From 2d6ee5b8987b58747a6089dc43b61bebd9d0dd61 Mon Sep 17 00:00:00 2001
From: "p.delpy@dkfz-heidelberg.de" <p.delpy@dkfz-heidelberg.de>
Date: Tue, 11 Mar 2025 15:11:32 +0100
Subject: [PATCH] fix: squash - undo OIDC in cce

---
 cce/modules/teiler-compose.yml | 12 ++++++------
 cce/vars                       | 10 ++++++++++
 2 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/cce/modules/teiler-compose.yml b/cce/modules/teiler-compose.yml
index b77e00f..20d0db3 100644
--- a/cce/modules/teiler-compose.yml
+++ b/cce/modules/teiler-compose.yml
@@ -31,10 +31,10 @@ services:
     environment:
       DEFAULT_LANGUAGE: "${TEILER_DEFAULT_LANGUAGE}"
       TEILER_BACKEND_URL: "https://${HOST}/cce-teiler-backend"
-      OIDC_URL: "todo"
-      OIDC_REALM: "todo"
-      OIDC_CLIENT_ID: "todo"
-      OIDC_TOKEN_GROUP: "todo"
+      OIDC_URL: "${OIDC_URL}"
+      OIDC_REALM: "${OIDC_REALM}"
+      OIDC_CLIENT_ID: "${OIDC_PUBLIC_CLIENT_ID}"
+      OIDC_TOKEN_GROUP: "${OIDC_GROUP_CLAIM}"
       TEILER_ADMIN_NAME: "${OPERATOR_FIRST_NAME} ${OPERATOR_LAST_NAME}"
       TEILER_ADMIN_EMAIL: "${OPERATOR_EMAIL}"
       TEILER_ADMIN_PHONE: "${OPERATOR_PHONE}"
@@ -43,8 +43,8 @@ services:
       TEILER_ORCHESTRATOR_URL: "https://${HOST}/cce-teiler"
       TEILER_DASHBOARD_HTTP_RELATIVE_PATH: "/cce-teiler-dashboard"
       TEILER_ORCHESTRATOR_HTTP_RELATIVE_PATH: "/cce-teiler"
-      TEILER_USER: "${todo}"
-      TEILER_ADMIN: "${todo}"
+      TEILER_USER: "${OIDC_USER_GROUP}"
+      TEILER_ADMIN: "${OIDC_ADMIN_GROUP}"
       REPORTER_DEFAULT_TEMPLATE_ID: "cce-qb"
       EXPORTER_DEFAULT_TEMPLATE_ID: "cce"
 
diff --git a/cce/vars b/cce/vars
index df68aaf..46d5143 100644
--- a/cce/vars
+++ b/cce/vars
@@ -9,6 +9,16 @@ BROKER_URL_FOR_PREREQ=$BROKER_URL
 
 POSTGRES_TAG=15.6-alpine
 
+OIDC_USER_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})"
+OIDC_ADMIN_GROUP="DKTK_CCP_$(capitalize_first_letter ${SITE_ID})_Verwalter"
+OIDC_PRIVATE_CLIENT_ID=${SITE_ID}-private
+OIDC_PUBLIC_CLIENT_ID=${SITE_ID}-public
+# Use "test-realm-01" for testing
+OIDC_REALM="${OIDC_REALM:-master}"
+OIDC_URL="https://login.verbis.dkfz.de"
+OIDC_ISSUER_URL="${OIDC_URL}/realms/${OIDC_REALM}"
+OIDC_GROUP_CLAIM="groups"
+
 for module in $PROJECT/modules/*.sh
 do
     log DEBUG "sourcing $module"