diff --git a/roles/openshift-apps/accountsystem/files/deploymentconfig_caiapi.yml b/roles/openshift-apps/accountsystem/files/deploymentconfig_caiapi.yml deleted file mode 100644 index d5cb679a57..0000000000 --- a/roles/openshift-apps/accountsystem/files/deploymentconfig_caiapi.yml +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: v1 -kind: DeploymentConfig -metadata: - labels: - app: accountsystem - service: caiapi - name: caiapi -spec: - replicas: 1 - selector: - deploymentconfig: caiapi - strategy: - activeDeadlineSeconds: 21600 - recreateParams: - timeoutSeconds: 600 - template: - metadata: - labels: - app: accountsystem - deploymentconfig: caiapi - spec: - containers: - - name: caiapi - image: docker-registry.default.svc:5000/accountsystem/caiapi:latest - env: - - name: CAIAPI_SETTINGS - value: /etc/caiapi/caiapi.cfg - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/caiapi - readOnly: true - - name: oidc - mountPath: /etc/caiapi_oidc.json" - readyOnly: true - readinessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 5 - httpGet: - path: / - port: 8080 - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 30 - httpGet: - path: / - port: 8080 - volumes: - - name: config-volume - configMap: - name: caiapi-configmap - - name: oidc - secret: - secretName: oidc - triggers: - - type: ConfigChange diff --git a/roles/openshift-apps/accountsystem/files/service_caiapi.yml b/roles/openshift-apps/accountsystem/files/service_caiapi.yml deleted file mode 100644 index 2bc52e1e95..0000000000 --- a/roles/openshift-apps/accountsystem/files/service_caiapi.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: caiapi - labels: - app: accountsystem - service: caiapi - namespace: accountsystem -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - deploymentconfig: caiapi diff --git a/roles/openshift-apps/accountsystem/templates/buildconfig_caiapi.yml b/roles/openshift-apps/accountsystem/templates/buildconfig_caiapi.yml deleted file mode 100644 index 71be59ec3d..0000000000 --- a/roles/openshift-apps/accountsystem/templates/buildconfig_caiapi.yml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: BuildConfig -metadata: - labels: - build: caiapi-build - name: caiapi-build -spec: - runPolicy: Serial - source: - git: - uri: https://github.com/fedora-infra/noggin.git - ref: {{ env }} - contextDir: CAIAPI - strategy: - sourceStrategy: - from: - kind: DockerImage - name: registry.access.redhat.com/rhscl/python-36-rhel7:latest - output: - to: - kind: ImageStreamTag - name: caiapi:latest diff --git a/roles/openshift-apps/accountsystem/templates/caiapi.cfg b/roles/openshift-apps/accountsystem/templates/caiapi.cfg deleted file mode 100644 index 94384bef17..0000000000 --- a/roles/openshift-apps/accountsystem/templates/caiapi.cfg +++ /dev/null @@ -1,12 +0,0 @@ -OIDC_CLIENT_SECRETS = '/etc/caiapi_oidc.json' -KRB5_REALM = '{{ ipa_realm }}' -KRB5_PRINCIPAL = 'CAIAPI/caiapi{{ env_suffix }}.fedoraproject.org' -KRB5_KEYTAB = '/etc' -LDAP_SERVER = 'ldaps://ipa01{{ env_suffix }}.fedoraproject.org' -LDAP_CACERT = '/etc' -{% if env == "staging" %} -LDAP_BASE = 'dc=stg,dc=fedoraproject,dc=org' -{% else %} -LDAP_BASE = 'dc=fedoraproject,dc=org' -{% endif %} -# TODO: Include file for CLIENTS diff --git a/roles/openshift-apps/accountsystem/templates/configmap_caiapi.yml b/roles/openshift-apps/accountsystem/templates/configmap_caiapi.yml deleted file mode 100644 index 5d2d949ead..0000000000 --- a/roles/openshift-apps/accountsystem/templates/configmap_caiapi.yml +++ /dev/null @@ -1,11 +0,0 @@ -{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: caiapi-configmap - labels: - app: accountsystem -data: - caiapi.cfg: |- - {{ load_file('caiapi.cfg') | indent(6) }} diff --git a/roles/openshift-apps/fas-changes/files/service.yml b/roles/openshift-apps/fas-changes/files/service.yml deleted file mode 100644 index 7c9dfd1c83..0000000000 --- a/roles/openshift-apps/fas-changes/files/service.