OIDC details for MBS.

Try this for now. If we need actual secret values, we can set those up.
author: Ralph Bean <rbean@redhat.com> 2017-02-09 19:44:48 +0000
committer: Ralph Bean <rbean@redhat.com> 2017-02-09 19:55:56 +0000
commit: 87d39897314385a86256588d321eb57d6c18bcab (patch)
tree: 62ee6f96337e0801a38ec3ee74605fdcb0dd08c8
parent: 723817c096fa673f2116f227da5d758d9a4c46b7 (diff)
download: ansible-87d39897314385a86256588d321eb57d6c18bcab.tar.gz
ansible-87d39897314385a86256588d321eb57d6c18bcab.tar.xz
ansible-87d39897314385a86256588d321eb57d6c18bcab.zip
4 files changed, 37 insertions, 0 deletions
diff --git a/roles/mbs/common/tasks/main.yml b/roles/mbs/common/tasks/main.yml
index 32280c3ad..5a1126d3b 100644
--- a/roles/mbs/common/tasks/main.yml
+++ b/roles/mbs/common/tasks/main.yml
@@ -25,3 +25,13 @@
   tags:
   - mbs
   - mbs/common
+
+- name: copy client secrets that aren't really secret.
+  template: >
+    src=client_secrets.json.{{env}} dest=/etc/module-build-service/client_secrets.json
+    owner=root group=root mode=0644
+  notify:
+  - restart apache
+  tags:
+  - mbs
+  - mbs/common
diff --git a/roles/mbs/common/templates/client_secrets.json.prod b/roles/mbs/common/templates/client_secrets.json.prod
new file mode 100644
index 000000000..e25c1b49a
--- /dev/null
+++ b/roles/mbs/common/templates/client_secrets.json.prod
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/roles/mbs/common/templates/client_secrets.json.stg b/roles/mbs/common/templates/client_secrets.json.stg
new file mode 100644
index 000000000..7fd5069da
--- /dev/null
+++ b/roles/mbs/common/templates/client_secrets.json.stg
@@ -0,0 +1,12 @@
+{
+    "web": {
+        "auth_uri": "https://id.stg.fedoraproject.org/openidc/Authorization",
+        "client_id": "mbs-authorizer",
+        "client_secret": "notsecret",
+        "redirect_uris": [
+            "http://localhost:13747/"
+        ],
+        "token_uri": "https://id.stg.fedoraproject.org/openidc/Token",
+        "token_introspection_uri": "https://id.stg.fedoraproject.org/openidc/TokenInfo"
+    }
+}
diff --git a/roles/mbs/common/templates/config.py b/roles/mbs/common/templates/config.py
index 4ed7531aa..d245d456d 100644
--- a/roles/mbs/common/templates/config.py
+++ b/roles/mbs/common/templates/config.py
@@ -117,3 +117,6 @@ class ProdConfiguration(BaseConfiguration):
     PDC_URL = 'https://pdc.fedoraproject.org/rest_api/v1'
     SCMURLS = ["git://pkgs.fedoraproject.org/modules/"]
 {% endif %}
+
+    # These aren't really secret.
+    OIDC_CLIENT_SECRETS = path.join(confdir, 'client_secrets.json')
author	Ralph Bean <rbean@redhat.com>	2017-02-09 19:44:48 +0000
committer	Ralph Bean <rbean@redhat.com>	2017-02-09 19:55:56 +0000
commit	87d39897314385a86256588d321eb57d6c18bcab (patch)
tree	62ee6f96337e0801a38ec3ee74605fdcb0dd08c8
parent	723817c096fa673f2116f227da5d758d9a4c46b7 (diff)
download	ansible-87d39897314385a86256588d321eb57d6c18bcab.tar.gz ansible-87d39897314385a86256588d321eb57d6c18bcab.tar.xz ansible-87d39897314385a86256588d321eb57d6c18bcab.zip