From 6a0d3e1765a7cd41d470283d61e70e8dd32ba561 Mon Sep 17 00:00:00 2001
From: Bart Geesink <bart.geesink@surf.nl>
Date: Tue, 26 Nov 2024 21:57:12 +0100
Subject: [PATCH] OIDCNG: make it possible to connect to a locally available
 mongo in docker

---
 roles/oidcng/defaults/main.yml            |  7 ++++---
 roles/oidcng/tasks/main.yml               | 13 ++++++++-----
 roles/oidcng/templates/application.yml.j2 |  2 +-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/roles/oidcng/defaults/main.yml b/roles/oidcng/defaults/main.yml
index cc444fba4..44641c6c1 100644
--- a/roles/oidcng/defaults/main.yml
+++ b/roles/oidcng/defaults/main.yml
@@ -1,8 +1,8 @@
 ---
 oidcng_dir: /opt/openconext/oidcng
 oidcng_config_dir: /config
-oidcng_version: ''
-oidcng_snapshot_timestamp: ''
+oidcng_version: ""
+oidcng_snapshot_timestamp: ""
 oidcng_cronjobmaster: true
 oidcng_saml_sp_entityid: https://connect.{{ base_domain }}
 oidcng_idp_metadata_url: https://engine.{{ base_domain }}/authentication/idp/metadata
@@ -19,4 +19,5 @@ oidcng_manage_provision_samlsp_metadata_url: "https://connect.{{ base_domain }}/
 oidcng_manage_provision_samlsp_sp_cert: "{{ lookup('file', '{{ inventory_dir }}/files/certs/oidc/oidcsaml.crt') | depem }}"
 oidcng_manage_provision_samlsp_sign: "True"
 oidcng_manage_provision_samlsp_trusted_proxy: "True"
-
+oidcng_docker_networks:
+  - name: loadbalancer
diff --git a/roles/oidcng/tasks/main.yml b/roles/oidcng/tasks/main.yml
index fdd8834e8..fa35fac7c 100644
--- a/roles/oidcng/tasks/main.yml
+++ b/roles/oidcng/tasks/main.yml
@@ -88,6 +88,13 @@
     group: "root"
     mode: "0755"
 
+- name: Add the mongodb docker network to the list of networks when MongoDB runs in Docker
+  ansible.builtin.set_fact:
+    oidcng_docker_networks:
+      - name: loadbalancer
+      - name: openconext_mongodb
+  when: mongodb_in_docker | default(false) | bool
+
 - name: Create and start the server container
   community.docker.docker_container:
     name: oidcngserver
@@ -96,8 +103,7 @@
     pull: true
     restart_policy: "always"
     state: started
-    networks:
-      - name: "loadbalancer"
+    networks: "{{ oidcng_docker_networks }}"
     mounts:
       - source: "{{ oidcng_dir }}"
         target: /config/
@@ -137,9 +143,6 @@
       traefik.http.middlewares.oidcngmw.replacepathregex.regex: "^/.well-known/openid-configuration"
       traefik.http.middlewares.oidcngmw.replacepathregex.replacement: "/oidc/.well-known/openid-configuration"
   register: oidcngservercontainer
-
-
-
 #- name: Include the role manage_provision_entities to provision oidncg to Manage
 #  ansible.builtin.include_role:
 #    name: manage_provision_entities
diff --git a/roles/oidcng/templates/application.yml.j2 b/roles/oidcng/templates/application.yml.j2
index f4595497c..c4f4d58d6 100644
--- a/roles/oidcng/templates/application.yml.j2
+++ b/roles/oidcng/templates/application.yml.j2
@@ -76,7 +76,7 @@ idp:
 spring:
   data:
     mongodb:
-      uri: "mongodb://{{ oidcng.mongo_user }}:{{ oidcng.mongo_password }}@{% for host in groups['mongo_servers'] %}{{ hostvars[host]['inventory_hostname'] }}:{{ oidcng.mongo_port }}{% if not loop.last %},{% endif %}{%endfor %}/{{ oidcng.mongo_database }}?ssl=true"
+      uri: "mongodb://{{ oidcng.mongo_user }}:{{ oidcng.mongo_password }}@{% for host in groups['mongo_servers'] %}{{ hostvars[host]['inventory_hostname'] }}:{{ oidcng.mongo_port }}{% if not loop.last %},{% endif %}{%endfor %}/{{ oidcng.mongo_database }}?ssl={{ mongodb_ssl | default('true') }}"
 
   thymeleaf:
     cache: true