Revert "[DDO-3749] use gsm instead of vault" (#1633)

automation/canary-prod-test.sh

@@ -5,6 +5,7 @@ set -e
 set -x
 
 ENV=$1
+VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)}
 WORKING_DIR=${3:-$PWD}
 NEED_TOKEN=false
 
@@ -16,16 +17,7 @@ else
     echo "Starting canary test in Production"
 fi
 
-DOCKER_ARGS=(
-  "run"
-  "--rm"
-  "-v ${HOME}/.config/gcloud:/root/.config/gcloud"
-  "google/cloud-sdk"
-)
-
-SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
-# Expand the array of args and pass them to `docker`
-JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa")
+JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'`
 
 users=(
      dumbledore.admin@test.firecloud.org
@@ -66,7 +58,7 @@ if [ $ENV = "prod" ]; then
 
     do
             echo $i
-            sleep 60
+            sleep 1m
             monitorSubmission dumbledore.admin@test.firecloud.org broad-firecloud-dsde CanaryTest $submissionId
             ((i++))
     done

automation/complex-prod-workflow-test.sh

@@ -6,6 +6,7 @@ set -e
 set -x
 
 ENV=$1
+VAULT_TOKEN=${2:-$(cat $HOME/.vault-token)}
 WORKING_DIR=${3:-$PWD}
 NEED_TOKEN=false
 
@@ -17,17 +18,7 @@ else
     echo "Starting complex workflow test in Production"
 fi
 
-
-DOCKER_ARGS=(
-  "run"
-  "--rm"
-  "-v ${HOME}/.config/gcloud:/root/.config/gcloud"
-  "google/cloud-sdk"
-)
-
-SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
-# Expand the array of args and pass them to `docker`
-JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsde-dev --secret firecloud-sa")
+JSON_CREDS=`docker run --rm -e VAULT_TOKEN=$VAULT_TOKEN -e VAULT_ADDR=https://clotho.broadinstitute.org:8200 broadinstitute/dsde-toolbox vault read -format=json secret/dsde/firecloud/prod/common/canary/firecloud-account.json | jq '.data'`
 
 users=(
      dumbledore.admin@test.firecloud.org
@@ -68,7 +59,7 @@ if [ $ENV = "prod" ]; then
 
     do
             echo $i
-            sleep 300
+            sleep 5m
             monitorSubmission dumbledore.admin@test.firecloud.org broad-firecloud-dsde complex-featured-workflow $submissionId
             ((i++))
     done

jenkins/jenkins_build.sh

@@ -4,21 +4,11 @@ set -eux
 
 GCR_SVCACCT_VAULT="secret/dsde/dsp-techops/common/dspci-wb-gcr-service-account.json"
 GCR_REPO_PROJ="broad-dsp-gcr-public"
+VAULT_TOKEN=${VAULT_TOKEN:-$(cat /etc/vault-token-dsde)}
 
-gcloud auth activate-service-account --key-file=${DSP_TECHOPS_SVC_ACCT}
-
-DOCKER_ARGS=(
-  "run"
-  "--rm"
-  "-v ${HOME}/.config/gcloud:/root/.config/gcloud"
-  "google/cloud-sdk"
-)
-
-SECRET_ACCESS_ACCOUNT=jenkins-firecloud@broad-dsp-techops.iam.gserviceaccount.com
-# Expand the array of args and pass them to `docker`
-JSON_CREDS=$(docker ${DOCKER_ARGS[*]} /bin/bash -c "gcloud config set account ${SECRET_ACCESS_ACCOUNT} && gcloud secrets versions access latest --project broad-dsp-techops --secret dspci-wb-gcr-service-account")
-
-echo ${JSON_CREDS} | jq . > dspci-wb-gcr-service-account.json
+docker run --rm  -e VAULT_TOKEN=$VAULT_TOKEN \
+   broadinstitute/dsde-toolbox:latest vault read --format=json ${GCR_SVCACCT_VAULT} \
+   | jq .data > dspci-wb-gcr-service-account.json
 
 ./scripts/build.sh compile -d push -g gcr.io/broad-dsp-gcr-public/${PROJECT} -k "dspci-wb-gcr-service-account.json"