web-app-minio: enable OIDC integration and policy handling

- Added OIDC and LDAP feature flags in config
- Introduced API/Console URL vars for proxy alignment
- Implemented automatic MinIO policy creation for OIDC admin group
- Replaced static env.J2 with dynamic env.j2 (OIDC-aware)
- Added policy.json.j2 template with full admin rights
- Cleaned up tasks to use stdin instead of file for mc policy apply

Ref: https://chatgpt.com/share/68d1d3ef-ca84-800f-abe2-11ab70e20c4e

roles/web-app-minio/vars/main.yml

@@ -14,18 +14,24 @@ MINIO_VOLUME:                   "{{ applications | get_app_conf(application_id,
 
 ## Api
 MINIO_API_DOMAIN:               "{{ applications | get_app_conf(application_id, 'server.domains.canonical.api') }}"
+MINIO_API_URL:                  "{{ WEB_PROTOCOL }}://{{ MINIO_API_DOMAIN }}"
 MINIO_API_PORT_INTERNAL:        9000
 MINIO_API_PORT_PUBLIC:          "{{ ports.localhost.http[application_id ~ '_api'] }}"
 
 ## Console
 MINIO_CONSOLE_DOMAIN:           "{{ applications | get_app_conf(application_id, 'server.domains.canonical.console') }}"
+MINIO_CONSOLE_URL:              "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
 MINIO_CONSOLE_PORT_INTERNAL:    9001
 MINIO_CONSOLE_PORT_PUBLIC:      "{{ ports.localhost.http[application_id ~ '_console'] }}"
 
+## OIDC
+MINIO_OIDC_ENABLED:             "{{ applications | get_app_conf(application_id, 'features.oidc') }}"
+MINIO_OIDC_POLICY_NAME:         "{{ [ RBAC.GROUP.NAME, application_id ~ '-administrator' ] | path_join }}"
+
 MINIO_FRONT_PROXY_MATRIX: >-
   {{
     [
       { 'domain': MINIO_CONSOLE_DOMAIN, 'http_port': MINIO_CONSOLE_PORT_PUBLIC },
-      { 'domain': MINIO_API_DOMAIN,   'http_port': MINIO_API_PORT_PUBLIC }
+      { 'domain': MINIO_API_DOMAIN,     'http_port': MINIO_API_PORT_PUBLIC }
     ]
-  }}
+  }}