Access: Rename to invite

OpenConext · Sep 26, 2023 · b7ec49a · b7ec49a
1 parent 7cec0d0
commit b7ec49a
Show file tree

Hide file tree

Showing 7 changed files with 82 additions and 82 deletions.
diff --git a/roles/access/defaults/main.yml b/roles/access/defaults/main.yml
diff --git a/roles/access/vars/main.yml b/roles/access/vars/main.yml
diff --git a/roles/invite/defaults/main.yml b/roles/invite/defaults/main.yml
@@ -0,0 +1,14 @@
+invite_manage_provision_oidcrp_client_id: "{{ invite.oidc_client_id }}"
+invite_manage_provision_oidcrp_name_en: "{{ instance_name }} invite"
+invite_manage_provision_oidcrp_description_en: "{{ instance_name }} invite"
+invite_manage_provision_oidcrp_secret: "{{ invite.oidc_secret }}"
+invite_manage_provision_oidcrp_redirecturls: "https://invite.{{ base_domain }}/redirect"
+invite_manage_provision_oidcrp_grants: "authorization_code"
+invite_manage_provision_oidcrp_allowed_resource_servers: '{"name": "{{ invite.resource_server_id }}"}'
+invite_manage_provision_oidcrp_is_public_client: false
+
+invite_manage_provision_oauth_rs_name_en: "{{ instance_name }} invite Resource Server"
+invite_manage_provision_oauth_rs_description_en: "{{ instance_name }}  invite Resource Server"
+invite_manage_provision_oauth_rs_client_id: "{{ invite.resource_server_id }}"
+invite_manage_provision_oauth_rs_rp_secret: "{{ invite.resource_server_secret }}"
+invite_manage_provision_oauth_rs_scopes: "openid"
diff --git a/roles/access/tasks/main.yml → roles/invite/tasks/main.yml b/roles/access/tasks/main.yml → roles/invite/tasks/main.yml
@@ -1,7 +1,7 @@
 ---
 - name: Create directory to keep configfile
   ansible.builtin.file:
-    dest: "/opt/openconext/access"
+    dest: "/opt/openconext/invite"
     state: directory
     owner: root
     group: root
@@ -10,7 +10,7 @@
 - name: Place the serverapplication configfiles
   ansible.builtin.template:
     src: "{{ item }}.j2"
-    dest: /opt/openconext/access/{{ item }}
+    dest: /opt/openconext/invite/{{ item }}
     owner: root
     group: root
     mode: "0644"
@@ -21,7 +21,7 @@
 - name: Place the mockapplication configfiles
   ansible.builtin.template:
     src: "{{ item }}.j2"
-    dest: /opt/openconext/access/{{ item }}
+    dest: /opt/openconext/invite/{{ item }}
     owner: root
     group: root
     mode: "0644"
@@ -31,15 +31,15 @@
 
 - name: Create and start the server container
   community.docker.docker_container:
-    name: openconextaccessserver
-    image: ghcr.io/openconext/openconext-access/accessserver:{{ access_server_version }}
+    name: inviteserver
+    image: ghcr.io/openconext/openconext-invite/inviteserver:{{ invite_server_version }}
     pull: true
     restart_policy: "always"
     state: started
     networks:
       - name: "loadbalancer"
     mounts:
-      - source: /opt/openconext/access/serverapplication.yml
+      - source: /opt/openconext/invite/serverapplication.yml
         target: /application.yml
         type: bind
     command: '--spring.config.location=./'
@@ -50,16 +50,16 @@
 
 - name: Create and (re)start the server container
   community.docker.docker_container:
-    name: openconextaccessserver
-    image: ghcr.io/openconext/openconext-access/accessserver:{{ access_server_version }}
+    name: openconextinviteserver
+    image: ghcr.io/openconext/openconext-invite/inviteserver:{{ invite_server_version }}
     pull: true
     restart_policy: "always"
     state: started
     restart: true
     networks:
       - name: "loadbalancer"
     mounts:
-      - source: /opt/openconext/access/serverapplication.yml
+      - source: /opt/openconext/invite/serverapplication.yml
         target: /application.yml
         type: bind
     command: '--spring.config.location=./'
@@ -70,82 +70,82 @@
 
 - name: Create the client container
   community.docker.docker_container:
-    name: accessclient
-    image: ghcr.io/openconext/openconext-access/accessclient:{{ access_client_version }}
+    name: inviteclient
+    image: ghcr.io/openconext/openconext-invite/inviteclient:{{ invite_client_version }}
     pull: true
     restart_policy: "always"
     state: started
     networks:
       - name: "loadbalancer"
     labels:
-      traefik.http.routers.accessclient.rule: "Host(`access.{{ base_domain }}`)"
-      traefik.http.routers.accessclient.tls: "true"
+      traefik.http.routers.inviteclient.rule: "Host(`invite.{{ base_domain }}`)"
+      traefik.http.routers.inviteclient.tls: "true"
       traefik.enable: "true"
 
