From f10b64d6de2ceba079e3690bba6523504ac0a6f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Fri, 8 Sep 2023 11:45:18 +0200
Subject: [PATCH] feat: add HTTP BasicAuth config for Solr

---
 .../configure_rosetta_prerequisites.yml       | 23 ++++++++++++++++
 .../d4_1/solr/server/solr/security.json.j2    | 27 +++++++++++++++++++
 2 files changed, 50 insertions(+)
 create mode 100644 templates/exlibris/dps/d4_1/solr/server/solr/security.json.j2

diff --git a/tasks/rosetta/configure_rosetta_prerequisites.yml b/tasks/rosetta/configure_rosetta_prerequisites.yml
index a90c80d..5f9c256 100644
--- a/tasks/rosetta/configure_rosetta_prerequisites.yml
+++ b/tasks/rosetta/configure_rosetta_prerequisites.yml
@@ -82,3 +82,26 @@
     dest: "/exlibris/dps/d4_1/system.dir/conf/global.properties"
     state: link
   when: ansible_hostname in "appdev"
+
+- name: create directory for Solr config file
+  ansible.builtin.file:
+    path: "/exlibris/dps/d4_1/solr/server/solr/"
+    state: directory
+    mode: "0755"
+    owner: "{{ vault_rosetta_user }}"
+    group: "{{ vault_rosetta_group }}"
+  when: ("-test" in ansible_hostname) or
+        ("-mol" in ansible_hostname)
+
+- name: >
+    Deploy modified security.json file for Testsystem so CI/CD tests can be run
+    against Solr. Credentials are taken from an Ansible Vault.
+  ansible.builtin.template:
+    src: "exlibris/dps/d4_1/solr/server/solr/security.json.j2"
+    dest: "/exlibris/dps/d4_1/solr/server/solr/security.json"
+    backup: true
+    mode: "0664"
+    owner: "{{ vault_rosetta_user }}"
+    group: "{{ vault_rosetta_group }}"
+  when: ("-test" in ansible_hostname) or
+        ("-mol" in ansible_hostname)
diff --git a/templates/exlibris/dps/d4_1/solr/server/solr/security.json.j2 b/templates/exlibris/dps/d4_1/solr/server/solr/security.json.j2
new file mode 100644
index 0000000..f6a27f1
--- /dev/null
+++ b/templates/exlibris/dps/d4_1/solr/server/solr/security.json.j2
@@ -0,0 +1,27 @@
+{
+  "authentication":{
+    "class":"solr.BasicAuthPlugin",
+    "blockUnknown":true,
+    "credentials":{
+      "slr":"{{ vault_solr_passwords.slr[ansible_hostname] }}",
+      "Test_WebServices":"{{ vault_solr_passwords.Test_WebServices }}",
+      "check_ie_sample": "{{ vault_solr_passwords.check_ie_sample }}"},
+    "":{"v":0}},
+  "authorization":{
+    "class":"solr.RuleBasedAuthorizationPlugin",
+    "user-role":{
+      "slr":"admin",
+      "Test_WebServices":["onlyareader"]},
+      "check_ie_sample":["onlyareader"]},
+    "permissions":[
+      {
+        "name":"read",
+        "role":[
+          "admin",
+          "onlyareader"],
+        "index":1},
+      {
+        "name":"all",
+        "role":["admin"],
+        "index":2}],
+    "":{"v":0}}}
-- 
GitLab