ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit a8c76caa754b7ac4bd7d643ab8db49faa42b6623
parent 5d0c579728e67a8986b598b2974a68f190acabf7
Author: Christian Grothoff <christian@grothoff.org>
Date:   Mon,  7 Apr 2025 23:00:44 +0200

deploy challenger converters

Diffstat:

Aroles/challenger/files/usr/local/bin/jq-email-converter | 35+++++++++++++++++++++++++++++++++++


Aroles/challenger/files/usr/local/bin/jq-postal-converter | 39+++++++++++++++++++++++++++++++++++++++


Aroles/challenger/files/usr/local/bin/jq-sms-converter | 36++++++++++++++++++++++++++++++++++++


Mroles/challenger/tasks/pre-exchange.yml | 24++++++++++++++++++++++++


Mroles/challenger/templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2 | 3+--


Mroles/challenger/templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2 | 3+--


Mroles/challenger/templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2 | 3+--


7 files changed, 137 insertions(+), 6 deletions(-)

diff --git a/roles/challenger/files/usr/local/bin/jq-email-converter b/roles/challenger/files/usr/local/bin/jq-email-converter
@@ -0,0 +1,35 @@
+#!/bin/bash
+# This file is in the public domain.
+#
+# Challenger's /info returns the 'id' as a Number, but the
+# exchange oauth2 plugin expects it as a String.
+# Additionally, we need to check that we got the expected
+# "email" address type (and otherwise exit with failure),
+# and finally move the .address.phone value to
+# the "CONTACT_PHONE" field.
+#
+# Uses JQ to convert!
+exec jq 'if .address_type!="email" then halt_error(4) else (. | .id?) |= (. | tostring) | .CONTACT_EMAIL=.address.email | del(.address) | del(.address_type) end'
+
+# Example input:
+# {
+#   "id": 1,
+#   "address": {
+#     "email": "me@example.com"
+#   },
+#   "address_type": "phone",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+# }
+#
+# Example output:
+#
+# {
+#   "id": "1",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+#   "CONTACT_EMAIL": "me@example.com"
+# }
+#
diff --git a/roles/challenger/files/usr/local/bin/jq-postal-converter b/roles/challenger/files/usr/local/bin/jq-postal-converter
@@ -0,0 +1,39 @@
+#!/bin/bash
+# This file is in the public domain.
+#
+# Challenger's /info returns the 'id' as a Number, but the
+# exchange oauth2 plugin expects it as a String.
+# Additionally, we need to check that we got the expected
+# "postal" address type (and otherwise exit with failure),
+# and finally move the .address values to
+# the "ADDRESS_*" fields.
+#
+# Uses JQ to convert!
+exec jq 'if .address_type!="postal" then halt_error(4) else (. | .id?) |= (. | tostring) | .PERSON_FULL_NAME=.address.full_name | ADDRESS_STREET=.address.street | ADDRESS_TOWN_LOCATION=.address.city | ADDRESS_ZIPCODE=.address.postcode | ADDRESS_COUNTRY_CC=.address.country | del(.address) | del(.address_type) end'
+
+# Example input:
+# {
+#   "id": 1,
+#   "address": {
+#     "XXX": "me@example.com"
+#   },
+#   "address_type": "postal",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+# }
+#
+# Example output:
+#
+# {
+#   "id": "1",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+#   "PERSON_FULL_NAME": "Richard Stallman"
+#   "ADDRESS_STREET": "Bundesgasse 1"
+#   "ADDRESS_TOWN_LOCATION": "Bern"
+#   "ADDRESS_ZIPCODE": "1234"
+#   "ADDRESS_COUNTRY_CC": "CH"
+# }
+#
diff --git a/roles/challenger/files/usr/local/bin/jq-sms-converter b/roles/challenger/files/usr/local/bin/jq-sms-converter
@@ -0,0 +1,35 @@
+#!/bin/bash
+# This file is in the public domain.
+#
+# Challenger's /info returns the 'id' as a Number, but the
+# exchange oauth2 plugin expects it as a String.
+# Additionally, we need to check that we got the expected
+# "phone" address type (and otherwise exit with failure),
+# and finally move the .address.phone value to
+# the "CONTACT_PHONE" field.
+#
+# Uses JQ to convert!
+exec jq 'if .address_type!="phone" then halt_error(4) else (. | .id?) |= (. | tostring) | .CONTACT_PHONE=.address.phone | del(.address) | del(.address_type) end'
+
+# Example input:
+# {
+#   "id": 1,
+#   "address": {
+#     "phone": "+4112345678"
+#   },
+#   "address_type": "phone",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+# }
+#
+# Example output:
+#
+# {
+#   "id": "1",
+#   "expires": {
+#     "t_s": 1775590216
+#   }
+#   "CONTACT_PHONE": "+4112345678"
+# }
+#
+\ No newline at end of file
diff --git a/roles/challenger/tasks/pre-exchange.yml b/roles/challenger/tasks/pre-exchange.yml
@@ -237,6 +237,30 @@
 - name: Force ansible to regather fact(s) just created about sms-challenger
   ansible.builtin.setup:
 
