[patch] Fix SSO out of settings property (#1394)

Co-authored-by: Matheus Cardoso de Medeiros <[email protected]> Co-authored-by: David Parker <[email protected]>
ibm-mas · Jul 24, 2024 · 2c72069 · 2c72069
1 parent bc17585
commit 2c72069
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 26 deletions.
diff --git a/ibm/mas_devops/roles/suite_install/defaults/main.yml b/ibm/mas_devops/roles/suite_install/defaults/main.yml
@@ -11,19 +11,18 @@ mas_instance_id: "{{ lookup('env', 'MAS_INSTANCE_ID') }}"
 
 # SSO Configuration
 # -----------------------------------------------------------------------------
-idle_timeout: "{{ lookup('env', 'IDLE_TIMEOUT') | default(1800, true) }}"
-idp_session_timeout: "{{ lookup('env', 'IDP_SESSION_TIMEOUT') | default('12h', true) }}"
-access_token_timeout: "{{ lookup('env', 'ACCESS_TOKEN_TIMEOUT') | default('30m', true) }}"
-refresh_token_timeout: "{{ lookup('env', 'REFRESH_TOKEN_TIMEOUT') | default('12h', true) }}"
-default_idp: "{{ lookup('env', 'DEFAULT_IDP') | default('local', true) }}"
-seamless_login: "{{ lookup('env', 'SEAMLESS_LOGIN')| default(False, true) }}"
-default_sso_cookie_name: "ltpatoken2_{{ mas_instance_id }}"
-
-sso_cookie_name: "{{ lookup('env', 'SSO_COOKIE_NAME') | default(default_sso_cookie_name, true) }}"
-allow_default_sso_cookie_name: "{{ lookup('env', 'ALLOW_DEFAULT_SSO_COOKIE_NAME')| default(False, true) }}"
-use_only_custom_cookie_name: "{{ lookup('env', 'USE_ONLY_CUSTOM_COOKIE_NAME')| default(True, true) }}"
-disable_ltpa_cookie: "{{ lookup('env', 'DISABLE_LTPA_COOKIE')| default(False, true) }}"
-allow_custom_cache_key: "{{ lookup('env', 'ALLOW_CUSTOM_CACHE_KEY')| default(False, true) }}"
+idle_timeout: "{{ lookup('env', 'IDLE_TIMEOUT') }}"
+idp_session_timeout: "{{ lookup('env', 'IDP_SESSION_TIMEOUT') }}"
+access_token_timeout: "{{ lookup('env', 'ACCESS_TOKEN_TIMEOUT') }}"
+refresh_token_timeout: "{{ lookup('env', 'REFRESH_TOKEN_TIMEOUT') }}"
+default_idp: "{{ lookup('env', 'DEFAULT_IDP') }}"
+seamless_login: "{{ lookup('env', 'SEAMLESS_LOGIN') }}"
+
+sso_cookie_name: "{{ lookup('env', 'SSO_COOKIE_NAME') }}"
+allow_default_sso_cookie_name: "{{ lookup('env', 'ALLOW_DEFAULT_SSO_COOKIE_NAME') }}"
+use_only_custom_cookie_name: "{{ lookup('env', 'USE_ONLY_CUSTOM_COOKIE_NAME') }}"
+disable_ltpa_cookie: "{{ lookup('env', 'DISABLE_LDAP_COOKIE') }}"
+allow_custom_cache_key: "{{ lookup('env', 'ALLOW_CUSTOM_CACHE_KEY') }}"
 
 # Certificate Management
 # -----------------------------------------------------------------------------

diff --git a/ibm/mas_devops/roles/suite_install/templates/core_v1_suite.yml.j2 b/ibm/mas_devops/roles/suite_install/templates/core_v1_suite.yml.j2
@@ -18,19 +18,6 @@ metadata:
 {% endif %}
 spec:
   certManagerNamespace: "{{ cert_manager_cluster_resource_namespace }}"
-  sso:
-    accessTokenTimeout: "{{ access_token_timeout }}"
-    defaultIDP: "{{ default_idp }}"
-    idleTimeout: "{{ idle_timeout | int }}"
-    idpSessionTimeout: "{{ idp_session_timeout }}"
-    refreshTokenTimeout: "{{ refresh_token_timeout }}"
-    seamlessLogin: "{{ seamless_login | bool }}"
-    ssoCookieName: "{{ sso_cookie_name }}"
-    allowDefaultSsoCookieName: "{{ allow_default_sso_cookie_name }}"
-    useOnlyCustomCookieName: "{{ use_only_custom_cookie_name }}"
-    disableLtpaCookie: "{{ disable_ltpa_cookie }}"
-    allowCustomCacheKey: "{{ allow_custom_cache_key }}"
-
 {% if mas_cluster_issuer is defined and mas_cluster_issuer != '' %}
   certificateIssuer:
     name: "{{ mas_cluster_issuer }}"
@@ -44,6 +31,51 @@ spec:
   podTemplates: {{ ibm_mas_suite_pod_templates }}
 {% endif %}
   settings:
+    sso:
+    {% if access_token_timeout != '' %}
+      accessTokenTimeout: {{ access_token_timeout }}
+    {% endif %}
+
+    {% if default_idp != '' %}
+      defaultIDP: {{ default_idp }}
+    {% endif %}
+
+    {% if idle_timeout != '' %}
+      idleTimeout: {{ idle_timeout | int }}
+    {% endif %}
+
+    {% if idp_session_timeout != '' %}
+      idpSessionTimeout: {{ idp_session_timeout | int }}
+    {% endif %}
+
+    {% if refresh_token_timeout != '' %}
+      refreshTokenTimeout: {{ refresh_token_timeout | int }}
+    {% endif %}
+
+    {% if seamless_login != '' %}
+      seamlessLogin: {{ seamless_login | bool }}
+    {% endif %}
+
+    {% if sso_cookie_name != '' %}
+      ssoCookieName: {{ sso_cookie_name }}
+    {% endif %}
+
+    {% if allow_default_sso_cookie_name != '' %}
+      allowDefaultSsoCookieName: {{ allow_default_sso_cookie_name | bool }}
+    {% endif %}
+
+    {% if use_only_custom_cookie_name != '' %}
+      useOnlyCustomCookieName: {{ use_only_custom_cookie_name | bool }}
+    {% endif %}
+
+    {% if disable_ltpa_cookie != '' %}
+      disableLtpaCookie: {{ disable_ltpa_cookie | bool }}
+    {% endif %}
+
+    {% if allow_custom_cache_key != '' %}
+      allowCustomCacheKey: {{ allow_custom_cache_key | bool }}
+    {% endif %}
+
 {% if mas_channel != '8.7.x' and mas_channel != '8.8.x' %}
     manualCertMgmt: {{  mas_manual_cert_mgmt  }}
 {% endif %}