Merge pull request #126 from projectsyn/fix/tenant-ref

Fix tenant name reclass references
projectsyn · Apr 6, 2022 · c7df42d · c7df42d
2 parents b9c5513 + fc0771e
commit c7df42d
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 17 deletions.
diff --git a/class/defaults.yml b/class/defaults.yml
@@ -45,7 +45,7 @@ parameters:
     admin:
       secretname: keycloak-admin-user
       username: admin
-      password: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/admin-password}"
+      password: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/admin-password}"
     # Replica count
     replicas: 2
 
@@ -55,8 +55,8 @@ parameters:
       provider: certmanager
       secretName: keycloak-tls
       vault:
-        cert: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/keycloak-cert}"
-        certKey: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/keycloak-cert-key}"
+        cert: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/keycloak-cert}"
+        certKey: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/keycloak-cert-key}"
       certmanager:
         apiVersion: cert-manager.io/v1
         certName: ${keycloak:tls:secretName}
@@ -78,8 +78,8 @@ parameters:
         certmanager:
           issuer: letsencrypt-production
         vault:
-          cert: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/ingress-cert}"
-          certKey: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/ingress-cert-key}"
+          cert: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/ingress-cert}"
+          certKey: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/ingress-cert-key}"
 
     route:
       enabled: false
@@ -123,7 +123,7 @@ parameters:
       provider: builtin
 
       secretname: keycloak-postgresql
-      password: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/db-password}"
+      password: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/db-password}"
       database: keycloak
       username: keycloak
       jdbcParams: sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt
@@ -132,8 +132,8 @@ parameters:
         enabled: true
         verification: selfsigned
         certSecretName: keycloak-postgresql-tls
-        serverCert: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/server-cert}"
-        serverCertKey: "?{vaultkv:${customer:name}/${cluster:name}/${_instance}/server-cert-key}"
+        serverCert: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/server-cert}"
+        serverCertKey: "?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/server-cert-key}"
 
       # Used when `provider=external`
       external:

diff --git a/docs/modules/ROOT/pages/how-tos/use-built-in-db.adoc b/docs/modules/ROOT/pages/how-tos/use-built-in-db.adoc
@@ -87,8 +87,8 @@ keycloak:
   k8up:
     enabled: true
     s3:
-      accesskey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/access-key}'
-      secretkey: '?{vaultkv:${customer:name}/${cluster:name}/global-backup/secret-key}'
+      accesskey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/access-key}'
+      secretkey: '?{vaultkv:${cluster:tenant}/${cluster:name}/global-backup/secret-key}'
 ----
 ====
 
diff --git a/docs/modules/ROOT/pages/references/parameters.adoc b/docs/modules/ROOT/pages/references/parameters.adoc
@@ -143,14 +143,14 @@ default:: `keycloak-tls`
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/keycloak-cert}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/keycloak-cert}`
 
 
 === `tls.vault.cert`
 
 [horizontal]
 type:: String
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/keycloak-cert-key}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/keycloak-cert-key}`
 
 
 === `tls.certmanager.apiVersion`
@@ -286,14 +286,14 @@ Name of the ClusterIssuer to use if `certmanager` is selected in `ingress.tls.pr
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/ingress-cert}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/ingress-cert}`
 
 
 === `ingress.tls.vault.certKey`
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/ingress-cert-key}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/ingress-cert-key}`
 
 
 == `route.enabled`
@@ -552,7 +552,7 @@ For example: `sslmode=verify-ca&sslrootcert=/opt/jboss/certs/tls.crt&mycustompar
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/db-password}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/db-password}`
 
 A Vault reference pointing to the Vault secret containing the Keycloak database password.
 
@@ -629,7 +629,7 @@ default:: `keycloak-postgresql-tls`
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/server-cert}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/server-cert}`
 
 See xref:how-tos/db-tls.adoc[Encrypt database connection] to install Keycloak with encryption.
 
@@ -638,7 +638,7 @@ See xref:how-tos/db-tls.adoc[Encrypt database connection] to install Keycloak wi
 
 [horizontal]
 type:: string
-default:: `?{vaultkv:${customer:name}/${cluster:name}/${_instance}/server-cert-key}`
+default:: `?{vaultkv:${cluster:tenant}/${cluster:name}/${_instance}/server-cert-key}`
 
 See xref:how-tos/db-tls.adoc[Encrypt database connection] to install Keycloak with encryption.