From 87503b8ed96813c259eb5b31afef1fc0cbdc7027 Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 17 Feb 2017 15:30:19 +0000
Subject: [PATCH] OIDC scope for mbs in staging.

---
 roles/ipsilon/files/oidc_scopes/mbs.py | 14 ++++++++++++++
 roles/ipsilon/tasks/main.yml           | 11 +++++++++++
 2 files changed, 25 insertions(+)
 create mode 100644 roles/ipsilon/files/oidc_scopes/mbs.py

diff --git a/roles/ipsilon/files/oidc_scopes/mbs.py b/roles/ipsilon/files/oidc_scopes/mbs.py
new file mode 100644
index 0000000000..73c7a7bc68
--- /dev/null
+++ b/roles/ipsilon/files/oidc_scopes/mbs.py
@@ -0,0 +1,14 @@
+from __future__ import absolute_import
+
+from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
+
+
+class OpenidCExtension(OpenidCExtensionBase):
+    name = 'mbs'
+    display_name = 'Module Builds'
+    scopes = {
+        'https://mbs.fedoraproject.org/oidc/submit-build': {
+            'display_name': 'Permission to submit new module builds',
+            'claims': [],
+        },
+    }
diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 4d77fb70ad..651668076c 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -36,6 +36,17 @@
   - ipsilon
   - ipsilon/oidc_scopes
 
+- name: Copy additional OpenID Connect scope registrations for staging
+  copy: src=oidc_scopes/{{item}}.py
+        dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
+        owner=root group=root mode=0644
+  with_items:
+  - mbs
+  when: env == 'staging'
+  tags:
+  - ipsilon
+  - ipsilon/oidc_scopes
+
 - name: Apply hotfix for taiga to get POST results
   copy: src=openid_server.py
         dest=/usr/lib/python2.7/site-packages/openid/server/server.py