Oliver/ferrero-opentext
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ferrero-opentext/Python-Version/.env
DJP 6561a4b8cc Add separate mTLS base URL configuration for certificate authentication 
Critical fix: mTLS uses completely different API endpoint than OAuth2.

KEY CHANGE:
OAuth2 and mTLS now use different base URLs automatically based on auth method.

CONFIGURATION:
- OAuth2: https://ppr.dam.ferrero.com/otmmapi
- mTLS:   https://dev-auth.app-api.ferrero.com/00003/mm

URLs are automatically selected based on --auth-pfx flag:
- No flag:     Uses DAM_BASE_URL (OAuth2 endpoint)
- --auth-pfx:  Uses DAM_MTLS_BASE_URL (mTLS endpoint)

IMPLEMENTATION:
1. .env: Added DAM_MTLS_BASE_URL variable
2. config.yaml: Added mtls_base_url configuration
3. dam_client.py: Auto-selects base_url in __init__ based on use_mtls flag
4. All API calls automatically use correct endpoint

EXAMPLE ENDPOINT TRANSFORMATION:
OAuth2:  https://ppr.dam.ferrero.com/otmmapi/v6/search/text
mTLS:    https://dev-auth.app-api.ferrero.com/00003/mm/v6/search/text
         (Same path, different host/prefix)

TESTING STATUS:
✓ Certificate loads successfully
✓ Correct base URL selected based on mode
⚠️  HTTP 403 from current IP (likely IP whitelist)
✓ Ready to test from whitelisted IP location

ALL SCRIPTS UPDATED:
✓ a1_to_a2_download.py - Uses correct URL with --auth-pfx
✓ a5_to_a6_download.py - Uses correct URL with --auth-pfx
✓ b1_to_b2_download.py - Uses correct URL with --auth-pfx
✓ test_connection.py - Uses correct URL with --auth-pfx

NEW DEBUG SCRIPT:
- test_mtls_debug.py - Detailed request/response logging

BACKWARD COMPATIBILITY:
✓ OAuth2 completely unchanged (default)
✓ No impact on existing workflows
✓ Can test mTLS from whitelisted IP when ready

Next: Test from whitelisted IP location to verify mTLS works end-to-end.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-05 08:25:31 -05:00

53 lines
1.7 KiB
Bash
Raw Blame History

# Ferrero Automation Environment Variables
# Environment (staging or production)
ENV=staging
# DAM Credentials - OAuth2 (default authentication)
DAM_BASE_URL=https://ppr.dam.ferrero.com/otmmapi
DAM_AUTH_URL=https://ppr.dam.ferrero.com/otdsws/oauth2/token
DAM_CLIENT_ID=otds-OLV
DAM_CLIENT_SECRET=hs28LZ9ZzQ5I9rlW3P7Wwyw85oOatlC1
# DAM mTLS Certificate (optional - only used with --auth-pfx flag)
DAM_MTLS_BASE_URL=https://dev-auth.app-api.ferrero.com/00003/mm
DAM_MTLS_CERT_PATH=config/certificates/dam-mtls-dev.pfx
DAM_MTLS_CERT_PASSWORD=fnJ8xrnh!54NE&2HR62=2P3YEy+hy9RajZ7v5&=y
# Box Credentials
BOX_CLIENT_ID=l2atwxxq4xna7phcjr2uifm4mbah69qp
BOX_CLIENT_SECRET=6XcuCQ6akpk9daE0UHaGSv3mSxWaER4l
BOX_JWT_KEY_ID=n1izyn3l
BOX_PASSPHRASE=971585f5fd6171428c14a7c8899af5ab
BOX_ENTERPRISE_ID=43984435
# Box Folder Configuration
BOX_ROOT_FOLDER_A1_A2=348304357505
BOX_ROOT_FOLDER_A2_A3=348526703108
BOX_ROOT_FOLDER_B1_B2=349261192115
# Database
DB_HOST=localhost
DB_PORT=5433
DB_USER=ferrero_user
DB_PASSWORD=ferrero_pass_2025
# Mailgun / SMTP (for email notifications)
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
SMTP_USER=twist@mail.dev.oliver.solutions
SMTP_PASSWORD=102115e9f3b9d7332d0cd1d4329bc0d4-77751bfc-ca066b71
SENDER_EMAIL=TWIST-UK-SERVER@oliver.agency
ERROR_EMAIL=daveporter@oliver.agency
REPORT_EMAILS=daveporter@oliver.agency
# Mailgun API (alternative to SMTP)
MAILGUN_API_KEY=your_mailgun_api_key_here
MAILGUN_DOMAIN=mail.dev.oliver.solutions
# Webhook Configuration
CAMPAIGN_STATUS_WEBHOOK_URL=https://hook.us1.make.celonis.com/3f9ztwl8qnljufo0l65utfv5wvvnt9m5
WEBHOOK_AUTH_TOKEN=
WEBHOOK_RECEIVER_PORT=5555
BOX_WEBHOOK_PRIMARY_KEY=your_box_webhook_primary_key
BOX_WEBHOOK_SECONDARY_KEY=your_box_webhook_secondary_key
Reference in a new issue View git blame Copy permalink