 - name: Create the welcome container
   community.docker.docker_container:
-    name: accesswelcome
-    image: ghcr.io/openconext/openconext-access/accessswelcome:{{ access_welcome_version }}
+    name: invitewelcome
+    image: ghcr.io/openconext/openconext-invite/invitewelcome:{{ invite_welcome_version }}
     pull: true
     restart_policy: "always"
     state: started
     networks:
       - name: "loadbalancer"
     labels:
-      traefik.http.routers.accesswelcome.rule: "Host(`welcome.{{ base_domain }}`)"
-      traefik.http.routers.accesswelcome.tls: "true"
+      traefik.http.routers.invitewelcome.rule: "Host(`welcome.{{ base_domain }}`)"
+      traefik.http.routers.invitewelcome.tls: "true"
       traefik.enable: "true"
 
 - name: Create and start the mock provisioning container
   community.docker.docker_container:
-    name: accesssprovisioningmock
-    image: ghcr.io/openconext/openconext-access/accesssprovisioningmock:{{ access_mock_version }}
+    name: inviteprovisioningmock
+    image: ghcr.io/openconext/openconext-invite/inviteprovisioningmock:{{ invite_mock_version }}
     pull: true
     restart_policy: "always"
     state: started
     command: '--spring.config.location=./'
     mounts:
-      - source: /opt/openconext/access/mockapplication.yml
+      - source: /opt/openconext/invite/mockapplication.yml
         target: /application.yml
         type: bind
     networks:
       - name: "loadbalancer"
     labels:
-      traefik.http.routers.accessmock.rule: "Host(`mock.{{ base_domain }}`)"
-      traefik.http.routers.accessmock.tls: "true"
-      traefik.http.services.accessmock.loadbalancer.server.port: "8081"
+      traefik.http.routers.invitemock.rule: "Host(`mock.{{ base_domain }}`)"
+      traefik.http.routers.invitemock.tls: "true"
+      traefik.http.services.invitemock.loadbalancer.server.port: "8081"
       traefik.enable: "true"
   when: not mockconfigfiles.changed
 
 - name: Create and (re)start the mock provisioning container
   community.docker.docker_container:
-    name: accesssprovisioningmock
-    image: ghcr.io/openconext/openconext-access/accesssprovisioningmock:{{ access_mock_version }}
+    name: inviteprovisioningmock
+    image: ghcr.io/openconext/openconext-invite/inviteprovisioningmock:{{ invite_mock_version }}
     pull: true
     restart_policy: "always"
     restart: true
     state: started
     command: '--spring.config.location=./'
     mounts:
-      - source: /opt/openconext/access/mockapplication.yml
+      - source: /opt/openconext/invite/mockapplication.yml
         target: /application.yml
         type: bind
     networks:
       - name: "loadbalancer"
     labels:
-      traefik.http.routers.accessmock.rule: "Host(`mock.{{ base_domain }}`)"
-      traefik.http.routers.accessmock.tls: "true"
-      traefik.http.services.accessmock.loadbalancer.server.port: "8081"
+      traefik.http.routers.invitemock.rule: "Host(`mock.{{ base_domain }}`)"
+      traefik.http.routers.invitemock.tls: "true"
+      traefik.http.services.invitemock.loadbalancer.server.port: "8081"
       traefik.enable: "true"
   when: mockconfigfiles.changed
 
-- name: Include the role manage_provision_entities to provision access client to Manage
+- name: Include the role manage_provision_entities to provision invite client to Manage
   ansible.builtin.include_role:
     name: manage_provision_entities
   vars:
     entity_type: oidc10_rp
 
-- name: Include the role manage_provision_entities to provision access client to Manage
+- name: Include the role manage_provision_entities to provision invite client to Manage
   ansible.builtin.include_role:
     name: manage_provision_entities
   vars:

diff --git a/...s/access/templates/mockapplication.yml.j2 → ...s/invite/templates/mockapplication.yml.j2 b/...s/access/templates/mockapplication.yml.j2 → ...s/invite/templates/mockapplication.yml.j2
@@ -14,9 +14,9 @@ spring:
     open-in-view: false
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://{{ access.db_host }}/access
-    username: {{ access.db_user }}
-    password: {{ access.db_secret }}
+    url: jdbc:mysql://{{ invite.db_host }}/invite
+    username: {{ invite.db_user }}
+    password: {{ invite.db_secret }}
 
