try and clean up templates

2017-08-23 21:22:20 +00:00 · 2017-08-23 21:22:20 +00:00 · d23122bf18
commit d23122bf18
parent 31e8e22821
7 changed files with 47 additions and 9 deletions
--- a/playbooks/openshift-apps/waiverdb.yml
+++ b/playbooks/openshift-apps/waiverdb.yml
@ -22,4 +22,5 @@
  - { role: openshift/object, app: waiverdb, file: service.yml }
  - { role: openshift/object, app: waiverdb, file: route.yml }
  - { role: openshift/object, app: waiverdb, file: deploymentconfig.yml }
-  - { role: openshift/rollout, app: waiverdb, name: waiverdb-stg-web }
+  - { role: openshift/rollout, app: waiverdb, name: waiverdb-stg-web, when: env == "staging" }
+  - { role: openshift/rollout, app: waiverdb, name: waiverdb-web, when: env != "staging" }
--- a/roles/openshift-apps/waiverdb/files/deploymentconfig.yml
+++ b/roles/openshift-apps/waiverdb/files/deploymentconfig.yml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: DeploymentConfig
 metadata:
-  name: waiverdb-stg-web
+  name: waiverdb-web
  labels:
    app: waiverdb
    service: web
@ -33,12 +33,12 @@ spec:
        - name: DATABASE_PASSWORD
          valueFrom:
            secretKeyRef:
-              name: waiverdb-stg-secret
+              name: waiverdb-secret
              key: database-password
        - name: SECRET_KEY
          valueFrom:
            secretKeyRef:
-              name: waiverdb-stg-secret
+              name: waiverdb-secret
              key: flask-secret-key
        readinessProbe:
          timeoutSeconds: 1
@ -58,10 +58,10 @@ spec:
      volumes:
      - name: config-volume
        configMap:
-          name: waiverdb-stg-configmap
+          name: waiverdb-configmap
      - name: secret-volume
        secret:
-          secretName: waiverdb-stg-secret
+          secretName: waiverdb-secret
  triggers:
  - type: ImageChange
    imageChangeParams:
--- a/roles/openshift-apps/waiverdb/files/route.yml
+++ b/roles/openshift-apps/waiverdb/files/route.yml
@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Route
 metadata:
-  name: waiverdb-stg-web
+  name: waiverdb-web
  labels:
    app: waiverdb
 spec:
@ -10,7 +10,7 @@ spec:
    targetPort: web
  to:
    kind: Service
-    name: waiverdb-stg-web
+    name: waiverdb-web
  tls:
    termination: edge
    insecureEdgeTerminationPolicy: Redirect
--- a/roles/openshift-apps/waiverdb/files/service.yml
+++ b/roles/openshift-apps/waiverdb/files/service.yml
@ -1,7 +1,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: waiverdb-stg-web
+  name: waiverdb-web
  labels:
    app: waiverdb
 spec:
--- a/roles/openshift-apps/waiverdb/templates/client_secrets.json
+++ b/roles/openshift-apps/waiverdb/templates/client_secrets.json
@ -1,3 +1,4 @@
+{% if env == 'staging' %}
 {"web": {
  "redirect_uris": ["https://waiverdb-waiverdb.app.os.stg.fedoraproject.org/"],
  "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
@ -8,3 +9,15 @@
  "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
  }
 }
+{% else %}
+{"web": {
+  "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"],
+  "token_uri": "https://id.fedoraproject.org/openidc/Token",
+  "auth_uri": "https://id.fedoraproject.org/openidc/Authorization",
+  "client_id": "waiverdb",
+  "client_secret": "{{waiverdb_oidc_secret}}",
+  "userinfo_uri": "https://id.fedoraproject.org/openidc/UserInfo",
+  "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo"
+  }
+}
+{% endif %}
--- a/roles/openshift-apps/waiverdb/templates/configmap.yml
+++ b/roles/openshift-apps/waiverdb/templates/configmap.yml
@ -1,7 +1,11 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
+{% if env == 'staging' %}
  name: waiverdb-stg-configmap
+{% else %}
+  name: waiverdb-configmap
+{% endif %}
  labels:
    app: waiverdb
 data:
--- a/roles/openshift-apps/waiverdb/templates/secret.yml
+++ b/roles/openshift-apps/waiverdb/templates/secret.yml
@ -1,10 +1,15 @@
 apiVersion: v1
 kind: Secret
 metadata:
+{% if env == 'staging' %}
  name: "waiverdb-stg-secret"
+{% else %}
+  name: "waiverdb-secret"
+{% endif %}
  labels:
    app: "waiverdb"
 stringData:
+{% if env == 'staging' %}
  flask-secret-key: "{{stg_waiverdb_secret_key}}"
  database-password: "{{stg_waiverdb_db_password}}"
  # This is the same non-secret config we have committed
@ -18,3 +23,18 @@ stringData:
      "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF",
      "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo",
      "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}}
+{% else %}
+  flask-secret-key: "{{prod_waiverdb_secret_key}}"
+  database-password: "{{prod_waiverdb_db_password}}"
+  # This is the same non-secret config we have committed
+  # as conf/client_secrets.json for using in dev environments.
+  client_secrets.json: |-
+    {"web": {
+      "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"],
+      "token_uri": "https://iddev.fedorainfracloud.org/openidc/Token",
+      "auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization",
+      "client_id": "D-e69a1ac7-30fa-4d18-9001-7468c4f34c3c",
+      "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF",
+      "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo",
+      "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}}
+{% endif %}