Redesigned oidc attributs

2025-08-29 15:06:26 +02:00 · 2025-04-17 14:50:04 +02:00
parent 7e24d9b1c3
commit b5b4550cfb
21 changed files with 89 additions and 45 deletions
--- a/roles/docker-wordpress/tasks/install.yml
+++ b/roles/docker-wordpress/tasks/install.yml
@@ -1,4 +1,4 @@
- name: "{{ role_name }} | Run WordPress core install via WP CLI"
+- name: "Run WordPress core install via WP CLI"
  command: >
    docker-compose exec -T -u www-data application
    wp core install
--- a/roles/docker-wordpress/tasks/main.yml
+++ b/roles/docker-wordpress/tasks/main.yml
@@ -1,9 +1,9 @@
 ---
- name: "{{ role_name }} | Include docker-central-database"
+- name: "Include docker-central-database"
  include_role: 
    name: docker-central-database
  
- name: "{{ role_name }} | Include role nginx-domain-setup for {{ application_id }}"
+- name: "Include role nginx-domain-setup for {{ application_id }}"
  include_role:
    name: nginx-domain-setup
  loop: "{{ domains.wordpress }}"
@@ -13,30 +13,30 @@
    nginx_docker_reverse_proxy_extra_configuration: "client_max_body_size {{ wordpress_max_upload_size }};"
    http_port: "{{ ports.localhost.http[application_id] }}"

- name: "{{ role_name }} | Transfering upload.ini to {{ docker_compose.directories.instance }}"
+- name: "Transfering upload.ini to {{ docker_compose.directories.instance }}"
  template:
    src: upload.ini.j2
    dest: "{{ docker_compose.directories.instance }}upload.ini"
  notify: docker compose project build and setup

- name: "{{ role_name }} | Transfering msmtprc to {{ host_msmtp_conf }}"
+- name: "Transfering msmtprc to {{ host_msmtp_conf }}"
  template:
    src: "{{ playbook_dir }}/roles/msmtp/templates/msmtprc.conf.j2"
    dest: "{{ host_msmtp_conf }}"
  notify: docker compose project build and setup

- name: "{{ role_name }} | Transfering Dockerfile to {{ docker_compose.directories.instance }}"
+- name: "Transfering Dockerfile to {{ docker_compose.directories.instance }}"
  copy:
    src: Dockerfile
    dest: "{{ docker_compose.directories.instance }}Dockerfile"
  notify: docker compose project build and setup

- name: "{{ role_name }} | copy docker-compose.yml and env file"
+- name: "copy docker-compose.yml and env file"
  include_tasks: copy-docker-compose-and-env.yml

- name: "{{ role_name }} | Install wordpress"
+- name: "Install wordpress"
  include_tasks: install.yml

- name: "{{ role_name }} | Activating OIDC when enabled."
+- name: "Activating OIDC when enabled."
  include_tasks: oidc.yml
  when: applications[application_id].oidc.enabled | bool
--- a/roles/docker-wordpress/tasks/oidc.yml
+++ b/roles/docker-wordpress/tasks/oidc.yml
@@ -1,5 +1,5 @@
 ---
- name: "{{ role_name }} | Install OpenID Connect Generic Plugin via WP CLI"
+- name: "Install OpenID Connect Generic Plugin via WP CLI"
  command: >
    docker-compose exec -u www-data -T application
      wp plugin install daggerhart-openid-connect-generic
@@ -7,10 +7,13 @@
  args:
    chdir: "{{ docker_compose.directories.instance }}"

- name: "{{ role_name }} | Activate OpenID Connect Generic Plugin"
+- name: "Activate OpenID Connect Generic Plugin"
  command: >
    docker-compose exec -u www-data -T application
      wp plugin activate daggerhart-openid-connect-generic
      --path={{ wordpress_docker_html_path }}
  args:
    chdir: "{{ docker_compose.directories.instance }}"
+
+- name: "Setup OIDC settings"
+  include_tasks: "oidc_settings.yml"
--- a/roles/docker-wordpress/tasks/oidc_settings.yml
+++ b/roles/docker-wordpress/tasks/oidc_settings.yml
@@ -0,0 +1,24 @@
+- name: "Load OIDC settings variables"
+  include_vars:
+    file: "{{ role_path }}/vars/oidc.yml"
+    name: oidc_vars
+
+- name: "Ensure the OIDC settings option exists as a PHP-serialized empty array"
+  # Generate an empty serialized array in the container, then add or update the option
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+    "serialized_empty_array=$(wp eval 'echo serialize(array());' --path={{ wordpress_docker_html_path }}); \
+     wp option add openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }} \
+     || wp option update openid_connect_generic_settings \"$serialized_empty_array\" --path={{ wordpress_docker_html_path }};"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"
+  failed_when: false
+
+- name: "Apply all OIDC settings via WP-CLI eval"
+  # Convert the settings map to JSON and update the option in one step
+  command: >
+    docker-compose exec -u www-data -T application bash -lc
+      "settings_json='{{ oidc_vars.oidc_settings | to_json }}'; \
+       wp eval \"update_option('openid_connect_generic_settings', json_decode('"$settings_json"', true));\" --path={{ wordpress_docker_html_path }}"
+  args:
+    chdir: "{{ docker_compose.directories.instance }}"