Removed stuff accumulated during testing phase

Most of the things added during testing were not necessary and they were
removed. This had the additional advantage that many files are now identical
to their equivalents in the develop branch, making the diff more manageable.

bbmri/docker-compose.yml

@@ -1,6 +1,6 @@
 version: "3.7"
 
-# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see ccp vars.
+# This includes only the shared persistence for BBMRI-ERIC and GBN. Federation components are included as modules, see vars.
 
 services:
   blaze:

bbmri/modules/exporter-setup.sh

@@ -5,4 +5,5 @@ if [ "$ENABLE_EXPORTER" == true ]; then
   OVERRIDE+=" -f ./$PROJECT/modules/exporter-compose.yml"
   EXPORTER_DB_PASSWORD="$(echo \"This is a salt string to generate one consistent password for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 30)"
   EXPORTER_API_KEY="$(echo \"This is a salt string to generate one consistent API KEY for the exporter. It is not required to be secret.\" | sha1sum | openssl pkeyutl -sign -inkey /etc/bridgehead/pki/${SITE_ID}.priv.pem | base64 | head -c 64)"
+  POSTGRES_TAG=15.6-alpine
 fi

bbmri/modules/feedback-agent-setup.sh

@@ -1,9 +1,6 @@
 #!/bin/bash
 
-log INFO "######################################### Metadata feedback script was found by Bridgehead"
-
 if [ "$ENABLE_FEEDBACK_AGENT" == true ]; then
-  log INFO "######################################### Metadata feedback setup detected -- will start Feedback service."
   OVERRIDE+=" -f ./$PROJECT/modules/feedback-agent-compose.yml"
   FEEDBACK_AGENT_BEAM_SECRET="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"
   FEEDBACK_AGENT_DB_PASSWORD="$(cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20)"

bbmri/vars

@@ -7,18 +7,6 @@
 FOCUS_RETRY_COUNT=${FOCUS_RETRY_COUNT:-64}
 PRIVATEKEYFILENAME=/etc/bridgehead/pki/${SITE_ID}.priv.pem
 
-OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
-OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
-OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
-OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-# Use "test-realm-01" for testing
-OIDC_REALM="${OIDC_REALM:-master}"
-OIDC_URL="https://login.verbis.dkfz.de"
-OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
-OIDC_GROUP_CLAIM="groups"
-
-POSTGRES_TAG=15.6-alpine
-
 for module in $PROJECT/modules/*.sh
 do
     log DEBUG "sourcing $module"

ccp/modules/teiler-compose.yml

@@ -47,12 +47,6 @@ services:
       TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
       REPORTER_DEFAULT_TEMPLATE_ID: "ccp-qb"
       EXPORTER_DEFAULT_TEMPLATE_ID: "ccp"
-      # Modification needed for running in a test mode
-      APPLICATION_PORT: "8080"
-      CONFIG_ENV_VAR_PATH: "/run/secrets/ccp.conf"
-    # Modification needed for running in a test mode
-    secrets:
-      - ccp.conf
 
 
   teiler-backend:

lib/functions.sh

@@ -301,39 +301,21 @@ function sync_secrets() {
     if [[ $secret_sync_args == "" ]]; then
         return
     fi
-    
-    if [ "${ENABLE_ERIC}" == "true" ]; then
-        BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$ERIC_ROOT_CERT.crt.pem
-        PROXY_ID=$ERIC_PROXY_ID
-        BROKER_ID=$ERIC_BROKER_ID
-    elif [ "${ENABLE_GBN}" == "true" ]; then
-        BROKER_ROOT_CERT=/srv/docker/bridgehead/bbmri/$GBN_ROOT_CERT.crt.pem
-        PROXY_ID=$GBN_PROXY_ID
-        BROKER_ID=$GBN_BROKER_ID
-    # Modification needed for running in a test mode
-    elif [ "${PROJECT}" == "ccp" ]; then
-        BROKER_ROOT_CERT=/srv/docker/bridgehead/ccp/root.crt.pem
-    else
-        fail_and_report 1 "Could not start secret sync as the configuration does not seem to use beam"
-    fi
-    local broker_url="https://$BROKER_ID"
     mkdir -p /var/cache/bridgehead/secrets/ || fail_and_report 1 "Failed to create '/var/cache/bridgehead/secrets/'. Please run sudo './bridgehead install $PROJECT' again."
     touch /var/cache/bridgehead/secrets/oidc
-# Modification needed for running in a test mode
+    docker run --rm \
-# Commented out so that the Bridgehead can run without Beam.
+        -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
-#    docker run --rm \
+        -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
-#        -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \
+        -v /srv/docker/bridgehead/$PROJECT/root.crt.pem:/run/secrets/root.crt.pem:ro \
-#        -v $PRIVATEKEYFILENAME:/run/secrets/privkey.pem:ro \
+        -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
-#        -v $BROKER_ROOT_CERT:/run/secrets/root.crt.pem:ro \
+        -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
-#        -v /etc/bridgehead/trusted-ca-certs:/conf/trusted-ca-certs:ro \
+        -e NO_PROXY=localhost,127.0.0.1 \
-#        -e TLS_CA_CERTIFICATES_DIR=/conf/trusted-ca-certs \
+        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
-#        -e NO_PROXY=localhost,127.0.0.1 \
+        -e PROXY_ID=$PROXY_ID \
-#        -e ALL_PROXY=$HTTPS_PROXY_FULL_URL \
+        -e BROKER_URL=$BROKER_URL \
-#        -e PROXY_ID=$PROXY_ID \
+        -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \
-#        -e BROKER_URL=$broker_url \
+        -e SECRET_DEFINITIONS=$secret_sync_args \
-#        -e OIDC_PROVIDER=secret-sync-central.oidc-client-enrollment.$BROKER_ID \
+        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
-#        -e SECRET_DEFINITIONS=$secret_sync_args \
-#        docker.verbis.dkfz.de/cache/samply/secret-sync-local:latest
 
     set -a # Export variables as environment variables
     source /var/cache/bridgehead/secrets/oidc

minimal/modules/bbmri vars

@@ -1,2 +0,0 @@
-OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
-OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"

minimal/modules/ccp vars

@@ -1,7 +0,0 @@
-OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
-OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
-# Use "test-realm-01" for testing
-OIDC_REALM="${OIDC_REALM:-master}"
-OIDC_URL="https://login.verbis.dkfz.de"
-OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
-OIDC_GROUP_CLAIM="groups"