Verified Commit 9f188f08 authored by Tomáš Sapák's avatar Tomáš Sapák
Browse files

Refactor code to be compatible with local-oidc-issuer 2.1.0

parent cc05bc39
......@@ -58,6 +58,7 @@ kypo_crp_os_console_type: spice-html5
#
#kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-server/'
#kypo_crp_oidc_local_provider_ldap_root_password:
#kypo_crp_oidc_local_provider_postgres_password:
#kypo_crp_oidc_providers: '{{ [kypo_crp_oidc_local_provider] }}'
#-------------------------------------------------------------------------------
......
......@@ -44,6 +44,8 @@ kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-
kypo_crp_oidc_local_provider_ldap_root_password: password
kypo_crp_oidc_local_provider_postgres_password: password
# The list of OIDC providers and their specification.
kypo_crp_oidc_providers: '{{ [kypo_crp_oidc_local_provider] }}'
#kypo_crp_oidc_providers:
......
......@@ -2,10 +2,9 @@
kypo_crp_oidc_local_provider_compose_template: docker-compose-oidc
kypo_crp_oidc_local_provider_container_name: local-oidc-issuer
kypo_crp_oidc_local_provider_context_path: '/csirtmu-dummy-issuer-server/'
kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443{{ kypo_crp_oidc_local_provider_context_path }}'
kypo_crp_oidc_local_provider_internal_url: 'http://{{ kypo_crp_oidc_local_provider_container_name }}:8080{{ kypo_crp_oidc_local_provider_context_path }}'
kypo_crp_oidc_local_provider_internal_url: 'http://{{ kypo_crp_oidc_docker_services.oidc_issuer.container_name }}:8080{{ kypo_crp_oidc_local_provider_context_path }}'
kypo_crp_oidc_local_provider_client_clientName: KYPO-Client
kypo_crp_oidc_local_provider_client_grantTypes:
......@@ -40,18 +39,33 @@ kypo_crp_oidc_local_provider_resource_client_allowIntrospection: True
kypo_crp_oidc_local_provider_ldap_root_password: password
kypo_crp_oidc_local_provider_postgres_password: password
kypo_crp_required_vars:
- kypo_crp_host
- kypo_crp_cert
- kypo_crp_cert_key
- kypo_crp_oidc_local_provider_ldap_root_password
- kypo_crp_oidc_local_provider_postgres_password
kypo_crp_docker_services:
kypo_crp_oidc_docker_services:
oidc_postgres:
container_name: kypo-oidc-postgres
restart_policy: unless-stopped
image: postgres
image_tag: '11'
oidc_opendj:
container_name: kypo-opendj
restart_policy: unless-stopped
image: registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-opendj
image_tag: v2.1.0
oidc_issuer:
container_name: local-oidc-issuer
restart_policy: unless-stopped
image: registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-local-oidc-issuer
image_tag: v2.0.0
image_tag: v2.1.0
oidc_nginx:
container_name: kypo-oidc-nginx
restart_policy: unless-stopped
image: nginx
image_tag: latest
......
......@@ -5,4 +5,4 @@
name: '{{ item.value.image }}'
tag: '{{ item.value.image_tag }}'
source: pull
loop: '{{ kypo_crp_docker_services | dict2items }}'
loop: '{{ kypo_crp_oidc_docker_services | dict2items }}'
......@@ -23,6 +23,10 @@
bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
server_uri: ldaps://localhost:1636
validate_certs: False
register: ldap_entry
until: ldap_entry is not failed
retries: 30
delay: 5
- name: Ensure users
community.general.ldap_entry:
......
