library/roles/smartgears/smartgears: Do not store the user token inside the get-scopes script.

smartgears/smartgears/tasks/smartgears-app.yml

@@ -56,13 +56,12 @@
 - name: Install the script that fetches the scope tokens
   template: src=get-scopes.j2 dest=/usr/local/bin/get-scopes owner=root group={{ smartgears_user }} mode=0750
   with_items: '{{ tomcat_m_instances }}'
-  when: gcube_admin_token is defined
   tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
 
 - name: Get the scope tokens from the authorization service
   become: True
   become_user: '{{ smartgears_user }}'
-  shell: /usr/local/bin/get-scopes
+  shell: /usr/local/bin/get-scopes {{ gcube_admin_token | default(omit) }}
   when: gcube_admin_token is defined
   tags: [ 'smartgears', 'smartgears_conf', 'tomcat' ]
 

smartgears/smartgears/templates/get-scopes.j2

@@ -1,7 +1,12 @@
 #!/bin/bash
 
 DESTFILE={{ smartgears_user_home }}/.containerxml/2-container.xml
-TOKEN=
+
+if [ $# -ne 1 ] ; then
+    echo "The token must be passed as the sole argument"
+    exit 1
+fi
+TOKEN=$1
 
 {%if setup_nginx %}
 {%if https_port is defined %}
@@ -25,6 +30,6 @@ done
 
 cd /usr/local/lib
 
-java TokenGenerator {{ smartgears_hostname }} {{ gcube_admin_token }} $HTTP_PORT $DESTFILE {% for scope in smartgears_scopes %}{{ scope }} {% endfor %}
+java TokenGenerator {{ smartgears_hostname }} $TOKEN $HTTP_PORT $DESTFILE {% for scope in smartgears_scopes %}{{ scope }} {% endfor %}
 
 exit 0