fix: generate the right beam connect mappings

ccp/modules/datashield-mappings.json

@@ -1,59 +1,11 @@
-
-{
-    "sites": [
-        {
-            "id": "berlin",
-            "name": "berlin",
-            "virtualhost": "opal-berlin",
-            "beamconnect": "datashield-connect.berlin.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "muenchen-lmu",
-            "name": "muenchen-lmu",
-            "virtualhost": "opal-muenchen-lmu",
-            "beamconnect": "datashield-connect.muenchen-lmu.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "dresden",
-            "name": "dresden",
-            "virtualhost": "opal-dresden",
-            "beamconnect": "datashield-connect.dresden.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "freiburg",
-            "name": "freiburg",
-            "virtualhost": "opal-freiburg",
-            "beamconnect": "datashield-connect.freiburg.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "muenchen-tum",
-            "name": "muenchen-tum",
-            "virtualhost": "opal-muenchen-tum",
-            "beamconnect": "datashield-connect.muenchen-tum.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "tuebingen",
-            "name": "tuebingen",
-            "virtualhost": "opal-tuebingen",
-            "beamconnect": "datashield-connect.tuebingen.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "mainz",
-            "name": "mainz",
-            "virtualhost": "opal-mainz",
-            "beamconnect": "datashield-connect.mainz.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "frankfurt",
-            "name": "frankfurt",
-            "virtualhost": "opal-frankfurt",
-            "beamconnect": "datashield-connect.frankfurt.broker.ccp-it.dktk.dkfz.de"
-        },
-        {
-            "id": "essen",
-            "name": "essen",
-            "virtualhost": "opal-essen",
-            "beamconnect": "datashield-connect.essen.broker.ccp-it.dktk.dkfz.de"
-        }
-    ]
-}
+[
+    "berlin",
+    "muenchen-lmu",
+    "dresden",
+    "freiburg",
+    "muenchen-tum",
+    "tuebingen",
+    "mainz",
+    "frankfurt",
+    "essen"
+]

ccp/modules/datashield-setup.sh

@@ -17,13 +17,17 @@ if [ "$ENABLE_DATASHIELD" == true ]; then
     chmod g+r /tmp/bridgehead/opal-key.pem
   fi
   mkdir -p /tmp/bridgehead/opal-map
-  jq -n --argfile input ./$PROJECT/modules/datashield-mappings.json '
-    [{
-        "external": "opal-'"$SITE_ID"'",
+  jq -n '{"sites": input | map({
+    "name": .,
+    "id": .,
+    "virtualhost": "opal-\(.):443",
+    "beamconnect": "datashield-connect.\(.).'"$BROKER_ID"'"
+  })}' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/central.json
+  jq -n '[{
+    "external": "'"$SITE_ID"'",
     "internal": "opal:8080",
-        "allowed": [$input.sites[].id | "datashield-connect.\(.).broker.ccp-it.dktk.dkfz.de"]
-    }]' >/tmp/bridgehead/opal-map/local.json
-  cp -f ./$PROJECT/modules/datashield-mappings.json /tmp/bridgehead/opal-map/central.json
+    "allowed": input | map("datashield-connect.\(.).'"$BROKER_ID"'")
+  }]' ./$PROJECT/modules/datashield-mappings.json > /tmp/bridgehead/opal-map/local.json
   chown -R bridgehead:docker /tmp/bridgehead/
   add_private_oidc_redirect_url "/opal/*"
 fi

lib/functions.sh

@@ -279,6 +279,7 @@ function sync_secrets() {
     fi
     mkdir -p /var/cache/bridgehead/secrets/
     touch /var/cache/bridgehead/secrets/oidc
+    chown -R bridgehead:docker /var/cache/bridgehead
     # The oidc provider will need to be switched based on the project at some point I guess
     docker run --rm \
         -v /var/cache/bridgehead/secrets/oidc:/usr/local/cache \