Merge branch 'unify_naming' into 'master'

Unifying variable naming convention See merge request !22

Merge branch 'unify_naming' into 'master'
13454031 · František Dvořák · 914ccba2 · d99bf514 · 13454031 · 13454031
Commit 13454031 authored 7 months ago by František Dvořák
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -192,15 +192,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -173,15 +173,15 @@ hub:
        - urn:geant:open-science-cloud.ec.europa.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -173,15 +173,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/playbooks/notebooks.yaml
+++ b/common/playbooks/notebooks.yaml
@@ -14,18 +14,18 @@
      vars:
        name: "{{ item | basename | splitext | first }}"
      set_fact:
-        secrets: "{{ secrets|default({}) | combine({name: lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'deployment-' + name)  | join('/'),
-          token_validate=false)}) }}"
+        deployment_secrets: "{{ deployment_secrets|default({}) | combine({name: lookup('community.hashi_vault.hashi_vault',
+          (vault_mount_point, 'deployment-' + name)  | join('/'),  token_validate=false)}) }}"
      with_fileglob:
        - "../deployments/*.yaml"
    - name: Debug Deployments Secrets
      debug:
        msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secrets | dict2items }}"
+      loop: "{{ deployment_secrets | dict2items }}"
    - name: Copy config file to master
      vars:
        name: "{{ item | basename | splitext | first }}"
-        secret: "{{ secrets[name] }}"
+        secrets: "{{ deployment_secrets[name] }}"
      template:
        src: "{{ item }}"
        dest: "/tmp/{{ item | basename }}"

--- a/common/playbooks/security-assets.yaml
+++ b/common/playbooks/security-assets.yaml
@@ -18,11 +18,11 @@
  tasks:
    - name: Get Secrets From Vault
      set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
    - name: Debug Secrets
      debug:
        msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
    - name: Directory for for GLPI agent configuration
      file:
        path: /etc/glpi-agent/conf.d

--- a/common/playbooks/security-scanner.yaml
+++ b/common/playbooks/security-scanner.yaml
@@ -18,11 +18,11 @@
      when: "'deepfence' not in ansible_local.helm_repos | map(attribute='name') | list"
    - name: Get Secrets From Vault
      set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
    - name: Debug Secrets
      debug:
        msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
    - name: Deepfence ThreadManager Agent Configuration
      template:
        src: templates/deepfence-agent.yaml.j2

--- a/common/playbooks/templates/deepfence-agent.yaml.j2
+++ b/common/playbooks/templates/deepfence-agent.yaml.j2
-managementConsoleUrl: "{{ secret['deepfence_host'] | default('') }}"
-deepfenceKey: "{{ secret['deepfence_key'] | default('') }}"
+managementConsoleUrl: "{{ secrets['deepfence_host'] | default('') }}"
+deepfenceKey: "{{ secrets['deepfence_key'] | default('') }}"
 clusterName: "jupyter-{{ site_name }}"
 mountContainerRuntimeSocket:
  containerSock: true

--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -174,15 +174,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params: