diff --git a/qhub/deploy.py b/qhub/deploy.py index 93557829da..e4c891456a 100644 --- a/qhub/deploy.py +++ b/qhub/deploy.py @@ -10,7 +10,6 @@ check_cloud_credentials, keycloak_provider_context, kubernetes_provider_context, - terraform_state_context, timer, ) @@ -202,33 +201,32 @@ def guided_install( else: provision_01_terraform_state(stage_outputs, config) - with terraform_state_context(config["provider"], config["terraform_state"]["type"]): - provision_02_infrastructure(stage_outputs, config) + provision_02_infrastructure(stage_outputs, config) + + with kubernetes_provider_context( + stage_outputs["stages/02-infrastructure"]["kubernetes_credentials"]["value"] + ): + provision_03_kubernetes_initialize(stage_outputs, config) + provision_04_kubernetes_ingress(stage_outputs, config) + provision_ingress_dns( + stage_outputs, + config, + dns_provider=dns_provider, + dns_auto_provision=dns_auto_provision, + disable_prompt=disable_prompt, + ) + provision_05_kubernetes_keycloak(stage_outputs, config) - with kubernetes_provider_context( - stage_outputs["stages/02-infrastructure"]["kubernetes_credentials"]["value"] + with keycloak_provider_context( + stage_outputs["stages/05-kubernetes-keycloak"]["keycloak_credentials"][ + "value" + ] ): - provision_03_kubernetes_initialize(stage_outputs, config) - provision_04_kubernetes_ingress(stage_outputs, config) - provision_ingress_dns( - stage_outputs, - config, - dns_provider=dns_provider, - dns_auto_provision=dns_auto_provision, - disable_prompt=disable_prompt, - ) - provision_05_kubernetes_keycloak(stage_outputs, config) - - with keycloak_provider_context( - stage_outputs["stages/05-kubernetes-keycloak"]["keycloak_credentials"][ - "value" - ] - ): - provision_06_kubernetes_keycloak_configuration(stage_outputs, config) - provision_07_kubernetes_services(stage_outputs, config) - provision_08_qhub_tf_extensions(stage_outputs, config) - - print("QHub deployed successfully") + provision_06_kubernetes_keycloak_configuration(stage_outputs, config) + provision_07_kubernetes_services(stage_outputs, config) + provision_08_qhub_tf_extensions(stage_outputs, config) + + print("QHub deployed successfully") print("Services:") for service_name, service in stage_outputs["stages/07-kubernetes-services"][ diff --git a/qhub/initialize.py b/qhub/initialize.py index c5734699f5..142925487e 100644 --- a/qhub/initialize.py +++ b/qhub/initialize.py @@ -451,6 +451,8 @@ def github_auto_provision(config, owner, repo): # Secrets if config["provider"] == "do": for name in { + "AWS_ACCESS_KEY_ID", + "AWS_SECRET_ACCESS_KEY", "SPACES_ACCESS_KEY_ID", "SPACES_SECRET_ACCESS_KEY", "DIGITALOCEAN_TOKEN", diff --git a/qhub/utils.py b/qhub/utils.py index a9a2f108cd..559341c45b 100644 --- a/qhub/utils.py +++ b/qhub/utils.py @@ -154,6 +154,8 @@ def check_cloud_credentials(config): ) elif config["provider"] == "do": for variable in { + "AWS_ACCESS_KEY_ID", + "AWS_SECRET_ACCESS_KEY", "SPACES_ACCESS_KEY_ID", "SPACES_SECRET_ACCESS_KEY", "DIGITALOCEAN_TOKEN", @@ -163,6 +165,21 @@ def check_cloud_credentials(config): f"""Missing the following required environment variable: {variable}\n Please see the documentation for more information: {DO_ENV_DOCS}""" ) + + if os.environ["AWS_ACCESS_KEY_ID"] != os.environ["SPACES_ACCESS_KEY_ID"]: + raise ValueError( + f"""The environment variables AWS_ACCESS_KEY_ID and SPACES_ACCESS_KEY_ID must be equal\n + See {DO_ENV_DOCS} for more information""" + ) + + if ( + os.environ["AWS_SECRET_ACCESS_KEY"] + != os.environ["SPACES_SECRET_ACCESS_KEY"] + ): + raise ValueError( + f"""The environment variables AWS_SECRET_ACCESS_KEY and SPACES_SECRET_ACCESS_KEY must be equal\n + See {DO_ENV_DOCS} for more information""" + ) elif config["provider"] == "local": pass else: @@ -328,22 +345,6 @@ def keycloak_provider_context(keycloak_credentials: Dict[str, str]): yield -@contextlib.contextmanager -def terraform_state_context(provider: str, terraform_state: str): - credentials = {} - - if provider == "do" and terraform_state == "remote": - credentials.update( - { - "AWS_ACCESS_KEY_ID": os.environ["SPACES_ACCESS_KEY_ID"], - "AWS_SECRET_ACCESS_KEY": os.environ["SPACES_SECRET_ACCESS_KEY"], - } - ) - - with modified_environ(**credentials): - yield - - def deep_merge(*args): """Deep merge multiple dictionaries.