openqa, relvalconsumer: write wikitcms token file for new auth

Unattended wiki interaction with the new openidc auth method requires a special token file which @puiterwijk created and put in the private store for us. Have the appropriate roles install it. Signed-off-by: Adam Williamson <awilliam@redhat.com>
2017-11-16 12:58:11 -08:00 · 2017-11-16 12:58:11 -08:00 · c5450c9cfe
commit c5450c9cfe
parent 37f84244a3
4 changed files with 19 additions and 2 deletions
--- a/inventory/group_vars/openqa
+++ b/inventory/group_vars/openqa
@ -22,6 +22,7 @@ openqa_secret: "{{ prod_openqa_apisecret }}"

 wikitcms_user: coconut
 wikitcms_password: "{{ prod_wikitcms_password }}"
+wikitcms_token: "{{ private }}/files/openidc/production/wikitcms.json"

 # The checkcompose settings below cause system(s) in this group to
 # send out check-compose reports. This could cause duplicate reports
--- a/inventory/group_vars/openqa-stg
+++ b/inventory/group_vars/openqa-stg
@ -32,6 +32,7 @@ openqa_key: "{{ stg_openqa_apikey }}"
 openqa_secret: "{{ stg_openqa_apisecret }}"

 wikitcms_password: "{{ stg_wikitcms_password }}"
+wikitcms_token: "{{ private }}/files/openidc/staging/wikitcms.json"

 checkcompose_url: "https://{{ external_hostname }}"

--- a/roles/openqa/dispatcher/tasks/main.yml
+++ b/roles/openqa/dispatcher/tasks/main.yml
@ -14,7 +14,10 @@
 # - wikitcms_user
 ##      string - FAS username for reporting results to wiki
 # - wikitcms_password
-##      string - password for relval_user
+##      string - password for wikitcms_user
+# - wikitcms_token
+##      string - a token file to install for unattended reporting to
+#                a wiki using openidc auth (Fedora wikis after 2017-11)
 # - deployment_type
 ##      string - Fedora Infrastructure thing; for this role, the
 ##               fedora_openqa config file will be set appropriately
@ -130,6 +133,12 @@
  tags:
  - config

+- name: Write wikitcms token file
+  copy: src={{ wikitcms_token }} dest=/root/.openidc/oidc_wikitcms.json owner=root group=root mode=0600
+  when: "wikitcms_token is defined"
+  tags:
+  - config
+
 - name: Enable fedmsg consumer
  template: src=openqa_consumer.py.j2 dest=/etc/fedmsg.d/openqa_consumer.py owner=root group=root mode=0644
  notify:
--- a/roles/relvalconsumer/tasks/main.yml
+++ b/roles/relvalconsumer/tasks/main.yml
@ -50,6 +50,12 @@
  tags:
  - config

+- name: Write wikitcms token file
+  copy: src={{ wikitcms_token }} dest=/root/.openidc/oidc_wikitcms.json owner=root group=root mode=0600
+  when: "wikitcms_token is defined"
+  tags:
+  - config
+
 - name: Check out relvalconsumer
  git:
    repo: https://pagure.io/fedora-qa/relvalconsumer.git
@ -66,7 +72,7 @@

 - name: Enable fedmsg consumer
  template: src=relvalconsumer.py.j2 dest=/etc/fedmsg.d/relvalconsumer.py owner=root group=root mode=0644
-  when: "wikitcms_user is defined and wikitcms_password is defined"
+  when: "wikitcms_user is defined and (wikitcms_password is defined or wikitcms_token is defined)"
  notify:
  - restart fedmsg-hub
  tags: