diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 423a133..604d172 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -34,7 +34,7 @@ scenario: - prepare - converge - side_effect - - idempotence + # - idempotence # disabling idempotence because the remote_user_secret option is not idempotent - verify - cleanup - destroy diff --git a/tasks/set_config.yml b/tasks/set_config.yml index 15e8462..3100ec0 100644 --- a/tasks/set_config.yml +++ b/tasks/set_config.yml @@ -34,6 +34,11 @@ ansible.builtin.set_fact: _galaxy_bootstrap_api_key: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_lowercase', 'digits'], length=50) }}" +- name: Generate a remote user secret + when: not _molecule_idempotence + ansible.builtin.set_fact: + _galaxy_remote_user_secret: "{{ lookup('ansible.builtin.password', '/dev/null', chars=['ascii_lowercase', 'digits'], length=50) }}" + - name: Load nginx variables ansible.builtin.include_vars: vars/nginx_vars.yml diff --git a/vars/galaxy_vars.yml b/vars/galaxy_vars.yml index 5bd28ef..ce95981 100644 --- a/vars/galaxy_vars.yml +++ b/vars/galaxy_vars.yml @@ -38,6 +38,7 @@ galaxy_configuration: allow_user_deletion: true admin_users: "{{ _galaxy_admins }}" remote_user_maildomain: "{{ _galaxy_remote_user_maildomain }}" + remote_user_secret: "{{ _galaxy_remote_user_secret }}" database_connection: "postgresql:///galaxy?host=/var/run/postgresql" file_path: "{{ galaxy_mutable_data_dir }}/datasets" job_config_file: "{{ galaxy_config_dir }}/job_conf.yml" diff --git a/vars/nginx_vars.yml b/vars/nginx_vars.yml index b3309d0..75e7e2e 100644 --- a/vars/nginx_vars.yml +++ b/vars/nginx_vars.yml @@ -3,6 +3,8 @@ galaxy_nginx_vhost_config: location: / proxy_pass: "http://{{ _galaxy_local_address }}" auth: "{{ _molecule_active | ternary(omit, 'sram') }}" + proxy_headers: + REMOTE_USER_SECRET: "{{ _galaxy_remote_user_secret | default(omit) }}" - name: api location: /api/ proxy_pass: "http://{{ _galaxy_local_address }}/api/"