......@@ -6,9 +6,15 @@ csirtmu.oidc.dummy.issuer.contextPath=csirtmu-dummy-issuer-server
#
# LDAP config
#
csirtmu.oidc.dummy.ldap.server=ldap://localhost:1389/dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.url=ldap://localhost:1389
csirtmu.oidc.dummy.ldap.server=ldap://{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}:1389/dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.url=ldap://{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}:1389
csirtmu.oidc.dummy.ldap.base=dc=springframework,dc=org
csirtmu.oidc.dummy.ldap.userDn=cn=Directory Manager
csirtmu.oidc.dummy.ldap.password={{ kypo_crp_oidc_local_provider_ldap_root_password }}
csirtmu.oidc.dummy.ldap.admins=kypo-admin
#
# Postgres config
#
csirtmu.oidc.dummy.psql.url=jdbc:postgresql://{{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}:5432/postgres
csirtmu.oidc.dummy.psql.username=postgres
csirtmu.oidc.dummy.psql.password={{ kypo_crp_oidc_local_provider_postgres_password }}
version: '3.7'
services:
oidc-issuer:
image: {{ kypo_crp_docker_services.oidc_issuer.image + ":" + kypo_crp_docker_services.oidc_issuer.image_tag }}
container_name: {{ kypo_crp_oidc_local_provider_container_name }}
restart: {{ kypo_crp_docker_services.oidc_issuer.restart_policy }}
oidc-opendj:
image: {{ kypo_crp_oidc_docker_services.oidc_opendj.image + ":" + kypo_crp_oidc_docker_services.oidc_opendj.image_tag }}
container_name: {{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
restart: {{ kypo_crp_oidc_docker_services.oidc_opendj.restart_policy }}
environment:
- ADD_BASE_ENTRY=--addBaseEntry
- PORT=1389
- LDAPS_PORT=1636
- BASE_DN=dc=springframework,dc=org
- ROOT_USER_DN=cn=Directory Manager
- ROOT_PASSWORD={{ kypo_crp_oidc_local_provider_ldap_root_password }}
- OPENDJ_SSL_OPTIONS=--generateSelfSignedCertificate
- OPENDJ_USER=root
ports:
- 127.0.0.1:1636:1636
volumes:
- ldap_data_oidc:/opt/opendj/data
oidc-postgres:
image: {{ kypo_crp_oidc_docker_services.oidc_postgres.image + ":" + kypo_crp_oidc_docker_services.oidc_postgres.image_tag }}
container_name: {{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}
restart: {{ kypo_crp_oidc_docker_services.oidc_postgres.restart_policy }}
environment:
- POSTGRES_PASSWORD={{ kypo_crp_oidc_local_provider_postgres_password }}
volumes:
- db_data_oidc:/var/lib/postgresql
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres"]
interval: 10s
timeout: 5s
retries: 5
oidc-issuer:
image: {{ kypo_crp_oidc_docker_services.oidc_issuer.image + ":" + kypo_crp_oidc_docker_services.oidc_issuer.image_tag }}
container_name: {{ kypo_crp_oidc_docker_services.oidc_issuer.container_name }}
restart: {{ kypo_crp_oidc_docker_services.oidc_issuer.restart_policy }}
environment:
- POSTGRES_CONTAINER_NAME={{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}
- POSTGRES_PASSWORD={{ kypo_crp_oidc_local_provider_postgres_password }}
- OPENDJ_CONTAINER_NAME={{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
volumes:
- ./configuration/oidc-issuer/csirtmu.oidc.issuer.properties:/app/etc/csirtmu-dummy-issuer.properties
- ./configuration/oidc-issuer/oidc-config:/opt/oidc-config
- db_data_oidc:/var/lib/postgresql
- ldap_data_oidc:/opt/opendj/data
ports:
- 127.0.0.1:1636:1636
oidc-nginx:
image: {{ kypo_crp_docker_services.oidc_nginx.image + ":" + kypo_crp_docker_services.oidc_nginx.image_tag }}
container_name: kypo-oidc-nginx
restart: {{ kypo_crp_docker_services.oidc_nginx.restart_policy }}
image: {{ kypo_crp_oidc_docker_services.oidc_nginx.image + ":" + kypo_crp_oidc_docker_services.oidc_nginx.image_tag }}
container_name: {{ kypo_crp_oidc_docker_services.oidc_nginx.container_name }}
restart: {{ kypo_crp_oidc_docker_services.oidc_nginx.restart_policy }}
volumes:
- ./configuration/oidc-issuer/nginx.conf:/etc/nginx/conf.d/default.conf
- ./runtime-data/{{ kypo_crp_cert_name }}:/etc/nginx/{{ kypo_crp_cert_name }}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment