From 8e2541d0535f80bd06764d8c84a5b56b0100fea9 Mon Sep 17 00:00:00 2001
From: Martin van Es <martin@mrvanes.com>
Date: Mon, 18 May 2026 16:11:41 +0200
Subject: [PATCH 1/4] Add pdp and idp_dashboard secrets

---
 roles/invite/templates/serverapplication.yml.j2 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/roles/invite/templates/serverapplication.yml.j2 b/roles/invite/templates/serverapplication.yml.j2
index 81e7dae5d..0d734650b 100644
--- a/roles/invite/templates/serverapplication.yml.j2
+++ b/roles/invite/templates/serverapplication.yml.j2
@@ -173,6 +173,14 @@ external-api-configuration:
       password: "{{ invite.profile_secret }}"
       scopes:
         - profile
+    - username: {{ invite.pdp_user }}
+      password: "{{ invite.pdp_secret }}"
+      scopes:
+        - crm
+    - username: {{ invite.idp_dashboard_user }}
+      password: "{{ invite.idp_dashboard_secret }}"
+      scopes:
+        - crm
     - username: {{ invite.sp_dashboard_user }}
       password: "{{ invite.sp_dashboard_secret }}"
       organizationGUIDFallback: {{ invite.surf_idp_organization_guid }}

From aa4954a3cfa7c0ba2d42aed5ecfb5dd2a3968fa2 Mon Sep 17 00:00:00 2001
From: Martin van Es <martin@mrvanes.com>
Date: Mon, 18 May 2026 16:12:04 +0200
Subject: [PATCH 2/4] Migrate pdp and idp_dashboard to invite

---
 roles/dashboard/templates/serverapplication.yml.j2 | 4 ++--
 roles/pdp/templates/serverapplication.yml.j2       | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/dashboard/templates/serverapplication.yml.j2 b/roles/dashboard/templates/serverapplication.yml.j2
index 45109b554..88a96ff8d 100644
--- a/roles/dashboard/templates/serverapplication.yml.j2
+++ b/roles/dashboard/templates/serverapplication.yml.j2
@@ -27,8 +27,8 @@ spDashboard.password={{ dashboard_sp_dashboard_password }}
 
 # SAB connection details
 sab-rest.endpoint={{ dashboard.sab_rest_endpoint }}
-sab-rest.username=cdk
-sab-rest.password={{ dashboard_sab_rest_password }}
+sab-rest.username={{ dashboard.sab_rest_username }}
+sab-rest.password={{ dashboard.sab_rest_password }}
 
 # SAB roles
 admin.surfconext.idp.sabRole=SURFconextverantwoordelijke
diff --git a/roles/pdp/templates/serverapplication.yml.j2 b/roles/pdp/templates/serverapplication.yml.j2
index 762c2dbdc..e25a59a7f 100644
--- a/roles/pdp/templates/serverapplication.yml.j2
+++ b/roles/pdp/templates/serverapplication.yml.j2
@@ -41,9 +41,9 @@ email:
 voot:
   serviceUrl: https://voot.{{ base_domain }}
 sab:
-  password: {{ aa.sab_rest_password }}
-  userName: {{ aa.sab_rest_username }}
-  endpoint: {{ aa.sab_rest_endpoint }}
+  password: {{ pdp.sab_rest_secret }}
+  userName: {{ pdp.sab_rest_user }}
+  endpoint: {{ pdp.sab_rest_endpoint }}
 policies:
   cachePolicies: {{ pdp.cache_policies }}
 manage:

From e3ca56bfb1e0b289259acc8681075122f4844d68 Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surf.nl>
Date: Tue, 19 May 2026 14:08:59 +0200
Subject: [PATCH 3/4] Fix restarting of pdp container

---
 roles/pdp/handlers/main.yml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/roles/pdp/handlers/main.yml b/roles/pdp/handlers/main.yml
index c6179bb34..9ce5432e7 100644
--- a/roles/pdp/handlers/main.yml
+++ b/roles/pdp/handlers/main.yml
@@ -1,9 +1,9 @@
 - name: restart pdpserver
   community.docker.docker_container:
-    name: pdpserver
-    state: started
+    name: "pdp"
+    state: "started"
     restart: true
     # avoid restarting it creates unexpected data loss according to docker_container_module notes
     comparisons:
-      '*': ignore
-  when: pdpservercontainer is success and pdpservercontainer is not change
+      '*': "ignore"
+  when: "pdpservercontainer is success and pdpservercontainer is not change"

From 19c28d5f0013cdcf89c4d110b8aed0e7aa707389 Mon Sep 17 00:00:00 2001
From: Bas Zoetekouw <bas.zoetekouw@surf.nl>
Date: Tue, 19 May 2026 14:13:01 +0200
Subject: [PATCH 4/4] Fix variable names

---
 roles/pdp/templates/serverapplication.yml.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/roles/pdp/templates/serverapplication.yml.j2 b/roles/pdp/templates/serverapplication.yml.j2
index e25a59a7f..a6d33a914 100644
--- a/roles/pdp/templates/serverapplication.yml.j2
+++ b/roles/pdp/templates/serverapplication.yml.j2
@@ -41,8 +41,8 @@ email:
 voot:
   serviceUrl: https://voot.{{ base_domain }}
 sab:
-  password: {{ pdp.sab_rest_secret }}
-  userName: {{ pdp.sab_rest_user }}
+  password: {{ pdp.sab_rest_password }}
+  userName: {{ pdp.sab_rest_username }}
   endpoint: {{ pdp.sab_rest_endpoint }}
 policies:
   cachePolicies: {{ pdp.cache_policies }}