Fixup app.config.json dynamic configuration for adf apps

Alfresco · Oct 11, 2023 · b94b614 · b94b614
1 parent f96645f
commit b94b614
Show file tree

Hide file tree

Showing 7 changed files with 86 additions and 26 deletions.
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -154,7 +154,7 @@
         "filename": "playbooks/acs.yml",
         "hashed_secret": "0eeb6b7bb932e8594b4ffe039dc15332f670cbd9",
         "is_verified": false,
-        "line_number": 382,
+        "line_number": 390,
         "is_secret": false
       }
     ],
@@ -279,5 +279,5 @@
       }
     ]
   },
-  "generated_at": "2023-10-03T08:55:44Z"
+  "generated_at": "2023-10-11T14:44:48Z"
 }
diff --git a/playbooks/acs.yml b/playbooks/acs.yml
@@ -334,10 +334,18 @@
       when: identity_enabled
       ansible.builtin.set_fact:
         adf_app_oauth_configuration:
-          APP_CONFIG_AUTH_TYPE: oauth
-          APP_CONFIG_IDENTITY_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
-          APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
-          APP_CONFIG_OAUTH2_CLIENTID: alfresco
+          authType:
+            value: OAUTH
+            placeholder: APP_CONFIG_AUTH_TYPE
+          identityHost:
+            value: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
+            placeholder: APP_CONFIG_IDENTITY_HOST
+          host:
+            value: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
+            placeholder: APP_CONFIG_OAUTH2_HOST
+          clientId:
+            value: alfresco
+            placeholder: APP_CONFIG_OAUTH2_CLIENTID
 
 - name: Alfresco Control Center Role
   hosts: acc

diff --git a/roles/adf_app/defaults/main.yml b/roles/adf_app/defaults/main.yml
@@ -12,15 +12,39 @@ adf_app_configuration: {}
 # Other defaults
 adf_app_config_json_path: "{{ nginx_default_vhost_docroot }}/{{ adf_app_name }}/app.config.json"
 adf_app_default_configuration:
-  APP_CONFIG_PROVIDER: ECM
-  APP_CONFIG_ECM_HOST: "{protocol}//{hostname}{:port}"
-  APP_CONFIG_BPM_HOST: "{protocol}//{hostname}{:port}"
-  APP_CONFIG_AUTH_TYPE: BASIC
-  APP_CONFIG_IDENTITY_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
-  APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
-  APP_CONFIG_OAUTH2_CLIENTID: alfresco
-  APP_CONFIG_OAUTH2_IMPLICIT_FLOW: true
-  APP_CONFIG_OAUTH2_SILENT_LOGIN: true
-  APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
-  APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/"
-  APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/"
+  providers:
+    value: ECM
+    placeholder: APP_CONFIG_PROVIDER
+  ecmHost:
+    value: "{protocol}//{hostname}{:port}"
+    placeholder: APP_CONFIG_ECM_HOST
+  bpmHost:
+    placeholder: APP_CONFIG_BPM_HOST
+    value: "{protocol}//{hostname}{:port}"
+  authType:
+    value: BASIC
+    placeholder: APP_CONFIG_AUTH_TYPE
+  identityHost:
+    value: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
+    placeholder: APP_CONFIG_IDENTITY_HOST
+  host:
+    value: "{protocol}//{hostname}{:port}/auth/realms/alfresco"
+    placeholder: APP_CONFIG_OAUTH2_HOST
+  clientId:
+    value: alfresco
+    placeholder: APP_CONFIG_OAUTH2_CLIENTID
+  implicitFlow:
+    value: true
+    placeholder: APP_CONFIG_OAUTH2_IMPLICIT_FLOW
+  silentLogin:
+    value: true
+    placeholder: APP_CONFIG_OAUTH2_SILENT_LOGIN
+  redirectSilentIframeUri:
+    value: "{protocol}//{hostname}{:port}/assets/silent-refresh.html"
+    placeholder: APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI
+  redirectUri:
+    value: "/"
+    placeholder: APP_CONFIG_OAUTH2_REDIRECT_LOGIN
+  redirectUriLogout:
+    value: "/"
+    placeholder: APP_CONFIG_OAUTH2_REDIRECT_LOGOUT
diff --git a/roles/adf_app/molecule/default/converge.yml b/roles/adf_app/molecule/default/converge.yml
@@ -9,6 +9,10 @@
         adf_app_src_archive: "{{ downloads.adw_zip_url }}"
         adf_app_src_checksum: "{{ lookup('url', downloads.adw_zip_sha1_checksum_url, username=nexus_user, password=nexus_password) }}"
         adf_app_version: "{{ adw.version }}"
+        adf_app_configuration:
+          authType:
+            value: OAUTH
+            placeholder: APP_CONFIG_AUTH_TYPE
       ansible.builtin.include_role:
         name: "adf_app"
 
