Add oidc configs

yasima-csiro · yasima-csiro · commit 077be9d73c3f · 2022-07-12T10:29:21.000+10:00
diff --git a/ansible/doi-service-standalone.yml b/ansible/doi-service-standalone.yml
@@ -4,7 +4,7 @@
     - java
     - postfix
     - {role: db-backup, db: postgres, db_name: "{{ doi_db_name }}", db_user: "{{ doi_db_user }}", db_password: "{{ doi_db_password }}" }
-    - {role: postgresql, pg_version: "9.6"}
+    - {role: postgresql, pg_version: "14"}
     - {role: pg_instance, extensions: ["citext", "pgcrypto"], db_name: "{{ doi_db_name }}", db_user: "{{ doi_db_user }}", db_password: "{{ doi_db_password }}" }
     - {role: ansible-elasticsearch, es_templates: false,  es_instance_name: 'doi-elasticsearch', es_data_dirs: ['/data/elasticsearch'], tags: ['elasticsearch']}
     - webserver
diff --git a/ansible/roles/alerts/templates/alerts-config.properties b/ansible/roles/alerts/templates/alerts-config.properties
@@ -5,7 +5,7 @@ grails.serverURL={{ alerts_base_url }}{{ alerts_context_path }}
 
 # CAS Config
 security.cas.appServerName={{ alerts_base_url }}{{ alerts_context_path }}
-security.cas.uriFilterPattern=/,/alaAdmin.*,/testAuth.*,/query/.*,/admin/?.*,/admin/user/.*,/admin/user/debug/.*,/admin/debug/all,/notification/myAlerts,/notification/changeFrequency,/notification/addMyAlert,/notification/addMyAlert/.*,/notification/deleteMyAlert/.*,/notification/deleteMyAlert/.*,/notification/deleteMyAlertWR/.*,/webservice/.*,/webservice/createTaxonAlert,/webservice/taxonAlerts,/webservice/createRegionAlert,/webservice/regionAlerts,/webservice/deleteTaxonAlert/.*,/webservice/create*,/webservice/createSpeciesGroupRegionAlert,/ws/.*,/ws/createTaxonAlert,/ws/taxonAlerts,/ws/createRegionAlert,/ws/regionAlerts,/ws/deleteTaxonAlert/.*,/ws/createTaxonRegionAlert,/ws/createSpeciesGroupRegionAlert,/admin/runChecksNow, /quartz/.*
+security.cas.uriFilterPattern=/,/alaAdmin/*,/testAuth/*,/query/*,/admin/*,/admin/user/*,/admin/user/debug/*,/admin/debug/all,/notification/myAlerts,/notification/changeFrequency,/notification/addMyAlert,/notification/addMyAlert/*,/notification/deleteMyAlert/*,/notification/deleteMyAlert/*,/notification/deleteMyAlertWR/*,/webservice/*,/webservice/createTaxonAlert,/webservice/taxonAlerts,/webservice/createRegionAlert,/webservice/regionAlerts,/webservice/deleteTaxonAlert/*,/webservice/create*,/webservice/createSpeciesGroupRegionAlert,/ws/*,/ws/createTaxonAlert,/ws/taxonAlerts,/ws/createRegionAlert,/ws/regionAlerts,/ws/deleteTaxonAlert/*,/ws/createTaxonRegionAlert,/ws/createSpeciesGroupRegionAlert,/admin/runChecksNow, /quartz/*
 security.cas.uriExclusionFilterPattern=/images.*,/css.*,/js.*,/less.*
 security.cas.authenticateOnlyIfLoggedInPattern=/unsubscribe.*
 security.cas.adminRole=ROLE_ADMIN
@@ -87,3 +87,9 @@ google.apikey={{ google_apikey | default('') }}
 biosecurity.moreinfo.link={{ biosecurity_more_info | default('') }}
 biosecurity.queryurl.template={{ biosecurity_query_url | default('/occurrences/search?q=species_list_uid:___LISTIDPARAM___&fq=decade:2020&fq=country:Australia&fq=first_loaded_date:[___DATEPARAM___%20TO%20*]&sort=first_loaded_date&dir=desc') }}
 specieslist.server={{ species_list_server | default('https://lists.ala.org.au') }}
+
+#oidc related
+security.oidc.clientId={{ clientId | default('') }}
+security.oidc.secret={{ secret | default('') }}
+security.oidc.discoveryUri={{ discoveryUri | default('') }}
+security.jwt.discoveryUri={{ discoveryUri | default('') }}
diff --git a/ansible/roles/doi-service/templates/doi-service-config.yml b/ansible/roles/doi-service/templates/doi-service-config.yml
@@ -13,6 +13,12 @@ security:
     appServerName: https://{{ doi_service_hostname }}
     loginUrl: {{ auth_cas_url }}/login
     logoutUrl: {{ auth_cas_url }}/logout
+  oidc:
+    clientId: { { clientId | default('') } }
+    secret: { { secret | default('') } }
+    discoveryUri: { { discoveryUri | default('') } }
+  jwt:
+    discoveryUri: { { discoveryUri | default('') } }
   apikey:
     check:
       serviceUrl: {{ auth_base_url }}/apikey/ws/check?apikey=
diff --git a/ansible/roles/doi-service/vars/main.yml b/ansible/roles/doi-service/vars/main.yml
@@ -3,5 +3,5 @@ version: "{{ doi_service_version | default('LATEST') }}"
 artifactId: "doi-service"
 classifier: 'exec'
 groupId: "au.org.ala"
-packaging: "jar"
+packaging: "war"
 doi_service_jar_url: "{{maven_repo_ws_url}}"
diff --git a/ansible/roles/image-service/templates/config/image-service-config.yml b/ansible/roles/image-service/templates/config/image-service-config.yml
@@ -16,6 +16,12 @@ security:
     casServerLogoutUrl: {{ auth_cas_url }}/logout
     loginUrl: {{ auth_cas_url }}/login
     logoutUrl: {{ auth_cas_url }}/logout
+  oidc:
+    clientId: {{ clientId | default('') }}
+    secret: {{ secret | default('') }}
+    discoveryUri: {{ discoveryUri | default('') }}
+  jwt:
+    discoveryUri: {{ discoveryUri | default('') }}
   apikey:
     ip:
       whitelist: {{ image_service_whitelist | default('') }}
diff --git a/ansible/roles/image-service/vars/main.yml b/ansible/roles/image-service/vars/main.yml
@@ -3,5 +3,5 @@ artifactId: "image-service"
 image_service_url: "{{maven_repo_ws_url}}"
 classifier: 'exec'
 groupId: "au.org.ala"
-packaging: "jar"
+packaging: "war"
 image_service_jar_url: "{{maven_repo_ws_url}}"
diff --git a/ansible/roles/logger-service/templates/logger-config.properties b/ansible/roles/logger-service/templates/logger-config.properties
@@ -55,3 +55,9 @@ skin.orgNameLong={{ skin_orgNameLong | default('Atlas of Living Australia') }}
 skin.orgNameShort = {{ orgNameShort | default('ALA') }}
 skin.orgSupportEmail={{ orgSupportEmail | default('support@ala.org.au') }}
 privacyPolicy={{ privacy_policy_url | default('https://www.ala.org.au/about/terms-of-use/privacy-policy/') }}
+
+#oidc related
+security.oidc.clientId={{ clientId | default('') }}
+security.oidc.secret={{ secret | default('') }}
+security.oidc.discoveryUri={{ discoveryUri | default('') }}
+security.jwt.discoveryUri={{ discoveryUri | default('') }}
