apunkt/trustgraph
1
0
Fork 0
mirror of https://github.com/trustgraph-ai/trustgraph.git synced 2026-06-23 05:38:07 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

feat: add env-var fallback for librarian object-store config

Browse source 
The librarian now reads OBJECT_STORE_ENDPOINT, OBJECT_STORE_ACCESS_KEY,
OBJECT_STORE_SECRET_KEY, OBJECT_STORE_REGION, and OBJECT_STORE_USE_SSL
from the environment when not set via params. This lets K8s Secrets
supply credentials without them appearing in launch.yaml.
This commit is contained in:
Cyber MacGeddon 2026-06-03 10:59:01 +01:00
parent 6df7471a55
commit 3108076aec
1 changed files with 38 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

51
trustgraph-flow/trustgraph/librarian/service.py
View file

@ -8,6 +8,7 @@ import asyncio
import base64 import base64
import json import json
import logging import logging
import os
from datetime import datetime from datetime import datetime
from .. base import WorkspaceProcessor, Consumer, Producer, Publisher, Subscriber from .. base import WorkspaceProcessor, Consumer, Producer, Publisher, Subscriber
@ -54,6 +55,16 @@ default_object_store_access_key = "object-user"
default_object_store_secret_key = "object-password" default_object_store_secret_key = "object-password"
default_object_store_use_ssl = False default_object_store_use_ssl = False
default_object_store_region = None default_object_store_region = None
# Environment variables consulted as a fallback when the
# corresponding params field is not set in the processor-group YAML
# or via CLI. Intended for K8s Secret / env-var injection so
# credentials never have to live in the YAML (and thus in git).
ENV_OBJECT_STORE_ENDPOINT = "OBJECT_STORE_ENDPOINT"
ENV_OBJECT_STORE_ACCESS_KEY = "OBJECT_STORE_ACCESS_KEY"
ENV_OBJECT_STORE_SECRET_KEY = "OBJECT_STORE_SECRET_KEY"
ENV_OBJECT_STORE_USE_SSL = "OBJECT_STORE_USE_SSL"
ENV_OBJECT_STORE_REGION = "OBJECT_STORE_REGION"
default_cassandra_host = "cassandra" default_cassandra_host = "cassandra"
default_min_chunk_size = 1 # No minimum by default (for Garage) default_min_chunk_size = 1 # No minimum by default (for Garage)
@ -89,22 +100,36 @@ class Processor(WorkspaceProcessor):
"config_response_queue", default_config_response_queue "config_response_queue", default_config_response_queue
) )
object_store_endpoint = params.get("object_store_endpoint", default_object_store_endpoint) # Resolve object-store config. Precedence: explicit params
object_store_access_key = params.get( # (CLI / processor-group YAML) → environment variable →
"object_store_access_key", # hardcoded default. The env-var path lets K8s Secrets feed
default_object_store_access_key # credentials without them appearing in the YAML.
object_store_endpoint = (
params.get("object_store_endpoint")
or os.environ.get(ENV_OBJECT_STORE_ENDPOINT)
or default_object_store_endpoint
) )
object_store_secret_key = params.get( object_store_access_key = (
"object_store_secret_key", params.get("object_store_access_key")
default_object_store_secret_key or os.environ.get(ENV_OBJECT_STORE_ACCESS_KEY)
or default_object_store_access_key
) )
object_store_use_ssl = params.get( object_store_secret_key = (
"object_store_use_ssl", params.get("object_store_secret_key")
default_object_store_use_ssl or os.environ.get(ENV_OBJECT_STORE_SECRET_KEY)
or default_object_store_secret_key
) )
object_store_region = params.get( object_store_use_ssl = params.get("object_store_use_ssl")
"object_store_region", if object_store_use_ssl is None:
default_object_store_region env_ssl = os.environ.get(ENV_OBJECT_STORE_USE_SSL)
if env_ssl is not None:
object_store_use_ssl = env_ssl.lower() in ("true", "1", "yes")
else:
object_store_use_ssl = default_object_store_use_ssl
object_store_region = (
params.get("object_store_region")
or os.environ.get(ENV_OBJECT_STORE_REGION)
or default_object_store_region
) )
min_chunk_size = params.get( min_chunk_size = params.get(