Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Set OIDC secrets in place for MBS service provider.

Browse source
This commit is contained in:
Ralph Bean 2017-02-15 15:52:03 +00:00
parent c1b28e4568
commit 9f6dafbe93
3 changed files with 13 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

5
roles/mbs/common/tasks/main.yml
View file

@ -26,10 +26,11 @@
- mbs - mbs
- mbs/common - mbs/common
- name: copy client secrets that aren't really secret. - name: copy client secrets
template: > template: >
src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
owner=root group=root mode=0644 owner=root group=apache mode=0640
when: inventory_hostname.startswith('mbs-web')
notify: notify:
- restart apache - restart apache
tags: tags:

11
roles/mbs/common/templates/client_secrets.json.production
View file

@ -1,12 +1,11 @@
{ {
"web": { "web": {
"auth_uri": "https://id.fedoraproject.org/openidc/Authorization", "auth_uri": "https://id.fedoraproject.org/openidc/Authorization",
"client_id": "mbs-authorizer", "client_id": "mbs-prod",
"client_secret": "notsecret", "client_secret": "{{ mbs_prod_oidc_client_secret }}",
"redirect_uris": [ "redirect_uris": [],
"http://localhost:13747/"
],
"token_uri": "https://id.fedoraproject.org/openidc/Token", "token_uri": "https://id.fedoraproject.org/openidc/Token",
"token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo" "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo",
"userinfo_uri": "https://id.fedoraproject.org/openidc/UserInfo"
} }
} }

11
roles/mbs/common/templates/client_secrets.json.staging
View file

@ -1,12 +1,11 @@
{ {
"web": { "web": {
"auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization", "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
"client_id": "mbs-authorizer", "client_id": "mbs-stg",
"client_secret": "notsecret", "client_secret": "{{ mbs_stg_oidc_client_secret }}",
"redirect_uris": [ "redirect_uris": [],
"http://localhost:13747/"
],
"token_uri": "https://id.stg.fedoraproject.org/openidc/Token", "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
"token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo" "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo",
"userinfo_uri": "https://id.stg.fedoraproject.org/openidc/UserInfo"
} }
} }