From cdccf4b0d514f62c87d093e30ecdedf2f21d0c57 Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Mon, 25 Jan 2021 12:34:50 -0700
Subject: [PATCH 1/6] Update add datagov_inventory extension

---
 ansible/group_vars/all/vars.yml                          | 2 ++
 ansible/roles/software/ckan/inventory/defaults/main.yml  | 3 +++
 .../ckan/inventory/templates/etc/ckan/production.ini     | 9 +++++++--
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
index fd6c1c77c..fd26d4457 100644
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@@ -123,6 +123,8 @@ inventory_ckan_plugins_default:
   - text_view
   - usmetadata
 
+inventory_next_ckan_plugins_default:
+  - datagov_inventory
 
 # jenkins
 jenkins_config: "{{ lookup('template', 'jenkins_config.yml.j2') }}"
diff --git a/ansible/roles/software/ckan/inventory/defaults/main.yml b/ansible/roles/software/ckan/inventory/defaults/main.yml
index 4328d282e..1bd8a855e 100644
--- a/ansible/roles/software/ckan/inventory/defaults/main.yml
+++ b/ansible/roles/software/ckan/inventory/defaults/main.yml
@@ -23,6 +23,9 @@ inventory_ckan_plugins_default:
   - text_view
   - usmetadata
 
+inventory_next_ckan_plugins_default:
+  - datagov_inventory
+
 # Use local login by default
 inventory_ckan_saml2_enabled: false
 
diff --git a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
index 66b925e05..67b398b21 100644
--- a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
+++ b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
@@ -6,7 +6,7 @@
 # following URL for a description of what they do and the full list of
 # available options:
 #
-# http://docs.ckan.org/en/latest/configuration.html
+# https://docs.ckan.org/en/latest/maintaining/configuration.html
 #
 # The %(here)s variable will be replaced with the parent directory of this file
 #
@@ -85,8 +85,9 @@ ckan.auth.user_create_organizations = false
 ckan.auth.user_delete_groups = false
 ckan.auth.user_delete_organizations = false
 ckan.auth.create_user_via_api = false
-ckan.auth.create_user_via_web = true
+ckan.auth.create_user_via_web = false
 ckan.auth.roles_that_cascade_to_sub_groups = admin
+ckan.auth.public_user_details = false
 
 ## Search Settings
 
@@ -109,8 +110,12 @@ ckan.redis.url = {{ inventory_ckan_redis_url}}
 #		Add ``resource_proxy`` to enable resorce proxying and get around the
 #		same origin policy
 # ckan.plugins = usmetadata datajson datastore datapusher stats text_view recline_view googleanalyticsbasic saml2 dcat_usmetadata
+{% if inventory_next %}
+ckan.plugins = {{ (inventory_next_ckan_plugins_default + inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
+{% else %}
 ckan.plugins = {{ (inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
 
+
 ckan.views.default_views = recline_view text_view image_view webpage_view recline_grid_view
 
 ## Front-End Settings

From e1bdff2dd51d98f0dc8af791b8c4f49e4836f7c7 Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Mon, 25 Jan 2021 14:52:34 -0700
Subject: [PATCH 2/6] Moved where datagov_inventory extension is added

---
 ansible/group_vars/all/vars.yml                               | 3 ---
 .../inventories/production/group_vars/inventory-next/vars.yml | 1 +
 .../inventories/sandbox/group_vars/inventory-next/vars.yml    | 1 +
 .../inventories/staging/group_vars/inventory-next/vars.yml    | 1 +
 ansible/roles/software/ckan/inventory/defaults/main.yml       | 4 +---
 .../software/ckan/inventory/templates/etc/ckan/production.ini | 3 ---
 6 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
index fd26d4457..a880e8e88 100644
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@@ -123,9 +123,6 @@ inventory_ckan_plugins_default:
   - text_view
   - usmetadata
 
-inventory_next_ckan_plugins_default:
-  - datagov_inventory
-
 # jenkins
 jenkins_config: "{{ lookup('template', 'jenkins_config.yml.j2') }}"
 jenkins_home: /data/jenkins
diff --git a/ansible/inventories/production/group_vars/inventory-next/vars.yml b/ansible/inventories/production/group_vars/inventory-next/vars.yml
index 25ebaccad..f668b050b 100644
--- a/ansible/inventories/production/group_vars/inventory-next/vars.yml
+++ b/ansible/inventories/production/group_vars/inventory-next/vars.yml
@@ -38,6 +38,7 @@ newrelic_enabled: true
 # saml2 authentication
 inventory_ckan_saml2_enabled: false
 inventory_ckan_plugins_additional: [s3filestore]
+inventory_ckan_plugins_first: [datagov_inventory]
 
 # redis
 inventory_ckan_redis_password: "{{ inventory_next_ckan_redis_password }}"
diff --git a/ansible/inventories/sandbox/group_vars/inventory-next/vars.yml b/ansible/inventories/sandbox/group_vars/inventory-next/vars.yml
index 5f04f7564..889c057c9 100644
--- a/ansible/inventories/sandbox/group_vars/inventory-next/vars.yml
+++ b/ansible/inventories/sandbox/group_vars/inventory-next/vars.yml
@@ -36,6 +36,7 @@ newrelic_enabled: false
 # saml2 authentication (disabled until https://github.com/GSA/datagov-ckan-multi/issues/348 is resolved)
 inventory_ckan_saml2_enabled: false
 inventory_ckan_plugins_additional: [s3filestore]
+inventory_ckan_plugins_first: [datagov_inventory]
 
 # redis
 inventory_ckan_redis_password: "{{ inventory_next_ckan_redis_password }}"
diff --git a/ansible/inventories/staging/group_vars/inventory-next/vars.yml b/ansible/inventories/staging/group_vars/inventory-next/vars.yml
index 0214a23d7..f30a7d0e3 100644
--- a/ansible/inventories/staging/group_vars/inventory-next/vars.yml
+++ b/ansible/inventories/staging/group_vars/inventory-next/vars.yml
@@ -38,6 +38,7 @@ newrelic_enabled: true
 # saml2 authentication
 inventory_ckan_saml2_enabled: false
 inventory_ckan_plugins_additional: [s3filestore]
+inventory_ckan_plugins_first: [datagov_inventory]
 
 # redis
 inventory_ckan_redis_password: "{{ inventory_next_ckan_redis_password }}"
diff --git a/ansible/roles/software/ckan/inventory/defaults/main.yml b/ansible/roles/software/ckan/inventory/defaults/main.yml
index 1bd8a855e..25f7aa3b2 100644
--- a/ansible/roles/software/ckan/inventory/defaults/main.yml
+++ b/ansible/roles/software/ckan/inventory/defaults/main.yml
@@ -11,6 +11,7 @@ ckan_virtual_env: "{{virtual_env}}"
 datapusher_virtual_env: /usr/lib/datapusher
 app_type: inventory
 
+inventory_ckan_plugins_first: []
 inventory_ckan_plugins_additional: []
 inventory_ckan_plugins_default:
   - datajson
@@ -23,9 +24,6 @@ inventory_ckan_plugins_default:
   - text_view
   - usmetadata
 
-inventory_next_ckan_plugins_default:
-  - datagov_inventory
-
 # Use local login by default
 inventory_ckan_saml2_enabled: false
 
diff --git a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
index 67b398b21..8cde747fc 100644
--- a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
+++ b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
@@ -110,10 +110,7 @@ ckan.redis.url = {{ inventory_ckan_redis_url}}
 #		Add ``resource_proxy`` to enable resorce proxying and get around the
 #		same origin policy
 # ckan.plugins = usmetadata datajson datastore datapusher stats text_view recline_view googleanalyticsbasic saml2 dcat_usmetadata
-{% if inventory_next %}
 ckan.plugins = {{ (inventory_next_ckan_plugins_default + inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
-{% else %}
-ckan.plugins = {{ (inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
 
 
 ckan.views.default_views = recline_view text_view image_view webpage_view recline_grid_view

From 5d05d3047dbb4236984fb5c7022f86fe59c330c0 Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Mon, 25 Jan 2021 15:05:25 -0700
Subject: [PATCH 3/6] Update production.ini to load datagov_inventory extension

---
 .../software/ckan/inventory/templates/etc/ckan/production.ini   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
index 8cde747fc..5f9519289 100644
--- a/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
+++ b/ansible/roles/software/ckan/inventory/templates/etc/ckan/production.ini
@@ -110,7 +110,7 @@ ckan.redis.url = {{ inventory_ckan_redis_url}}
 #		Add ``resource_proxy`` to enable resorce proxying and get around the
 #		same origin policy
 # ckan.plugins = usmetadata datajson datastore datapusher stats text_view recline_view googleanalyticsbasic saml2 dcat_usmetadata
-ckan.plugins = {{ (inventory_next_ckan_plugins_default + inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
+ckan.plugins = {{ (inventory_ckan_plugins_first + inventory_ckan_plugins_default + inventory_ckan_plugins_additional) | join(' ') }}
 
 
 ckan.views.default_views = recline_view text_view image_view webpage_view recline_grid_view

From 3420c8a8a783a5de80f1eb5faf1c0689ae52d821 Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Tue, 26 Jan 2021 13:05:42 -0700
Subject: [PATCH 4/6] Add space for readability

---
 ansible/group_vars/all/vars.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ansible/group_vars/all/vars.yml b/ansible/group_vars/all/vars.yml
index a533011e5..d3ac2fbdd 100644
--- a/ansible/group_vars/all/vars.yml
+++ b/ansible/group_vars/all/vars.yml
@@ -123,6 +123,7 @@ inventory_ckan_plugins_default:
   - text_view
   - usmetadata
 
+
 # jenkins
 jenkins_config: "{{ lookup('template', 'jenkins_config.yml.j2') }}"
 jenkins_home: /data/jenkins

From 5119be171268a2d1991cad15528f77b78432e09a Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Tue, 26 Jan 2021 13:07:47 -0700
Subject: [PATCH 5/6] Clean up merge

---
 .../production/group_vars/inventory-next/vars.yml            | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/ansible/inventories/production/group_vars/inventory-next/vars.yml b/ansible/inventories/production/group_vars/inventory-next/vars.yml
index 7ea8a3e70..2fe75ee9a 100644
--- a/ansible/inventories/production/group_vars/inventory-next/vars.yml
+++ b/ansible/inventories/production/group_vars/inventory-next/vars.yml
@@ -40,10 +40,6 @@ inventory_ckan_plugins_first: [datagov_inventory]
 
 # saml2 authentication
 inventory_ckan_saml2_enabled: false
-<<<<<<< HEAD
-inventory_ckan_plugins_additional: [s3filestore]
-inventory_ckan_plugins_first: [datagov_inventory]
-=======
 ckan_production_ini_template: etc/ckan/production.ini
 inventory_ckan_who_ini_path: etc_ckan_who.default.ini.j2
 
@@ -55,7 +51,6 @@ saml2_sp_public_certificate: "{{ vault_inventory_next_saml2_sp_public_certificat
 saml2_sp_private_key: "{{ vault_inventory_next_saml2_sp_private_key }}"
 
 inventory_ckan_saml2_entity_id: "urn:gov:gsa:SAML:2.0.profiles:sp:sso:gsa:datagov-production-inventory"
->>>>>>> develop
 
 # redis
 inventory_ckan_redis_password: "{{ inventory_next_ckan_redis_password }}"

From 600603be61dc6a215b377ee8c7709c6856645a7e Mon Sep 17 00:00:00 2001
From: Chris MacDermaid <christopher.macdermaid@gsa.gov>
Date: Tue, 9 Feb 2021 08:01:41 -0700
Subject: [PATCH 6/6] Update production.ini with saml2

---
 .../templates/inventory-next/etc_ckan_production.ini.j2  | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/software/ckan/inventory/templates/inventory-next/etc_ckan_production.ini.j2 b/ansible/roles/software/ckan/inventory/templates/inventory-next/etc_ckan_production.ini.j2
index a7ea5bc10..1720c7a82 100644
--- a/ansible/roles/software/ckan/inventory/templates/inventory-next/etc_ckan_production.ini.j2
+++ b/ansible/roles/software/ckan/inventory/templates/inventory-next/etc_ckan_production.ini.j2
@@ -6,7 +6,7 @@
 # following URL for a description of what they do and the full list of
 # available options:
 #
-# http://docs.ckan.org/en/latest/configuration.html
+# https://docs.ckan.org/en/latest/maintaining/configuration.html
 #
 # The %(here)s variable will be replaced with the parent directory of this file
 #
@@ -85,8 +85,9 @@ ckan.auth.user_create_organizations = false
 ckan.auth.user_delete_groups = false
 ckan.auth.user_delete_organizations = false
 ckan.auth.create_user_via_api = false
-ckan.auth.create_user_via_web = true
+ckan.auth.create_user_via_web = false
 ckan.auth.roles_that_cascade_to_sub_groups = admin
+ckan.auth.public_user_details = false
 
 ## Search Settings
 
@@ -108,8 +109,8 @@ ckan.redis.url = {{ inventory_ckan_redis_url}}
 #       Add ``pdf_preview`` to enable the resource preview for PDFs
 #		Add ``resource_proxy`` to enable resorce proxying and get around the
 #		same origin policy
-# ckan.plugins = usmetadata datajson datastore datapusher stats text_view recline_view googleanalyticsbasic saml2 dcat_usmetadata
-ckan.plugins = {{ (inventory_ckan_plugins_additional + inventory_ckan_plugins_default) | join(' ') }}
+ckan.plugins = {{ (inventory_ckan_plugins_first + inventory_ckan_plugins_default + 
+                  inventory_ckan_plugins_additional) | join(' ') }}
 
 ckan.views.default_views = recline_view text_view image_view webpage_view recline_grid_view