Refactor code to be compatible with local-oidc-issuer 2.1.0

extra-vars.yml

@@ -58,6 +58,7 @@ kypo_crp_os_console_type: spice-html5
 #
 #kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-server/'
 #kypo_crp_oidc_local_provider_ldap_root_password:
+#kypo_crp_oidc_local_provider_postgres_password:
 #kypo_crp_oidc_providers: '{{ [kypo_crp_oidc_local_provider] }}'
 
 #-------------------------------------------------------------------------------

local-demo-extra-vars.yml

@@ -44,6 +44,8 @@ kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443/csirtmu-dummy-issuer-
 
 kypo_crp_oidc_local_provider_ldap_root_password: password
 
+kypo_crp_oidc_local_provider_postgres_password: password
+
 # The list of OIDC providers and their specification.
 kypo_crp_oidc_providers: '{{ [kypo_crp_oidc_local_provider] }}'
 #kypo_crp_oidc_providers:

provisioning-oidc/roles/kypo-crp-local-oidc/defaults/main.yml

@@ -2,10 +2,9 @@
 
 kypo_crp_oidc_local_provider_compose_template: docker-compose-oidc
 
-kypo_crp_oidc_local_provider_container_name: local-oidc-issuer
 kypo_crp_oidc_local_provider_context_path: '/csirtmu-dummy-issuer-server/'
 kypo_crp_oidc_local_provider_url: '{{ kypo_crp_url }}:8443{{ kypo_crp_oidc_local_provider_context_path }}'
-kypo_crp_oidc_local_provider_internal_url: 'http://{{ kypo_crp_oidc_local_provider_container_name }}:8080{{ kypo_crp_oidc_local_provider_context_path }}'
+kypo_crp_oidc_local_provider_internal_url: 'http://{{ kypo_crp_oidc_docker_services.oidc_issuer.container_name }}:8080{{ kypo_crp_oidc_local_provider_context_path }}'
 
 kypo_crp_oidc_local_provider_client_clientName: KYPO-Client
 kypo_crp_oidc_local_provider_client_grantTypes:
@@ -40,18 +39,33 @@ kypo_crp_oidc_local_provider_resource_client_allowIntrospection: True
 
 kypo_crp_oidc_local_provider_ldap_root_password: password
 
+kypo_crp_oidc_local_provider_postgres_password: password
+
 kypo_crp_required_vars:
   - kypo_crp_host
   - kypo_crp_cert
   - kypo_crp_cert_key
   - kypo_crp_oidc_local_provider_ldap_root_password
+  - kypo_crp_oidc_local_provider_postgres_password
 
-kypo_crp_docker_services:
+kypo_crp_oidc_docker_services:
+  oidc_postgres:
+    container_name: kypo-oidc-postgres
+    restart_policy: unless-stopped
+    image: postgres
+    image_tag: '11'
+  oidc_opendj:
+    container_name: kypo-opendj
+    restart_policy: unless-stopped
+    image: registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-opendj
+    image_tag: v2.1.0
   oidc_issuer:
+    container_name: local-oidc-issuer
     restart_policy: unless-stopped
     image: registry.gitlab.ics.muni.cz:443/muni-kypo-crp/kypo-crp-artifact-repository/kypo-local-oidc-issuer
-    image_tag: v2.0.0
+    image_tag: v2.1.0
   oidc_nginx:
+    container_name: kypo-oidc-nginx
     restart_policy: unless-stopped
     image: nginx
     image_tag: latest

provisioning-oidc/roles/kypo-crp-local-oidc/tasks/docker_pull.yml

@@ -5,4 +5,4 @@
     name: '{{ item.value.image }}'
     tag: '{{ item.value.image_tag }}'
     source: pull
-  loop: '{{ kypo_crp_docker_services | dict2items }}'
+  loop: '{{ kypo_crp_oidc_docker_services | dict2items }}'

provisioning-oidc/roles/kypo-crp-local-oidc/tasks/register-resources.yml

@@ -23,6 +23,10 @@
     bind_pw: "{{ kypo_crp_oidc_local_provider_ldap_root_password }}"
     server_uri: ldaps://localhost:1636
     validate_certs: False
+  register: ldap_entry
+  until: ldap_entry is not failed
+  retries: 30
+  delay: 5
 
 - name: Ensure users
   community.general.ldap_entry:

provisioning-oidc/roles/kypo-crp-local-oidc/templates/csirtmu.oidc.issuer.properties

