Stop using manual secrets, plus secret and variable cleanup (#74)

* Add ALLOWED_ORIGINS to code base * Add FORESTCLIENTAPI_ADDRESS * Add KEYCLOAK_REALM_URL * Add FORESTCLIENTAPI_ADDRESS * Extra backend label * Add FORESTCLIENTAPI_KEY * Create secret for backend * Update SERVICE_NAME
bcgov · May 9, 2023 · 5e694cd · 5e694cd
1 parent 6826fa4
commit 5e694cd
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 18 deletions.
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
@@ -47,6 +47,7 @@ jobs:
             -p NAME=${{ github.event.repository.name }}
             -p ORACLE_DB_USER=${{ secrets.DB_USER }}
             -p ORACLE_DB_PASSWORD='${{ secrets.DB_PASSWORD }}'
+            -p FORESTCLIENTAPI_KEY='${{ secrets.FORESTCLIENTAPI_KEY }}'
 
   builds:
     name: Builds

diff --git a/backend/openshift.deploy.yml b/backend/openshift.deploy.yml
@@ -8,7 +8,6 @@ metadata:
     iconClass: icon-java
 labels:
   app: ${NAME}-${ZONE}
-  app.kubernetes.io/part-of: ${NAME}-${ZONE}
 parameters:
   - name: NAME
     description: Module name
@@ -24,6 +23,13 @@ parameters:
     value: latest
   - name: DOMAIN
     value: apps.silver.devops.gov.bc.ca
+  - name: ALLOWED_ORIGINS
+    description: Sets all the allowed request origins
+    value: "http://localhost:300*,https://*.apps.silver.devops.gov.bc.ca"
+  - name: KEYCLOAK_REALM_URL
+    value: "https://test.loginproxy.gov.bc.ca/auth/realms/standard"
+  - name: FORESTCLIENTAPI_ADDRESS
+    value: "https://nr-forest-client-api-prod.api.gov.bc.ca/api"
   - name: CPU_REQUEST
     value: "75m"
   - name: MEMORY_REQUEST
@@ -101,15 +107,16 @@ objects:
                 - name: NR_SPAR_BACKEND_VERSION
                   value: ${BUILD}
                 - name: ALLOWED_ORIGINS
-                  valueFrom:
-                    secretKeyRef:
-                      name: ${NAME}-backend
-                      key: allowed_origins
+                  value: ${ALLOWED_ORIGINS}
                 - name: KEYCLOAK_REALM_URL
+                  value: ${KEYCLOAK_REALM_URL}
+                - name: FORESTCLIENTAPI_ADDRESS
+                  value: ${FORESTCLIENTAPI_ADDRESS}
+                - name: FORESTCLIENTAPI_KEY
                   valueFrom:
                     secretKeyRef:
-                      name: ${NAME}-backend
-                      key: keycloak-realm-url
+                      name: ${NAME}-${ZONE}-backend
+                      key: forest-client-api-key
                 - name: POSTGRESQL_HOST
                   value: ${NAME}-${ZONE}-database
                 - name: POSTGRESQL_DATABASE
@@ -127,16 +134,6 @@ objects:
                     secretKeyRef:
                       name: ${NAME}-${ZONE}-database
                       key: database-user
-                - name: FORESTCLIENTAPI_ADDRESS
-                  valueFrom:
-                    secretKeyRef:
-                      name: ${NAME}-backend
-                      key: forest-client-api.address
-                - name: FORESTCLIENTAPI_KEY
-                  valueFrom:
-                    secretKeyRef:
-                      name: ${NAME}-backend
-                      key: forest-client-api.key
               ports:
                 - containerPort: 8090
                   protocol: TCP

diff --git a/common/openshift.init.yml b/common/openshift.init.yml
@@ -16,6 +16,8 @@ parameters:
     description: Password for the PostgreSQL connection user.
     from: "[a-zA-Z0-9]{16}"
     generate: expression
+  - name: FORESTCLIENTAPI_KEY
+    required: true
   - name: ORACLE_DB_USER
     description: Oracle database username for API
     required: true
@@ -42,6 +44,14 @@ objects:
     stringData:
       oracle-user: ${ORACLE_DB_USER}
       oracle-password: ${ORACLE_DB_PASSWORD}
+  - apiVersion: v1
+    kind: Secret
+    metadata:
+      name: ${NAME}-${ZONE}-backend
+      labels:
+        app: ${NAME}-${ZONE}
+    stringData:
+      forest-client-api-key: ${FORESTCLIENTAPI_KEY}
   - apiVersion: networking.k8s.io/v1
     kind: NetworkPolicy
     metadata:

diff --git a/oracle-api/openshift.deploy.yml b/oracle-api/openshift.deploy.yml
@@ -41,7 +41,7 @@ parameters:
     value: "1543"
   - name: SERVICE_NAME
     description: The database's name
-    value: fortmp1.nrs.bcgov
+    value: dbq01.nrs.bcgov
   - name: KEYCLOAK_REALM_URL
     description: Keycloak realm address
     value: https://test.loginproxy.gov.bc.ca/auth/realms/standard