fix: generate the right beam connect mappings

This commit is contained in:
janskiba 2023-12-13 11:01:25 +00:00 committed by juarez
parent 739a1ec5f8
commit 83a0555192
3 changed files with 23 additions and 66 deletions

View File

@ -1,59 +1,11 @@
[
{ "berlin",
"sites": [ "muenchen-lmu",
{ "dresden",
"id": "berlin", "freiburg",
"name": "berlin", "muenchen-tum",
"virtualhost": "opal-berlin", "tuebingen",
"beamconnect": "datashield-connect.berlin.broker.ccp-it.dktk.dkfz.de" "mainz",
}, "frankfurt",
{ "essen"
"id": "muenchen-lmu", ]
"name": "muenchen-lmu",
"virtualhost": "opal-muenchen-lmu",
"beamconnect": "datashield-connect.muenchen-lmu.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "dresden",
"name": "dresden",
"virtualhost": "opal-dresden",
"beamconnect": "datashield-connect.dresden.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "freiburg",
"name": "freiburg",
"virtualhost": "opal-freiburg",
"beamconnect": "datashield-connect.freiburg.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "muenchen-tum",
"name": "muenchen-tum",
"virtualhost": "opal-muenchen-tum",
"beamconnect": "datashield-connect.muenchen-tum.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "tuebingen",
"name": "tuebingen",
"virtualhost": "opal-tuebingen",
"beamconnect": "datashield-connect.tuebingen.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "mainz",
"name": "mainz",
"virtualhost": "opal-mainz",
"beamconnect": "datashield-connect.mainz.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "frankfurt",
"name": "frankfurt",
"virtualhost": "opal-frankfurt",
"beamconnect": "datashield-connect.frankfurt.broker.ccp-it.dktk.dkfz.de"
},
{
"id": "essen",
"name": "essen",
"virtualhost": "opal-essen",
"beamconnect": "datashield-connect.essen.broker.ccp-it.dktk.dkfz.de"
}
]
}

View File

@ -17,13 +17,17 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
chmod g+r /tmp/bridgehead/opal-key.pem chmod g+r /tmp/bridgehead/opal-key.pem
fi fi
mkdir -p /tmp/bridgehead/opal-map mkdir -p /tmp/bridgehead/opal-map
jq -n --argfile input ./$PROJECT/modules/datashield-mappings.json ' jq -n '{"sites": input | map({
[{ "name": .,
"external": "opal-'"$SITE_ID"'", "id": .,
"virtualhost": "opal-\(.):443",
"beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"
})}' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/central.json
jq -n '[{
"external": "'"$SITE_ID"'",
"internal": "opal:8080", "internal": "opal:8080",
"allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"] "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
}]' >/tmp/bridgehead/opal-map/local.json }]' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/local.json
cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
chown -R bridgehead:docker /tmp/bridgehead/ chown -R bridgehead:docker /tmp/bridgehead/
add_private_oidc_redirect_url "/opal/*" add_private_oidc_redirect_url "/opal/*"
fi fi

View File

@ -279,6 +279,7 @@ function sync_secrets() {
fi fi
mkdir -p /var/cache/bridgehead/secrets/ mkdir -p /var/cache/bridgehead/secrets/
touch /var/cache/bridgehead/secrets/oidc touch /var/cache/bridgehead/secrets/oidc
chown -R bridgehead:docker /var/cache/bridgehead
# The oidc provider will need to be switched based on the project at some point I guess # The oidc provider will need to be switched based on the project at some point I guess
docker run --rm \ docker run --rm \
-v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \ -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \