From efd26aa761a84916a84a5909b0a71e8bb7c0e4cc Mon Sep 17 00:00:00 2001 From: janskiba Date: Wed, 13 Dec 2023 11:01:25 +0000 Subject: [PATCH] fix: generate the right beam connect mappings --- ccp/modules/datashield-mappings.json | 70 +++++----------------------- ccp/modules/datashield-setup.sh | 18 ++++--- lib/functions.sh | 1 + 3 files changed, 23 insertions(+), 66 deletions(-) diff --git a/ccp/modules/datashield-mappings.json b/ccp/modules/datashield-mappings.json index d902b8f..a65d9d5 100644 --- a/ccp/modules/datashield-mappings.json +++ b/ccp/modules/datashield-mappings.json @@ -1,59 +1,11 @@ - -{ - "sites": [ - { - "id": "berlin", - "name": "berlin", - "virtualhost": "opal-berlin", - "beamconnect": "datashield-connect.berlin.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "muenchen-lmu", - "name": "muenchen-lmu", - "virtualhost": "opal-muenchen-lmu", - "beamconnect": "datashield-connect.muenchen-lmu.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "dresden", - "name": "dresden", - "virtualhost": "opal-dresden", - "beamconnect": "datashield-connect.dresden.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "freiburg", - "name": "freiburg", - "virtualhost": "opal-freiburg", - "beamconnect": "datashield-connect.freiburg.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "muenchen-tum", - "name": "muenchen-tum", - "virtualhost": "opal-muenchen-tum", - "beamconnect": "datashield-connect.muenchen-tum.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "tuebingen", - "name": "tuebingen", - "virtualhost": "opal-tuebingen", - "beamconnect": "datashield-connect.tuebingen.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "mainz", - "name": "mainz", - "virtualhost": "opal-mainz", - "beamconnect": "datashield-connect.mainz.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "frankfurt", - "name": "frankfurt", - "virtualhost": "opal-frankfurt", - "beamconnect": "datashield-connect.frankfurt.broker.ccp-it.dktk.dkfz.de" - }, - { - "id": "essen", - "name": "essen", - "virtualhost": "opal-essen", - "beamconnect": "datashield-connect.essen.broker.ccp-it.dktk.dkfz.de" - } - ] -} +[ + "berlin", + "muenchen-lmu", + "dresden", + "freiburg", + "muenchen-tum", + "tuebingen", + "mainz", + "frankfurt", + "essen" +] diff --git a/ccp/modules/datashield-setup.sh b/ccp/modules/datashield-setup.sh index d9932c3..bc1b1dc 100644 --- a/ccp/modules/datashield-setup.sh +++ b/ccp/modules/datashield-setup.sh @@ -17,13 +17,17 @@ if [ "$ENABLE_DATASHIELD" == true ]; then chmod g+r /tmp/bridgehead/opal-key.pem fi mkdir -p /tmp/bridgehead/opal-map - jq -n --argfile input ./$PROJECT/modules/datashield-mappings.json ' - [{ - "external": "opal-'"$SITE_ID"'", - "internal": "opal:8080", - "allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"] - }]' >/tmp/bridgehead/opal-map/local.json - cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json + jq -n '{"sites": input | map({ + "name": ., + "id": ., + "virtualhost": "opal-\(.):443", + "beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'" + })}' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/central.json + jq -n '[{ + "external": "'"$SITE_ID"'", + "internal": "opal:8080", + "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'") + }]' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/local.json chown -R bridgehead:docker /tmp/bridgehead/ add_private_oidc_redirect_url "/opal/*" fi diff --git a/lib/functions.sh b/lib/functions.sh index 3aa1aeb..656c752 100644 --- a/lib/functions.sh +++ b/lib/functions.sh @@ -279,6 +279,7 @@ function sync_secrets() { fi mkdir -p /var/cache/bridgehead/secrets/ touch /var/cache/bridgehead/secrets/oidc + chown -R bridgehead:docker /var/cache/bridgehead # The oidc provider will need to be switched based on the project at some point I guess docker run --rm \ -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \