From e6e58a3fd378f29e5ac32bc841cdcf5a80c4cdd1 Mon Sep 17 00:00:00 2001
From: Philippe Caseiro <pcaseiro@cadoles.com>
Date: Mon, 13 Feb 2023 11:42:36 +0100
Subject: [PATCH 1/4] fix(haproxy): haproxy needs to be configured after the
 "services"

---
 tasks/main.yml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index be5563c..7688536 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -54,15 +54,6 @@
   ansible.builtin.include_tasks: hydra-database.yml
   when: not hydra_use_external_database  
 
-- name: Configure HAProxy
-  template:
-    src: haproxy.cfg.j2
-    dest: /etc/haproxy/haproxy.cfg
-    validate: "haproxy -c -f %s"
-  notify:
-    - Restart HAProxy
-  become: true
-
 - name: Create hydra-clients
   template:
     src: hydra-client.json.j2
@@ -121,4 +112,13 @@
 
 - name: Stop OIDC Test app if disabled
   ansible.builtin.include_tasks: stop-oidc-test.yml
-  when: not enable_oidc_test_app
\ No newline at end of file
+  when: not enable_oidc_test_app
+
+- name: Configure HAProxy
+  template:
+    src: haproxy.cfg.j2
+    dest: /etc/haproxy/haproxy.cfg
+    validate: "haproxy -c -f %s"
+  notify:
+    - Restart HAProxy
+  become: true
\ No newline at end of file

From 31268f9cd8c1c04116acbfd6395574f1b3693b5c Mon Sep 17 00:00:00 2001
From: cmsassot <cmsassot@cadoles.com>
Date: Wed, 15 Feb 2023 15:48:23 +0100
Subject: [PATCH 2/4] feat(hydra-dispatcher): ajout variable
 hydra_dispatcher_disable_app_auto_select

---
 defaults/main.yml                                 | 1 +
 templates/cadoles-pod-hydra-dispatcher-v1.conf.j2 | 1 +
 2 files changed, 2 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 29c0fd4..893d9b4 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -74,6 +74,7 @@ hydra_dispatcher_available_locales:
 hydra_dispatcher_sentry_dsn:
 hydra_dispatcher_sentry_environment:
 hydra_dispatcher_mounts: []
+hydra_dispatcher_disable_app_auto_select: true
 
 # Hydra Passwordless configuration
 
diff --git a/templates/cadoles-pod-hydra-dispatcher-v1.conf.j2 b/templates/cadoles-pod-hydra-dispatcher-v1.conf.j2
index 7b41211..d4c88d5 100644
--- a/templates/cadoles-pod-hydra-dispatcher-v1.conf.j2
+++ b/templates/cadoles-pod-hydra-dispatcher-v1.conf.j2
@@ -20,6 +20,7 @@ PODMAN_ARGS="\
     -e 'TRUSTED_PROXIES=127.0.0.1,10.0.2.0/24' \
     -e 'SENTRY_DSN={{ hydra_dispatcher_sentry_dsn }}' \
     -e 'SENTRY_ENVIRONMENT={{ hydra_dispatcher_sentry_environment }}' \
+    -e 'DISABLE_APP_AUTO_SELECT={{ hydra_dispatcher_disable_app_auto_select }}' \
     -v /etc/hydra-dispatcher/conf.d:/var/www/config/hydra \
     {% for item in hydra_dispatcher_mounts %}
     -v {{ item.host }}:{{ item.container }} \

From b419226b97a1381c3473b9b9f5607b195d42644b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laurent=20Gourv=C3=A9nec?= <lgourvenec@cadoles.com>
Date: Thu, 16 Feb 2023 12:27:29 +0100
Subject: [PATCH 3/4] Use haproxy base URL for entity_id in
 cadoles-pod-shibboleth-sp-v3.conf.j2

We need a common entity_id if we want 2 hydra with a same SAML Metadata
---
 templates/cadoles-pod-shibboleth-sp-v3.conf.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2 b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
index 24a2c90..0ee0927 100644
--- a/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
+++ b/templates/cadoles-pod-shibboleth-sp-v3.conf.j2
@@ -4,7 +4,7 @@ PODMAN_ARGS="\
     --network=slirp4netns:allow_host_loopback=true \
     --replace --name 'cadoles-pod-shibboleth-sp-v3' \
     --tz=local \
-    -e 'SP_ENTITY_ID=http://{{ ansible_fqdn }}{{ haproxy_hydra_saml_base_path }}' \
+    -e 'SP_ENTITY_ID={{ haproxy_public_base_url }}{{ haproxy_hydra_saml_base_path }}' \
     -e 'SP_LOG_LEVEL={{ hydra_saml_sp_log_level }}' \
     -e 'IDP_ENTITY_ID={{ hydra_saml_idp_entity_id }}' \
     -e 'IDP_METADATA_URL={{ hydra_saml_idp_metadata_url }}' \

From 05bc71e15ab7917b224f49402bf5a525005cb7f1 Mon Sep 17 00:00:00 2001
From: vfebvre <vfebvre@cadoles.com>
Date: Mon, 20 Feb 2023 10:20:56 +0100
Subject: [PATCH 4/4] fix[hydra] log level

---
 templates/haproxy.cfg.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/haproxy.cfg.j2 b/templates/haproxy.cfg.j2
index 77db873..27cabbe 100644
--- a/templates/haproxy.cfg.j2
+++ b/templates/haproxy.cfg.j2
@@ -1,7 +1,7 @@
 # {{ ansible_managed }}
 global
-    log /dev/log	local0
-    log /dev/log	local1 notice
+    log /dev/log	local0 err
+    log /dev/log	local1 err
     chroot /var/lib/haproxy
     stats socket /run/haproxy/admin.sock mode 660 level admin expose-fd listeners
     stats timeout 30s
@@ -141,4 +141,4 @@ backend oidc_test
     http-request set-header X-Forwarded-Prefix {{ haproxy_oidc_test_base_path }}
 
     server oidc-test 127.0.0.1:8080 check
-{% endif %}
\ No newline at end of file
+{% endif %}