Make ipsilon static config file public (staging), clean it up

The only secrets in this file, AFAIK, are the client secrets. Most of those are already defined as secret variables for the plays in this repo that deploy the services to use. So instead of duplicating most of the secrets, and keeping this file in the private repo where we can't do PRs and editing it is awkward, let's just make all the client secrets be variables, and make this file public. For all the cases where a secret wasn't already defined as a variable, I've added it, so this should work as-is. Note that the use of `flask_oidc_dev_stg_oidc_client_secret` twice is not an error in this PR; that secret was reused for the staging community blog client config. I have reported this at https://pagure.io/fedora-infrastructure/issue/12161#comment-963303 . This also removes the client configurations for several services which no longer exist. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2025-03-28 11:45:11 -07:00 · 2025-03-28 11:45:11 -07:00 · a23c9df05a
commit a23c9df05a
parent 8d65c9687c
2 changed files with 1311 additions and 0 deletions
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@ -145,6 +145,22 @@
  - oidc-config
  notify:
  - Restart apache
+  when: "env != 'staging'"
+
+- name: Template ipsilon OIDC client config
+  ansible.builtin.template:
+    src: "openidc.{{env}}.static.j2"
+    dest: /etc/ipsilon/root/openidc.static.cfg
+    owner: ipsilon
+    group: ipsilon
+    mode: "0600"
+  tags:
+  - ipsilon
+  - config
+  - oidc-config
+  notify:
+  - Restart apache
+  when: "env == 'staging'"

 - name: Copy ipsilon httpd config
  ansible.builtin.template:
--- a/roles/ipsilon/templates/openidc.staging.static.j2
+++ b/roles/ipsilon/templates/openidc.staging.static.j2