From d95feec91503426042b997ad393cc8f6857f6088 Mon Sep 17 00:00:00 2001
From: Daniel Berteaud <dbd@ehtrace.com>
Date: Thu, 1 Aug 2024 12:00:49 +0200
Subject: [PATCH] Update to 2024-08-01 12:00

---
 roles/squash_tm/defaults/main.yml                     |  8 ++++++--
 roles/squash_tm/tasks/facts.yml                       | 11 +++++++++++
 roles/squash_tm/templates/squash.tm.cfg.properties.j2 |  2 ++
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/roles/squash_tm/defaults/main.yml b/roles/squash_tm/defaults/main.yml
index 5f7d7f0..b3c1926 100644
--- a/roles/squash_tm/defaults/main.yml
+++ b/roles/squash_tm/defaults/main.yml
@@ -1,11 +1,11 @@
 ---
 
 # Version of Shash TM to install
-squashtm_version: 7.0.3
+squashtm_version: 7.1.0
 # Archive URL which will be downloaded during install/upgrades
 squashtm_archive_url: https://nexus.squashtest.org/nexus/repository/public-releases/tm/core/squash-tm-distribution/{{ squashtm_version }}.RELEASE/squash-tm-{{ squashtm_version }}.RELEASE.tar.gz
 # Expected checksum of the archive
-squashtm_archive_sha256: e4f1417f8883cef761d32161f50f1c1e6157b0f82a90a0e1252efc2f510e6d3f
+squashtm_archive_sha256: 2b61241782a38af287ca09f500bd90b3a4c6c06857129370e45fda6c3ad4e6f2
 # Should ansible handle upgrades ? (if False, only initial install and configuration will be done)
 squashtm_manage_upgrade: True
 
@@ -34,3 +34,7 @@ squashtm_db_name: squashtm
 # Credentials in Squash TM database are encrypted with a passphrase. If not defined,
 # a random one will be created and stored in {{ squashtm_root_dir }}/meta/ansible_secret
 # squashtm_secret: p@ssw0rd
+
+# JWT secret for API tokens. If not defined,
+# a random one will be created and stored in {{ squashtm_root_dir }}/meta/ansible_jwt_secret
+# squash_jwt_secret: s3cr3t.P@ssw0rd
diff --git a/roles/squash_tm/tasks/facts.yml b/roles/squash_tm/tasks/facts.yml
index 8acaa1c..f16815a 100644
--- a/roles/squash_tm/tasks/facts.yml
+++ b/roles/squash_tm/tasks/facts.yml
@@ -37,3 +37,14 @@
   when: squashtm_secret is not defined
   tags: squashtm
 
+# Create a random JWT secret
+- block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: "{{ squashtm_root_dir }}/meta/ansible_jwt_secret"
+        - pass_size: 86
+        - complex: false
+    - set_fact: squashtm_jwt_secret={{ rand_pass }}
+  when: squashtm_jwt_secret is not defined
+  tags: squashtm
+
diff --git a/roles/squash_tm/templates/squash.tm.cfg.properties.j2 b/roles/squash_tm/templates/squash.tm.cfg.properties.j2
index c09945e..924f89e 100644
--- a/roles/squash_tm/templates/squash.tm.cfg.properties.j2
+++ b/roles/squash_tm/templates/squash.tm.cfg.properties.j2
@@ -9,3 +9,5 @@ server.tomcat.basedir={{ squashtm_root_dir }}/data/tomcat
 squash.crypto.secret={{ squashtm_secret }}
 squash.path.bundles-path={{ squashtm_root_dir }}/app/bundles
 squash.path.plugins-path={{ squashtm_root_dir }}/app/plugins
+
+squash.rest-api.jwt.secret={{ squashtm_jwt_secret }}