From 259da9685fdef4b467217bed10ebf1efb1f632f0 Mon Sep 17 00:00:00 2001
From: Sven Ketelsen <sven.ketelsen@arxes-tolina.de>
Date: Mon, 30 Aug 2021 21:19:29 +0200
Subject: [PATCH] DEV-173: bugfix: oidc configuration for connect/wordpress

---
 group_vars/all/plain.yml                  |  5 +++++
 group_vars/connect/plain.yml              |  7 ++-----
 group_vars/connect_wordpress/plain.yml    |  9 +++++++--
 host_vars/dev-management-smardigo-01.yml  |  3 ++-
 roles/connect-realm/defaults/main.yml     |  5 ++++-
 roles/connect-wordpress/defaults/main.yml |  1 +
 roles/connect-wordpress/vars/main.yml     | 11 ++++-------
 7 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/group_vars/all/plain.yml b/group_vars/all/plain.yml
index 0c4fbb5..eff7254 100644
--- a/group_vars/all/plain.yml
+++ b/group_vars/all/plain.yml
@@ -100,6 +100,11 @@ monitor_port_harbor: "9085"
 
 admin_port_traefik: "9080"
 
+connect_id: "{{ inventory_hostname }}-connect"
+connect_base_url: "{{ connect_id }}.{{ domain }}"
+wordpress_id: "{{ inventory_hostname }}-wordpress"
+wordpress_base_url: "{{ wordpress_id }}.{{ domain }}"
+
 #reverse_proxy_admin_username: "< see vault >"
 #reverse_proxy_admin_password: "< see vault >"
 
diff --git a/group_vars/connect/plain.yml b/group_vars/connect/plain.yml
index 2738fe4..20a5bb0 100644
--- a/group_vars/connect/plain.yml
+++ b/group_vars/connect/plain.yml
@@ -8,9 +8,6 @@ connect_image_version: "8.3.0"
 # unique id for a service, will be used for service access management as well (e.g. keycloak realm)
 connect_client_id: "{{ cluster_name }}"
 
-connect_id: "{{ inventory_hostname }}-connect"
-connect_base_url: "{{ connect_id }}.{{ domain }}"
-
 connect_postgres_host: "{{ shared_service_pg_master_hostname }}"
 connect_postgres_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }}_connect"
 connect_postgres_username: "{{ connect_postgres_database }}"
@@ -28,9 +25,9 @@ smardigo_iam_client_enabled: "true"
 smardigo_iam_client_server_url: "{{ http_s }}://{{ shared_service_iam_hostname }}/"
 
 connect_auth_module: "oidc"
-connect_oidc_client_id: "{{ connect_client_id }}"
+connect_oidc_client_id: "{{ cluster_name }}"
 connect_oidc_client_secret: "{{ cluster_name }}"
-connect_oidc_registration_id: "{{ connect_client_id }}"
+connect_oidc_registration_id: "{{ cluster_name }}"
 connect_oidc_issuer_uri: "https://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
 
 connect_password_change_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}/account/password"
diff --git a/group_vars/connect_wordpress/plain.yml b/group_vars/connect_wordpress/plain.yml
index 40115ba..e4ee440 100644
--- a/group_vars/connect_wordpress/plain.yml
+++ b/group_vars/connect_wordpress/plain.yml
@@ -5,5 +5,10 @@ connect_wordpress_maria_database: "{{ stage }}_{{ tenant_id }}_{{ cluster_name }
 connect_wordpress_maria_username: "{{ connect_wordpress_maria_database }}"
 connect_wordpress_maria_password: "connect-wordpress-maria-admin"
 
-smardigo_auth_token_name: "idc"
-smardigo_auth_token_value: "idc"
+connect_wordpress_oidc_issuer: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
+connect_wordpress_oidc_provider_url: "{{ http_s }}://{{ shared_service_keycloak_hostname }}/auth/realms/{{ current_realm_name }}"
+connect_wordpress_oidc_client_id: "{{ cluster_name }}"
+connect_wordpress_oidc_client_secret: "{{ cluster_name }}"
+
+smardigo_auth_token_name: ""
+smardigo_auth_token_value: ""
diff --git a/host_vars/dev-management-smardigo-01.yml b/host_vars/dev-management-smardigo-01.yml
index 07ae6d2..a7b701d 100644
--- a/host_vars/dev-management-smardigo-01.yml
+++ b/host_vars/dev-management-smardigo-01.yml
@@ -6,5 +6,6 @@ connect_elastic_prefix: "dev_management_smardigo_connect"
 connect_postgres_database: "dev_management_smardigo_connect"
 
