fix: MCP servers auth via LiteLLM Bearer token, drop unused service tokens
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
Zoë
parent
8130544e6a
commit
80e0421be5
1 changed files with 13 additions and 12 deletions
|
|
@ -74,10 +74,10 @@ def get_secret(bao_token: str, path: str, key: str) -> str:
|
||||||
def fetch_role_secrets(bao_token: str, role: str) -> dict:
|
def fetch_role_secrets(bao_token: str, role: str) -> dict:
|
||||||
"""Fetch all secrets for a role. Returns dict of secret_name -> value."""
|
"""Fetch all secrets for a role. Returns dict of secret_name -> value."""
|
||||||
secrets = {}
|
secrets = {}
|
||||||
secret_names = ["litellm-key", "vikunja-token", "forgejo-token", "argocd-token"]
|
secret_names = ["litellm-key"]
|
||||||
for name in secret_names:
|
for name in secret_names:
|
||||||
try:
|
try:
|
||||||
key = "token" if name != "litellm-key" else "key"
|
key = "key"
|
||||||
secrets[name] = get_secret(bao_token, f"autojanet/{role}/{name}", key)
|
secrets[name] = get_secret(bao_token, f"autojanet/{role}/{name}", key)
|
||||||
log.info("Fetched secret: %s", name)
|
log.info("Fetched secret: %s", name)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
|
|
@ -89,12 +89,11 @@ def write_opencode_config(secrets: dict, role: str) -> None:
|
||||||
"""Write opencode config and set secrets as env vars for opencode to pick up."""
|
"""Write opencode config and set secrets as env vars for opencode to pick up."""
|
||||||
CONFIG_DIR.mkdir(parents=True, exist_ok=True)
|
CONFIG_DIR.mkdir(parents=True, exist_ok=True)
|
||||||
|
|
||||||
vikunja_token = secrets.get("vikunja-token", "")
|
litellm_key = secrets.get("litellm-key", "")
|
||||||
forgejo_token = secrets.get("forgejo-token", "")
|
|
||||||
|
|
||||||
# Set the LiteLLM API key as env var — opencode reads OPENAI_API_KEY for
|
# Set the LiteLLM API key as env var — opencode reads OPENAI_API_KEY for
|
||||||
# openai-compatible providers, or the provider-specific env var
|
# openai-compatible providers
|
||||||
os.environ["OPENAI_API_KEY"] = secrets.get("litellm-key", "")
|
os.environ["OPENAI_API_KEY"] = litellm_key
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
"$schema": "https://opencode.ai/config.json",
|
"$schema": "https://opencode.ai/config.json",
|
||||||
|
|
@ -110,18 +109,20 @@ def write_opencode_config(secrets: dict, role: str) -> None:
|
||||||
},
|
},
|
||||||
"mcp": {
|
"mcp": {
|
||||||
"vikunja": {
|
"vikunja": {
|
||||||
"type": "sse",
|
"type": "remote",
|
||||||
"url": f"{LITELLM_BASE_URL}/mcp/vikunja",
|
"url": f"{LITELLM_BASE_URL}/mcp/vikunja",
|
||||||
"headers": {
|
"headers": {
|
||||||
"x-vikunja-token": vikunja_token,
|
"Authorization": f"Bearer {litellm_key}",
|
||||||
}
|
},
|
||||||
|
"enabled": True,
|
||||||
},
|
},
|
||||||
"forgejo": {
|
"forgejo": {
|
||||||
"type": "sse",
|
"type": "remote",
|
||||||
"url": f"{LITELLM_BASE_URL}/mcp/forgejo",
|
"url": f"{LITELLM_BASE_URL}/mcp/forgejo",
|
||||||
"headers": {
|
"headers": {
|
||||||
"x-forgejo-token": forgejo_token,
|
"Authorization": f"Bearer {litellm_key}",
|
||||||
}
|
},
|
||||||
|
"enabled": True,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue