From a2db32b85765cfe9eafd4bb4c01d148e2b8a5c2b Mon Sep 17 00:00:00 2001
From: Dan Callaghan <dcallagh@redhat.com>
Date: Thu, 14 Apr 2016 17:26:40 +1000
Subject: [PATCH] beaker/server: copy idp-metadata.xml from its canonical
 location

Puiterwijk explains that we want to have a single location for storing
idp-metadata.xml, instead of copying it around into each role, so that
there is only one place to update it when keys need to be rolled over.
---
 roles/beaker/server/tasks/main.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/roles/beaker/server/tasks/main.yml b/roles/beaker/server/tasks/main.yml
index d51074b982..289e4de836 100644
--- a/roles/beaker/server/tasks/main.yml
+++ b/roles/beaker/server/tasks/main.yml
@@ -28,13 +28,20 @@
   tags:
     - beaker-server
 
+- name: copy SAML identity provider metadata
+  copy: >
+    src="{{ private }}/files/saml2/idp-{{env}}.xml"
+    dest="/etc/httpd/saml2/{{ beaker_server_cname }}/idp-metadata.xml"
+    owner="apache" group="apache" mode=0600
+  tags:
+    - beaker-server
+
 - name: copy SAML files
   copy: >
     src="{{ item }}" dest="/etc/httpd/{{ item }}"
     owner="apache" group="apache" mode=0644
   with_items:
     - "saml2/{{ beaker_server_cname }}/metadata.xml"
-    - "saml2/{{ beaker_server_cname }}/idp-metadata.xml"
     - "saml2/{{ beaker_server_cname }}/certificate.pem"
   tags:
     - beaker-server