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: fas-changes - labels: - app: fas-changes -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - app: fas-changes - deploymentconfig: fas-changes diff --git a/roles/openshift-apps/fas-changes/templates/buildconfig.yml b/roles/openshift-apps/fas-changes/templates/buildconfig.yml deleted file mode 100644 index c5d5843edb..0000000000 --- a/roles/openshift-apps/fas-changes/templates/buildconfig.yml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - name: fas-changes - labels: - app: fas-changes - build: fas-changes -spec: - runPolicy: Serial - source: - type: Git - git: - uri: https://github.com/abompard/fas-changes.git - ref: main - contextDir: / - strategy: - type: Source - sourceStrategy: - from: - kind: ImageStreamTag - name: python:3.6 - namespace: openshift - output: - to: - kind: ImageStreamTag - name: fas-changes:latest - triggers: - - type: ConfigChange - - type: ImageChange diff --git a/roles/openshift-apps/fas-changes/templates/config.py b/roles/openshift-apps/fas-changes/templates/config.py deleted file mode 100644 index 68b350970a..0000000000 --- a/roles/openshift-apps/fas-changes/templates/config.py +++ /dev/null @@ -1,10 +0,0 @@ -# -# This is the config file for FAS Changes as intended to be used in OpenShift -# - -ACCESS_KEY = "only-for-fas2ipa" - -DB_NAME = "fas2" -DB_HOST = "db-fas{{ env_suffix }}" -DB_USER = "fasreadonly" -DB_PASSWORD = "{{ fas_db_readonly_password }}" diff --git a/roles/openshift-apps/fas-changes/templates/configmap.yml b/roles/openshift-apps/fas-changes/templates/configmap.yml deleted file mode 100644 index 08702af3f9..0000000000 --- a/roles/openshift-apps/fas-changes/templates/configmap.yml +++ /dev/null @@ -1,15 +0,0 @@ -{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} ---- -apiVersion: v1 -kind: List -metadata: {} -items: -- apiVersion: v1 - kind: ConfigMap - metadata: - name: fas-changes-config - labels: - app: fas-changes - data: - fas-changes.cfg: |- - {{ load_file('config.py') | indent(6) }} diff --git a/roles/openshift-apps/fas-changes/templates/deploymentconfig.yml b/roles/openshift-apps/fas-changes/templates/deploymentconfig.yml deleted file mode 100644 index be4030d4ce..0000000000 --- a/roles/openshift-apps/fas-changes/templates/deploymentconfig.yml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - name: fas-changes - labels: - app: fas-changes -spec: - replicas: 1 - selector: - app: fas-changes - deploymentconfig: fas-changes - strategy: - type: Rolling - activeDeadlineSeconds: 21600 - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - template: - metadata: - creationTimestamp: null - labels: - app: fas-changes - deploymentconfig: fas-changes - spec: - containers: - - name: fas-changes - imagePullPolicy: Always - ports: - - containerPort: 8080 - #protocol: TCP - #resources: {} - #terminationMessagePath: /dev/termination-log - #terminationMessagePolicy: File - volumeMounts: - - name: fas-changes-config-volume - mountPath: "/etc/fas-changes" - readOnly: true - env: - - name: FLASK_SETTINGS - value: "/etc/fas-changes/fas-changes.cfg" - # - name: SCRIPT_NAME - # value: "/fas-changes" - volumes: - - name: fas-changes-config-volume - configMap: - name: fas-changes-config - triggers: - - imageChangeParams: - automatic: true - containerNames: - - fas-changes - from: - kind: ImageStreamTag - name: fas-changes:latest - type: ImageChange - - type: ConfigChange diff --git a/roles/openshift-apps/ipsilon/files/imagestream.yml b/roles/openshift-apps/ipsilon/files/imagestream.yml deleted file mode 100644 index aa4c30237b..0000000000 --- a/roles/openshift-apps/ipsilon/files/imagestream.yml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: v1 -kind: ImageStream -metadata: - name: ipsilon - labels: - build: ipsilon diff --git a/roles/openshift-apps/ipsilon/files/service.yml b/roles/openshift-apps/ipsilon/files/service.yml deleted file mode 100644 index fda4259b36..0000000000 --- a/roles/openshift-apps/ipsilon/files/service.yml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: ipsilon - labels: - app: ipsilon - service: ipsilon - namespace: ipsilon -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - deploymentconfig: ipsilon diff --git a/roles/openshift-apps/ipsilon/templates/Dockerfile b/roles/openshift-apps/ipsilon/templates/Dockerfile deleted file mode 100644 index 2d88c11ab5..0000000000 --- a/roles/openshift-apps/ipsilon/templates/Dockerfile +++ /dev/null @@ -1,51 +0,0 @@ -FROM fedora:32 -RUN curl -o /etc/yum.repos.d/infra-tags.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags.repo -{% if env == "staging" %} -RUN curl -o /etc/yum.repos.d/infra-tags-stg.repo https://infrastructure.fedoraproject.org/infra/ansible/files/common/fedora-infra-tags-stg.repo -RUN curl -o /etc/yum.repos.d/fedora-updates-testing.repo https://src.fedoraproject.org/rpms/fedora-repos/raw/main/f/fedora-updates-testing.repo -{% endif %} -RUN dnf install -y \ -{% if env == "staging" %} - --enablerepo=updates-testing \ -{% endif %} - ipsilon \ - ipsilon-openid \ - ipsilon-saml2 \ - ipsilon-authgssapi \ - ipsilon-authldap \ - ipsilon-openidc \ - ipsilon-theme-Fedora \ - mod_auth_openidc \ - python-psycopg2 \ - python-setuptools \ - python-jinja2 \ - httpd \ - python3-mod_wsgi \ - #python3-fasjson-client \ - git - -# Fedora specific stuff -RUN cd /tmp && \ - git clone --branch {{ env }} https://pagure.io/fedora-infra/ipsilon-fedora.git && \ - cd ipsilon-fedora && \ - ./install.sh - -# Cleanup -RUN dnf remove -y git && rm -rf /tmp/ipsilon-fedora - -# Set up krb5 -RUN rm -f /etc/krb5.conf && ln -sf /etc/ipsilon/krb5.conf /etc/krb5.conf -# Set up LDAP -RUN rm -f /etc/openldap/ldap.conf && ln -sf /etc/ipa/ldap.conf /etc/openldap/ldap.conf - -RUN ln -s /etc/ipsilon/ipsilon.conf /var/lib/ipsilon/ipsilon.conf - -# Install some more deps that are not yet in Fedora nor in the infra repo. This is very temporary. (added in 2020) -RUN dnf install -y \ - https://abompard.fedorapeople.org/aaa/python3-jsonref-0.2-1.fc32.noarch.rpm \ - https://abompard.fedorapeople.org/aaa/python3-bravado-core-5.17.0-1.fc32.noarch.rpm \ - https://abompard.fedorapeople.org/aaa/python3-bravado-10.6.2-1.fc32.noarch.rpm \ - https://abompard.fedorapeople.org/aaa/python3-fasjson-client-0.0.3-1.fc32.noarch.rpm - -EXPOSE 8080 -ENTRYPOINT bash /etc/ipsilon/start.sh diff --git a/roles/openshift-apps/ipsilon/templates/buildconfig.yml b/roles/openshift-apps/ipsilon/templates/buildconfig.yml deleted file mode 100644 index 063fa2a844..0000000000 --- a/roles/openshift-apps/ipsilon/templates/buildconfig.yml +++ /dev/null @@ -1,22 +0,0 @@ -{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} -apiVersion: v1 -kind: BuildConfig -metadata: - labels: - build: ipsilon - name: ipsilon -spec: - runPolicy: Serial - source: - type: Dockerfile - dockerfile: |- - {{ load_file('Dockerfile') | indent(6) }} - strategy: - type: Docker - dockerStrategy: - # Prevent Docker from caching the git clone step in the Dockerfile - noCache: true - output: - to: - kind: ImageStreamTag - name: ipsilon:latest diff --git a/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml b/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml deleted file mode 100644 index aab40767ca..0000000000 --- a/roles/openshift-apps/ipsilon/templates/deploymentconfig.yml +++ /dev/null @@ -1,82 +0,0 @@ -apiVersion: v1 -kind: DeploymentConfig -metadata: - labels: - app: ipsilon - service: ipsilon - name: ipsilon -spec: - replicas: 0 - selector: - deploymentconfig: ipsilon - strategy: - activeDeadlineSeconds: 21600 - recreateParams: - timeoutSeconds: 600 - resources: {} - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - type: Rolling - template: - metadata: - creationTimestamp: null - labels: - app: ipsilon - deploymentconfig: ipsilon - spec: - containers: - - name: ipsilon - image: ipsilon:latest - ports: - - containerPort: 8080 - volumeMounts: - - name: config-volume - mountPath: /etc/ipsilon - readOnly: true - - name: ipa-config-volume - mountPath: /etc/ipa - readOnly: true - - name: keytab-volume - mountPath: /etc/keytabs - readOnly: true - - name: httpdir-volume - mountPath: /httpdir - readinessProbe: - timeoutSeconds: 5 - initialDelaySeconds: 1 - httpGet: - path: / - port: 8080 - livenessProbe: - timeoutSeconds: 5 - initialDelaySeconds: 1 - httpGet: - path: / - port: 8080 - volumes: - - name: config-volume - configMap: - name: ipsilon-configmap - - name: keytab-volume - secret: - secretName: ipsilon-keytab - - name: ipa-config-volume - configMap: - name: ipa-client-config - - name: httpdir-volume - emptyDir: {} - triggers: - - imageChangeParams: - automatic: true - containerNames: - - ipsilon - from: - kind: ImageStreamTag - name: ipsilon:latest - namespace: ipsilon - type: ImageChange - - type: ConfigChange diff --git a/roles/openshift-apps/ipsilon/vars/build.yml b/roles/openshift-apps/ipsilon/vars/build.yml deleted file mode 100644 index 29854e91f1..0000000000 --- a/roles/openshift-apps/ipsilon/vars/build.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -oidc_scope_filenames: -- account-scopes -- mbs -- beaker -- waiverdb -- odcs -- wiki -- src -- kerneltest diff --git a/roles/openshift-apps/sanitarium/files/buildconfig.yml b/roles/openshift-apps/sanitarium/files/buildconfig.yml deleted file mode 100644 index 4f5ce1a362..0000000000 --- a/roles/openshift-apps/sanitarium/files/buildconfig.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -apiVersion: v1 -kind: BuildConfig -metadata: - name: sanitarium - labels: - app: sanitarium -spec: - completionDeadlineSeconds: 1800 - runPolicy: Serial - strategy: - dockerStrategy: - dockerfilePath: Dockerfile.server - source: - type: Git - git: - uri: https://github.com/puiterwijk/Sanitarium.git - triggers: - - type: ConfigChange - output: - to: - kind: ImageStreamTag - name: sanitarium:latest diff --git a/roles/openshift-apps/sanitarium/files/service.yml b/roles/openshift-apps/sanitarium/files/service.yml deleted file mode 100644 index c1307e3ca3..0000000000 --- a/roles/openshift-apps/sanitarium/files/service.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: sanitarium - labels: - app: sanitarium -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - deploymentconfig: sanitarium diff --git a/roles/openshift-apps/sanitarium/templates/deploymentconfig.yml b/roles/openshift-apps/sanitarium/templates/deploymentconfig.yml deleted file mode 100644 index 82fdd068c9..0000000000 --- a/roles/openshift-apps/sanitarium/templates/deploymentconfig.yml +++ /dev/null @@ -1,106 +0,0 @@ -apiVersion: v1 -kind: DeploymentConfig -metadata: - name: sanitarium - labels: - app: sanitarium -spec: - replicas: 1 - selector: - app: sanitarium - strategy: - activeDeadlineSeconds: 21600 - recreateParams: - timeoutSeconds: 600 - template: - metadata: - name: sanitarium - labels: - app: sanitarium - spec: - containers: - - env: - - name: SERVICE_ROOT - value: 'https://sanitarium-sanitarium.app.os{{env_suffix}}.fedoraproject.org' - - name: OIDC_PROVIDER_ROOT - value: "https://id{{env_suffix}}.fedoraproject.org/openidc/" - - name: OIDC_CLIENT_ID - value: sanitarium - - name: OIDC_CLIENT_SECRET - valueFrom: - secretKeyRef: - name: sanitarium - key: oidc-client-secret - - name: OIDC_SUPPORTS_OOB - value: 'no' - - name: OIDC_REQUIRED_SCOPES - value: 'openid,profile' - - name: REQUIRE_TPM - value: 'no' - - name: REQUIRE_MEASUREMENT - value: 'no' - - name: OIDC_TOKEN_INFO_URL - value: 'https://id{{env_suffix}}.fedoraproject.org/openidc/TokenInfo' - - name: OIDC_USERNAME_CLAIM - value: sub - - name: INTERMEDIATE_CERT_VALIDITY - value: 8h - - name: SSH_CERT_VALIDITY - value: 5m - - name: SSH_CERT_SIGNING_KEY_PATH - value: /sshkey/signer.key/signer - - name: SSH_CERT_ADD_GITHUB - value: 'yes' - - name: INTERMEDIATE_SIGNING_KEY_PATH - value: /sshkey/intermediate.key/intermediate - image: >- - docker-registry.default.svc:5000/sanitarium/sanitarium:latest - imagePullPolicy: IfNotPresent - livenessProbe: - failureThreshold: 3 - httpGet: - path: /info - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: sanitarium - ports: - - containerPort: 8080 - protocol: TCP - readinessProbe: - failureThreshold: 3 - httpGet: - path: /info - port: 8080 - scheme: HTTP - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - memory: 80Mi - terminationMessagePath: /dev/termination-log - terminationMessagePolicy: File - volumeMounts: - - name: signer - mountPath: /sshkey/signer.key - readyOnly: true - - name: intermediate - mountPath: /sshkey/intermediate.key - readyOnly: true - dnsPolicy: ClusterFirst - restartPolicy: Always - schedulerName: default-scheduler - securityContext: {} - terminationGracePeriodSeconds: 30 - volumes: - - name: signer - secret: - secretName: signer - - name: intermediate - secret: - secretName: intermediate - triggers: - - type: ConfigChange diff --git a/roles/openshift-apps/sanitarium/templates/secret.yml b/roles/openshift-apps/sanitarium/templates/secret.yml deleted file mode 100644 index 902cc92f2e..0000000000 --- a/roles/openshift-apps/sanitarium/templates/secret.yml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: sanitarium - labels: - app: sanitarium -stringData: -{% if env == 'staging' %} - oidc-client-secret: "{{sanitarium_stg_oidc_secret}}" -{% endif %} -{% if env == 'production' %} - oidc-client-secret: "{{sanitarium_prod_oidc_secret}}" -{% endif %} diff --git a/roles/openshift-apps/test-auth/files/service.yml b/roles/openshift-apps/test-auth/files/service.yml deleted file mode 100644 index 9efef1c095..0000000000 --- a/roles/openshift-apps/test-auth/files/service.yml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: test-auth - labels: - app: test-auth -spec: - ports: - - name: web - port: 8080 - targetPort: 8080 - selector: - app: test-auth - deploymentconfig: test-auth diff --git a/roles/openshift-apps/test-auth/templates/buildconfig.yml b/roles/openshift-apps/test-auth/templates/buildconfig.yml deleted file mode 100644 index 39333efa9f..0000000000 --- a/roles/openshift-apps/test-auth/templates/buildconfig.yml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: build.openshift.io/v1 -kind: BuildConfig -metadata: - name: test-auth - labels: - app: test-auth - build: test-auth -spec: - runPolicy: Serial - source: - type: Git - git: - uri: https://github.com/abompard/test-auth.git -{% if env == "staging" %} - ref: main -{% else %} - ref: stable -{% endif %} - contextDir: / - strategy: - type: Source - sourceStrategy: - from: - kind: ImageStreamTag - name: python:3.6 - namespace: openshift - output: - to: - kind: ImageStreamTag - name: test-auth:latest - triggers: - - type: ConfigChange - - type: ImageChange - - type: GitHub -{% if test_auth_stg_github_secret is defined and env == 'staging' %} - github: - secret: "{{ test_auth_stg_github_secret }}" -{% elif test_auth_github_secret is defined and env == 'production' %} - github: - secret: "{{ test_auth_github_secret }}" -{% endif %} diff --git a/roles/openshift-apps/test-auth/templates/client_secrets.json b/roles/openshift-apps/test-auth/templates/client_secrets.json deleted file mode 100644 index 1767506128..0000000000 --- a/roles/openshift-apps/test-auth/templates/client_secrets.