web-app-minio: enable OIDC integration and policy handling

- Added OIDC and LDAP feature flags in config - Introduced API/Console URL vars for proxy alignment - Implemented automatic MinIO policy creation for OIDC admin group - Replaced static env.J2 with dynamic env.j2 (OIDC-aware) - Added policy.json.j2 template with full admin rights - Cleaned up tasks to use stdin instead of file for mc policy apply Ref: https://chatgpt.com/share/68d1d3ef-ca84-800f-abe2-11ab70e20c4e
2025-09-24 11:06:24 +02:00 · 2025-09-23 00:56:11 +02:00
parent 6da7f28370
commit 5daf3387bf
6 changed files with 61 additions and 6 deletions
--- a/roles/web-app-minio/config/main.yml
+++ b/roles/web-app-minio/config/main.yml
@@ -6,6 +6,8 @@ features:
  logout:           true
  javascript:       false
  local_ai:         true
+  oidc:             true
+  ldap:             false # OIDC is already activated so LDAP isn't necessary
 server:
  domains:
    canonical:
@@ -22,7 +24,7 @@ server:
      #style-src:
      #  unsafe-inline:  true
    whitelist:
-      font-src: [] 
+      font-src: []
      connect-src: [] 
 docker:
  services: