Add federation metadata cache to azuremfa (#542)

phavekes · pmeulen · web-flow · commit 0bfc8864640a · 2025-10-30T10:59:46.000+01:00
Co-authored-by: Pieter van der Meulen &lt;pieter.vandermeulen@surf.nl&gt;
diff --git a/.github/workflows/molecule-mongo.yml b/.github/workflows/molecule-mongo.yml
@@ -16,10 +16,9 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v5
-
       - name: Set up Python 3.8
         uses: actions/setup-python@v6
         with:
diff --git a/roles/stepupazuremfa/tasks/main.yml b/roles/stepupazuremfa/tasks/main.yml
@@ -26,6 +26,16 @@
     - "{{ current_release_config_dir_name }}"
     - "{{ current_release_appdir }}/public/images"
 
+- name: Create federation-metadata cache dir
+  ansible.builtin.file:
+    state: directory
+    dest: "{{ item }}"
+    owner: "{{ appname }}"
+    group: root
+    mode: "0755"
+  with_items:
+    - "{{ current_release_appdir }}/federation-metadata"
+
 - name: Install images
   ansible.builtin.include_role:
     name: stepupapp
@@ -70,10 +80,13 @@
       APACHE_UID: "#{{ azuremfa_uid.uid }}"
       APACHE_GUID: "#{{ azuremfa_guid.gid }}"
     mounts:
-      - source: /opt/openconext/azuremfa/public/images/header-logo.png
+      - source: "{{ current_release_appdir }}/public/images/header-logo.png"
         target: /var/www/html/public/build/images/header-logo.png
         type: bind
-      - source: /opt/openconext/azuremfa
+      - source: "{{ current_release_appdir }}"
         target: /var/www/html/config/openconext
         type: bind
+      - source: "{{ current_release_appdir }}/federation-metadata"
+        target: /var/www/html/federation-metadata
+        type: bind
   register: azuremfacontainer
diff --git a/roles/stepupazuremfa/templates/parameters.yaml.j2 b/roles/stepupazuremfa/templates/parameters.yaml.j2
@@ -1,7 +1,7 @@
 parameters:
 {% if 'docker' in group_names %}
     app_env: prod
-    app_debug: false 
+    app_debug: false
     app_secret: {{ azuremfa_secret }}
 {% endif %}
     # All locales supported by the application
@@ -31,4 +31,4 @@ parameters:
     ra_issuer_entity_id_regex: '@@^https://(?:[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?\.)+[a-z0-9][a-z0-9-]{0,61}[a-z0-9]/vetting-procedure/gssf/azuremfa/metadata$@'
 
     # Metadata cache settings
-    federation_metadata_cache_location: '/var/www/html/federation-metadata'
+    federation_metadata_cache_location : '{{ current_release_config_file_dir_name_in_config }}/federation-metadata'
