Switch Koschei web auth to OpenIDC

inventory/group_vars/koschei-web

@@ -12,9 +12,11 @@ koschei_pgsql_hostname: db01.phx2.fedoraproject.org
 koschei_koji_hub: koji02.phx2.fedoraproject.org
 koschei_kojipkgs: kojipkgs.fedoraproject.org
 koschei_koji_web: koji.fedoraproject.org
-koschei_openid_provider: id.fedoraproject.org
+koschei_oidc_provider: id.fedoraproject.org
 koschei_bugzilla: bugzilla.redhat.com
 
+koschei_oidc_client_secret: "{{ koschei_oidc_client_secret_prod }}"
+koschei_oidc_crypto_secret: "{{ koschei_oidc_crypto_secret_prod }}"
 
 tcp_ports: [ 80, 443 ]
 

inventory/group_vars/koschei-web-stg

@@ -11,9 +11,12 @@ koschei_topurl: https://apps.stg.fedoraproject.org/koschei
 koschei_pgsql_hostname: pgbdr.stg.phx2.fedoraproject.org
 koschei_kojipkgs: koji.stg.fedoraproject.org
 koschei_koji_web: koji.stg.fedoraproject.org
-koschei_openid_provider: id.stg.fedoraproject.org
+koschei_oidc_provider: id.stg.fedoraproject.org
 koschei_bugzilla: partner-bugzilla.redhat.com
 
+koschei_oidc_client_secret: "{{ koschei_oidc_client_secret_stg }}"
+koschei_oidc_crypto_secret: "{{ koschei_oidc_crypto_secret_stg }}"
+
 tcp_ports: [ 80, 443 ]
 
 custom_rules: [

roles/koschei/frontend/tasks/main.yml

@@ -4,7 +4,7 @@
   - koschei-frontend
   - koschei-frontend-fedora
   - koschei-frontend-copr
-  - "{{ 'mod_auth_openidc' if env == 'staging' else 'mod_auth_openid' }}"
+  - mod_auth_openidc
   tags:
   - koschei
   - packages

roles/koschei/frontend/templates/config-frontend.cfg.j2

@@ -61,20 +61,13 @@ config = {
     "frontend": {
         "builds_per_page": 8,
         "auth": {
-            {% if env == 'staging' %}
             "user_re": "(.+)",
             "user_env": "OIDC_CLAIM_nickname",
-            {% else %}
-            "user_re": "http://(.+)\\.id{{ env_prefix }}\\.fedoraproject\\.org/",
-            {% endif %}
         },
         "fedora_assets_url": "/global",
         "fedmenu_url": "/fedmenu",
         "fedmenu_data_url": "/js/data.js",
     },
-    "openid": {
-        "openid_provider": "{{ koschei_openid_provider }}",
-    },
     "links": [
         {"name": "Packages",
          "url": "https://apps{{ env_prefix }}.fedoraproject.org/packages/{package.name}"},

roles/koschei/frontend/templates/httpd.conf.j2

@@ -16,17 +16,11 @@
         Require all granted
     </Directory>
 
-{% if env == 'staging' %}
     OIDCRedirectURI "{{ koschei_topurl }}/login/redirect_uri"
-    OIDCProviderMetadataURL "https://{{ koschei_openid_provider }}/openidc/wellknown_openid_configuration"
+    OIDCProviderMetadataURL "https://{{ koschei_oidc_provider }}/openidc/wellknown_openid_configuration"
     OIDCClientID "koschei"
-    {% if env == 'staging' %}
-    OIDCClientSecret "{{ koschei_oidc_client_secret_stg }}"
-    OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret_stg }}"
-    {% else %}
     OIDCClientSecret "{{ koschei_oidc_client_secret }}"
     OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret }}"
-    {% endif %}
     OIDCSSLValidateServer On
     OIDCResponseType "code"
 
@@ -36,14 +30,4 @@
         AuthType openid-connect
         Require valid-user
     </Location>
-{% else %}
-    <Location /koschei/login>
-        Require valid-user
-        AuthType OpenID
-        AuthOpenIDSingleIdP https://{{ koschei_openid_provider }}/
-        AuthOpenIDServerName https://apps.fedoraproject.org
-        AuthOpenIDTrustRoot https://apps.fedoraproject.org/koschei/
-        AuthOpenIDUseCookie off
-    </Location>
-{% endif %}
 </VirtualHost>