From 714d351fc9ba1a311e293239687cef19118c465f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Thu, 16 Nov 2017 19:33:04 +0000
Subject: [PATCH] Add src.fp.o to trusted roots and deploy wiki scope to prod

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 roles/ipsilon/tasks/main.yml               | 4 ++--
 roles/ipsilon/templates/configuration.conf | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 81c9573723..2b307f0ff1 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -43,6 +43,7 @@
   - beaker
   - waiverdb
   - odcs
+  - wiki
   notify:
   - reload apache
   tags:
@@ -54,8 +55,7 @@
         dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
         owner=root group=root mode=0644
   when: env == "staging"
-  with_items:
-  - wiki
+  with_items: []
   notify:
   - reload apache
   tags:
diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 5316696cec..17239f721d 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -23,7 +23,7 @@ global enabled=allow
 global enabled=persona,openid,saml2,openidc
 
 {% if env == "production" %}
-openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs
+openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs,wiki
 {% else %}
 openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs,wiki
 {% endif %}
@@ -61,7 +61,7 @@ openid identity url template=http://%(username)s.id{{env_suffix}}.fedoraproject.
 {% if env == 'staging' %}
 openid trusted roots=
 {% else %}
-openid trusted roots=http://jenkins.fedorainfracloud.org/securityRealm/finishLogin,http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin,https://ask.fedoraproject.org/,https://fedorahosted.org/,https://badges.fedoraproject.org,https://apps.fedoraproject.org/tagger/,https://apps.fedoraproject.org/nuancier/,https://apps.fedoraproject.org/datagrepper/,https://apps.fedoraproject.org/calendar/,http://apps.fedoraproject.org/notifications/,http://copr.fedoraproject.org/,https://copr.fedoraproject.org/,https://admin.fedoraproject.org/pkgdb/,https://admin.fedoraproject.org/voting/,https://apps.fedoraproject.org/github2fedmsg,https://admin.fedoraproject.org,https://apps.fedoraproject.org/,https://release-monitoring.org/,http://pagure.io/,http://admin.fedoraproject.org/mirrormanager/,https://apps.fedoraproject.org/koschei/,https://bodhi.fedoraproject.org,https://lists.fedoraproject.org/,https://openqa.fedoraproject.org/
+openid trusted roots=http://jenkins.fedorainfracloud.org/securityRealm/finishLogin,http://jenkins.cloud.fedoraproject.org/securityRealm/finishLogin,https://ask.fedoraproject.org/,https://fedorahosted.org/,https://badges.fedoraproject.org,https://apps.fedoraproject.org/tagger/,https://apps.fedoraproject.org/nuancier/,https://apps.fedoraproject.org/datagrepper/,https://apps.fedoraproject.org/calendar/,http://apps.fedoraproject.org/notifications/,http://copr.fedoraproject.org/,https://copr.fedoraproject.org/,https://admin.fedoraproject.org/pkgdb/,https://admin.fedoraproject.org/voting/,https://apps.fedoraproject.org/github2fedmsg,https://admin.fedoraproject.org,https://apps.fedoraproject.org/,https://release-monitoring.org/,http://pagure.io/,http://admin.fedoraproject.org/mirrormanager/,https://apps.fedoraproject.org/koschei/,https://bodhi.fedoraproject.org,https://lists.fedoraproject.org/,https://openqa.fedoraproject.org/,https://src.fedoraproject.org/
 {% endif %}
 openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openid untrusted roots=