diff --git a/cesnet-central/playbooks/notebooks.yaml b/cesnet-central/playbooks/notebooks.yaml index cf255290d703802b3835a1ad0266e8132418796a..b69c4180a0477016f0becee8bff500ce887b6034 100644 --- a/cesnet-central/playbooks/notebooks.yaml +++ b/cesnet-central/playbooks/notebooks.yaml @@ -18,8 +18,10 @@ - "../deployments/*.yaml" - name: Get Secrets from Vault for gateway set_fact: - gateways_token: "{{ {'cesnet-mcc': lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway_authtoken:value', + gateways_token: "{{ {item: lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway-' + item + ':authtoken', token_validate=false)} }}" + loop: + - cesnet-mcc # - name: Debug Deployments Secrets # debug: # msg: "{{ item.key }} = {{ item.value }}" diff --git a/cesnet-mcc/playbooks/gateway.yaml b/cesnet-mcc/playbooks/gateway.yaml index fe6a2652ad40af7ee6895c7eb2ee7525968bf888..d32b84fc72c8a48004869215f90b0937119fab48 100644 --- a/cesnet-mcc/playbooks/gateway.yaml +++ b/cesnet-mcc/playbooks/gateway.yaml @@ -6,12 +6,17 @@ namespace: gateway version: 3.2.2 tasks: + - name: Get Secrets from Vault for gateway + vars: + name: cesnet-mcc + set_fact: + secrets: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway-' + name, token_validate=false) }}" - name: Enterprise Gateway Configuration copy: dest: /tmp/gateway.yaml mode: 0640 content: | - authToken: "{{ lookup('community.hashi_vault.hashi_vault', vault_mount_point + '/gateway_authtoken:value', token_validate=true) }}" + authToken: "{{ secrets['authtoken'] }}" global: rbac: true deployment: