From d82787edce5b7110728942b4ef9901223b056c33 Mon Sep 17 00:00:00 2001
From: Tasko Olevski <tasko.olevski@sdsc.ethz.ch>
Date: Fri, 19 Jan 2024 01:47:15 +0100
Subject: [PATCH] squashme: minor fix

---
 .../gateway/deployment-revproxy.yaml          | 22 +++++++++---
 .../renku/templates/gateway/secret.yaml       | 34 ++++---------------
 2 files changed, 23 insertions(+), 33 deletions(-)

diff --git a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml
index b29b834b9c..0287b5fad7 100644
--- a/helm-chart/renku/templates/gateway/deployment-revproxy.yaml
+++ b/helm-chart/renku/templates/gateway/deployment-revproxy.yaml
@@ -48,12 +48,27 @@ spec:
                 secretKeyRef:
                   name: {{ .Values.global.redis.existingSecret }}
                   key: {{ .Values.global.redis.existingSecretPasswordKey }}
+            - name: LOGIN_PROVIDERS_RENKU_CLIENTSECRET 
+              valueFrom:
+                secretKeyRef:
+                  name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
+                  key: oidcClientSecret
+            - name: LOGIN_PROVIDERS_GITLAB_CLIENTSECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
+                  key: gitlabClientSecret
+            - name: LOGIN_PROVIDERS_RENKU-CLI_CLIENTSECRET
+              valueFrom:
+                secretKeyRef:
+                  name: {{ cat (include "renku.fullname" .) "-gateway" | nospace }}
+                  key: cliClientSecret
+            - name: MONITORING_SENTRY_DSN
+              value: {{ .Values.gateway.sentry.dsn }}
           volumeMounts:
             {{- include "certificates.volumeMounts.system" . | nindent 12 }}
             - mountPath: "/etc/gateway"
               name: public-config
-            - mountPath: "/etc/gateway"
-              name: secret-config
           livenessProbe:
             httpGet:
               path: /health
@@ -87,7 +102,4 @@ spec:
         - name: public-config
           configMap:
             name: {{ template "gateway.name" . }} 
-        - name: secret-config
-          secret:
-            secretName: {{ printf "%s-gateway" (include "renku.fullname" .) }}
 
diff --git a/helm-chart/renku/templates/gateway/secret.yaml b/helm-chart/renku/templates/gateway/secret.yaml
index 9ed1f6320e..02feb32174 100644
--- a/helm-chart/renku/templates/gateway/secret.yaml
+++ b/helm-chart/renku/templates/gateway/secret.yaml
@@ -70,19 +70,19 @@
 {{- $tokenEncryptionSecretKey := randAlphaNum 32 | b64enc | quote }}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 {{- if $secret }}
-{{- $tokenEncryptionSecretKey = index $secret.data "login.tokenEncryption.secretKey" }}
+{{- $tokenEncryptionSecretKey = index $secret.data "tokenEncryption" }}
 {{- end -}}
 
 {{- $csrfCookieEncodingKey := randAlphaNum 32 | b64enc | quote }}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 {{- if $secret }}
-{{- $csrfCookieEncodingKey = index $secret.data "login.providers.renku.cookieEncodingKey" }}
+{{- $csrfCookieEncodingKey = index $secret.data "cookieEncodingKey" }}
 {{- end -}}
 
 {{- $csrfCookieHashKey := randAlphaNum 32 | b64enc | quote }}
 {{- $secret := (lookup "v1" "Secret" .Release.Namespace $secretName) }}
 {{- if $secret }}
-{{- $csrfCookieHashKey = index $secret.data "login.providers.renku.cookieHashKey" }}
+{{- $csrfCookieHashKey = index $secret.data "cookieHashKey" }}
 {{- end -}}
 
 apiVersion: v1
@@ -116,29 +116,7 @@ data:
   # A secret for the Gitlab client in Keycloak if an internal Gitlab is used
   gitlabClientInKeycloakSecret: {{ $gitlabClientInKeycloakSecret }}
   {{- end }}
-
-  #### New stuff for the gateway refactoring
-  secret_config.yaml: |
-    login:
-      tokenEncryption:
-        secretKey: {{ $tokenEncryptionSecretKey }}
-      providers:
-        renku:
-          # A secret for the "renku" OIDC client in Keycloak
-          clientSecret: {{ $oidcClientSecret }}
-          cookieEncodingKey: {{ $csrfCookieEncodingKey }}
-          cookieHashKey: {{ $csrfCookieHashKey }}
-        renku-cli:
-          # A secret for the Renku CLI client in Keycloak
-          clientSecret: {{ $cliClientSecret }}
-          cookieEncodingKey: {{ $csrfCookieEncodingKey }}
-          cookieHashKey: {{ $csrfCookieHashKey }}
-        gitlab:
-          # The OIDC client must be created manually in Gitlab prior to installing Renku
-          clientSecret: {{ $gitlabClientSecret }}
-          cookieEncodingKey: {{ $csrfCookieEncodingKey }}
-          cookieHashKey: {{ $csrfCookieHashKey }}
-    monitoring:
-      sentry:
-        dsn: {{ .Values.gateway.sentry.dsn }}
+  cookieEncodingKey: {{ $csrfCookieEncodingKey }}
+  cookieHashKey: {{ $csrfCookieHashKey }}
+  tokenEncryption: {{ $tokenEncryptionSecretKey }}