[#48] Fix Sceret Manager initialization failure on Space (#49)

* [#48] Fix Sceret Manager initialization failure on Space

Changes:
- Add proper credentials to Secret Manager
- Add credentials module to handle credentials

* Use oauth

---------

Co-authored-by: suhyun.kang <[email protected]>

credentials.py

@@ -0,0 +1,31 @@
+"""
+This module handles the retrieval of credentials 
+required for authentication with GCP services.
+"""
+
+import json
+import os
+
+# Path to local credentials file, used in local development.
+CREDENTIALS_PATH = os.environ.get("CREDENTIALS_PATH")
+
+# Credentials passed as an environment variable, used in deployment.
+CREDENTIALS = os.environ.get("CREDENTIALS")
+
+
+def get_credentials_json():
+  if not CREDENTIALS and not CREDENTIALS_PATH:
+    raise ValueError(
+        "No credentials found. Ensure CREDENTIALS or CREDENTIALS_PATH is set.")
+
+  # Use the environment variable for credentials when a file cannot be used
+  # in the environment, as credentials should not be made public.
+  if CREDENTIALS:
+    return json.loads(CREDENTIALS)
+
+  if not os.path.exists(CREDENTIALS_PATH):
+    raise FileNotFoundError(f"Credentials file not found: {CREDENTIALS_PATH}")
+
+  # Set credentials using a file in a local environment.
+  with open(CREDENTIALS_PATH, "r", encoding="utf-8") as cred_file:
+    return json.load(cred_file)

leaderboard.py

@@ -4,9 +4,7 @@ It provides a leaderboard component.
 
 from collections import defaultdict
 import enum
-import json
 import math
-import os
 
 import firebase_admin
 from firebase_admin import credentials
@@ -14,26 +12,10 @@ from firebase_admin import firestore
 import gradio as gr
 import pandas as pd
 
-# Path to local credentials file, used in local development.
-CREDENTIALS_PATH = os.environ.get("CREDENTIALS_PATH")
-
-# Credentials passed as an environment variable, used in deployment.
-CREDENTIALS = os.environ.get("CREDENTIALS")
-
-
-def get_credentials():
-  # Set credentials using a file in a local environment, if available.
-  if CREDENTIALS_PATH and os.path.exists(CREDENTIALS_PATH):
-    return credentials.Certificate(CREDENTIALS_PATH)
-
-  # Use environment variable for credentials when the file is not found,
-  # as credentials should not be public.
-  json_cred = json.loads(CREDENTIALS)
-  return credentials.Certificate(json_cred)
-
+from credentials import get_credentials_json
 
 # TODO(#21): Fix auto-reload issue related to the initialization of Firebase.
-firebase_admin.initialize_app(get_credentials())
+firebase_admin.initialize_app(credentials.Certificate(get_credentials_json()))
 db = firestore.client()
 
 

response.py

@@ -8,16 +8,21 @@ import os
 from random import sample
 
 from google.cloud import secretmanager
+from google.oauth2 import service_account
 import gradio as gr
 from litellm import completion
 
+from credentials import get_credentials_json
+
 GOOGLE_CLOUD_PROJECT = os.environ.get("GOOGLE_CLOUD_PROJECT")
 MODELS_SECRET = os.environ.get("MODELS_SECRET")
 
-secretmanagerClient = secretmanager.SecretManagerServiceClient()
-models_secret = secretmanagerClient.access_secret_version(
-    name=secretmanagerClient.secret_version_path(GOOGLE_CLOUD_PROJECT,
-                                                 MODELS_SECRET, "latest"))
+secretmanager_client = secretmanager.SecretManagerServiceClient(
+    credentials=service_account.Credentials.from_service_account_info(
+        get_credentials_json()))
+models_secret = secretmanager_client.access_secret_version(
+    name=secretmanager_client.secret_version_path(GOOGLE_CLOUD_PROJECT,
+                                                  MODELS_SECRET, "latest"))
 decoded_secret = models_secret.payload.data.decode("UTF-8")
 
 supported_models = json.loads(decoded_secret)