 current_realm_name: "smardigo"
-connect_client_id: "management-smardigo"
+cluster_name: "management-smardigo"
 connect_oidc_client_secret: "f1f852b4-2e75-889a-2453-3c55d53ce405"
+spring_profiles_include: "prod,postgres,elastic,swagger"
\ No newline at end of file
diff --git a/roles/connect-realm/defaults/main.yml b/roles/connect-realm/defaults/main.yml
index 35220b8..e7abc64 100644
--- a/roles/connect-realm/defaults/main.yml
+++ b/roles/connect-realm/defaults/main.yml
@@ -3,6 +3,7 @@
 # configuration for the connect realm
 connect_realm_admin_username: "connect-realm-admin"
 connect_realm_admin_password: "connect-realm-admin"
+
 connect_client_admin_username: "connect-admin"
 connect_client_admin_password: "connect-admin"
 
@@ -15,11 +16,13 @@ current_realm_clients: [
     redirect_uris: '
       [
         "{{ http_s }}://{{ connect_base_url }}/*",
+        "{{ http_s }}://{{ wordpress_base_url }}/*",
       ]',
     secret: '{{ cluster_name }}',
     web_origins: '
       [
-        "{{ http_s }}://{{ connect_base_url }}/*",
+        "{{ http_s }}://{{ connect_base_url }}",
+        "{{ http_s }}://{{ wordpress_base_url }}",
       ]',
   }
 ]
diff --git a/roles/connect-wordpress/defaults/main.yml b/roles/connect-wordpress/defaults/main.yml
index fb246fa..7f6a8d4 100644
--- a/roles/connect-wordpress/defaults/main.yml
+++ b/roles/connect-wordpress/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
+
 wordpress_image_name: "{{ shared_service_docker_registry_hostname }}/smardigo/wordpress"
 wordpress_image_version: '1.3.0'
diff --git a/roles/connect-wordpress/vars/main.yml b/roles/connect-wordpress/vars/main.yml
index eca9d2d..0bdc09a 100644
--- a/roles/connect-wordpress/vars/main.yml
+++ b/roles/connect-wordpress/vars/main.yml
@@ -1,8 +1,5 @@
 ---
 
-wordpress_id: "{{ inventory_hostname }}-wordpress"
-wordpress_base_url: "{{ inventory_hostname }}-wordpress.{{ domain }}"
-
 wordpress_labels: [
   '"traefik.enable=true"',
   '"traefik.http.routers.{{ wordpress_id }}.service={{ wordpress_id }}"',
@@ -53,10 +50,10 @@ wordpress_docker: {
         "CLIENT_SECRET: \"{{ wordpress_oidc_client_secret | default('none') }}\"",
         "CLIENT_USERNAME: \"{{ wordpress_buergerportal_username | default('none') }}\"",
         "CLIENT_PASSWORD: \"{{ wordpress_buergerportal_password | default('none') }}\"",
-        "SK_NRW_ISSUER: \"{{ sk_nrw_issuer | default('none') }}\"",
-        "SK_NRW_PROVIDER_URL: \"{{ sk_nrw_provider_url | default('none') }}\"",
-        "SK_NRW_CLIENT_ID: \"{{ sk_nrw_client_id | default('none') }}\"",
-        "SK_NRW_CLIENT_SECRET: \"{{ sk_nrw_client_secret | default('none') }}\"",
+        "SK_NRW_ISSUER: \"{{ connect_wordpress_oidc_issuer }}\"",
+        "SK_NRW_PROVIDER_URL: \"{{ connect_wordpress_oidc_provider_url }}\"",
+        "SK_NRW_CLIENT_ID: \"{{ connect_wordpress_oidc_client_id }}\"",
+        "SK_NRW_CLIENT_SECRET: \"{{ connect_wordpress_oidc_client_secret }}\"",
         "SMARDIGO_AUTH_TOKEN_NAME: \"{{ smardigo_auth_token_name }}\"",
         "SMARDIGO_AUTH_TOKEN_VALUE: \"{{ smardigo_auth_token_value }}\"",
       ],