🔥(tray) remove legacy cloudfront configuration

Cloudfront signed URLs have been removed from Marsha project.
Removing it from the tray.

Author: wilbrdt

src/tray/templates/services/app/_deploy_base.yml.j2

@@ -75,8 +75,6 @@ spec:
               value: "{{ marsha_hosts | map('blue_green_hosts') | join(',') }},marsha-nginx-current"
             - name: DJANGO_CSRF_TRUSTED_ORIGINS
               value: "{{ marsha_hosts | map('blue_green_hosts') | join(',') | split(',') | map('regex_replace', '^(.*)$', 'https://\\1') | join(',') }},http://marsha-nginx-current"
-            - name: DJANGO_CLOUDFRONT_PRIVATE_KEY_PATH
-              value: "{{ marsha_cloudfront_private_key_path }}"
             - name: DJANGO_CELERY_DEFAULT_QUEUE
               value: "default-queue-{{ deployment_stamp }}"
           envFrom:
@@ -93,10 +91,6 @@ spec:
               mountPath: /data/media
             - name: marsha-v-static
               mountPath: /data/static
-{% endif %}
-{% if marsha_should_sign_requests %}
-            - mountPath: "{{ marsha_cloudfront_private_key_path | dirname }}"
-              name: marsha-cloudfront-private-key-secret
 {% endif %}
       securityContext:
         runAsUser: {{ container_uid }}
@@ -114,8 +108,3 @@ spec:
           persistentVolumeClaim:
             claimName: "{{ marsha_pvc_static_name }}"
 {% endif %}
-{% if marsha_should_sign_requests %}
-        - name: marsha-cloudfront-private-key-secret
-          secret:
-            secretName: "{{ marsha_cloudfront_private_key_secret_name }}"
-{% endif %}

src/tray/templates/services/app/cronjob_pipeline.yml.j2

@@ -52,8 +52,6 @@ items:
                       value: "marsha-{{ marsha_postgresql_host }}-{{ deployment_stamp }}"
                     - name: POSTGRES_PORT
                       value: "{{ marsha_postgresql_port }}"
-                    - name: DJANGO_CLOUDFRONT_PRIVATE_KEY_PATH
-                      value: "{{ marsha_cloudfront_private_key_path }}"                      
                   envFrom:
                     - secretRef:
                         name: "{{ marsha_secret_name }}"
@@ -63,10 +61,6 @@ items:
                   volumeMounts:
                     - name: marsha-configmap
                       mountPath: /app/src/backend/marsha/configs
-{% if marsha_should_sign_requests %}
-                    - mountPath: "{{ marsha_cloudfront_private_key_path | dirname }}"
-                      name: marsha-cloudfront-private-key-secret
-{% endif %}                      
               securityContext:
                 runAsUser: {{ container_uid }}
                 runAsGroup: {{ container_gid }}
@@ -75,11 +69,6 @@ items:
                   configMap:
                     defaultMode: 420
                     name: marsha-app-{{ deployment_stamp }}
-{% if marsha_should_sign_requests %}
-                - name: marsha-cloudfront-private-key-secret
-                  secret:
-                    secretName: "{{ marsha_cloudfront_private_key_secret_name }}"
-{% endif %}                    
               restartPolicy: Never
 {% endif %}
 {% endfor %}

src/tray/templates/services/app/job_db_migrate.yml.j2

@@ -42,10 +42,6 @@ spec:
               value: "{{ marsha_postgresql_port }}"
             - name: DJANGO_ALLOWED_HOSTS
               value: "{{ marsha_hosts[0] }}"
-            - name: DJANGO_CLOUDFRONT_SIGNED_URLS_ACTIVE
-              value: "{{ marsha_should_sign_requests }}"
-            - name: DJANGO_CLOUDFRONT_PRIVATE_KEY_PATH
-              value: "{{ marsha_cloudfront_private_key_path }}"
           envFrom:
             - secretRef:
                 name: "{{ marsha_secret_name }}"
@@ -54,10 +50,6 @@ spec:
           volumeMounts:
             - name: marsha-configmap
               mountPath: /app/src/backend/marsha/configs
-{% if marsha_should_sign_requests %}
-            - mountPath: "{{ marsha_cloudfront_private_key_path | dirname }}"
-              name: marsha-cloudfront-private-key-secret
-{% endif %}
       restartPolicy: Never
       securityContext:
         runAsUser: {{ container_uid }}
@@ -67,8 +59,3 @@ spec:
           configMap:
             defaultMode: 420
             name: marsha-app-{{ deployment_stamp }}
-{% if marsha_should_sign_requests %}
-        - name: marsha-cloudfront-private-key-secret
-          secret:
-            secretName: "{{ marsha_cloudfront_private_key_secret_name }}"
-{% endif %}

