Unifying variable naming convention

f7ee2f86 · Jaromír Hradil · 914ccba2 · f7ee2f86 · f7ee2f86 · f7ee2f86
Verified Commit f7ee2f86 authored 8 months ago by Jaromír Hradil
--- a/cesnet-central/deployments/fullhub.yaml
+++ b/cesnet-central/deployments/fullhub.yaml
@@ -192,15 +192,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/deployments/hub-production.yaml
+++ b/common/deployments/hub-production.yaml
@@ -173,15 +173,15 @@ hub:
        - urn:geant:open-science-cloud.ec.europa.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/deployments/hub-staging.yaml
+++ b/common/deployments/hub-staging.yaml
@@ -173,15 +173,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name][[name][[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name][[name][[name]['client_id'] }}"
+      client_secret: "{{ secrets[name][[name][[name]['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name][[name][[name]['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params:

--- a/common/playbooks/notebooks.yaml
+++ b/common/playbooks/notebooks.yaml
@@ -25,7 +25,6 @@
    - name: Copy config file to master
      vars:
        name: "{{ item | basename | splitext | first }}"
-        secret: "{{ secrets[name] }}"
      template:
        src: "{{ item }}"
        dest: "/tmp/{{ item | basename }}"

--- a/common/playbooks/security-assets.yaml
+++ b/common/playbooks/security-assets.yaml
@@ -18,11 +18,11 @@
  tasks:
    - name: Get Secrets From Vault
      set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', (vault_mount_point, 'site-' + site_name) | join('/'), token_validate=false) }}"
    - name: Debug Secrets
      debug:
        msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
    - name: Directory for for GLPI agent configuration
      file:
        path: /etc/glpi-agent/conf.d

--- a/common/playbooks/security-scanner.yaml
+++ b/common/playbooks/security-scanner.yaml
@@ -18,11 +18,11 @@
      when: "'deepfence' not in ansible_local.helm_repos | map(attribute='name') | list"
    - name: Get Secrets From Vault
      set_fact:
-        secret: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
+        secrets: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
    - name: Debug Secrets
      debug:
        msg: "{{ item.key }} = {{ item.value }}"
-      loop: "{{ secret | dict2items }}"
+      loop: "{{ secrets | dict2items }}"
    - name: Deepfence ThreadManager Agent Configuration
      template:
        src: templates/deepfence-agent.yaml.j2

--- a/common/playbooks/templates/deepfence-agent.yaml.j2
+++ b/common/playbooks/templates/deepfence-agent.yaml.j2
-managementConsoleUrl: "{{ secret['deepfence_host'] | default('') }}"
-deepfenceKey: "{{ secret['deepfence_key'] | default('') }}"
+managementConsoleUrl: "{{ secrets['deepfence_host'] | default('') }}"
+deepfenceKey: "{{ secrets['deepfence_key'] | default('') }}"
 clusterName: "jupyter-{{ site_name }}"
 mountContainerRuntimeSocket:
  containerSock: true

--- a/testing/deployments/hub.yaml
+++ b/testing/deployments/hub.yaml
@@ -174,15 +174,15 @@ hub:
        - urn:geant:eosc-federation.eu:group:asg:notebooks.open-science-cloud.ec.europa.eu:role=admin
      claim_groups_key: "entitlements"
    EGICheckinAuthenticator:
-      checkin_host: "{{ secret['checkin_host'] }}"
-      authorize_url: "https://{{ secret['checkin_host'] }}/OIDC/authorization"
-      token_url: "https://{{ secret['checkin_host'] }}/OIDC/token"
-      userdata_url: "https://{{ secret['checkin_host'] }}/OIDC/userinfo"
-      introspect_url: "https://{{ secret['checkin_host'] }}/OIDC/introspect"
-      client_id: "{{ secret['client_id'] }}"
-      client_secret: "{{ secret['client_secret'] }}"
+      checkin_host: "{{ secrets[name]['checkin_host'] }}"
+      authorize_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/authorization"
+      token_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/token"
+      userdata_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/userinfo"
+      introspect_url: "https://{{ secrets[name]['checkin_host'] }}/OIDC/introspect"
+      client_id: "{{ secrets[name]['client_id'] }}"
+      client_secret: "{{ secrets[name]['client_secret'] }}"
      oauth_callback_url: "https://{{ notebooks_hostname }}/hub/oauth_callback"
-      openid_configuration_url: "https://{{ secret['checkin_host'] }}/.well-known/openid-configuration"
+      openid_configuration_url: "https://{{ secrets[name]['checkin_host'] }}/.well-known/openid-configuration"
      scope: ["openid", "profile", "email", "offline_access", "entitlements"]
      username_claim: "sub"
      extra_authorize_params: