From 0c33b9152ee4830800531af26e04c052d4a52828 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Mon, 26 Jun 2017 19:38:56 +0200
Subject: [PATCH] APICAST CORS configuration

---
 roles/3scale/tasks/apicast_cors.yml  | 24 +++++++++++++++++++++
 roles/3scale/tasks/main.yml          |  4 ++++
 roles/3scale/tasks/patch_apicast.yml | 32 ++++++++++++++++++++++++++++
 roles/3scale/vars/main.yml           |  2 ++
 4 files changed, 62 insertions(+)
 create mode 100644 roles/3scale/tasks/apicast_cors.yml
 create mode 100644 roles/3scale/tasks/patch_apicast.yml

diff --git a/roles/3scale/tasks/apicast_cors.yml b/roles/3scale/tasks/apicast_cors.yml
new file mode 100644
index 0000000..7033f38
--- /dev/null
+++ b/roles/3scale/tasks/apicast_cors.yml
@@ -0,0 +1,24 @@
+---
+  
+  - name: Download 'apicast_cors.lua'
+    get_url: dest=apicast_cors.lua url={{ threescale_options.apicast_cors_lua }}
+
+  - name: Download 'cors.conf'
+    get_url: dest=cors.conf url={{ threescale_options.apicast_cors_conf }}
+
+  - name: Create ConfigMap 'apicast-cors'
+    command: oc create configmap apicast-cors --from-file=apicast_cors.lua -n "{{ threescale_options.project }}"
+    register: oc
+    failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr
+    changed_when: oc.rc == 0
+
+  - name: Create ConfigMap 'cors-conf'
+    command: oc create configmap cors-conf --from-file=cors.conf -n "{{ threescale_options.project }}"
+    register: oc
+    failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr
+    changed_when: oc.rc == 0
+
+  - include: patch_apicast.yml
+    with_items:
+      - apicast-staging
+      - apicast-production
diff --git a/roles/3scale/tasks/main.yml b/roles/3scale/tasks/main.yml
index cd9050f..2df2a7d 100644
--- a/roles/3scale/tasks/main.yml
+++ b/roles/3scale/tasks/main.yml
@@ -26,6 +26,10 @@
     failed_when: oc.rc > 0 and 'Error from server (AlreadyExists):' not in oc.stderr
     changed_when: oc.rc == 0
 
+  # Deploy the CORS Configuration for APICast
+  # This is needed to make the "Try out" feature working in the Developer Portal
+  - include: apicast_cors.yml
+
   - include: status.yml
     tags: status
 
diff --git a/roles/3scale/tasks/patch_apicast.yml b/roles/3scale/tasks/patch_apicast.yml
new file mode 100644
index 0000000..57bbeb0
--- /dev/null
+++ b/roles/3scale/tasks/patch_apicast.yml
@@ -0,0 +1,32 @@
+---
+
+  - debug: msg="Updating {{ item }}"
+
+  - name: Check if APICast's DC has volumes
+    command: oc get dc {{ item }} -o jsonpath='{range .spec.template.spec.volumes[*]}{.name}{"\n"}{end}' -n "{{ threescale_options.project }}"
+    register: volumes
+    changed_when: false
+
+  - name: Add volume 'apicast-cors'
+    command: 'oc set volume dc/{{ item }} -n {{ threescale_options.project }} --add --name=apicast-cors --mount-path /opt/app-root/src/src/apicast_cors.lua --source=''{"configMap":{"name":"apicast-cors","items":[{"key":"apicast_cors.lua","path":"apicast_cors.lua"}]}}'' '
+    when: "'apicast-cors' not in volumes.stdout_lines"
+
+  - name: Add volume 'cors-conf'
+    command: 'oc set volume dc/{{ item }} -n {{ threescale_options.project }} --add --name=cors-conf --mount-path /opt/app-root/src/apicast.d/cors.conf --source=''{"configMap":{"name":"cors-conf","items":[{"key":"cors.conf","path":"cors.conf"}]}}'' '
+    when: "'cors-conf' not in volumes.stdout_lines"
+
+  - name: Check if APICast's DC has already been patched
+    command: oc get dc {{ item }} -o jsonpath='{range .spec.template.spec.containers[*].volumeMounts[?(@.subPath)]}{.name}{"\n"}{end}' -n "{{ threescale_options.project }}"
+    register: patched
+    changed_when: false
+
+  - name: Patch volume 'apicast-cors'
+    command: 'oc patch dc/{{ item }} -n {{ threescale_options.project }} --type=json -p ''[ {"op": "add", "path": "/spec/template/spec/containers/0/volumeMounts/0/subPath", "value":"apicast_cors.lua"} ]'' '
+    when: "'apicast-cors' not in patched.stdout_lines"
+
+  - name: Patch volume 'cors-conf'
+    command: 'oc patch dc/{{ item }} -n {{ threescale_options.project }} --type=json -p ''[ {"op": "add", "path": "/spec/template/spec/containers/0/volumeMounts/1/subPath", "value":"cors.conf"} ]'' '
+    when: "'cors-conf' not in patched.stdout_lines"
+
+  - name: Add environment variable APICAST_MODULE to the APICast DeploymentConfig
+    command: oc env dc/{{ item }} APICAST_MODULE=apicast_cors -n {{ threescale_options.project }}
diff --git a/roles/3scale/vars/main.yml b/roles/3scale/vars/main.yml
index 2ce12bd..7ae8e7f 100644
--- a/roles/3scale/vars/main.yml
+++ b/roles/3scale/vars/main.yml
@@ -7,3 +7,5 @@
     wildcard_domain: "{{ openshift_master_default_subdomain }}"
     delay: 5
     retries: 30
+    apicast_cors_lua: https://raw.githubusercontent.com/3scale/apicast/cors-example/examples/cors/apicast_cors.lua
+    apicast_cors_conf: https://raw.githubusercontent.com/3scale/apicast/cors-example/examples/cors/cors.conf