Fix test-auth

Signed-off-by: Aurélien Bompard <[email protected]>
fedora-infra · Jul 12, 2023 · d0406b2 · d0406b2
1 parent 86b40af
commit d0406b2
Show file tree

Hide file tree

Showing 8 changed files with 30 additions and 52 deletions.
diff --git a/ansible/auth.yml b/ansible/auth.yml
@@ -16,7 +16,20 @@
       tags: oidc-register
       vars:
         ipsilon_hostname: "{{ ansible_fqdn }}"
-        redirect_path: oidc
+        redirect_path: test-auth/oidc/oidc_callback
         dest: "/home/vagrant/test-auth.client_secrets.json"
     - role: test-auth
       tags: test-auth
+
+  handlers:
+    - name: restart httpd
+      systemd:
+        name: httpd
+        state: restarted
+        daemon_reload: yes
+
+    - name: restart gssproxy
+      systemd:
+        name: gssproxy
+        state: restarted
+        daemon_reload: yes
diff --git a/ansible/roles/fasjson/handlers/main.yml b/ansible/roles/fasjson/handlers/main.yml
diff --git a/ansible/roles/test-auth/files/app.service b/ansible/roles/test-auth/files/app.service
diff --git a/ansible/roles/test-auth/files/config.py b/ansible/roles/test-auth/files/config.py
@@ -1,5 +1,6 @@
+APPLICATION_ROOT = "/test-auth/"
 SECRET_KEY = "ohsosecret"
-OIDC_CLIENT_SECRETS = "/home/vagrant/client_secrets.json"
+OIDC_CLIENT_SECRETS = "/home/vagrant/test-auth.client_secrets.json"
 OIDC_SCOPES = [
     "openid",
     "email",

diff --git a/ansible/roles/test-auth/files/httpd.conf b/ansible/roles/test-auth/files/httpd.conf
@@ -16,3 +16,7 @@ WSGIScriptReloading Off
   WSGIApplicationGroup test-auth
   Require all granted
 </Location>
+
+# Redirect to the secure port or the redirect_url sent to Ipsilon will be wrong.
+RewriteCond %{SERVER_PORT}  !^443$
+RewriteRule ^/test-auth/(.*)      https://auth.tinystage.test/test-auth/$1 [L,R=301,NC]
diff --git a/ansible/roles/test-auth/handlers/main.yml b/ansible/roles/test-auth/handlers/main.yml
diff --git a/ansible/roles/test-auth/tasks/main.yml b/ansible/roles/test-auth/tasks/main.yml
@@ -19,27 +19,21 @@
     owner: vagrant
     group: vagrant
 
-- name: Install the systemd unit files for test-auth
-  copy:
-      src: app.service
-      dest: /etc/systemd/system/test-auth.service
-      mode: 0644
-
 - name: Clone repository
   become_user: vagrant
   git:
     repo: https://github.com/abompard/test-auth.git
     dest: /home/vagrant/test-auth
   notify:
-    - restart test-auth
+    - restart httpd
 
 - name: Install the app
   command:
     cmd: python3 setup.py install
     chdir: /home/vagrant/test-auth
     creates: /usr/local/lib/python{{ ansible_local["python"]["py3"]["version"] }}/site-packages/fedora_test_auth-0.0.1-py{{ ansible_local["python"]["py3"]["version"] }}.egg
   notify:
-    - restart test-auth
+    - restart httpd
 
 - name: Copy the config file
   copy:
@@ -49,7 +43,12 @@
     owner: vagrant
     group: vagrant
   notify:
-    - restart test-auth
+    - restart httpd
+
+- name: Allow httpd to access vagrant's home dir
+  file:
+    path: /home/vagrant
+    mode: 0755
 
 - name: Allow apache to see /srv
   sefcontext:
@@ -73,6 +72,8 @@
     persistent: yes
   with_items:
     - httpd_use_fusefs
+    - httpd_can_network_connect
+    - httpd_read_user_content
   notify:
     - restart httpd
 

diff --git a/ansible/roles/test-auth/templates/config.py b/ansible/roles/test-auth/templates/config.py