         )
-
-    request_auth: Optional[Tuple[str, str]] = None
-    if server_domain.endswith("openfoodfacts.net"):
-        # dev environment requires authentication
-        request_auth = ("off", "off")
-
     r = http_session.get(
-        url, params=params, auth=request_auth, cookies=cookies, timeout=timeout
+        url,
+        params=params,
+        auth=settings._off_request_auth,
+        cookies=cookies,
+        timeout=timeout,
     )
 
     r.raise_for_status()
@@ -491,13 +489,12 @@ def select_rotate_image(
             "a password or a session cookie is required to select an image"
         )
 
-    request_auth: Optional[Tuple[str, str]] = None
-    if server_domain.endswith("openfoodfacts.net"):
-        # dev environment requires authentication
-        request_auth = ("off", "off")
-
     r = http_session.post(
-        url, data=params, auth=request_auth, cookies=cookies, timeout=timeout
+        url,
+        data=params,
+        auth=settings._off_request_auth,
+        cookies=cookies,
+        timeout=timeout,
     )
 
     r.raise_for_status()

robotoff/settings.py

@@ -9,17 +9,17 @@
 from sentry_sdk.integrations import Integration
 from sentry_sdk.integrations.logging import LoggingIntegration
 
-_robotoff_instance = os.environ.get("ROBOTOFF_INSTANCE", "dev")
+ROBOTOFF_INSTANCE = os.environ.get("ROBOTOFF_INSTANCE", "dev")
 
 
 # Returns the top-level-domain (TLD) for the Robotoff instance.
 def _instance_tld() -> str:
-    if _robotoff_instance == "prod":
+    if ROBOTOFF_INSTANCE == "prod":
         return "org"
-    elif _robotoff_instance == "dev":
+    elif ROBOTOFF_INSTANCE == "dev":
         return "net"
     else:
-        return _robotoff_instance
+        return ROBOTOFF_INSTANCE
 
 
 _default_robotoff_domain = f"openfoodfacts.{_instance_tld()}"
@@ -107,6 +107,7 @@ def get(self):
 
 _off_password = os.environ.get("OFF_PASSWORD", "")
 _off_user = os.environ.get("OFF_USER", "")
+_off_request_auth = ("off", "off") if _instance_tld() == "net" else None
 
 
 def off_credentials() -> Dict[str, str]:
@@ -190,7 +191,7 @@ class ElasticsearchIndex:
 # Returns the slack token to use for posting alerts if the current instance is the 'prod' instance.
 # For all other instances, the empty string is returned.
 def slack_token() -> str:
-    if _robotoff_instance == "prod":
+    if ROBOTOFF_INSTANCE == "prod":
         if _slack_token != "":
             return _slack_token
         else:
@@ -216,10 +217,10 @@ def init_sentry(integrations: Optional[List[Integration]] = None):
         )
         sentry_sdk.init(  # type:ignore # mypy say it's abstract
             _sentry_dsn,
-            environment=_robotoff_instance,
+            environment=ROBOTOFF_INSTANCE,
             integrations=integrations,
         )
-    elif _robotoff_instance == "prod":
+    elif ROBOTOFF_INSTANCE == "prod":
         raise ValueError("No SENTRY_DSN specified for prod Robotoff")
 
 

tests/unit/test_settings.py

@@ -27,20 +27,20 @@
     ],
 )
 def test_base_url_provider(monkeypatch, instance, got_url, want_url):
-    monkeypatch.setattr(settings, "_robotoff_instance", instance)
+    monkeypatch.setattr(settings, "ROBOTOFF_INSTANCE", instance)
     monkeypatch.delenv("ROBOTOFF_DOMAIN", raising=False)  # force defaults to apply
     monkeypatch.delenv("ROBOTOFF_SCHEME", raising=False)  # force defaults to apply
     assert eval(got_url) == want_url
 
 
 def test_slack_token_valid_prod(monkeypatch):
-    monkeypatch.setattr(settings, "_robotoff_instance", "prod")
+    monkeypatch.setattr(settings, "ROBOTOFF_INSTANCE", "prod")
     monkeypatch.setattr(settings, "_slack_token", "TEST_TOKEN")
     assert settings.slack_token() == "TEST_TOKEN"
 
 
 def test_slack_token_valid_dev(monkeypatch):
-    monkeypatch.setattr(settings, "_robotoff_instance", "dev")
+    monkeypatch.setattr(settings, "ROBOTOFF_INSTANCE", "dev")
     monkeypatch.setattr(settings, "_slack_token", "")
     assert settings.slack_token() == ""
 
@@ -53,7 +53,7 @@ def test_slack_token_valid_dev(monkeypatch):
     ],
 )
 def test_slack_token_errors(monkeypatch, instance, token):
-    monkeypatch.setattr(settings, "_robotoff_instance", instance)
+    monkeypatch.setattr(settings, "ROBOTOFF_INSTANCE", instance)
     monkeypatch.setattr(settings, "_slack_token", token)
     with pytest.raises(ValueError):
         settings.slack_token()