From aa0fbcad183fa6ce4231c7937b1d30427ddef4b1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Aur=C3=A9lien=20Bompard?= <aurelien@bompard.org>
Date: Thu, 20 Apr 2023 12:42:32 +0200
Subject: [PATCH] Ipsilon: automatically load the SAML2 metadata for PDC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
---
 roles/ipsilon/tasks/main.yml           | 6 ++++++
 roles/ipsilon/templates/saml2_data_stg | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 62bda9c209..197b964fea 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -99,6 +99,12 @@
   notify:
   - restart apache
 
+- name: load the PDC SAML2 metadata that will be included in the configuration.conf file
+  uri:
+    url: https://pdc{{ env_suffix }}.fedoraproject.org/saml2/metadata
+    return_content: yes
+  register: pdc_metadata
+
 - name: copy ipsilon admin configuration
   template:
     src: "configuration.conf"
diff --git a/roles/ipsilon/templates/saml2_data_stg b/roles/ipsilon/templates/saml2_data_stg
index c30fa6f4c7..a3ac95e4ca 100644
--- a/roles/ipsilon/templates/saml2_data_stg
+++ b/roles/ipsilon/templates/saml2_data_stg
@@ -6,7 +6,7 @@ beakerstg metadata=<?xml version='1.0' encoding='UTF-8'?><md:EntityDescriptor xm
 pdcstg id = https://pdc.stg.fedoraproject.org/saml2
 pdcstg type = SP
 pdcstg name = Product Definition Center STAGING
-pdcstg metadata = <?xml version='1.0' encoding='UTF-8'?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" cacheDuration="P7D" entityID="https://pdc.stg.fedoraproject.org/saml2"><md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDGTCCAgGgAwIBAgIJAISFaB3/KZDhMA0GCSqGSIb3DQEBCwUAMCMxITAfBgNVBAMMGHBkYy5mZWRvcmFpbmZyYWNsb3VkLm9yZzAeFw0xNTA5MzAxMDM4NTFaFw0yMDA5MjgxMDM4NTFaMCMxITAfBgNVBAMMGHBkYy5mZWRvcmFpbmZyYWNsb3VkLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALLA2h4tYn7tAFwFZ2JBxLLcpIY55/NpdQP1yLSfvD4huT3rWRLoojiEpIM61qgnJmVsZ4oPkkSmU3pWLrjwZeD5XQimtg6GPHitjIIHhUgPDncpdGsbD1J/Jv7V/gj0CvI9ak0i9d0zxaKGaejP0VL78xeaEPf53LQywqrV9iGDRpcJzQZrqwUvrSIDRn7SmUNvDYQL6voAO6la/43CO8oIMiGE/qNs8sK/KupifxjN4BvZzK6ofpYqhycwJFHUTZ5mAEXspINIOr8I43ApF6+RDWyIt2G2GK7gwkLfNfb/3Lht8/oMjyiPvKuhSqaDbfcSwsU2A9k9vqV0ufL++VUCAwEAAaNQME4wHQYDVR0OBBYEFMy2MUOk6B9kN0nLDO4w7Ja/oL2dMB8GA1UdIwQYMBaAFMy2MUOk6B9kN0nLDO4w7Ja/oL2dMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAHWk0SZYofIu0HP96D2RFghS7bcFGoTzG4uOK8v9cYtM3f3NO5NlmMNYeLG3wbBA+7pZgmIEReZkGlGq4kR4PqulKE4yymyuzIEUYFwlHfxrWCIH7/A211WxTQRXBGT2h4+uwpqOOOUdd8KHBdRIzYKiNEBjUgbya9fObxPZK2jx7zUqqa7KneEXaZ86LqPQU6+dv3i4yZE7PkeJ3Pl5wVSIJ7dxIN+81YhfuL3poknqDYmJ4QHNMcbS3gBaTTsUAUyfPXlAbWaGdypAuzxkwt9etX/bExs/0k28REwtZo9q04R48Ejlv4ckKIOFY7aO8saseB4A/n/oLfrW+/8qBnM=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://pdc.stg.fedoraproject.org/saml2/logout"/><md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://pdc.stg.fedoraproject.org/saml2/postResponse" index="0"/><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat></md:SPSSODescriptor></md:EntityDescriptor>
+pdcstg metadata = {{ pdc_metadata.content | replace("\n", " ") }}
 
 rhdev id = https://bzweb01-devel.app.eng.bne.redhat.com/saml2_metadata.cgi
 rhdev type = SP