From: Ward Vandewege Date: Mon, 21 May 2018 21:16:59 +0000 (-0400) Subject: helm: Convert the anonymous and superuser token to values in values.yaml X-Git-Url: https://git.arvados.org/arvados-k8s.git/commitdiff_plain/bc186e9c21f8892ebc0662fb0855cc75d51939b5 helm: Convert the anonymous and superuser token to values in values.yaml No issue # Arvados-DCO-1.1-Signed-off-by: Ward Vandewege --- diff --git a/arvados/config/api-server/90-init-db.sh b/arvados/config/api-server/90-init-db.sh index f964c14..cc16372 100644 --- a/arvados/config/api-server/90-init-db.sh +++ b/arvados/config/api-server/90-init-db.sh @@ -22,9 +22,9 @@ prepare_database() { if [[ -f "/create-workbench-api-client.rb" ]]; then # This is the API server cd /var/www/arvados-api/current - bundle exec script/create_superuser_token.rb thisisnotaverygoodsuperusersecretstring00000000000 + bundle exec script/create_superuser_token.rb {{ .Values.superUserSecret }} cd script - bundle exec get_anonymous_user_token.rb -t thisisnotaverygoodanonymoussecretstring00000000000 || true + bundle exec get_anonymous_user_token.rb -t {{ .Values.anonymousUserSecret }} || true bundle exec rails runner /create-workbench-api-client.rb fi diff --git a/arvados/config/sso/90-init-db.sh b/arvados/config/sso/90-init-db.sh index 3d8a878..0515dd6 100644 --- a/arvados/config/sso/90-init-db.sh +++ b/arvados/config/sso/90-init-db.sh @@ -19,15 +19,6 @@ prepare_database() { echo "Warning: Database is not ready to set up." >&2 exit 1 fi - - if [[ -f "/create-workbench-api-client.rb" ]]; then - # This is the API server - cd /var/www/arvados-api/current - bundle exec script/create_superuser_token.rb thisisnotaverygoodsuperusersecretstring00000000000 - cd script - bundle exec get_anonymous_user_token.rb -t thisisnotaverygoodanonymoussecretstring00000000000 || true - bundle exec rails runner /create-workbench-api-client.rb - fi } prepare_database "db:schema:load" diff --git a/arvados/templates/keep-proxy-deployment.yaml b/arvados/templates/keep-proxy-deployment.yaml index 4d2b3b9..b9906b0 100644 --- a/arvados/templates/keep-proxy-deployment.yaml +++ b/arvados/templates/keep-proxy-deployment.yaml @@ -38,4 +38,4 @@ spec: - name : ARVADOS_API_HOST_INSECURE value: "true" - name : ARVADOS_API_TOKEN - value: "thisisnotaverygoodanonymoussecretstring00000000000" + value: "{{ .Values.anonymousUserSecret }}" diff --git a/arvados/templates/keep-web-deployment.yaml b/arvados/templates/keep-web-deployment.yaml index 999edaa..0cc3842 100644 --- a/arvados/templates/keep-web-deployment.yaml +++ b/arvados/templates/keep-web-deployment.yaml @@ -38,4 +38,4 @@ spec: - name : ARVADOS_API_HOST_INSECURE value: "true" - name : ARVADOS_API_TOKEN - value: "thisisnotaverygoodanonymoussecretstring00000000000" + value: "{{ .Values.anonymousUserSecret }}" diff --git a/arvados/templates/shell-server-deployment.yaml b/arvados/templates/shell-server-deployment.yaml index 455d2ff..c07d07d 100644 --- a/arvados/templates/shell-server-deployment.yaml +++ b/arvados/templates/shell-server-deployment.yaml @@ -39,7 +39,7 @@ spec: - name : ARVADOS_API_HOST_INSECURE value: "true" - name : ARVADOS_API_TOKEN - value: "thisisnotaverygoodsuperusersecretstring00000000000" + value: "{{ .Values.anonymousUserSecret }}" volumeMounts: - name: shell-server-configmap mountPath: /init-scripts-staging/99-init-keep.sh diff --git a/arvados/templates/sso-configmap.yaml b/arvados/templates/sso-configmap.yaml index cf9ba1a..c8fb70d 100644 --- a/arvados/templates/sso-configmap.yaml +++ b/arvados/templates/sso-configmap.yaml @@ -12,4 +12,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ (.Files.Glob "config/sso/*").AsConfig | indent 2 }} +{{ (tpl (.Files.Glob "config/sso/*").AsConfig . ) | indent 2 }} diff --git a/arvados/values.yaml b/arvados/values.yaml index 55e276e..eddd0ef 100644 --- a/arvados/values.yaml +++ b/arvados/values.yaml @@ -52,6 +52,11 @@ affinity: {} # Must be set to a valid IP address, e.g. by using --set when invoking helm externalIP: ~ +# A super user token +superUserSecret: "thisisnotaverygoodsuperusersecretstring00000000000" +# An anonymous user token +anonymousUserSecret: "thisisnotaverygoodanonymoussecretstring00000000000" + # The package versions for this Arvados cluster. Also see # # curl http://versions.arvados.org/v1/commit/ | jq .