From d9636443cf84f20c18ac5e19fe58e36b559fb861 Mon Sep 17 00:00:00 2001
From: Benjamin Schmitz <benjamin.schmitz@tum.de>
Date: Thu, 16 Jan 2025 16:34:08 +0100
Subject: [PATCH] Rename broker to registry in firewall

---
 .../playbooks/artemis-cluster-broker.yml             | 12 ------------
 .../playbooks/artemis-cluster-registry.yml           |  2 +-
 roles/firewall/README.md                             |  6 +++---
 roles/firewall/defaults/main.yml                     |  2 +-
 roles/firewall/tasks/deprecations.yml                |  9 +++++++++
 roles/firewall/tasks/main.yml                        |  2 ++
 .../{rules_broker.v4.j2 => rules_registry.v4.j2}     |  0
 .../{rules_broker.v6.j2 => rules_registry.v6.j2}     |  0
 8 files changed, 16 insertions(+), 17 deletions(-)
 create mode 100644 roles/firewall/tasks/deprecations.yml
 rename roles/firewall/templates/{rules_broker.v4.j2 => rules_registry.v4.j2} (100%)
 rename roles/firewall/templates/{rules_broker.v6.j2 => rules_registry.v6.j2} (100%)

diff --git a/examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml b/examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml
index 61b2489..770855c 100644
--- a/examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml
+++ b/examples/multi-node-production-icl/playbooks/artemis-cluster-broker.yml
@@ -6,21 +6,9 @@
   roles:
     - role: ls1intum.artemis.broker
 
-    - role: ls1intum.artemis.proxy
-      vars:
-        proxy_forward_ssh: false
-        proxy_generate_dh_param: "{{ broker.proxy.generate_dh_param }}"
-        servers:
-          - name: "_"
-            ssl_certificate_path: "{{ broker.proxy.ssl_certificate_path }}"
-            ssl_certificate_key_path:  "{{ broker.proxy.ssl_certificate_key_path }}"
-            default_server: true
-        proxy_target_port: 8761
-
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
         # Management Networks - used to allow SSH / HTTP access to Hosts and services
         management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
         management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
diff --git a/examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml b/examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml
index 1680155..efa8192 100644
--- a/examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml
+++ b/examples/multi-node-production-icl/playbooks/artemis-cluster-registry.yml
@@ -21,7 +21,7 @@
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
+        firewall_hostgroup: registry
         # Management Networks - used to allow SSH / HTTP access to Hosts and services
         management_network_ipv4: "{{ firewall_management_network_ipv4 }}"
         management_network_ipv6: "{{ firewall_management_network_ipv6 }}"
diff --git a/roles/firewall/README.md b/roles/firewall/README.md
index 867dc7d..f2fb8ed 100644
--- a/roles/firewall/README.md
+++ b/roles/firewall/README.md
@@ -23,16 +23,16 @@ monitoring_host_ipv6: "2a09:80c0:89:1::32"
 You have to configure a special varaible to select the firewall rule set which is applied:
 
 ```
-firewall_hostgroup:  # Can be 'broker', 'nodes', 'proxy' or left blank for default rules
+firewall_hostgroup:  # Can be 'registry', 'nodes', 'proxy' or left blank for default rules
 ```
 
 ## Example usage:
 
-Example playbook for a broker:
+Example playbook for a registry:
 
 ```
     - role: ls1intum.artemis.firewall
       tags: firewall
       vars:
-        firewall_hostgroup: broker
+        firewall_hostgroup: registry
 ```
diff --git a/roles/firewall/defaults/main.yml b/roles/firewall/defaults/main.yml
index 2cf35f1..3575d13 100644
--- a/roles/firewall/defaults/main.yml
+++ b/roles/firewall/defaults/main.yml
@@ -1,6 +1,6 @@
 wireguard_port: 51820
 
-firewall_hostgroup:  # Can be 'broker', 'nodes', 'proxy' or left blank for default rules
+firewall_hostgroup:  # Can be 'registry', 'nodes', 'proxy' or left blank for default rules
 
 # Management Networks - used to allow SSH / HTTP access to Hosts and services
 management_network_ipv4: "172.24.152.0/24"
diff --git a/roles/firewall/tasks/deprecations.yml b/roles/firewall/tasks/deprecations.yml
new file mode 100644
index 0000000..6444dfd
--- /dev/null
+++ b/roles/firewall/tasks/deprecations.yml
@@ -0,0 +1,9 @@
+- name: Display deprecation notice
+  debug:
+    msg: "DEPRECATION NOTICE: Please use 'firewall_hostgroup: registry' instead of 'firewall_hostgroup: broker'."
+  when: firewall_hostgroup == 'broker'
+
+- name: Set default values for deprecated variables
+  set_fact:
+    firewall_hostgroup: "registry"
+  when: firewall_hostgroup == 'broker'
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
index 7ec3600..aa485a5 100644
--- a/roles/firewall/tasks/main.yml
+++ b/roles/firewall/tasks/main.yml
@@ -1,3 +1,5 @@
+- include_tasks: deprecations.yml
+
 - name: Install iptables-persistent
   become: true
   apt:
diff --git a/roles/firewall/templates/rules_broker.v4.j2 b/roles/firewall/templates/rules_registry.v4.j2
similarity index 100%
rename from roles/firewall/templates/rules_broker.v4.j2
rename to roles/firewall/templates/rules_registry.v4.j2
diff --git a/roles/firewall/templates/rules_broker.v6.j2 b/roles/firewall/templates/rules_registry.v6.j2
similarity index 100%
rename from roles/firewall/templates/rules_broker.v6.j2
rename to roles/firewall/templates/rules_registry.v6.j2