From f7ee2f86272c36c75de0131b8ff438bfd8f0f9da Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jarom=C3=ADr=20Hradil?= <jaromir.hradil@cesnet.cz>
Date: Wed, 23 Oct 2024 13:58:03 +0200
Subject: [PATCH] Unifying variable naming convention

---
 cesnet-central/deployments/fullhub.yaml          | 16 ++++++++--------
 common/deployments/hub-production.yaml           | 16 ++++++++--------
 common/deployments/hub-staging.yaml              | 16 ++++++++--------
 common/playbooks/notebooks.yaml                  |  1 -
 common/playbooks/security-assets.yaml            |  4 ++--
 common/playbooks/security-scanner.yaml           |  4 ++--
 .../playbooks/templates/deepfence-agent.yaml.j2  |  4 ++--
 testing/deployments/hub.yaml                     | 16 ++++++++--------
 8 files changed, 38 insertions(+), 39 deletions(-)

diff --git a/cesnet-central/deployments/fullhub.yaml b/cesnet-central/deployments/fullhub.yaml
index 6812913..465382f 100644
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -192,15 +192,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/deployments/hub-production.yaml b/common/deployments/hub-production.yaml
index 8a6c8e8..48e1928 100644
--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -173,15 +173,15 @@ hub:
         - urn:geant:open-science-cloud.ec.europa.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/deployments/hub-staging.yaml b/common/deployments/hub-staging.yaml
index e8ba7fb..dd9eedf 100644
--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -173,15 +173,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name][[name][[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name][[name][[name]['client_id'] }}"
+      client_secret: "{{ secrets[name][[name][[name]['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
diff --git a/common/playbooks/notebooks.yaml b/common/playbooks/notebooks.yaml
index 4e78571..9786e07 100644
--- a/common/playbooks/notebooks.yaml
+++ b/common/playbooks/notebooks.yaml
@@ -25,7 +25,6 @@
     - name: Copy config file to master
       vars:
         name: "{{ item | basename | splitext | first }}"
-        secret: "{{ secrets[name] }}"
       template:
         src: "{{ item }}"
         dest: "/tmp/{{ item | basename }}"
diff --git a/common/playbooks/security-assets.yaml b/common/playbooks/security-assets.yaml
index 8c90747..9c389d2 100644
--- a/common/playbooks/security-assets.yaml
+++ b/common/playbooks/security-assets.yaml
@@ -18,11 +18,11 @@
   tasks:
     - name: Get Secrets From Vault
       set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
     - name: Debug Secrets
       debug:
         msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
     - name: Directory for for GLPI agent configuration
       file:
         path: /etc/glpi-agent/conf.d
diff --git a/common/playbooks/security-scanner.yaml b/common/playbooks/security-scanner.yaml
index 623c9b8..05c59a9 100644
--- a/common/playbooks/security-scanner.yaml
+++ b/common/playbooks/security-scanner.yaml
@@ -18,11 +18,11 @@
       when: "'deepfence' not in ansible_local.helm_repos | map(attribute='name') | list"
     - name: Get Secrets From Vault
       set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
     - name: Debug Secrets
       debug:
         msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
     - name: Deepfence ThreadManager Agent Configuration
       template:
         src: templates/deepfence-agent.yaml.j2
diff --git a/common/playbooks/templates/deepfence-agent.yaml.j2 b/common/playbooks/templates/deepfence-agent.yaml.j2
index bf13c80..ed678a2 100644
--- a/common/playbooks/templates/deepfence-agent.yaml.j2
+++ b/common/playbooks/templates/deepfence-agent.yaml.j2
@@ -1,5 +1,5 @@
-managementConsoleUrl: "{{ secret['deepfence_host'] | default('') }}"
-deepfenceKey: "{{ secret['deepfence_key'] | default('') }}"
+managementConsoleUrl: "{{ secrets['deepfence_host'] | default('') }}"
+deepfenceKey: "{{ secrets['deepfence_key'] | default('') }}"
 clusterName: "jupyter-{{ site_name }}"
 mountContainerRuntimeSocket:
   containerSock: true
diff --git a/testing/deployments/hub.yaml b/testing/deployments/hub.yaml
index 467a234..acfce24 100644
--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -174,15 +174,15 @@ hub:
         - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
       claim_groups_key: "entitlements"
     EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
       oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
       scope: ["openid", "profile", "email", "offline_access", "entitlements"]
       username_claim: "sub"
       extra_authorize_params:
-- 
GitLab