src/tray/templates/services/app/secret.yml.j2

@@ -12,13 +12,9 @@ data:
   DJANGO_AWS_ACCESS_KEY_ID: "{{ MARSHA_VAULT.DJANGO_AWS_ACCESS_KEY_ID | default('secret') | b64encode }}"
   DJANGO_AWS_SECRET_ACCESS_KEY: "{{ MARSHA_VAULT.DJANGO_AWS_SECRET_ACCESS_KEY | default('secret') | b64encode }}"
   DJANGO_UPDATE_STATE_SHARED_SECRETS: "{{ MARSHA_VAULT.DJANGO_UPDATE_STATE_SHARED_SECRETS | default('secret') | b64encode }}"
-  DJANGO_CLOUDFRONT_ACCESS_KEY_ID: "{{ MARSHA_VAULT.DJANGO_CLOUDFRONT_ACCESS_KEY_ID | default('secret') | b64encode }}"
-  DJANGO_CLOUDFRONT_DOMAIN: "{{ MARSHA_VAULT.DJANGO_CLOUDFRONT_DOMAIN | default('foo.com') | b64encode }}"
   DJANGO_SCW_EDGE_SERVICE_DOMAIN: "{{ MARSHA_VAULT.DJANGO_SCW_EDGE_SERVICE_DOMAIN | default('foo.com') | b64encode }}"
   DJANGO_JWT_SIGNING_KEY: "{{ MARSHA_VAULT.DJANGO_JWT_SIGNING_KEY | default('secret') | b64encode }}"
   DJANGO_SECRET_KEY: "{{ MARSHA_VAULT.DJANGO_SECRET_KEY | default('supersecret') | b64encode }}"
-  DJANGO_AWS_MEDIALIVE_ROLE_ARN: "{{ MARSHA_VAULT.DJANGO_AWS_MEDIALIVE_ROLE_ARN | default('secret') | b64encode }}"
-  DJANGO_AWS_MEDIAPACKAGE_HARVEST_JOB_ARN: "{{ MARSHA_VAULT.DJANGO_AWS_MEDIAPACKAGE_HARVEST_JOB_ARN | default('secret') | b64encode }}"
 {% if MARSHA_VAULT.DJANGO_SENTRY_DSN is defined and MARSHA_VAULT.DJANGO_SENTRY_DSN is not none %}
   DJANGO_SENTRY_DSN: "{{ MARSHA_VAULT.DJANGO_SENTRY_DSN | b64encode }}"
 {% endif %}

src/tray/templates/services/app/secret_cloudfront_private_key.yml.j2

@@ -38,11 +38,6 @@ marsha_xapi_replicas: 1
 marsha_celery_replicas: 1
 marsha_django_configuration: "Development"
 marsha_secret_name: "marsha-{{ marsha_vault_checksum | default('undefined_marsha_vault_checksum') }}"
-marsha_cloudfront_private_key_secret_name: "marsha-sshkey-{{ marsha_vault_checksum | default('undefined_marsha_vault_checksum') }}"
-marsha_cloudfront_private_key_path: "/private/.ssh/aws/ssh-privatekey"
-# Set this to true if you have configured AWS CloudFront to require requests
-# signature with the aforementioned SSH key
-marsha_should_sign_requests: true
 marsha_activate_http_basic_auth: false
 marsha_celery_command:
   - celery

src/tray/vars/all/main.yml

@@ -18,13 +18,5 @@ DJANGO_SECRET_KEY: {{ lookup('password', '/dev/null chars=ascii_lowercase,digits
 # DJANGO_AWS_ACCESS_KEY_ID: yourAwsAccessKeyId
 # DJANGO_AWS_SECRET_ACCESS_KEY: yourAwsSecretAccessKey
 
-# FIXME uncomment this block and replace with your cloudfront credentials
-# You can refer to Marsha's documentation to know what are these variables:
-# https://github.com/openfun/marsha/blob/master/docs/env.md#django_cloudfront_access_key_id
-# CloudFront User (has to be a root user, cannot be an IAM user)
-# DJANGO_CLOUDFRONT_ACCESS_KEY_ID: YourCloudfrontAccessKeyId
-# DJANGO_CLOUDFRONT_URL: https://yourCloudfrontUrl
-# DJANGO_CLOUDFRONT_PRIVATE_KEY:
-
 # JWT Token
 DJANGO_JWT_SIGNING_KEY: {{ lookup('password', '/dev/null chars=ascii_lowercase,digits length=50') }}