From d23122bf18b2defaabd7fc156dc6effc311d240b Mon Sep 17 00:00:00 2001 From: Kevin Fenzi Date: Wed, 23 Aug 2017 21:22:20 +0000 Subject: [PATCH] try and clean up templates --- playbooks/openshift-apps/waiverdb.yml | 3 ++- .../waiverdb/files/deploymentconfig.yml | 10 +++++----- roles/openshift-apps/waiverdb/files/route.yml | 4 ++-- .../openshift-apps/waiverdb/files/service.yml | 2 +- .../waiverdb/templates/client_secrets.json | 13 ++++++++++++ .../waiverdb/templates/configmap.yml | 4 ++++ .../waiverdb/templates/secret.yml | 20 +++++++++++++++++++ 7 files changed, 47 insertions(+), 9 deletions(-) diff --git a/playbooks/openshift-apps/waiverdb.yml b/playbooks/openshift-apps/waiverdb.yml index 5a8177720c..0af9872bd3 100644 --- a/playbooks/openshift-apps/waiverdb.yml +++ b/playbooks/openshift-apps/waiverdb.yml @@ -22,4 +22,5 @@ - { role: openshift/object, app: waiverdb, file: service.yml } - { role: openshift/object, app: waiverdb, file: route.yml } - { role: openshift/object, app: waiverdb, file: deploymentconfig.yml } - - { role: openshift/rollout, app: waiverdb, name: waiverdb-stg-web } + - { role: openshift/rollout, app: waiverdb, name: waiverdb-stg-web, when: env == "staging" } + - { role: openshift/rollout, app: waiverdb, name: waiverdb-web, when: env != "staging" } diff --git a/roles/openshift-apps/waiverdb/files/deploymentconfig.yml b/roles/openshift-apps/waiverdb/files/deploymentconfig.yml index 61003293b8..d495589dff 100644 --- a/roles/openshift-apps/waiverdb/files/deploymentconfig.yml +++ b/roles/openshift-apps/waiverdb/files/deploymentconfig.yml @@ -2,7 +2,7 @@ apiVersion: v1 kind: DeploymentConfig metadata: - name: waiverdb-stg-web + name: waiverdb-web labels: app: waiverdb service: web @@ -33,12 +33,12 @@ spec: - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: waiverdb-stg-secret + name: waiverdb-secret key: database-password - name: SECRET_KEY valueFrom: secretKeyRef: - name: waiverdb-stg-secret + name: waiverdb-secret key: flask-secret-key readinessProbe: timeoutSeconds: 1 @@ -58,10 +58,10 @@ spec: volumes: - name: config-volume configMap: - name: waiverdb-stg-configmap + name: waiverdb-configmap - name: secret-volume secret: - secretName: waiverdb-stg-secret + secretName: waiverdb-secret triggers: - type: ImageChange imageChangeParams: diff --git a/roles/openshift-apps/waiverdb/files/route.yml b/roles/openshift-apps/waiverdb/files/route.yml index 47b0848c3f..4f77d8730a 100644 --- a/roles/openshift-apps/waiverdb/files/route.yml +++ b/roles/openshift-apps/waiverdb/files/route.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Route metadata: - name: waiverdb-stg-web + name: waiverdb-web labels: app: waiverdb spec: @@ -10,7 +10,7 @@ spec: targetPort: web to: kind: Service - name: waiverdb-stg-web + name: waiverdb-web tls: termination: edge insecureEdgeTerminationPolicy: Redirect diff --git a/roles/openshift-apps/waiverdb/files/service.yml b/roles/openshift-apps/waiverdb/files/service.yml index a0390f9810..aab5f637ab 100644 --- a/roles/openshift-apps/waiverdb/files/service.yml +++ b/roles/openshift-apps/waiverdb/files/service.yml @@ -1,7 +1,7 @@ apiVersion: v1 kind: Service metadata: - name: waiverdb-stg-web + name: waiverdb-web labels: app: waiverdb spec: diff --git a/roles/openshift-apps/waiverdb/templates/client_secrets.json b/roles/openshift-apps/waiverdb/templates/client_secrets.json index 24b9e9bfd9..f6c8ab4b22 100644 --- a/roles/openshift-apps/waiverdb/templates/client_secrets.json +++ b/roles/openshift-apps/waiverdb/templates/client_secrets.json @@ -1,3 +1,4 @@ +{% if env == 'staging' %} {"web": { "redirect_uris": ["https://waiverdb-waiverdb.app.os.stg.fedoraproject.org/"], "token_uri": "https://id.stg.fedoraproject.org/openidc/Token", @@ -8,3 +9,15 @@ "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo" } } +{% else %} +{"web": { + "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"], + "token_uri": "https://id.fedoraproject.org/openidc/Token", + "auth_uri": "https://id.fedoraproject.org/openidc/Authorization", + "client_id": "waiverdb", + "client_secret": "{{waiverdb_oidc_secret}}", + "userinfo_uri": "https://id.fedoraproject.org/openidc/UserInfo", + "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo" + } +} +{% endif %} diff --git a/roles/openshift-apps/waiverdb/templates/configmap.yml b/roles/openshift-apps/waiverdb/templates/configmap.yml index 7de26756d6..046a2c6ea2 100644 --- a/roles/openshift-apps/waiverdb/templates/configmap.yml +++ b/roles/openshift-apps/waiverdb/templates/configmap.yml @@ -1,7 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: +{% if env == 'staging' %} name: waiverdb-stg-configmap +{% else %} + name: waiverdb-configmap +{% endif %} labels: app: waiverdb data: diff --git a/roles/openshift-apps/waiverdb/templates/secret.yml b/roles/openshift-apps/waiverdb/templates/secret.yml index da46756538..2321dc01f9 100644 --- a/roles/openshift-apps/waiverdb/templates/secret.yml +++ b/roles/openshift-apps/waiverdb/templates/secret.yml @@ -1,10 +1,15 @@ apiVersion: v1 kind: Secret metadata: +{% if env == 'staging' %} name: "waiverdb-stg-secret" +{% else %} + name: "waiverdb-secret" +{% endif %} labels: app: "waiverdb" stringData: +{% if env == 'staging' %} flask-secret-key: "{{stg_waiverdb_secret_key}}" database-password: "{{stg_waiverdb_db_password}}" # This is the same non-secret config we have committed @@ -18,3 +23,18 @@ stringData: "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF", "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo", "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}} +{% else %} + flask-secret-key: "{{prod_waiverdb_secret_key}}" + database-password: "{{prod_waiverdb_db_password}}" + # This is the same non-secret config we have committed + # as conf/client_secrets.json for using in dev environments. + client_secrets.json: |- + {"web": { + "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"], + "token_uri": "https://iddev.fedorainfracloud.org/openidc/Token", + "auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization", + "client_id": "D-e69a1ac7-30fa-4d18-9001-7468c4f34c3c", + "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF", + "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo", + "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}} +{% endif %}