fix: generate the right beam connect mappings

2023-12-13 11:01:25 +00:00 · 2023-12-13 11:01:25 +00:00 · 83a0555192
parent 739a1ec5f8
commit 83a0555192
3 changed files with 23 additions and 66 deletions
--- a/ccp/modules/datashield-mappings.json
+++ b/ccp/modules/datashield-mappings.json
@ -1,59 +1,11 @@
-
+[
-{
+    "berlin",
-    "sites": [
+    "muenchen-lmu",
-        {
+    "dresden",
-            "id": "berlin",
+    "freiburg",
-            "name": "berlin",
+    "muenchen-tum",
-            "virtualhost": "opal-berlin",
+    "tuebingen",
-            "beamconnect": "datashield-connect.berlin.broker.ccp-it.dktk.dkfz.de"
+    "mainz",
-        },
+    "frankfurt",
-        {
+    "essen"
            "id": "muenchen-lmu",
            "name": "muenchen-lmu",
            "virtualhost": "opal-muenchen-lmu",
            "beamconnect": "datashield-connect.muenchen-lmu.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "dresden",
            "name": "dresden",
            "virtualhost": "opal-dresden",
            "beamconnect": "datashield-connect.dresden.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "freiburg",
            "name": "freiburg",
            "virtualhost": "opal-freiburg",
            "beamconnect": "datashield-connect.freiburg.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "muenchen-tum",
            "name": "muenchen-tum",
            "virtualhost": "opal-muenchen-tum",
            "beamconnect": "datashield-connect.muenchen-tum.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "tuebingen",
            "name": "tuebingen",
            "virtualhost": "opal-tuebingen",
            "beamconnect": "datashield-connect.tuebingen.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "mainz",
            "name": "mainz",
            "virtualhost": "opal-mainz",
            "beamconnect": "datashield-connect.mainz.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "frankfurt",
            "name": "frankfurt",
            "virtualhost": "opal-frankfurt",
            "beamconnect": "datashield-connect.frankfurt.broker.ccp-it.dktk.dkfz.de"
        },
        {
            "id": "essen",
            "name": "essen",
            "virtualhost": "opal-essen",
            "beamconnect": "datashield-connect.essen.broker.ccp-it.dktk.dkfz.de"
        }
 ]
 }
--- a/ccp/modules/datashield-setup.sh
+++ b/ccp/modules/datashield-setup.sh
@ -17,13 +17,17 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
    chmod g+r /tmp/bridgehead/opal-key.pem
  fi
  mkdir -p /tmp/bridgehead/opal-map
-  jq -n --argfile input ./$PROJECT/modules/datashield-mappings.json '
+  jq -n '{"sites": input | map({
-    [{
+    "name": .,
-        "external": "opal-'"$SITE_ID"'",
+    "id": .,
    "virtualhost": "opal-\(.):443",
    "beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"
  })}' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/central.json
  jq -n '[{
    "external": "'"$SITE_ID"'",
    "internal": "opal:8080",
-        "allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"]
+    "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
-    }]' >/tmp/bridgehead/opal-map/local.json
+  }]' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/local.json
  cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
  chown -R bridgehead:docker /tmp/bridgehead/
  add_private_oidc_redirect_url "/opal/*"
 fi
--- a/lib/functions.sh
+++ b/lib/functions.sh
@ -279,6 +279,7 @@ function sync_secrets() {
    fi
    mkdir -p /var/cache/bridgehead/secrets/
    touch /var/cache/bridgehead/secrets/oidc
    chown -R bridgehead:docker /var/cache/bridgehead
    # The oidc provider will need to be switched based on the project at some point I guess
    docker run --rm \
        -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \