From d99bf5143f3f11a99a7ac7eca46ec65eb084d278 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarom=C3=ADr=20Hradil?= <jaromir.hradil@cesnet.cz>
Date: Wed, 23 Oct 2024 13:58:03 +0200
Subject: [PATCH] Unifying variable naming convention

---
 cesnet-central/deployments/fullhub.yaml          | 16 ++++++++--------
 common/deployments/hub-production.yaml           | 16 ++++++++--------
 common/deployments/hub-staging.yaml              | 16 ++++++++--------
 common/playbooks/notebooks.yaml                  |  8 ++++----
 common/playbooks/security-assets.yaml            |  4 ++--
 common/playbooks/security-scanner.yaml           |  4 ++--
 .../playbooks/templates/deepfence-agent.yaml.j2  |  4 ++--
 testing/deployments/hub.yaml                     | 16 ++++++++--------
 8 files changed, 42 insertions(+), 42 deletions(-)

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index 6812913..1e1daba 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -192,15 +192,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml
index 8a6c8e8..e408369 100644
--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -173,15 +173,15 @@ hub:
         - urn:geant:open-science-cloud.ec.europa.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index e8ba7fb..27e9dc5 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -173,15 +173,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/playbooks/notebooks.yaml b/common/playbooks/notebooks.yaml
index 4e78571..893f911 100644
--- a/common/playbooks/notebooks.yaml
+++ b/common/playbooks/notebooks.yaml
@@ -14,18 +14,18 @@
       vars:
         name: "{{ item | basename | splitext | first }}"
       set_fact:
-        secrets: "{{ secrets|default({}) | combine({name: lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'deployment-' + name)  | join('/'),
-          token_validate=false)}) }}"
+        deployment_secrets: "{{ deployment_secrets|default({}) | combine({name: lookup('community.hashi_vault.hashi_vault',
+          (vault_mount_point, 'deployment-' + name)  | join('/'),  token_validate=false)}) }}"
       with_fileglob:
         - "../deployments/*.yaml"
     - name: Debug Deployments Secrets
       debug:
         msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secrets | dict2items }}"
+      loop: "{{ deployment_secrets | dict2items }}"
     - name: Copy config file to master
       vars:
         name: "{{ item | basename | splitext | first }}"
-        secret: "{{ secrets[name] }}"
+        secrets: "{{ deployment_secrets[name] }}"
       template:
         src: "{{ item }}"
         dest: "/tmp/{{ item | basename }}"
diff --git a/common/playbooks/security-assets.yaml b/common/playbooks/security-assets.yaml
index 8c90747..9c389d2 100644
--- a/common/playbooks/security-assets.yaml
+++ b/common/playbooks/security-assets.yaml
@@ -18,11 +18,11 @@
   tasks:
     - name: Get Secrets From Vault
       set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
     - name: Debug Secrets
       debug:
         msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
     - name: Directory for for GLPI agent configuration
       file:
         path: /etc/glpi-agent/conf.d
diff --git a/common/playbooks/security-scanner.yaml b/common/playbooks/security-scanner.yaml
index 623c9b8..05c59a9 100644
--- a/common/playbooks/security-scanner.yaml
+++ b/common/playbooks/security-scanner.yaml
@@ -18,11 +18,11 @@
       when: "'deepfence' not in ansible_local.helm_repos | map(attribute='name') | list"
     - name: Get Secrets From Vault
       set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
     - name: Debug Secrets
       debug:
         msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
     - name: Deepfence ThreadManager Agent Configuration
       template:
         src: templates/deepfence-agent.yaml.j2
diff --git a/common/playbooks/templates/deepfence-agent.yaml.j2 b/common/playbooks/templates/deepfence-agent.yaml.j2
index bf13c80..ed678a2 100644
--- a/common/playbooks/templates/deepfence-agent.yaml.j2
+++ b/common/playbooks/templates/deepfence-agent.yaml.j2
@@ -1,5 +1,5 @@
-managementConsoleUrl: "{{ secret['deepfence_host'] | default('') }}"
-deepfenceKey: "{{ secret['deepfence_key'] | default('') }}"
+managementConsoleUrl: "{{ secrets['deepfence_host'] | default('') }}"
+deepfenceKey: "{{ secrets['deepfence_key'] | default('') }}"
 clusterName: "jupyter-{{ site_name }}"
 mountContainerRuntimeSocket:
   containerSock: true
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index 467a234..17ce566 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -174,15 +174,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets['checkin_host'] }}"
+      authorize_url: "https://{{ secrets['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets['client_id'] }}"
+      client_secret: "{{ secrets['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
-- 
GitLab