@@ -6,9 +6,15 @@ csirtmu.oidc.dummy.issuer.contextPath=csirtmu-dummy-issuer-server
 #
 # LDAP config
 #
-csirtmu.oidc.dummy.ldap.server=ldap://localhost:1389/dc=springframework,dc=org
-csirtmu.oidc.dummy.ldap.url=ldap://localhost:1389
+csirtmu.oidc.dummy.ldap.server=ldap://{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}:1389/dc=springframework,dc=org
+csirtmu.oidc.dummy.ldap.url=ldap://{{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}:1389
 csirtmu.oidc.dummy.ldap.base=dc=springframework,dc=org
 csirtmu.oidc.dummy.ldap.userDn=cn=Directory Manager
 csirtmu.oidc.dummy.ldap.password={{ kypo_crp_oidc_local_provider_ldap_root_password }}
 csirtmu.oidc.dummy.ldap.admins=kypo-admin
+#
+# Postgres config
+#
+csirtmu.oidc.dummy.psql.url=jdbc:postgresql://{{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}:5432/postgres
+csirtmu.oidc.dummy.psql.username=postgres
+csirtmu.oidc.dummy.psql.password={{ kypo_crp_oidc_local_provider_postgres_password }}

provisioning-oidc/roles/kypo-crp-local-oidc/templates/docker-compose-oidc.yml

 version: '3.7'
 
 services:
-  oidc-issuer:
-    image: {{ kypo_crp_docker_services.oidc_issuer.image + ":" + kypo_crp_docker_services.oidc_issuer.image_tag }}
-    container_name: {{ kypo_crp_oidc_local_provider_container_name }}
-    restart: {{ kypo_crp_docker_services.oidc_issuer.restart_policy }}
+  oidc-opendj:
+    image: {{ kypo_crp_oidc_docker_services.oidc_opendj.image + ":" + kypo_crp_oidc_docker_services.oidc_opendj.image_tag }}
+    container_name: {{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
+    restart: {{ kypo_crp_oidc_docker_services.oidc_opendj.restart_policy }}
     environment:
+      - ADD_BASE_ENTRY=--addBaseEntry
+      - PORT=1389
+      - LDAPS_PORT=1636
+      - BASE_DN=dc=springframework,dc=org
+      - ROOT_USER_DN=cn=Directory Manager
       - ROOT_PASSWORD={{ kypo_crp_oidc_local_provider_ldap_root_password }}
+      - OPENDJ_SSL_OPTIONS=--generateSelfSignedCertificate
+      - OPENDJ_USER=root
+    ports:
+      - 127.0.0.1:1636:1636
+    volumes:
+      - ldap_data_oidc:/opt/opendj/data
+  oidc-postgres:
+    image: {{ kypo_crp_oidc_docker_services.oidc_postgres.image + ":" + kypo_crp_oidc_docker_services.oidc_postgres.image_tag }}
+    container_name: {{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}
+    restart: {{ kypo_crp_oidc_docker_services.oidc_postgres.restart_policy }}
+    environment:
+      - POSTGRES_PASSWORD={{ kypo_crp_oidc_local_provider_postgres_password }}
+    volumes:
+      - db_data_oidc:/var/lib/postgresql
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U postgres"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+  oidc-issuer:
+    image: {{ kypo_crp_oidc_docker_services.oidc_issuer.image + ":" + kypo_crp_oidc_docker_services.oidc_issuer.image_tag }}
+    container_name: {{ kypo_crp_oidc_docker_services.oidc_issuer.container_name }}
+    restart: {{ kypo_crp_oidc_docker_services.oidc_issuer.restart_policy }}
+    environment:
+      - POSTGRES_CONTAINER_NAME={{ kypo_crp_oidc_docker_services.oidc_postgres.container_name }}
+      - POSTGRES_PASSWORD={{ kypo_crp_oidc_local_provider_postgres_password }}
+      - OPENDJ_CONTAINER_NAME={{ kypo_crp_oidc_docker_services.oidc_opendj.container_name }}
     volumes:
       - ./configuration/oidc-issuer/csirtmu.oidc.issuer.properties:/app/etc/csirtmu-dummy-issuer.properties
       - ./configuration/oidc-issuer/oidc-config:/opt/oidc-config
-      - db_data_oidc:/var/lib/postgresql
-      - ldap_data_oidc:/opt/opendj/data
-    ports:
-      - 127.0.0.1:1636:1636
   oidc-nginx:
-    image: {{ kypo_crp_docker_services.oidc_nginx.image + ":" + kypo_crp_docker_services.oidc_nginx.image_tag }}
-    container_name: kypo-oidc-nginx
-    restart: {{ kypo_crp_docker_services.oidc_nginx.restart_policy }}
+    image: {{ kypo_crp_oidc_docker_services.oidc_nginx.image + ":" + kypo_crp_oidc_docker_services.oidc_nginx.image_tag }}
+    container_name: {{ kypo_crp_oidc_docker_services.oidc_nginx.container_name }}
+    restart: {{ kypo_crp_oidc_docker_services.oidc_nginx.restart_policy }}
     volumes:
       - ./configuration/oidc-issuer/nginx.conf:/etc/nginx/conf.d/default.conf
       - ./runtime-data/{{ kypo_crp_cert_name }}:/etc/nginx/{{ kypo_crp_cert_name }}