@@ -19,5 +23,9 @@
         adf_app_src_archive: "{{ downloads.acc_zip_url }}"
         adf_app_src_checksum: "{{ downloads.acc_zip_sha1_checksum_url }}"
         adf_app_version: "{{ acc.version }}"
+        adf_app_configuration:
+          authType:
+            value: OAUTH
+            placeholder: APP_CONFIG_AUTH_TYPE
       ansible.builtin.include_role:
         name: "adf_app"
diff --git a/...ule/default/host_vars/webapp-instance.yml → ...le/default/host_vars/adf_app-instance.yml b/...ule/default/host_vars/webapp-instance.yml → ...le/default/host_vars/adf_app-instance.yml
diff --git a/roles/adf_app/molecule/default/verify.yml b/roles/adf_app/molecule/default/verify.yml
@@ -16,18 +16,30 @@
         that:
           - ansible_facts.services['nginx.service'] is defined
           - ansible_facts.services['nginx.service'].state == 'running'
+        quiet: true
 
-    - name: Check that the home contains the expected contents
+    - name: Check that the homepage contains the expected contents
       ansible.builtin.uri:
         url: "{{ item.url }}/"
         return_content: true
       register: this
       failed_when: "item.expected_content not in this.content"
       loop: "{{ sites }}"
 
-    - name: Check that the config contains the expected contents
+    - name: Retrieve app config
       ansible.builtin.uri:
         url: "{{ item.url }}/app.config.json"
       register: this
-      failed_when: "this.json.authType != 'BASIC'"
       loop: "{{ sites }}"
+      loop_control:
+        label: "{{ item.url }}/app.config.json"
+
+    - name: Assert that config contains expected contents
+      ansible.builtin.assert:
+        that:
+          - this.results[idx].json.authType == 'OAUTH'
+        quiet: true
+      loop: "{{ sites }}"
+      loop_control:
+        index_var: idx
+        label: "{{ item.url }}/app.config.json"
diff --git a/roles/adf_app/tasks/main.yml b/roles/adf_app/tasks/main.yml
@@ -33,13 +33,14 @@
 - name: Flush handlers
   ansible.builtin.meta: flush_handlers
 
-- name: Replace $placeholders in packaged app.config.json
+- name: Replace $placeholders in packaged app.config.json - if present
   become: true
   ansible.builtin.replace:
     path: "{{ adf_app_config_json_path }}"
-    regexp: "{{ '\\${' }}{{ item.key }}{{ '}' }}"
-    replace: "{{ (item.value is boolean) | ternary(item.value | to_json, item.value) }}"
-  with_items: "{{ adf_app_merged_configuration | dict2items }}"
+    regexp: "{{ '\\${' }}{{ item.value.placeholder }}{{ '}' }}"
+    replace: "{{ (item.value.value is boolean) | ternary(item.value.value | to_json, item.value.value) }}"
+  loop: "{{ adf_app_merged_configuration | dict2items }}"
+  when: item.value.placeholder is defined
 
 - name: Retrieve the current app.config.json contents
   ansible.builtin.slurp:
@@ -52,10 +53,17 @@
       - app_config_json['content'] | b64decode | from_json
     quiet: true
 
+- name: Flatten configuration before merging into app.config.json
+  ansible.builtin.set_fact:
+    adf_app_flattened_configuration: "{{ adf_app_flattened_configuration | default({}) | ansible.builtin.combine({item.key: item.value.value}) }}"
+  loop: "{{ adf_app_merged_configuration | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}={{ item.value.value }}"
+
 - name: Ensure app.config.json is merged with current configuration
   become: true
   ansible.builtin.copy:
-    content: "{{ app_config_json['content'] | b64decode | from_json | ansible.builtin.combine(adf_app_merged_configuration) | to_nice_json }}"
+    content: "{{ app_config_json['content'] | b64decode | from_json | ansible.builtin.combine(adf_app_flattened_configuration) | to_nice_json }}"
     dest: "{{ adf_app_config_json_path }}"
     mode: "0644"