use templates for kycaid secrets - ansible-taler-exchange - Ansible playbook to deploy a production Taler Exchange

commit ddabadfe0284ea02936fd55561fca4ef1ebe0f58
parent 7895043127adfc64ce3667b34e68e2706454f3e5
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sat, 23 Nov 2024 22:10:37 +0100

use templates for kycaid secrets

Diffstat:
M playbooks/setup.yml  | 4 ++++
M playbooks/test-secrets.yml  | 3 +++
M roles/exchange/tasks/main.yml  | 8 ++++++++
A roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.conf.j2  | 17 +++++++++++++++++

4 files changed, 32 insertions(+), 0 deletions(-)
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
@@ -41,3 +41,7 @@
     EXCHANGE_OPERATOR_LEGAL_NAME="Taler Exchange Operator Legal Name"
 # Where to send people after they passed KYC.
     KYC_THANK_YOU_URL = https://taler-ops.ch/thank-you-kyc
+# Template to use for identification of individuals with KYCAID
+    KYCAID_TEMPLATE_INDIVIDUAL = tmpl_xxx
+# Template to use for identification of businesses with KYCAID
+    KYCAID_TEMPLATE_BUSINESS = tmpl_xxx
diff --git a/playbooks/test-secrets.yml b/playbooks/test-secrets.yml
@@ -11,3 +11,6 @@ LIBEUFIN_NEXUS_EBICS_SYSTEM_ID = PFC00664
 
 # Authorization token for the telesign SMS service
 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN = my-auth-token
+
+# KYCaid access token
+EXCHANGE_KYCAID_ACCESS_TOKEN = FIXME
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
@@ -36,6 +36,14 @@
     group: root
     mode: 0400
 
+- name: Place taler-exchange external KYC provider configuration
+  ansible.builtin.template:
+    src: templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2
+    dest: "/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf"
+    owner: taler-exchange-httpd
+    group: root
+    mode: 0400
+
 - name: Setup Taler Exchange database
   shell:
     cmd: taler-exchange-dbconfig -c /etc/taler-exchange/taler-exchange.conf
diff --git a/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.conf.j2 b/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.conf.j2
@@ -0,0 +1,17 @@
+[kyc-provider-kycaid-individual]
+LOGIC = kycaid
+KYC_KYCAID_VALIDITY = forever
+KYC_KYCAID_AUTH_TOKEN = {{ EXCHANGE_KYCAID_ACCESS_TOKEN }}
+# FIXME: correct converter?
+KYC_KYCAID_CONVERTER_HELPER = taler-exchange-kyc-kycaid-converter.sh
+KYC_KYCAID_FORM_ID = {{ KYCAID_TEMPLATE_INDIVIDUAL }}
+KYC_KYCAID_POST_URL = {{ KYC_THANK_YOU_URL }}
+
+[kyc-provider-kycaid-business]
+LOGIC = kycaid
+KYC_KYCAID_VALIDITY = forever
+KYC_KYCAID_AUTH_TOKEN = {{ EXCHANGE_KYCAID_ACCESS_TOKEN }}
+# FIXME: correct converter? business should differ!
+KYC_KYCAID_CONVERTER_HELPER = taler-exchange-kyc-kycaid-converter.sh
+KYC_KYCAID_FORM_ID = {{ KYCAID_TEMPLATE_INDIVIDUAL }}
+KYC_KYCAID_POST_URL = {{ KYC_THANK_YOU_URL }}

	ansible-taler-exchange Ansible playbook to deploy a production Taler Exchange
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	playbooks/setup.yml	\|	4	++++
M	playbooks/test-secrets.yml	\|	3	+++
M	roles/exchange/tasks/main.yml	\|	8	++++++++
A	roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.conf.j2	\|	17	+++++++++++++++++