From 1a79d5b76e7b18641e47b627a670f4708f5443ef Mon Sep 17 00:00:00 2001
From: Ryan Lerch <rlerch@redhat.com>
Date: Wed, 9 Mar 2022 09:03:36 +1000
Subject: [PATCH] Add config for OIDC for bodhi staging

Signed-off-by: Ryan Lerch <rlerch@redhat.com>
---
 roles/bodhi2/base/templates/production.ini.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/bodhi2/base/templates/production.ini.j2 b/roles/bodhi2/base/templates/production.ini.j2
index a6e4ef53ce..7712146303 100644
--- a/roles/bodhi2/base/templates/production.ini.j2
+++ b/roles/bodhi2/base/templates/production.ini.j2
@@ -666,6 +666,14 @@ openid.url = https://id{{env_suffix}}.fedoraproject.org/
 openid_template = {username}.id{{env_suffix}}.fedoraproject.org
 openid.sreg_required = email nickname
 
+{% if env == 'staging' %}
+# OIDC (OpenID Connect)
+oidc.fedora.client_id = bodhi
+oidc.fedora.client_secret = {{ bodhi2_oidc_client_secret }}
+oidc.fedora.server_metadata_url = http://id.stg.fedoraproject.org/openidc/.well-known/openid-configuration
+{% endif %}
+
+
 # CORS allowed origins for cornice services
 # This can be wide-open.  read-only, we don't care as much about.
 cors_origins_ro = *