Skip to content

Commit

Permalink
[ci] Clean up temporary config for OAuth changes (#13570)
Browse files Browse the repository at this point in the history 
All this `HAIL_AZURE_OAUTH_SCOPE` and `HAIL_IDENTITY_PROVIDER_JSON` are
now injected by batch workers by default so we don't need to specify
them explicitly in `build.yaml`.

Unrelatedly, I don't think `create_dummy_oauth2_client_secret` does
anything as `auth-oauth2-client-secret` already exists inside new
namespaces.
  • Loading branch information
@daniel-goldstein
daniel-goldstein authored Sep 7, 2023
1 parent 35da6f4 commit b4912b5
Showing 1 changed file with 0 additions and 59 deletions.
59 changes: 0 additions & 59 deletions build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1604,22 +1604,6 @@ steps:
- default_ns
- create_certs
- copy_third_party_images
- kind: runImage
name: create_dummy_oauth2_client_secret
resources:
memory: standard
cpu: '0.25'
image:
valueFrom: ci_utils_image.image
script: |
set -ex
kubectl -n {{ default_ns.name }} create secret generic auth-oauth2-client-secret || true
scopes:
- test
- dev
dependsOn:
- default_ns
- ci_utils_image
- kind: deploy
name: deploy_auth
namespace:
Expand All @@ -1638,7 +1622,6 @@ steps:
- create_session_key
- auth_database
- auth_image
- create_dummy_oauth2_client_secret
- create_certs
- create_accounts
- kind: runImage
Expand Down Expand Up @@ -2387,25 +2370,12 @@ steps:
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
{% if global.cloud == "gcp" %}
export GCS_REQUESTER_PAYS_PROJECT=broad-ctsa
{% elif global.cloud == "azure" %}
export HAIL_AZURE_SUBSCRIPTION_ID={{ global.azure_subscription_id }}
export HAIL_AZURE_RESOURCE_GROUP={{ global.azure_resource_group }}
export HAIL_AZURE_OAUTH_SCOPE=$(cat /oauth-secret/sp_oauth_scope)
{% endif %}
export HAIL_SHUFFLE_MAX_BRANCH=4
export HAIL_SHUFFLE_CUTOFF=1000000
export HAIL_QUERY_BACKEND=batch
{% if global.cloud == "azure" %}
export HAIL_BATCH_REGIONS={{ global.azure_location }}
{% elif global.cloud == "gcp" %}
export HAIL_BATCH_REGIONS={{ global.gcp_region }}
{% else %}
echo "unknown cloud {{ global.cloud }}"
exit 1
{% endif %}
export HAIL_BATCH_BILLING_PROJECT=test
export HAIL_BATCH_REMOTE_TMPDIR={{ global.test_storage_uri }}
Expand Down Expand Up @@ -2468,24 +2438,13 @@ steps:
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
{% if global.cloud == "gcp" %}
export GCS_REQUESTER_PAYS_PROJECT=broad-ctsa
{% elif global.cloud == "azure" %}
export HAIL_AZURE_SUBSCRIPTION_ID={{ global.azure_subscription_id }}
export HAIL_AZURE_RESOURCE_GROUP={{ global.azure_resource_group }}
{% endif %}
export HAIL_SHUFFLE_MAX_BRANCH=4
export HAIL_SHUFFLE_CUTOFF=1000000
export HAIL_QUERY_BACKEND=batch
{% if global.cloud == "azure" %}
export HAIL_BATCH_REGIONS={{ global.azure_location }}
{% elif global.cloud == "gcp" %}
export HAIL_BATCH_REGIONS={{ global.gcp_region }}
{% else %}
echo "unknown cloud {{ global.cloud }}"
exit 1
{% endif %}
export HAIL_BATCH_BILLING_PROJECT=test
export HAIL_BATCH_REMOTE_TMPDIR={{ global.test_storage_uri }}
Expand All @@ -2511,10 +2470,6 @@ steps:
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: auth-oauth2-client-secret
namespace:
valueFrom: default_ns.name
mountPath: /oauth-secret
dependsOn:
- default_ns
- merge_code
Expand Down Expand Up @@ -2940,11 +2895,8 @@ steps:
export HAIL_GENETICS_HAIL_IMAGE="{{ hailgenetics_hail_image.image }}"
{% if global.cloud == "gcp" %}
export HAIL_IDENTITY_PROVIDER_JSON='{"idp": "Google"}'
export GOOGLE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
{% elif global.cloud == "azure" %}
export HAIL_IDENTITY_PROVIDER_JSON='{"idp": "Microsoft"}'
export HAIL_AZURE_OAUTH_SCOPE=$(cat /oauth-secret/sp_oauth_scope)
export AZURE_APPLICATION_CREDENTIALS=/test-gsa-key/key.json
{% else %}
echo "unknown cloud {{ global.cloud }}"
Expand Down Expand Up @@ -3039,10 +2991,6 @@ steps:
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: auth-oauth2-client-secret
namespace:
valueFrom: default_ns.name
mountPath: /oauth-secret
dependsOn:
- hailgenetics_hail_image
- upload_query_jar
Expand Down Expand Up @@ -3548,9 +3496,6 @@ steps:
export HAIL_CLOUD={{ global.cloud }}
export HAIL_DEFAULT_NAMESPACE={{ default_ns.name }}
{% if global.cloud == "azure" %}
export HAIL_AZURE_OAUTH_SCOPE=$(cat /oauth-secret/sp_oauth_scope)
{% endif %}
cd /io
mkdir -p src/test
Expand All @@ -3572,10 +3517,6 @@ steps:
namespace:
valueFrom: default_ns.name
mountPath: /test-gsa-key
- name: auth-oauth2-client-secret
namespace:
valueFrom: default_ns.name
mountPath: /oauth-secret
timeout: 1200
dependsOn:
- default_ns
Expand Down

0 comments on commit b4912b5

Please sign in to comment.