From b94b614d36fed139ad318c276a35f6341ae10b7b Mon Sep 17 00:00:00 2001 From: Giovanni Toraldo Date: Wed, 11 Oct 2023 16:45:00 +0200 Subject: [PATCH] Fixup app.config.json dynamic configuration for adf apps --- .secrets.baseline | 4 +- playbooks/acs.yml | 16 +++++-- roles/adf_app/defaults/main.yml | 48 ++++++++++++++----- roles/adf_app/molecule/default/converge.yml | 8 ++++ ...bapp-instance.yml => adf_app-instance.yml} | 0 roles/adf_app/molecule/default/verify.yml | 18 +++++-- roles/adf_app/tasks/main.yml | 18 +++++-- 7 files changed, 86 insertions(+), 26 deletions(-) rename roles/adf_app/molecule/default/host_vars/{webapp-instance.yml => adf_app-instance.yml} (100%) diff --git a/.secrets.baseline b/.secrets.baseline index f7e6c0449..851b65ddc 100644 --- a/.secrets.baseline +++ b/.secrets.baseline @@ -154,7 +154,7 @@ "filename": "playbooks/acs.yml", "hashed_secret": "0eeb6b7bb932e8594b4ffe039dc15332f670cbd9", "is_verified": false, - "line_number": 382, + "line_number": 390, "is_secret": false } ], @@ -279,5 +279,5 @@ } ] }, - "generated_at": "2023-10-03T08:55:44Z" + "generated_at": "2023-10-11T14:44:48Z" } diff --git a/playbooks/acs.yml b/playbooks/acs.yml index e7a7c8b0f..46969f107 100644 --- a/playbooks/acs.yml +++ b/playbooks/acs.yml @@ -334,10 +334,18 @@ when: identity_enabled ansible.builtin.set_fact: adf_app_oauth_configuration: - APP_CONFIG_AUTH_TYPE: oauth - APP_CONFIG_IDENTITY_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" - APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" - APP_CONFIG_OAUTH2_CLIENTID: alfresco + authType: + value: OAUTH + placeholder: APP_CONFIG_AUTH_TYPE + identityHost: + value: "{protocol}//{hostname}{:port}/auth/realms/alfresco" + placeholder: APP_CONFIG_IDENTITY_HOST + host: + value: "{protocol}//{hostname}{:port}/auth/realms/alfresco" + placeholder: APP_CONFIG_OAUTH2_HOST + clientId: + value: alfresco + placeholder: APP_CONFIG_OAUTH2_CLIENTID - name: Alfresco Control Center Role hosts: acc diff --git a/roles/adf_app/defaults/main.yml b/roles/adf_app/defaults/main.yml index 3d88452ab..bf553914e 100644 --- a/roles/adf_app/defaults/main.yml +++ b/roles/adf_app/defaults/main.yml @@ -12,15 +12,39 @@ adf_app_configuration: {} # Other defaults adf_app_config_json_path: "{{ nginx_default_vhost_docroot }}/{{ adf_app_name }}/app.config.json" adf_app_default_configuration: - APP_CONFIG_PROVIDER: ECM - APP_CONFIG_ECM_HOST: "{protocol}//{hostname}{:port}" - APP_CONFIG_BPM_HOST: "{protocol}//{hostname}{:port}" - APP_CONFIG_AUTH_TYPE: BASIC - APP_CONFIG_IDENTITY_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" - APP_CONFIG_OAUTH2_HOST: "{protocol}//{hostname}{:port}/auth/realms/alfresco" - APP_CONFIG_OAUTH2_CLIENTID: alfresco - APP_CONFIG_OAUTH2_IMPLICIT_FLOW: true - APP_CONFIG_OAUTH2_SILENT_LOGIN: true - APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" - APP_CONFIG_OAUTH2_REDIRECT_LOGIN: "/" - APP_CONFIG_OAUTH2_REDIRECT_LOGOUT: "/" + providers: + value: ECM + placeholder: APP_CONFIG_PROVIDER + ecmHost: + value: "{protocol}//{hostname}{:port}" + placeholder: APP_CONFIG_ECM_HOST + bpmHost: + placeholder: APP_CONFIG_BPM_HOST + value: "{protocol}//{hostname}{:port}" + authType: + value: BASIC + placeholder: APP_CONFIG_AUTH_TYPE + identityHost: + value: "{protocol}//{hostname}{:port}/auth/realms/alfresco" + placeholder: APP_CONFIG_IDENTITY_HOST + host: + value: "{protocol}//{hostname}{:port}/auth/realms/alfresco" + placeholder: APP_CONFIG_OAUTH2_HOST + clientId: + value: alfresco + placeholder: APP_CONFIG_OAUTH2_CLIENTID + implicitFlow: + value: true + placeholder: APP_CONFIG_OAUTH2_IMPLICIT_FLOW + silentLogin: + value: true + placeholder: APP_CONFIG_OAUTH2_SILENT_LOGIN + redirectSilentIframeUri: + value: "{protocol}//{hostname}{:port}/assets/silent-refresh.html" + placeholder: APP_CONFIG_OAUTH2_REDIRECT_SILENT_IFRAME_URI + redirectUri: + value: "/" + placeholder: APP_CONFIG_OAUTH2_REDIRECT_LOGIN + redirectUriLogout: + value: "/" + placeholder: APP_CONFIG_OAUTH2_REDIRECT_LOGOUT diff --git a/roles/adf_app/molecule/default/converge.yml b/roles/adf_app/molecule/default/converge.yml index 5b70cd6cc..1608fb2f3 100644 --- a/roles/adf_app/molecule/default/converge.yml +++ b/roles/adf_app/molecule/default/converge.yml @@ -9,6 +9,10 @@ adf_app_src_archive: "{{ downloads.adw_zip_url }}" adf_app_src_checksum: "{{ lookup('url', downloads.adw_zip_sha1_checksum_url, username=nexus_user, password=nexus_password) }}" adf_app_version: "{{ adw.version }}" + adf_app_configuration: + authType: + value: OAUTH + placeholder: APP_CONFIG_AUTH_TYPE ansible.builtin.include_role: name: "adf_app" @@ -19,5 +23,9 @@ adf_app_src_archive: "{{ downloads.acc_zip_url }}" adf_app_src_checksum: "{{ downloads.acc_zip_sha1_checksum_url }}" adf_app_version: "{{ acc.version }}" + adf_app_configuration: + authType: + value: OAUTH + placeholder: APP_CONFIG_AUTH_TYPE ansible.builtin.include_role: name: "adf_app" diff --git a/roles/adf_app/molecule/default/host_vars/webapp-instance.yml b/roles/adf_app/molecule/default/host_vars/adf_app-instance.yml similarity index 100% rename from roles/adf_app/molecule/default/host_vars/webapp-instance.yml rename to roles/adf_app/molecule/default/host_vars/adf_app-instance.yml diff --git a/roles/adf_app/molecule/default/verify.yml b/roles/adf_app/molecule/default/verify.yml index 2dfa48c47..8fcc1312c 100644 --- a/roles/adf_app/molecule/default/verify.yml +++ b/roles/adf_app/molecule/default/verify.yml @@ -16,8 +16,9 @@ that: - ansible_facts.services['nginx.service'] is defined - ansible_facts.services['nginx.service'].state == 'running' + quiet: true - - name: Check that the home contains the expected contents + - name: Check that the homepage contains the expected contents ansible.builtin.uri: url: "{{ item.url }}/" return_content: true @@ -25,9 +26,20 @@ failed_when: "item.expected_content not in this.content" loop: "{{ sites }}" - - name: Check that the config contains the expected contents + - name: Retrieve app config ansible.builtin.uri: url: "{{ item.url }}/app.config.json" register: this - failed_when: "this.json.authType != 'BASIC'" loop: "{{ sites }}" + loop_control: + label: "{{ item.url }}/app.config.json" + + - name: Assert that config contains expected contents + ansible.builtin.assert: + that: + - this.results[idx].json.authType == 'OAUTH' + quiet: true + loop: "{{ sites }}" + loop_control: + index_var: idx + label: "{{ item.url }}/app.config.json" diff --git a/roles/adf_app/tasks/main.yml b/roles/adf_app/tasks/main.yml index 90993188f..1397b7a46 100644 --- a/roles/adf_app/tasks/main.yml +++ b/roles/adf_app/tasks/main.yml @@ -33,13 +33,14 @@ - name: Flush handlers ansible.builtin.meta: flush_handlers -- name: Replace $placeholders in packaged app.config.json +- name: Replace $placeholders in packaged app.config.json - if present become: true ansible.builtin.replace: path: "{{ adf_app_config_json_path }}" - regexp: "{{ '\\${' }}{{ item.key }}{{ '}' }}" - replace: "{{ (item.value is boolean) | ternary(item.value | to_json, item.value) }}" - with_items: "{{ adf_app_merged_configuration | dict2items }}" + regexp: "{{ '\\${' }}{{ item.value.placeholder }}{{ '}' }}" + replace: "{{ (item.value.value is boolean) | ternary(item.value.value | to_json, item.value.value) }}" + loop: "{{ adf_app_merged_configuration | dict2items }}" + when: item.value.placeholder is defined - name: Retrieve the current app.config.json contents ansible.builtin.slurp: @@ -52,10 +53,17 @@ - app_config_json['content'] | b64decode | from_json quiet: true +- name: Flatten configuration before merging into app.config.json + ansible.builtin.set_fact: + adf_app_flattened_configuration: "{{ adf_app_flattened_configuration | default({}) | ansible.builtin.combine({item.key: item.value.value}) }}" + loop: "{{ adf_app_merged_configuration | dict2items }}" + loop_control: + label: "{{ item.key }}={{ item.value.value }}" + - name: Ensure app.config.json is merged with current configuration become: true ansible.builtin.copy: - content: "{{ app_config_json['content'] | b64decode | from_json | ansible.builtin.combine(adf_app_merged_configuration) | to_nice_json }}" + content: "{{ app_config_json['content'] | b64decode | from_json | ansible.builtin.combine(adf_app_flattened_configuration) | to_nice_json }}" dest: "{{ adf_app_config_json_path }}" mode: "0644"