From e91a3e93639bbdb444df01408cc246112e62f1af Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Kadl=C4=8D=C3=ADk?= <frostyx@email.cz>
Date: Mon, 30 Jan 2017 21:20:36 +0100
Subject: [PATCH] Change some auth settings for Copr MBS

---
 roles/copr/mbs/tasks/main.yml                 |  7 +++----
 roles/copr/mbs/templates/client_secrets.json  | 12 ++++++++++++
 roles/copr/mbs/{files => templates}/config.py |  4 ++--
 3 files changed, 17 insertions(+), 6 deletions(-)
 create mode 100644 roles/copr/mbs/templates/client_secrets.json
 rename roles/copr/mbs/{files => templates}/config.py (86%)

diff --git a/roles/copr/mbs/tasks/main.yml b/roles/copr/mbs/tasks/main.yml
index 3efe525dad..1ae6d705dc 100644
--- a/roles/copr/mbs/tasks/main.yml
+++ b/roles/copr/mbs/tasks/main.yml
@@ -89,12 +89,11 @@
   file: path=/etc/module-build-service/__init__.py state=touch
 
 - name: Copy production config
-  copy: src=config.py dest=/etc/module-build-service/config.py
+  template: src=config.py dest=/etc/module-build-service/config.py
 
+- name: Install client_secrets.json
+  template: src=client_secrets.json dest=/etc/module-build-service/
 
-# @TODO Should be packaged in module_build_service package? Or we need to create our own?
-- name: Obtain client_secrets.json
-  get_url: url=https://pagure.io/fm-orchestrator/raw/master/f/conf/client_secrets.json dest=/etc/module-build-service/
 
 - name: Upgrade database
   command: mbs-upgradedb
diff --git a/roles/copr/mbs/templates/client_secrets.json b/roles/copr/mbs/templates/client_secrets.json
new file mode 100644
index 0000000000..ff490935ca
--- /dev/null
+++ b/roles/copr/mbs/templates/client_secrets.json
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "{{ copr_mbs_client_secret }}",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/roles/copr/mbs/files/config.py b/roles/copr/mbs/templates/config.py
similarity index 86%
rename from roles/copr/mbs/files/config.py
rename to roles/copr/mbs/templates/config.py
index 8f36b7e08f..e5c06e998b 100644
--- a/roles/copr/mbs/files/config.py
+++ b/roles/copr/mbs/templates/config.py
@@ -7,9 +7,9 @@ from base_config import confdir, dbdir
 
 class ProdConfiguration(base.ProdConfiguration):
     SYSTEM = 'copr'
-    FAS_USERNAME = 'someuser'
-    FAS_PASSWORD = 'secretkey'
+    REQUIRE_PACKAGER = False
     OIDC_CLIENT_SECRETS = '/etc/module-build-service/client_secrets.json'
+    SECRET_KEY = '{{ copr_mbs_secret_key }}'
 
 
 class DevConfiguration(base.DevConfiguration):