From 146f3c46dfa77225babdeb587a912116ba74b74e Mon Sep 17 00:00:00 2001
From: Hinrikus Wolf <hinrikus@fsmpi.rwth-aachen.de>
Date: Sun, 1 Jul 2018 16:12:01 +0200
Subject: [PATCH] migrate sso role

---
 uwsgi-python/handlers/main.yml     |  3 +++
 uwsgi-python/templates/apps/sso.j2 | 25 +++++++++++++++++++++++
 uwsgi-python/vars/sso.yml          | 32 ++++++++++++++++++++++++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 uwsgi-python/templates/apps/sso.j2
 create mode 100644 uwsgi-python/vars/sso.yml

diff --git a/uwsgi-python/handlers/main.yml b/uwsgi-python/handlers/main.yml
index f8d6c5e..a39e82f 100644
--- a/uwsgi-python/handlers/main.yml
+++ b/uwsgi-python/handlers/main.yml
@@ -18,3 +18,6 @@
   
 - name: restart uwsgi instance boxes
   service: name="uwsgi@boxes" state=restarted
+
+- name: restart uwsgi instance sso
+  service: name="uwsgi@sso" state=restarted
diff --git a/uwsgi-python/templates/apps/sso.j2 b/uwsgi-python/templates/apps/sso.j2
new file mode 100644
index 0000000..3734fdb
--- /dev/null
+++ b/uwsgi-python/templates/apps/sso.j2
@@ -0,0 +1,25 @@
+DEBUG = False
+
+from common.auth import LdapManager, ADManager
+
+{% if sso_auth_use_ad %}
+AUTH_MANAGER = ADManager(
+    host="{{ sso_auth_host }}",
+    domain="{{ sso_auth_domain }}",
+    user_dn="{{ sso_auth_user_dn }}",
+    group_dn="{{ sso_auth_group_dn }}",
+    ca_cert="{{ sso_auth_ca_cert }}")
+{% else %}
+AUTH_MANAGER = LdapManager(
+    host="{{ sso_auth_host }}",
+    user_dn="{{ sso_auth_user_dn }}",
+    group_dn="{{ sso_auth_group_dn }}")
+{% endif %}
+
+SESSION_COOKIE_DOMAIN = "{{ sso_domain }}"
+SESSION_COOKIE_NAME = "SSO-{}-SESSION".format(SESSION_COOKIE_DOMAIN.split(".")[0].upper())
+SESSION_COOKIE_HTTPONLY = True
+SESSION_REFRESH_EACH_REQUEST = True
+SESSION_COOKIE_SECURE = True
+
+from secret_config import secret_key as SECRET_KEY
diff --git a/uwsgi-python/vars/sso.yml b/uwsgi-python/vars/sso.yml
new file mode 100644
index 0000000..3b280a8
--- /dev/null
+++ b/uwsgi-python/vars/sso.yml
@@ -0,0 +1,32 @@
+app_name: sso
+app_user: sso
+app_group: sso
+app_home: /var/www/sso
+app_path: /var/www/sso/program
+app_python_version: 3
+app_venv: /var/www/sso/program
+app_program: sso.py
+app_callable: app
+app_command: ""
+app_mountpoint: /
+
+app_db_name: ""
+
+app_deploy_key: "{{ inventory_dir }}/files/deploy-keys/sso"
+app_git_url: "git@git.fsmpi.rwth-aachen.de:infra/sso.git"
+app_git_version: HEAD
+
+app_config_file: config.py
+app_secret_config: true
+
+app_additional_software: []
+
+sso_auth_use_ad: yes
+sso_auth_host: auth.example.com
+sso_auth_user_dn: "cn=users,dc=example,dc=com"
+sso_auth_group_dn: "dc=example,dc=com"
+sso_auth_ca_cert: ''
+sso_auth_domain: EXAMPLE
+
+sso_domain: "{{ domain }}"
+
-- 
GitLab