 server:
   port: 8081

diff --git a/...access/templates/serverapplication.yml.j2 → ...invite/templates/serverapplication.yml.j2 b/...access/templates/serverapplication.yml.j2 → ...invite/templates/serverapplication.yml.j2
@@ -26,8 +26,8 @@ spring:
       client:
         registration:
           oidcng:
-            client-id: "{{ access.oidc_client_id }}"
-            client-secret: "{{ access.oidc_secret }}"
+            client-id: "{{ invite.oidc_client_id }}"
+            client-secret: "{{ invite.oidc_secret }}"
             redirect-uri: "https://{baseHost}{basePort}{basePath}/login/oauth2/code/{registrationId}"
             authorization-grant-type: "authorization_code"
             scope: openid
@@ -47,9 +47,9 @@ spring:
     open-in-view: false
   datasource:
     driver-class-name: com.mysql.cj.jdbc.Driver
-    url: jdbc:mysql://{{ access.db_host }}/access
-    username: {{ access.db_user }}
-    password: {{ access.db_secret }}
+    url: jdbc:mysql://{{ invite.db_host }}/invite
+    username: {{ invite.db_user }}
+    password: {{ invite.db_secret }}
   flyway:
     locations: classpath:db/{vendor}/migration
     fail-on-missing-locations: true
@@ -68,34 +68,34 @@ cron:
 oidcng:
   discovery-url: "https://connect.{{ base_domain }}/oidc/.well-known/openid-configuration"
   introspect-url: "https://connect.{{ base_domain }}/oidc/introspect"
-  resource-server-id: {{ access.resource_server_id }}
-  resource-server-secret: "{{ access.resource_server_secret }}"
-  base-url: https://access.{{ base_domain }}
+  resource-server-id: {{ invite.resource_server_id }}
+  resource-server-secret: "{{ invite.resource_server_secret }}"
+  base-url: https://invite.{{ base_domain }}
 
 super-admin:
-  users: {{ access.super_admins }}
+  users: {{ invite.super_admins }}
 
 config:
-  client-url: "https://access.{{ base_domain}}"
+  client-url: "https://invite.{{ base_domain}}"
   welcome-url: "https://welcome.{{ base_domain}}"
-  server-url: "https://access.{{ base_domain }}"
+  server-url: "https://invite.{{ base_domain }}"
   server-welcome-url: "https://welcome.{{ base_domain }}"
   eduid-entity-id: "https://login.{{ myconext_base_domain }}"
   role-search-required: false
-  past-date-allowed: {{ access.past_date_allowed }}
+  past-date-allowed: {{ invite.past_date_allowed }}
 
 voot:
-  user: {{ access.vootuser}}
-  password: {{ access.vootsecret}}
-  group_urn_domain: urn:mace:surf.nl:test.surfaccess.nl
+  user: {{ invite.vootuser}}
+  password: {{ invite.vootsecret}}
+  group_urn_domain: urn:mace:surf.nl:test.surfinvite.nl
 
 attribute-aggregation:
-  user: {{ access.attribute_aggregation_user }}
-  password: {{ access.attribute_aggregation_secret }}
+  user: {{ invite.attribute_aggregation_user }}
+  password: {{ invite.attribute_aggregation_secret }}
 
 lifecyle:
-  user: {{ access.lifecyle_user }}
-  password: {{ access.lifecyle_secret }}
+  user: {{ invite.lifecyle_user }}
+  password: {{ invite.lifecyle_secret }}
 
 email:
   from: "{{ noreply_email }}"
@@ -106,8 +106,8 @@ email:
 manage:
   enabled: true
   url: "https://manage.{{ base_domain }}"
-  user: {{ access.manageuser }}
-  password: {{ access.managesecret }}
+  user: {{ invite.manageuser }}
+  password: {{ invite.managesecret }}
 
 springdoc:
   pathsToMatch: "/api/external/v1/**"

diff --git a/roles/invite/vars/main.yml b/roles/invite/vars/main.yml
@@ -0,0 +1,13 @@
+manage_provision_oidcrp_client_id: "{{ invite_manage_provision_oidcrp_client_id }}"
+manage_provision_oidcrp_name_en: "{{ invite_manage_provision_oidcrp_name_en }}"
+manage_provision_oidcrp_description_en: "{{ invite_manage_provision_oidcrp_description_en }}"
+manage_provision_oidcrp_secret: "{{ invite_manage_provision_oidcrp_secret }}"
+manage_provision_oidcrp_redirecturls: "{{ invite_manage_provision_oidcrp_redirecturls }}"
+manage_provision_oidcrp_grants: "{{ invite_manage_provision_oidcrp_grants }}"
+manage_provision_oidcrp_allowed_resource_servers: "{{ invite_manage_provision_oidcrp_allowed_resource_servers }}"
+manage_provision_oidcrp_is_public_client: "{{ invite_manage_provision_oidcrp_is_public_client }}"
+manage_provision_oauth_rs_name_en: "{{ invite_manage_provision_oauth_rs_name_en }}"
+manage_provision_oauth_rs_description_en: "{{  invite_manage_provision_oauth_rs_description_en }}"
+manage_provision_oauth_rs_client_id: "{{ invite_manage_provision_oauth_rs_client_id }}"
+manage_provision_oauth_rs_secret: "{{ invite_manage_provision_oauth_rs_rp_secret }}"
+manage_provision_oauth_rs_scopes: "{{ invite_manage_provision_oauth_rs_scopes }}"