From 87d39897314385a86256588d321eb57d6c18bcab Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Thu, 9 Feb 2017 19:44:48 +0000
Subject: [PATCH] OIDC details for MBS.

Try this for now.  If we need actual secret values, we can set those up.
---
 roles/mbs/common/tasks/main.yml                     | 10 ++++++++++
 roles/mbs/common/templates/client_secrets.json.prod | 12 ++++++++++++
 roles/mbs/common/templates/client_secrets.json.stg  | 12 ++++++++++++
 roles/mbs/common/templates/config.py                |  3 +++
 4 files changed, 37 insertions(+)
 create mode 100644 roles/mbs/common/templates/client_secrets.json.prod
 create mode 100644 roles/mbs/common/templates/client_secrets.json.stg

diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml
index 32280c3ad9..5a1126d3bb 100644
--- a/roles/mbs/common/tasks/main.yml
+++ b/roles/mbs/common/tasks/main.yml
@@ -25,3 +25,13 @@
   tags:
   - mbs
   - mbs/common
+
+- name: copy client secrets that aren't really secret.
+  template: >
+    src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
+    owner=root group=root mode=0644
+  notify:
+  - restart apache
+  tags:
+  - mbs
+  - mbs/common
diff --git a/roles/mbs/common/templates/client_secrets.json.prod b/roles/mbs/common/templates/client_secrets.json.prod
new file mode 100644
index 0000000000..e25c1b49a8
--- /dev/null
+++ b/roles/mbs/common/templates/client_secrets.json.prod
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/roles/mbs/common/templates/client_secrets.json.stg b/roles/mbs/common/templates/client_secrets.json.stg
new file mode 100644
index 0000000000..7fd5069dae
--- /dev/null
+++ b/roles/mbs/common/templates/client_secrets.json.stg
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/roles/mbs/common/templates/config.py b/roles/mbs/common/templates/config.py
index 4ed7531aa8..d245d456d0 100644
--- a/roles/mbs/common/templates/config.py
+++ b/roles/mbs/common/templates/config.py
@@ -117,3 +117,6 @@ class ProdConfiguration(BaseConfiguration):
     PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
     SCMURLS = ["git://pkgs.fedoraproject.org/modules/"]
 {% endif %}
+
+    # These aren't really secret.
+    OIDC_CLIENT_SECRETS = path.join(confdir, 'client_secrets.json')