Merge pull request #2868 from edx/clintonb/oauth-update

Added OAUTH2_ACCESS_TOKEN_URL setting to discovery service

Merge pull request #2868 from edx/clintonb/oauth-update
Added OAUTH2_ACCESS_TOKEN_URL setting to discovery service
0198a560 · Kevin Falcone · d7a7fa15 · 04594a6e · 0198a560 · 0198a560
Commit 0198a560 authored Mar 23, 2016 by Kevin Falcone
6 changed files
--- a/docker.mk
+++ b/docker.mk
@@ -26,7 +26,7 @@ pkg: docker.pkg
 clean:
 	rm -rf .build

-docker.test.shard: $(foreach image,$(shell echo $(images) | tr ' ' '\n' | sed -n '$(SHARD)~$(SHARDS)p'),$(docker_test)$(image))
+docker.test.shard: $(foreach image,$(shell echo $(images) | tr ' ' '\n' | awk 'NR%$(SHARDS)==$(SHARD)'),$(docker_test)$(image))

 docker.build: $(foreach image,$(images),$(docker_build)$(image))
 docker.test: $(foreach image,$(images),$(docker_test)$(image))
@@ -52,8 +52,8 @@ $(docker_push)%: $(docker_pkg)%

 .build/%/Dockerfile.d: docker/build/%/Dockerfile Makefile
 	@mkdir -p .build/$*
-	$(eval FROM=$(shell grep "^\s*FROM" $< | sed --regexp-extended "s/FROM //" | sed --regexp-extended "s/:/@/g"))
-	$(eval EDXOPS_FROM=$(shell echo "$(FROM)" | sed --regexp-extended "s#edxops/([^@]+)(@.*)?#\1#"))
+	$(eval FROM=$(shell grep "^\s*FROM" $< | sed -E "s/FROM //" | sed -E "s/:/@/g"))
+	$(eval EDXOPS_FROM=$(shell echo "$(FROM)" | sed -E "s#edxops/([^@]+)(@.*)?#\1#"))
 	@echo "$(docker_build)$*: $(docker_pull)$(FROM)" > $@
 	@if [ "$(EDXOPS_FROM)" != "$(FROM)" ]; then \
 	echo "$(docker_test)$*: $(docker_test)$(EDXOPS_FROM:@%=)" >> $@; \
@@ -65,10 +65,10 @@ $(docker_push)%: $(docker_pkg)%

 .build/%/Dockerfile.test: docker/build/%/Dockerfile Makefile
 	@mkdir -p .build/$*
-	@sed --regexp-extended "s#FROM edxops/([^:]+)(:\S*)?#FROM \1:test#" $< > $@
+	@sed -E "s#FROM edxops/([^:]+)(:\S*)?#FROM \1:test#" $< > $@

 .build/%/Dockerfile.pkg: docker/build/%/Dockerfile Makefile
 	@mkdir -p .build/$*
-	@sed --regexp-extended "s#FROM edxops/([^:]+)(:\S*)?#FROM \1:test#" $< > $@
+	@sed -E "s#FROM edxops/([^:]+)(:\S*)?#FROM \1:test#" $< > $@

 -include $(foreach image,$(images),.build/$(image)/Dockerfile.d)
--- a/docker/README.md
+++ b/docker/README.md
@@ -4,7 +4,7 @@

 Docker support for edX services is volatile and experimental.
 We welcome interested testers and contributors. If you are
-interested in paticipating, please join us on Slack at
+interested in participating, please join us on Slack at
 https://openedx.slack.com/messages/docker.

 We do not and may never run run these images in production.

--- a/playbooks/roles/ansible-role-django-ida/templates/defaults/main.yml.j2
+++ b/playbooks/roles/ansible-role-django-ida/templates/defaults/main.yml.j2
@@ -42,7 +42,7 @@
 {{ role_name|upper }}_VERSION: "master"
 {{ role_name|upper }}_DJANGO_SETTINGS_MODULE: "{{ role_name }}.settings.production"
 {{ role_name|upper }}_URL_ROOT: 'http://{{ role_name }}:18{{ port_suffix }}'
-{{ role_name|upper }}_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'
+{{ role_name|upper }}_OAUTH_URL_ROOT: '{{ EDXAPP_LMS_ISSUER | default("http://127.0.0.1:8000/oauth2") }}'

 {{ role_name|upper }}_SECRET_KEY: 'Your secret key here'
 {{ role_name|upper }}_TIME_ZONE: 'UTC'
@@ -63,7 +63,7 @@
  SOCIAL_AUTH_EDX_OIDC_KEY: '{{ '{{' }} {{ role_name|upper }}_SOCIAL_AUTH_EDX_OIDC_KEY }}'
  SOCIAL_AUTH_EDX_OIDC_SECRET: '{{ '{{' }} {{ role_name|upper }}_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
  SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY: '{{ '{{' }} {{ role_name|upper }}_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
-  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ '{{' }} {{ role_name|upper }}_OAUTH_URL_ROOT }}/oauth2'
+  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ '{{' }} {{ role_name|upper }}_OAUTH_URL_ROOT }}'
  SOCIAL_AUTH_REDIRECT_IS_HTTPS: '{{ '{{' }} {{ role_name|upper }}_SOCIAL_AUTH_REDIRECT_IS_HTTPS }}'

  STATIC_ROOT: "{{ '{{' }} COMMON_DATA_DIR }}/{{ '{{' }} {{ role_name }}_service_name }}/staticfiles"

--- a/playbooks/roles/credentials/defaults/main.yml
+++ b/playbooks/roles/credentials/defaults/main.yml
@@ -48,7 +48,7 @@ CREDENTIALS_CACHES:
 CREDENTIALS_DJANGO_SETTINGS_MODULE: "credentials.settings.production"
 CREDENTIALS_DOMAIN: 'credentials'
 CREDENTIALS_URL_ROOT: 'http://{{ CREDENTIALS_DOMAIN }}:18150'
-CREDENTIALS_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'
+CREDENTIALS_OAUTH_URL_ROOT: '{{ EDXAPP_LMS_ISSUER | default("http://127.0.0.1:8000/oauth2") }}'

 CREDENTIALS_SECRET_KEY: 'SET-ME-TO-A-UNIQUE-LONG-RANDOM-STRING'
 CREDENTIALS_TIME_ZONE: 'UTC'
@@ -155,11 +155,11 @@ CREDENTIALS_SERVICE_CONFIG:
  TIME_ZONE: '{{ CREDENTIALS_TIME_ZONE }}'
  LANGUAGE_CODE: '{{ CREDENTIALS_LANGUAGE_CODE }}'

-  OAUTH2_PROVIDER_URL: '{{ CREDENTIALS_OAUTH_URL_ROOT }}/oauth2'
+  OAUTH2_PROVIDER_URL: '{{ CREDENTIALS_OAUTH_URL_ROOT }}'
  SOCIAL_AUTH_EDX_OIDC_KEY: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_KEY }}'
  SOCIAL_AUTH_EDX_OIDC_SECRET: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
  SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY: '{{ CREDENTIALS_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
-  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ CREDENTIALS_OAUTH_URL_ROOT }}/oauth2'
+  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ CREDENTIALS_OAUTH_URL_ROOT }}'
  SOCIAL_AUTH_REDIRECT_IS_HTTPS: '{{ CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS }}'

  # db config

--- a/playbooks/roles/discovery/defaults/main.yml
+++ b/playbooks/roles/discovery/defaults/main.yml
@@ -55,7 +55,8 @@ DISCOVERY_CACHES:
 DISCOVERY_VERSION: "master"
 DISCOVERY_DJANGO_SETTINGS_MODULE: "course_discovery.settings.production"
 DISCOVERY_URL_ROOT: 'http://discovery:18381'
-DISCOVERY_OAUTH_URL_ROOT: 'http://127.0.0.1:8000'
+DISCOVERY_OAUTH_URL_ROOT: '{{ EDXAPP_LMS_ISSUER | default("http://127.0.0.1:8000/oauth2") }}'
+DISCOVERY_OAUTH2_ACCESS_TOKEN_URL: '{{ DISCOVERY_OAUTH_URL_ROOT }}/access_token'

 DISCOVERY_SECRET_KEY: 'Your secret key here'
 DISCOVERY_TIME_ZONE: 'UTC'
@@ -79,9 +80,11 @@ DISCOVERY_SERVICE_CONFIG:
  SOCIAL_AUTH_EDX_OIDC_KEY: '{{ DISCOVERY_SOCIAL_AUTH_EDX_OIDC_KEY }}'
  SOCIAL_AUTH_EDX_OIDC_SECRET: '{{ DISCOVERY_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
  SOCIAL_AUTH_EDX_OIDC_ID_TOKEN_DECRYPTION_KEY: '{{ DISCOVERY_SOCIAL_AUTH_EDX_OIDC_SECRET }}'
-  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ DISCOVERY_OAUTH_URL_ROOT }}/oauth2'
+  SOCIAL_AUTH_EDX_OIDC_URL_ROOT: '{{ DISCOVERY_OAUTH_URL_ROOT }}'
  SOCIAL_AUTH_REDIRECT_IS_HTTPS: '{{ DISCOVERY_SOCIAL_AUTH_REDIRECT_IS_HTTPS }}'

+  OAUTH2_ACCESS_TOKEN_URL: '{{ DISCOVERY_OAUTH2_ACCESS_TOKEN_URL }}'
+
  STATIC_ROOT: "{{ COMMON_DATA_DIR }}/{{ discovery_service_name }}/staticfiles"
  # db config
  DATABASE_OPTIONS:

--- a/util/jenkins/ansible-provision.sh
+++ b/util/jenkins/ansible-provision.sh
@@ -282,7 +282,6 @@ CREDENTIALS_URL_ROOT: "http://{{ CREDENTIALS_DOMAIN }}"
 CREDENTIALS_SOCIAL_AUTH_REDIRECT_IS_HTTPS: true
 COURSE_DISCOVERY_ECOMMERCE_API_URL: "https://ecommerce-${deploy_host}/api/v2"

-DISCOVERY_OAUTH_URL_ROOT: "https://${deploy_host}"
 DISCOVERY_URL_ROOT: "https://discovery-${deploy_host}"
 DISCOVERY_SOCIAL_AUTH_REDIRECT_IS_HTTPS: true