+- name: Place SMS challenger JQ conversion helper program
+  copy:
+    src: usr/local/bin/jq-sms-converter
+    dest: /usr/local/bin/jq-sms-converter
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Place Email challenger JQ conversion helper program
+  copy:
+    src: usr/local/bin/jq-email-converter
+    dest: /usr/local/bin/jq-email-converter
+    owner: root
+    group: root
+    mode: "0755"
+
+- name: Place Postal challenger JQ conversion helper program
+  copy:
+    src: usr/local/bin/jq-postal-converter
+    dest: /usr/local/bin/jq-postal-converter
+    owner: root
+    group: root
+    mode: "0755"
+
 - name: Place sms-challenger systemd service file
   copy:
     src: etc/systemd/system/sms-challenger-httpd.service
diff --git a/roles/challenger/templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2
@@ -7,7 +7,6 @@ KYC_OAUTH2_INFO_URL = https://email.challenger.{{ DOMAIN_NAME }}/info
 KYC_OAUTH2_CLIENT_ID = {{ ansible_local['email-challenger-client-id'] }}
 KYC_OAUTH2_CLIENT_SECRET = {{ ansible_local['email-challenger-client-secret'] }}
 KYC_OAUTH2_POST_URL = {{ KYC_THANK_YOU_URL }}
-# FIXME: check this is OK...
-KYC_OAUTH2_CONVERTER_HELPER = /usr/bin/cat
+KYC_OAUTH2_CONVERTER_HELPER = /usr/local/bin/jq-email-converter
 # FIXME: change in production?
 KYC_OAUTH2_DEBUG_MODE = YES
diff --git a/roles/challenger/templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2
@@ -7,7 +7,6 @@ KYC_OAUTH2_INFO_URL = https://postal.challenger.{{ DOMAIN_NAME }}/info
 KYC_OAUTH2_CLIENT_ID = {{ ansible_local['postal-challenger-client-id'] }}
 KYC_OAUTH2_CLIENT_SECRET = {{ ansible_local['postal-challenger-client-secret'] }}
 KYC_OAUTH2_POST_URL = {{ KYC_THANK_YOU_URL }}
-# FIXME: check this is OK...
-KYC_OAUTH2_CONVERTER_HELPER = /usr/bin/cat
+KYC_OAUTH2_CONVERTER_HELPER = /usr/local/bin/jq-postal-converter
 # FIXME: change in production?
 KYC_OAUTH2_DEBUG_MODE = YES
diff --git a/roles/challenger/templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2
@@ -7,7 +7,6 @@ KYC_OAUTH2_INFO_URL = https://sms.challenger.{{ DOMAIN_NAME }}/info
 KYC_OAUTH2_CLIENT_ID = {{ ansible_local['sms-challenger-client-id'] }}
 KYC_OAUTH2_CLIENT_SECRET = {{ ansible_local['sms-challenger-client-secret'] }}
 KYC_OAUTH2_POST_URL = {{ KYC_THANK_YOU_URL }}
-# FIXME: check this is OK...
-KYC_OAUTH2_CONVERTER_HELPER = /usr/bin/cat
+KYC_OAUTH2_CONVERTER_HELPER = /usr/local/bin/jq-sms-converter
 # FIXME: change in production?
 KYC_OAUTH2_DEBUG_MODE = YES