Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

Define mediawiki scope

Browse source 
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
This commit is contained in:
Patrick Uiterwijk 2017-11-13 00:36:52 +00:00
parent 99f92097af
commit bc0bd0df5b
4 changed files with 29 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

14
roles/ipsilon/files/oidc_scopes/wiki.py Normal file
View file

@ -0,0 +1,14 @@
from __future__ import absolute_import
from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
class OpenidCExtension(OpenidCExtensionBase):
name = 'wiki'
display_name = 'Fedora Wiki'
scopes = {
'https://fedoraproject.org/wiki/api': {
'display_name': 'Fedora Wiki API access',
'claims': [],
},
}

13
roles/ipsilon/tasks/main.yml
View file

@ -49,6 +49,19 @@
- ipsilon - ipsilon
- ipsilon/oidc_scopes - ipsilon/oidc_scopes
- name: Copy OpenID Connect scope registrations (STAGING)
copy: src=oidc_scopes/{{item}}.py
dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
owner=root group=root mode=0644
when: env == "staging"
with_items:
- wiki
notify:
- reload apache
tags:
- ipsilon
- ipsilon/oidc_scopes
- name: Apply hotfix for taiga to get POST results - name: Apply hotfix for taiga to get POST results
copy: src=openid_server.py copy: src=openid_server.py
dest=/usr/lib/python2.7/site-packages/openid/server/server.py dest=/usr/lib/python2.7/site-packages/openid/server/server.py

2
roles/ipsilon/templates/configuration.conf
View file

@ -25,7 +25,7 @@ global enabled=persona,openid,saml2,openidc
{% if env == "production" %} {% if env == "production" %}
openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs
{% else %} {% else %}
openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs openidc enabled extensions=fedora-account,mbs,beaker,waiverdb,odcs,wiki
{% endif %} {% endif %}
{% if env == 'staging' %} {% if env == 'staging' %}

2
roles/mediawiki/templates/LocalSettings.php.fp.j2
View file

@ -569,7 +569,7 @@ $wgOpenIDConnect_MigrateUsersByEmail = false;
$wgOpenIDConnect_ForceLogout = false; $wgOpenIDConnect_ForceLogout = false;
$wgOpenIDConnectAPI_Issuer = 'https://id{{ env_suffix }}.fedoraproject.org/openidc/'; $wgOpenIDConnectAPI_Issuer = 'https://id{{ env_suffix }}.fedoraproject.org/openidc/';
$wgOpenIDConnectAPI_TokenInfoURL = "https://id{{ env_suffix }}.fedoraproject.org/openidc/TokenInfo"; $wgOpenIDConnectAPI_TokenInfoURL = "https://id{{ env_suffix }}.fedoraproject.org/openidc/TokenInfo";
$wgOpenIDConnectAPI_TokenScope = "fedoraproject.org/wiki/api"; $wgOpenIDConnectAPI_TokenScope = "https://fedoraproject.org/wiki/api";
# Fixed for OIDC redirect url generation # Fixed for OIDC redirect url generation
{% if env == "staging" %} {% if env == "staging" %}