From 4e81df886ba0b04d43b6bf647279a9a60caff3a7 Mon Sep 17 00:00:00 2001
From: Filip Rysavy <29089732+firyx@users.noreply.github.com>
Date: Thu, 21 Jul 2022 13:52:42 +0200
Subject: [PATCH 1/4] Fix jwks.json generation and saving to LastPass

---
 .../portal-accounts-generate-jwks.json.yml      | 17 ++++++-----------
 scripts/lib/ansible-executor.sh                 |  2 +-
 2 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/playbooks/tasks/portal-accounts-generate-jwks.json.yml b/playbooks/tasks/portal-accounts-generate-jwks.json.yml
index 3e6be11c..4f3ef35d 100644
--- a/playbooks/tasks/portal-accounts-generate-jwks.json.yml
+++ b/playbooks/tasks/portal-accounts-generate-jwks.json.yml
@@ -8,16 +8,11 @@
 
 - name: "Generate jwks.json using {{ oathkeeper_docker_image }} image"
   local_action:
-    module: community.docker.docker_container
-    name: jwks-config-generator
-    image: "{{ oathkeeper_docker_image }}"
-    volumes:
-      # We call another docker container from our container (docker in
-      # docker) so we need to pass docker socket
-      - /var/run/docker.sock:/var/run/docker.sock
-    command: "credentials generate --alg RS256"
-    container_default_behavior: no_defaults
-    detach: False
+    # We use ansible.builtin.shell instead of community.docker.docker_container
+    # because docker_container doesn't generates jwks.json correctly, it
+    # outputs 7 json strings instead of 1.
+    module: ansible.builtin.shell
+    cmd: "docker run --rm {{ oathkeeper_docker_image }} credentials generate --alg RS256"
   register: jwks_generation_result
 
 - name: Remove oathkeeper container
@@ -27,4 +22,4 @@
 
 - name: Read generated jwks.json
   set_fact:
-    accounts_jwks_data: "{{ jwks_generation_result.container.Output }}"
+    accounts_jwks_data: "{{ jwks_generation_result.stdout }}"
diff --git a/scripts/lib/ansible-executor.sh b/scripts/lib/ansible-executor.sh
index 872fd6c0..268e5bda 100644
--- a/scripts/lib/ansible-executor.sh
+++ b/scripts/lib/ansible-executor.sh
@@ -28,7 +28,7 @@ pushd $ans_dir > /dev/null
 
 # Configs
 # Current Ansible Control Machine image
-ansiblecm_image='skynetlabs/ansiblecm:ansible-3.1.0-skynetlabs-0.7.0'
+ansiblecm_image='skynetlabs/ansiblecm:ansible-3.1.0-skynetlabs-0.7.3'
 
 # To allow running 2 or more parallel ansiblecm containers running from
 # different directories (having mounted different directories) we need to

From db4b0a0fbc270f0ea39a7c3f6035753f3b15778b Mon Sep 17 00:00:00 2001
From: Filip Rysavy <29089732+firyx@users.noreply.github.com>
Date: Thu, 21 Jul 2022 14:07:11 +0200
Subject: [PATCH 2/4] Handle updated git security

---
 playbooks/tasks/ansible-repo-version-get.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/playbooks/tasks/ansible-repo-version-get.yml b/playbooks/tasks/ansible-repo-version-get.yml
index d5c0d44f..b1ab2c7f 100644
--- a/playbooks/tasks/ansible-repo-version-get.yml
+++ b/playbooks/tasks/ansible-repo-version-get.yml
@@ -1,6 +1,12 @@
 ---
 # Get local Ansible repo branch and commit
 
+- name: Handle recent git security update
+  local_action:
+    module: ansible.builtin.command
+    cmd: git config --add safe.directory /tmp/playbook
+  run_once: True
+
 - name: Get Ansible repo branch
   local_action:
     module: ansible.builtin.command

From 4ae9a0c75f6cd326358e7a10c50ee99040ecaddd Mon Sep 17 00:00:00 2001
From: Filip Rysavy <29089732+firyx@users.noreply.github.com>
Date: Thu, 21 Jul 2022 15:08:26 +0200
Subject: [PATCH 3/4] Handle updated git security

---
 playbooks/tasks/ansible-repo-version-get.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/playbooks/tasks/ansible-repo-version-get.yml b/playbooks/tasks/ansible-repo-version-get.yml
index b1ab2c7f..718b262f 100644
--- a/playbooks/tasks/ansible-repo-version-get.yml
+++ b/playbooks/tasks/ansible-repo-version-get.yml
@@ -4,7 +4,7 @@
 - name: Handle recent git security update
   local_action:
     module: ansible.builtin.command
-    cmd: git config --add safe.directory /tmp/playbook
+    cmd: git config --global --add safe.directory /tmp/playbook
   run_once: True
 
 - name: Get Ansible repo branch

From 0b4696a6a026b24c23b19f964a0db06d8aa68912 Mon Sep 17 00:00:00 2001
From: Filip Rysavy <29089732+firyx@users.noreply.github.com>
Date: Thu, 21 Jul 2022 15:26:18 +0200
Subject: [PATCH 4/4] Replace shell module with command module

---
 playbooks/tasks/portal-accounts-generate-jwks.json.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/playbooks/tasks/portal-accounts-generate-jwks.json.yml b/playbooks/tasks/portal-accounts-generate-jwks.json.yml
index 4f3ef35d..c9bf2547 100644
--- a/playbooks/tasks/portal-accounts-generate-jwks.json.yml
+++ b/playbooks/tasks/portal-accounts-generate-jwks.json.yml
@@ -8,10 +8,10 @@
 
 - name: "Generate jwks.json using {{ oathkeeper_docker_image }} image"
   local_action:
-    # We use ansible.builtin.shell instead of community.docker.docker_container
-    # because docker_container doesn't generates jwks.json correctly, it
-    # outputs 7 json strings instead of 1.
-    module: ansible.builtin.shell
+    # We use ansible.builtin.command instead of community.docker
+    # .docker_container because docker_container doesn't generates jwks.json
+    # correctly, it outputs 7 json strings instead of 1.
+    module: ansible.builtin.command
     cmd: "docker run --rm {{ oathkeeper_docker_image }} credentials generate --alg RS256"
   register: jwks_generation_result