Consolidate prod and stg configs

roles/fedoauth/tasks/main.yml

@@ -21,17 +21,6 @@
   template: src=fedoauth.cfg
             dest=/etc/fedoauth/fedoauth.cfg
             owner=fedoauth group=fedoauth mode=0600
-  when: env != "staging"
-  tags:
-  - config
-  notify:
-  - restart apache
-
-- name: copy fedoauth STG configuration
-  template: src=fedoauth.stg.cfg
-            dest=/etc/fedoauth/fedoauth.cfg
-            owner=fedoauth group=fedoauth mode=0600
-  when: env == "staging"
   tags:
   - config
   notify:

roles/fedoauth/templates/fedoauth.cfg

@@ -2,16 +2,27 @@
 
 # GENERAL CONFIGURATION
 ### url to the database server:
+{% if env == 'staging' %}
+SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
+{% else %}
 SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}/{{ fedoauth_db_name }}"
-#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
+{% endif %}
-#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
-#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
 
 # This is the OpenID endpoint url, at which the server is available
+{% if env == 'staging' %}
+WEBSITE_ROOT = 'https://id.stg/fedoraproject.org'
+COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
+OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
+PERSONA_DOMAIN = 'stg.fedoraproject.org'
+PERSONA_ISSUER = 'id.stg.fedoraproject.org'
+{% else %}
 WEBSITE_ROOT = 'https://id.fedoraproject.org'
 COOKIE_DOMAIN = 'id.fedoraproject.org'
-COOKIE_SECURE = True
 OPENID_IDENTITY_URL = 'http://%(username)s.id.fedoraproject.org/'
+PERSONA_DOMAIN = 'fedoraproject.org'
+PERSONA_ISSUER = 'id.fedoraproject.org'
+{% endif %}
+COOKIE_SECURE = True
 
 # Modules to use
 AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
@@ -29,8 +40,6 @@ FAS_AVAILABLE_TO = []
 
 # PERSONA CONFIGURATION
 # This is the domain for which we are willing to sign
-PERSONA_DOMAIN = 'fedoraproject.org'
-PERSONA_ISSUER = 'id.fedoraproject.org'
 PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.key'
 PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
 
@@ -45,7 +54,7 @@ OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/fi
                         'https://apps.fedoraproject.org/nuancier/',
                         'https://apps.fedoraproject.org/datagrepper/',
                         'https://apps.fedoraproject.org/calendar/',
-                        'https://apps.fedoraproject.org/notifications/',
+                        'http://apps.fedoraproject.org/notifications/',
                         'http://copr.fedoraproject.org/',
                         'http://copr-fe.cloud.fedoraproject.org/']
 OPENID_NON_TRUSTED_ROOTS = []

roles/fedoauth/templates/fedoauth.stg.cfg

@@ -1,53 +0,0 @@
-# Beware that the quotes around the values are mandatory
-
-# GENERAL CONFIGURATION
-### url to the database server:
-SQLALCHEMY_DATABASE_URI="postgresql://{{ fedoauth_db_user }}:{{ fedoauth_db_pass }}@{{ fedoauth_db_host }}.stg/{{ fedoauth_db_name }}"
-#SQLALCHEMY_DATABASE_URI='sqlite:///fedoauth.sqlite'
-#SQLALCHEMY_DATABASE_URI='mysql://user:pass@host/db_name'
-#SQLALCHEMY_DATABASE_URI='postgresql://user:pass@host/db_name'
-
-# This is the OpenID endpoint url, at which the server is available
-WEBSITE_ROOT = 'https://id.stg.fedoraproject.org'
-COOKIE_DOMAIN = 'id.stg.fedoraproject.org'
-COOKIE_SECURE = True
-OPENID_IDENTITY_URL = 'http://%(username)s.id.stg.fedoraproject.org/'
-
-# Modules to use
-AUTH_MODULE='fedoauth.auth.fas.Auth_FAS'
-
-# FAS PROVIDER CONFIGURATION
-FAS_USER_AGENT = 'FAS-OpenID'
-FAS_BASE_URL='https://admin.fedoraproject.org/accounts/'
-FAS_CHECK_CERT=False
-FAS_HTTPS_REQUIRED=False
-FAS_HANDLE_GROUPS_MAGIC_VALUE=True
-
-# Enable a filter to make this only available to a specific list of users
-FAS_AVAILABLE_FILTER = False
-FAS_AVAILABLE_TO = []
-
-# PERSONA CONFIGURATION
-# This is the domain for which we are willing to sign
-PERSONA_DOMAIN = 'stg.fedoraproject.org'
-PERSONA_ISSUER = 'id.stg.fedoraproject.org'
-PERSONA_PRIVATE_KEY_PATH = '/etc/fedoauth/persona.stg.key'
-PERSONA_PRIVATE_KEY_PASSPHRASE = '{{ fedoauth_persona_key_passphrase }}'
-
-# OPENID CONFIGURATION
-# This is the OpenID url provided to users. Add %(username)s where the username should be entered
-# A list of trust roots for which the user will not need to confirm again
-OPENID_TRUSTED_ROOTS = ['http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin',
-                        'https://ask.fedoraproject.org/',
-                        'https://fedorahosted.org/',
-                        'https://badges.fedoraproject.org',
-                        'https://apps.fedoraproject.org/tagger/',
-                        'https://apps.fedoraproject.org/nuancier/',
-                        'https://apps.fedoraproject.org/datagrepper/',
-                        'https://apps.fedoraproject.org/calendar/',
-                        'https://apps.fedoraproject.org/notifications/',
-                        'http://copr.fedoraproject.org/',
-                        'http://copr-fe.cloud.fedoraproject.org/']
-OPENID_NON_TRUSTED_ROOTS = []
-### The maximum time after which the user must re-authenticate for OpenID in minutes (use 0 for no limit)
-OPENID_MAX_AUTH_TIME = 120