Commit d0841a2a authored by Daniel Dehennin's avatar Daniel Dehennin

Merge branch 'feature/oauth2' into 'master'

feat(oauth2): configure the OAuth2 plugin

See merge request la-crise/discourse-formula!3
parents 93efc81a c663f7d1
......@@ -28,9 +28,78 @@ Then, we make the formula available to minions by linking it's directory in the
ln -s ~/.salt/srv/formula/discourse-formula/discourse ~/.salt/srv/salt/discourse
Create the pillar ``~/.salt/srv/pillar/discourse.sls`` to configure discourse:
.. code-block:: yaml
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
discourse:
hostname: 'forum.example.net'
developer_emails: 'me@example.net'
smtp:
address: 'smtp.example.net'
port: '25'
user_name: 'me@example.net'
start_tls: true
# the following must be set in pillar
# smtp_password: ~
letsencrypt:
enabled: true
account_email: 'me@example.net'
settings:
default_locale: fr
title: This is a sample Discourse
site_description: This is a web forum based on Discourse
short_site_description: Web forum
contact_email: william.shakespears@example.net
contact_url: https://shakespears.example.net
enable_signup_cta: 'false'
default_trust_level: '1'
# Disable local logins for OAuth2
enable_local_logins: 'false'
oauth2:
enabled: true
# set settings without the `oauth2_` prefix
# https://github.com/discourse/discourse-oauth2-basic/blob/master/config/settings.yml
client_id: sso
client_secret: ThisIsVerySecret
authorize_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/auth
token_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/token/
callback_user_info_paths: ~
user_json_url: https://auth.example.net/auth/realms/apps/protocol/openid-connect/userinfo
json_user_id_path: sub
json_username_path: preferred_username
json_name_path: name
json_email_path: email
json_email_verified_path: email_verified
debug_auth: 'true'
button_title: OAuth Example
full_screen_login: 'true'
users:
william:
# Password reset mail is sent by default
email: 'william.shakespears@example.net'
enabled: true
admin: true
...
Now, associate this pillar to the minion by creating or updating ``~/.salt/pillar/top.sls``:
.. code-block:: yaml
base:
'forum':
- discourse
Now, it's possible to deploy and configure the `discourse`_ application container:
.. code-block:: bash
salt-ssh forum.example.net state.apply discourse
salt-ssh forum state.apply discourse
You can can execute ``laucher`` command directly with `salt-ssh`_ or apply ``states`` one by one, for more information on which ``states`` are available you should read the `formula documentation`_.
......@@ -125,8 +194,8 @@ This file is associate several parameters to a host:
# -*- yaml -*-
minion1:
host: minion1.example.net
forum:
host: forum.example.net
user: debian
sudo: True
......
......@@ -96,6 +96,9 @@ hooks:
cd: $home/plugins
cmd:
- git clone https://github.com/discourse/docker_manager.git
{%- if discourse | traverse('oauth2:enabled', False) | to_bool %}
- git clone {{ discourse | traverse('oauth2:git-url') }}
{%- endif %}
## Any custom commands to run after building
run:
......
......@@ -27,6 +27,25 @@ values:
contact_email: ~
contact_url: ~
# users: {}
oauth2:
git-url: 'https://github.com/discourse/discourse-oauth2-basic.git'
# set settings without the `oauth2_` prefix
# https://github.com/discourse/discourse-oauth2-basic/blob/master/config/settings.yml
enabled: false
client_id: sso
client_secret: ThisIsVerySecret
authorize_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/auth
token_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/token/
callback_user_info_paths: ~
user_json_url: https://auth.example.net/auth/realms/apps/protocol/openid-connect/userinfo
json_user_id_path: sub
json_username_path: preferred_username
json_name_path: name
json_email_path: email
json_email_verified_path: email_verified
debug_auth: 'true'
button_title: OAuth Example
full_screen_login: 'true'
launcher:
rebuild_cmd: './launcher rebuild app'
bootstrap_cmd: './launcher bootstrap app'
......
......@@ -3,3 +3,4 @@
include:
- .global
- .oauth2
# -*- coding: utf-8 -*-
# vim: ft=sls
{#- Get the `tplroot` from `tpldir` #}
{%- set tplroot = tpldir.split('/')[0] %}
{%- set sls_service_running = tplroot ~ '.service.running' %}
{%- from tplroot | path_join("map.jinja") import discourse with context %}
{%- from tplroot | path_join("libtofs.jinja") import files_switch with context %}
{#- Do nothing if OAuth2 is not enabled #}
{% if discourse | traverse('oauth2:enabled', False) | to_bool %}
include:
- {{ sls_service_running }}
{%- set settings_filename = 'oauth2.yaml' %}
{%- set settings_contairer_path = '/shared' | path_join('settings',
settings_filename)
%}
{%- set settings_path = discourse.directory | path_join('shared',
'standalone',
'settings',
settings_filename)
%}
{%- set import_cmd = 'cd /var/www/discourse/ '
~ '&& rake site_settings:import '
~ '< ' ~ settings_contairer_path
%}
{#- the configuration mix settings with formula parameters #}
{% set skip_settings = {'git-url': true} %}
{#- all oauth2 values are prefixed with `oauth2_` #}
{%- set settings = {} %}
{%- for key, value in discourse.get('oauth2', {}).items() %}
{%- if key not in skip_settings %}
{%- do settings.update({'oauth2_' ~ key: value}) %}
{%- endif %}
{%- endfor %}
discourse-setup-settings-oauth2-file-managed:
file.managed:
- name: {{ settings_path }}
- source: {{ files_switch(['settings.yaml.jinja'],
lookup='discourse-setup-settings-oauth2-file-managed',
use_subpath=True
)
}}
- mode: 644
- user: root
- group: root
- makedirs: True
- template: jinja
- context:
settings: {{ settings }}
- require:
- sls: {{ sls_service_running }}
discourse-setup-settings-oauth2-import-cmd-run:
cmd.run:
- name: {{ discourse | traverse('launcher:run_cmd')
~ " '"
~ import_cmd
~ "'"
}}
- cwd: {{ discourse.directory }}
- require:
- sls: {{ sls_service_running }}
{%- endif %}
......@@ -22,6 +22,26 @@ discourse:
contact_email: william.shakespears@example.net
contact_url: https://shakespears.example.net
default_trust_level: '1'
# Disable local logins for OAuth2
enable_local_logins: 'false'
oauth2:
# set settings without the `oauth2_` prefix
# https://github.com/discourse/discourse-oauth2-basic/blob/master/config/settings.yml
enabled: true
client_id: sso
client_secret: ThisIsVerySecret
authorize_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/auth
token_url: https://auth.example.net/auth/realms/example/protocol/openid-connect/token/
callback_user_info_paths: ~
user_json_url: https://auth.example.net/auth/realms/apps/protocol/openid-connect/userinfo
json_user_id_path: sub
json_username_path: preferred_username
json_name_path: name
json_email_path: email
json_email_verified_path: email_verified
debug_auth: 'true'
button_title: OAuth Example
full_screen_login: 'true'
users:
william:
# Password reset mail is sent by default
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment