Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Update and deploy OIDC scopes

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2017-02-07 13:02:59 +00:00
parent ce2f293cd8
commit 788ecda667
4 changed files with 33 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/ipsilon/files/fedora-scopes.py
View file

@ -1,14 +0,0 @@
from __future__ import absolute_import
from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
class OpenidCExtension(OpenidCExtensionBase):
name = 'fedora'
display_name = 'Fedora'
scopes = {
'fedora': {
'display_name': 'Fedora',
'claims': ['cla', 'zoneinfo', 'groups']
}
}

22
roles/ipsilon/files/oidc_scopes/account-scopes.py Normal file
View file

@ -0,0 +1,22 @@
from __future__ import absolute_import
from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
class OpenidCExtension(OpenidCExtensionBase):
name = 'fedora-account'
display_name = 'Fedora Account Information'
scopes = {
'fedora': { # NOTE: This is temporary! DO NOT USE IN NEW PROJECTS!
'display_name': 'Fedora',
'claims': ['cla', 'zoneinfo', 'groups']
},
'https://id.fedoraproject.org/scope/groups': {
'display_name': 'Fedora Account Groups list',
'claims': ['groups']
},
'https://id.fedoraproject.org/scope/cla': {
'display_name': 'Fedora Account CLA status',
'claims': ['cla']
},
}

10
roles/ipsilon/tasks/main.yml
View file

@ -23,6 +23,16 @@
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openid/extensions/api.py dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openid/extensions/api.py
owner=root group=root mode=0644 owner=root group=root mode=0644
- name: Copy OpenID Connect scope registrations
copy: src=oidc_scopes/{{item}}.py
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
owner=root group=root mode=0644
with_items:
- account-scopes
tags:
- ipsilon
- ipsilon/oidc_scopes
- name: Apply hotfix for taiga to get POST results - name: Apply hotfix for taiga to get POST results
copy: src=openid_server.py copy: src=openid_server.py
dest=/usr/lib/python2.7/site-packages/openid/server/server.py dest=/usr/lib/python2.7/site-packages/openid/server/server.py

2
roles/ipsilon/templates/configuration.conf
View file

@ -39,7 +39,7 @@ openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key openidc idp key file=/etc/ipsilon/openidc{{env_suffix}}.key
openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }} openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
openidc enabled extensions= openidc enabled extensions=fedora-account
openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy