Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / e049e1d50afacc1e58a6faf9f7149c717fac2b74^! / .
commite049e1d50afacc1e58a6faf9f7149c717fac2b74[log] [tgz]
authorAdam Tengler <atengler@mirantis.com>Wed Oct 24 22:18:56 2018 +0000
committerAdam Tengler <atengler@mirantis.com>Wed Oct 24 22:18:56 2018 +0000
tree7b5a7fb69bd5c2cf7978c69c3544135db5138e27
parent3ae97e93db0c5ab8a21fa20b01f4967a666bad18 [diff]
Send client_secrets through env variable in operations-api Swarm deployment

Change-Id: I0fd810d97162a750674511c4b27a1ca9e13ec6e7

diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
index 51cdeae..fff4f18 100644
--- a/docker/swarm/stack/operations_api.yml
+++ b/docker/swarm/stack/operations_api.yml

@@ -2,13 +2,13 @@
   _param:
     docker_operations_api_replicas: 1
     docker_image_operations_api: mirantis/python-operations-api:latest
-    operations_api_oidc_client_secrets: 'operations_api/config/client_secrets_docker.json'
-    operations_api_sqlalchemy_database_uri: 'cockroachdb://oapi@cockroach-ui:26257/oapi'
-    operations_api_sqlalchemy_echo: 'false'
-    operations_api_flask_debug: 'false'
+    operations_api_sqlalchemy_database_uri: "cockroachdb://oapi@cockroach-ui:26257/oapi"
+    operations_api_sqlalchemy_echo: "false"
+    operations_api_flask_debug: "false"
     operations_api_bind_host: 0.0.0.0
     operations_api_bind_port: ${_param:haproxy_operations_api_bind_port}
     docker_image_cockroachdb: cockroachdb/cockroach:latest
+    operations_api_keycloak_url: "http://${_param:single_address}:${_param:haproxy_keycloak_exposed_port}"
   docker:
     client:
       stack:
@@ -16,7 +16,18 @@
           service:
             operations-api:
               environment:
-                OAPI_OIDC_CLIENT_SECRETS: ${_param:operations_api_oidc_client_secrets}
+                OAPI_OIDC_CLIENT_SECRETS_OVERRIDE: '
+                  {
+                    "web": {
+                        "client_id": "operations-api",
+                        "client_secret": "${_param:keycloak_operations_api_client_secret}",
+                        "auth_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/auth",
+                        "token_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token",
+                        "token_introspection_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token/introspect",
+                        "issuer": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm",
+                        "userinfo_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/userinfo"
+                    }
+                  }'
                 OAPI_SQLALCHEMY_DATABASE_URI: ${_param:operations_api_sqlalchemy_database_uri}
                 OAPI_SQLALCHEMY_ECHO: ${_param:operations_api_sqlalchemy_echo}
                 OAPI_FLASK_DEBUG: ${_param:operations_api_flask_debug}