waiverdb role: miscellaneous fixes

2017-05-17 09:20:36 +10:00 · 2017-05-17 09:20:36 +10:00 · d57e04b839
commit d57e04b839
parent d05ec70a9b
3 changed files with 9 additions and 2 deletions
--- a/roles/waiverdb/defaults/main.yml
+++ b/roles/waiverdb/defaults/main.yml
@ -5,4 +5,4 @@ waiverdb_oidc_token_uri: 'https://iddev.fedorainfracloud.org/openidc/Token'
 waiverdb_oidc_client_id: 'D-eb5668aa-f962-4d9e-8131-4ef6d7840436'
 waiverdb_oidc_client_secret: 'QctUSOfqot6-XQd7YG0DeIAI81wlc7oD'
 waiverdb_oidc_token_introspection_uri: 'https://iddev.fedorainfracloud.org/openidc/TokenInfo'
-waiverdb_oidc_userinfo_uri: 'https://iddev.fedorainfracloud.org/openidc/UserInfo"'
+waiverdb_oidc_userinfo_uri: 'https://iddev.fedorainfracloud.org/openidc/UserInfo'
--- a/roles/waiverdb/tasks/main.yml
+++ b/roles/waiverdb/tasks/main.yml
@ -1,6 +1,10 @@
 ---
 - include: psql_setup.yml

+# Need to set selinux to permissive for now due to https://bugzilla.redhat.com/show_bug.cgi?id=1291940
+- name: switch selinux to permissive
+  selinux: policy=targeted state=permissive
+
 - name: install needed packages (yum)
  yum: pkg={{ item }} state=present
  with_items:
--- a/roles/waiverdb/templates/etc/waiverdb/settings.py.j2
+++ b/roles/waiverdb/templates/etc/waiverdb/settings.py.j2
@ -5,4 +5,7 @@ SECRET_KEY = '{{ stg_waiverdb_secret_key }}'
 {% else %}
 SECRET_KEY = '{{ dev_waiverdb_secret_key }}'
 {% endif %}
-SQLALCHEMY_DATABASE_URI = 'postgresql://waiverdb-user@:{{ waiverdb_db_port }}/waiverdb
+SQLALCHEMY_DATABASE_URI = 'postgresql://waiverdb-user@:{{ waiverdb_db_port }}/waiverdb'
+OIDC_CLIENT_SECRETS = '/etc/waiverdb/client_secrets.json'
+OIDC_REQUIRED_SCOPE = 'https://waiverdb.fedoraproject.org/oidc/create-waiver'
+OIDC_RESOURCE_SERVER_ONLY = True