Fix: enable stable Drupal OIDC support and PHP 8.2 base image

- Switched Drupal base image to PHP 8.2 for compatibility with openid_connect 2.x - Added mariadb-client to container to allow Drush to drop tables - Upgraded OIDC module from ^1 to ^2@beta for entity-based client configuration - Replaced legacy client creation task with generic plugin-based entity creation - Ensured /usr/local/bin is in PATH for www-data user - Updated oidc.yml to explicitly use the generic plugin References: https://chatgpt.com/share/6905cecc-8e3c-800f-849b-4041b6925381
2025-11-08 22:28:02 +00:00 · 2025-11-01 10:12:07 +01:00
parent bebf76951c
commit 9e874408a7
4 changed files with 44 additions and 17 deletions
--- a/roles/web-app-drupal/tasks/04_configure_oidc.yml
+++ b/roles/web-app-drupal/tasks/04_configure_oidc.yml
@@ -13,22 +13,42 @@
    openid_connect.settings {{ item.key }}
    {{ (item.value | to_json) if item.value is mapping or item.value is sequence else item.value }}"

- name: "Ensure OIDC client entity exists"
+- name: "Ensure/Update OIDC client entity (generic)"
  vars:
-    client_id: "{{ oidc_vars.oidc_client.id }}"
+    client_id:    "{{ oidc_vars.oidc_client.id }}"
    client_label: "{{ oidc_vars.oidc_client.label }}"
+    plugin_id:    "{{ oidc_vars.oidc_client.plugin }}"
+    settings_b64: "{{ oidc_vars.oidc_client.settings | to_json | b64encode }}"
  command: >
    docker exec {{ DRUPAL_CONTAINER }} bash -lc
    "drush -r {{ DRUPAL_DOCKER_HTML_PATH }} eval '
-    $id=\"{{ client_id }}\"; $label=\"{{ client_label }}\";
-    $storage=\Drupal::entityTypeManager()->getStorage(\"openid_connect_client\");
-    if (!$storage->load($id)) {
-      $client=$storage->create([\"id\"=>$id,\"label\"=>$label]);
-      $client->save();
-      print \"created\";
-    } else { print \"exists\"; }'"
-  register: client_exists
-  changed_when: "'created' in client_exists.stdout"
+      $id=\"{{ client_id }}\";
+      $label=\"{{ client_label }}\";
+      $plugin=\"{{ plugin_id }}\";
+      $settings=json_decode(base64_decode(\"{{ settings_b64 }}\"), TRUE);
+      $storage=\\Drupal::entityTypeManager()->getStorage(\"openid_connect_client\");
+      $e=$storage->load($id);
+      if (!$e) {
+        $e=$storage->create([
+          \"id\"=> $id,
+          \"label\"=> $label,
+          \"status\"=> TRUE,
+          \"plugin\"=> $plugin,
+          \"settings\"=> $settings,
+        ]);
+        $e->save();
+        print \"created\";
+      } else {
+        $e->set(\"label\", $label);
+        $e->set(\"plugin\", $plugin);
+        $e->set(\"settings\", $settings);
+        $e->set(\"status\", TRUE);
+        $e->save();
+        print \"updated\";
+      }
+    '"
+  register: client_apply
+  changed_when: "'created' in client_apply.stdout or 'updated' in client_apply.stdout"

 - name: "Apply OIDC client settings"
  vars: