Add ODCS scopes (staging only).

roles/ipsilon/files/oidc_scopes/odcs.py

@@ -0,0 +1,22 @@
+from __future__ import absolute_import
+
+from ipsilon.providers.openidc.plugins.common import OpenidCExtensionBase
+
+
+class OpenidCExtension(OpenidCExtensionBase):
+    name = 'odcs'
+    display_name = 'On Demand Composes'
+    scopes = {
+        'https://pagure.io/odcs/new-compose': {
+            'display_name': 'Permission to request new composes',
+            'claims': [],
+        },
+        'https://pagure.io/odcs/renew-compose': {
+            'display_name': 'Permission to renew the expiry on composes',
+            'claims': [],
+        },
+        'https://pagure.io/odcs/delete-compose': {
+            'display_name': 'Permission to delete composes',
+            'claims': [],
+        },
+    }

roles/ipsilon/tasks/main.yml

@@ -48,6 +48,19 @@
   - ipsilon
   - ipsilon/oidc_scopes
 
+- name: Copy OpenID Connect stg-only scope registrations
+  copy: src=oidc_scopes/{{item}}.py
+        dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openidc/plugins/{{item}}.py
+        owner=root group=root mode=0644
+  with_items:
+  - odcs
+  notify:
+  - reload apache
+  tags:
+  - ipsilon
+  - ipsilon/oidc_scopes
+  when: env == 'staging'
+
 - name: Apply hotfix for taiga to get POST results
   copy: src=openid_server.py
         dest=/usr/lib/python2.7/site-packages/openid/server/server.py