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "web": { - "auth_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Authorization", - "client_id": "test-auth", -{% if env == 'staging' %} - "client_secret": "{{ test_auth_stg_oidc_client_secret }}", -{% else %} - "client_secret": "{{ test_auth_oidc_client_secret }}", -{% endif %} - "issuer": "https://id{{env_suffix}}.fedoraproject.org/openidc/", - "redirect_uris": [ - "https://test-auth.app.os{{env_suffix}}.fedoraproject.org/oidc/oidc_callback" - ], - "token_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/Token", - "userinfo_uri": "https://id{{env_suffix}}.fedoraproject.org/openidc/UserInfo" - } -} diff --git a/roles/openshift-apps/test-auth/templates/config.py b/roles/openshift-apps/test-auth/templates/config.py deleted file mode 100644 index 4e9c9f8e84..0000000000 --- a/roles/openshift-apps/test-auth/templates/config.py +++ /dev/null @@ -1,18 +0,0 @@ -# -# This is the config file for Test Auth as intended to be used in OpenShift -# - - -# Deployed to a subpath -# APPLICATION_ROOT = '/test-auth/' - -# Cookies -SECRET_KEY = "{{ test_auth_session_secret }}" -SESSION_COOKIE_NAME = 'test-auth' -SESSION_COOKIE_HTTPONLY = True -SESSION_COOKIE_SECURE = True - -# Auth -OIDC_CLIENT_SECRETS = "/etc/test-auth/oidc.json" -OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/" -FAS_OPENID_ENDPOINT = "https://id{{ env_suffix }}.fedoraproject.org/openid/" diff --git a/roles/openshift-apps/test-auth/templates/configmap.yml b/roles/openshift-apps/test-auth/templates/configmap.yml deleted file mode 100644 index 66bf47ec62..0000000000 --- a/roles/openshift-apps/test-auth/templates/configmap.yml +++ /dev/null @@ -1,17 +0,0 @@ -{% macro load_file(filename) %}{% include filename %}{%- endmacro -%} ---- -apiVersion: v1 -kind: List -metadata: {} -items: -- apiVersion: v1 - kind: ConfigMap - metadata: - name: test-auth-config - labels: - app: test-auth - data: - test-auth.cfg: |- - {{ load_file('config.py') | indent(6) }} - oidc.json: |- - {{ load_file('client_secrets.json') | indent(6) }} diff --git a/roles/openshift-apps/test-auth/templates/deploymentconfig.yml b/roles/openshift-apps/test-auth/templates/deploymentconfig.yml deleted file mode 100644 index f0ed2b4851..0000000000 --- a/roles/openshift-apps/test-auth/templates/deploymentconfig.yml +++ /dev/null @@ -1,59 +0,0 @@ -apiVersion: apps.openshift.io/v1 -kind: DeploymentConfig -metadata: - name: test-auth - labels: - app: test-auth -spec: - replicas: 1 - selector: - app: test-auth - deploymentconfig: test-auth - strategy: - type: Rolling - activeDeadlineSeconds: 21600 - rollingParams: - intervalSeconds: 1 - maxSurge: 25% - maxUnavailable: 25% - timeoutSeconds: 600 - updatePeriodSeconds: 1 - template: - metadata: - creationTimestamp: null - labels: - app: test-auth - deploymentconfig: test-auth - spec: - containers: - - name: test-auth - imagePullPolicy: Always - ports: - - containerPort: 8080 - #protocol: TCP - #resources: {} - #terminationMessagePath: /dev/termination-log - #terminationMessagePolicy: File - volumeMounts: - - name: test-auth-config-volume - mountPath: "/etc/test-auth" - readOnly: true - env: - - name: TESTAUTH_SETTINGS - value: "/etc/test-auth/test-auth.cfg" - # - name: SCRIPT_NAME - # value: "/test-auth" - volumes: - - name: test-auth-config-volume - configMap: - name: test-auth-config - triggers: - - imageChangeParams: - automatic: true - containerNames: - - test-auth - from: - kind: ImageStreamTag - name: test-auth:latest - type: ImageChange - - type: ConfigChange diff --git a/roles/openshift-apps/test-auth/templates/secret-webhook.yml b/roles/openshift-apps/test-auth/templates/secret-webhook.yml deleted file mode 100644 index e8662f8cfc..0000000000 --- a/roles/openshift-apps/test-auth/templates/secret-webhook.yml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: test-auth-github-webhook-secret -data: - WebHookSecretKey: "{{ (env == 'production')|ternary(test_auth_github_secret, test_auth_stg_github_secret) }}" -type: Opaque