Merge pull request #2470 from minrk/ovh2-creds

minrk · web-flow · commit 1f6bb1910097 · 2022-12-19T08:57:17.000+01:00
ovh2: update registry credentials
diff --git a/mybinder/values.yaml b/mybinder/values.yaml
@@ -621,7 +621,7 @@ federationRedirect:
       versions: https://ovh.mybinder.org/versions
     ovh2:
       url: https://ovh2.mybinder.org
-      weight: 0
+      weight: 100
       health: https://ovh2.mybinder.org/health
       versions: https://ovh2.mybinder.org/versions
     turing:
diff --git a/secrets/config/ovh2.yaml b/secrets/config/ovh2.yaml
diff --git a/terraform/ovh/main.tf b/terraform/ovh/main.tf
@@ -184,18 +184,56 @@ resource "harbor_project" "mybinder-builds" {
   name = "mybinder-builds"
 }
 
-resource "harbor_robot_account" "builder" {
-  name        = "builder"
-  description = "BinderHub builder: push new user images"
-  project_id  = harbor_project.mybinder-builds.id
-  actions     = ["push", "pull"]
+# we should be able to use robot accounts
+# after an update to Harbor and the harbor provider
+# resource "harbor_robot_account" "builder" {
+#   name        = "builder"
+#   description = "BinderHub builder: push new user images"
+#   project_id  = harbor_project.mybinder-builds.id
+#   actions     = ["push", "pull"]
+# }
+#
+# resource "harbor_robot_account" "user-puller" {
+#   name        = "user-puller"
+#   description = "Pull access to user images"
+#   project_id  = harbor_project.mybinder-builds.id
+#   actions     = ["pull"]
+# }
+
+resource "random_password" "builder" {
+  length  = 16
+  special = true
+}
+
+resource "random_password" "user-puller" {
+  length  = 16
+  special = true
+}
+
+resource "harbor_user" "builder" {
+  username = "mybinder-builder"
+  password = random_password.builder.result
+  full_name = "MyBinder Builder"
+  email = "builder@mybinder.org"
+}
+
+resource "harbor_user" "user-puller" {
+  username = "mybinder-puller"
+  password = random_password.user-puller.result
+  full_name = "MyBinder Puller"
+  email = "puller@mybinder.org"
+}
+
+resource "harbor_project_member_user" "builder" {
+  project_id    = harbor_project.mybinder-builds.id
+  user_name     = harbor_user.builder.username
+  role          = "developer"
 }
 
-resource "harbor_robot_account" "user-puller" {
-  name        = "user-puller"
-  description = "Pull access to user images"
-  project_id  = harbor_project.mybinder-builds.id
-  actions     = ["pull"]
+resource "harbor_project_member_user" "user-puller" {
+  project_id    = harbor_project.mybinder-builds.id
+  user_name     = harbor_user.user-puller.username
+  role          = "limitedguest"
 }
 
 # retention policies created by hand
@@ -237,11 +275,11 @@ output "registry_admin_password" {
 }
 
 output "registry_builder_token" {
-  value     = harbor_robot_account.builder.token
+  value     = harbor_user.builder.password
   sensitive = true
 }
 
 output "registry_user_puller_token" {
-  value     = harbor_robot_account.user-puller.token
+  value     = harbor_user.user-puller.password
   sensitive = true
 }
