From fb937906cd55b45a1b7be753ff96b86d82122622 Mon Sep 17 00:00:00 2001
From: Ryan Lerch <rlerch@redhat.com>
Date: Thu, 17 Aug 2023 12:55:53 +1000
Subject: [PATCH] maubot: get a keytab

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
---
 playbooks/openshift-apps/maubot.yml                    | 7 +++++++
 roles/openshift-apps/maubot/files/deploymentconfig.yml | 6 ++++++
 roles/openshift-apps/maubot/templates/buildconfig.yml  | 2 +-
 3 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/playbooks/openshift-apps/maubot.yml b/playbooks/openshift-apps/maubot.yml
index 24eff31a00..a99b5d509c 100644
--- a/playbooks/openshift-apps/maubot.yml
+++ b/playbooks/openshift-apps/maubot.yml
@@ -16,6 +16,13 @@
     - ryanlerch
     - kevin
 
+  - role: openshift/keytab
+    app: maubot
+    key: service.keytab
+    secret_name: maubot-keytab
+    service: HTTP
+    host: "maubot.apps.ocp{{env_suffix}}.fedoraproject.org"
+
   - role: openshift/object
     app: maubot
     file: imagestream.yml
diff --git a/roles/openshift-apps/maubot/files/deploymentconfig.yml b/roles/openshift-apps/maubot/files/deploymentconfig.yml
index f02302829f..b6e60f1b10 100644
--- a/roles/openshift-apps/maubot/files/deploymentconfig.yml
+++ b/roles/openshift-apps/maubot/files/deploymentconfig.yml
@@ -37,6 +37,9 @@ spec:
               readOnly: true
             - name: maubot-storage
               mountPath: /maubot
+            - name: keytab-volume
+              mountPath: /etc/keytabs
+              readOnly: true
           readinessProbe:
             timeoutSeconds: 1
             initialDelaySeconds: 5
@@ -56,6 +59,9 @@ spec:
         - name: maubot-storage
           persistentVolumeClaim:
             claimName: maubot-storage
+        - name: keytab-volume
+          secret:
+            secretName: maubot-keytab
   triggers:
   - type: ImageChange
     imageChangeParams:
diff --git a/roles/openshift-apps/maubot/templates/buildconfig.yml b/roles/openshift-apps/maubot/templates/buildconfig.yml
index 76b44ae04a..00095c46b2 100644
--- a/roles/openshift-apps/maubot/templates/buildconfig.yml
+++ b/roles/openshift-apps/maubot/templates/buildconfig.yml
@@ -12,7 +12,7 @@ spec:
   source:
     dockerfile: |-
       FROM fedora:38
-      RUN dnf -y install python3-pip && dnf -y clean all
+      RUN dnf -y install python3-pip fasjson-client && dnf -y clean all
       RUN pip install maubot[encryption]
       WORKDIR /maubot
       ENTRYPOINT /usr/bin/python3 -m maubot -c /config/config.yml