diff options
| -rw-r--r-- | roles/openshift-apps/waiverdb/templates/secret.yml | 17 |
1 files changed, 5 insertions, 12 deletions
diff --git a/roles/openshift-apps/waiverdb/templates/secret.yml b/roles/openshift-apps/waiverdb/templates/secret.yml index f85cd27b9..bbddb92ce 100644 --- a/roles/openshift-apps/waiverdb/templates/secret.yml +++ b/roles/openshift-apps/waiverdb/templates/secret.yml @@ -8,27 +8,20 @@ stringData: {% if env == 'staging' %} flask-secret-key: "{{stg_waiverdb_secret_key}}" database-password: "{{stg_waiverdb_db_password}}" - # This is the same non-secret config we have committed - # as conf/client_secrets.json for using in dev environments. - client_secrets.json: |- - {"web": { - "redirect_uris": ["https://waiverdb-waiverdb.app.os.stg.fedoraproject.org/"], - "token_uri": "https://iddev.fedorainfracloud.org/openidc/Token", - "auth_uri": "https://iddev.fedorainfracloud.org/openidc/Authorization", - "client_id": "D-e69a1ac7-30fa-4d18-9001-7468c4f34c3c", - "client_secret": "qgz8Bzjg6nO7JWCXoB0o8L49KfI5atLF", - "userinfo_uri": "https://iddev.fedorainfracloud.org/openidc/UserInfo", - "token_introspection_uri": "https://iddev.fedorainfracloud.org/openidc/TokenInfo"}} {% else %} flask-secret-key: "{{prod_waiverdb_secret_key}}" database-password: "{{prod_waiverdb_db_password}}" +{% endif %} client_secrets.json: |- {"web": { "redirect_uris": ["https://waiverdb-waiverdb.app.os.fedoraproject.org/"], "token_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Token", "auth_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Authorization", "client_id": "waiverdb", +{% if env == 'staging' %} + "client_secret": "{{ stg_waiverdb_oidc_secret }}", +{% else %} "client_secret": "{{ prod_waiverdb_oidc_secret }}", +{% endif %} "userinfo_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/UserInfo", "token_introspection_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/TokenInfo"}} -{% endif %} |