kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-10-31 18:29:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

XWiki: two-phase bootstrap + extension install before enabling auth; add XOR validation

Browse Source 
- Add 02_validation.yml to prevent OIDC+LDAP enabled simultaneously
- Introduce _flush_config.yml with switches (OIDC/LDAP/superadmin)
- Bootstrap with native+superadmin → create admin → install extensions (superadmin) → enable final auth
- Refactor REST vars (XWIKI_REST_BASE, XWIKI_REST_XWIKI, XWIKI_REST_EXTENSION_INSTALL)
- Update templates to use switch vars; gate OIDC block in properties
- Idempotent REST readiness waits

Conversation: https://chatgpt.com/share/68c40c1e-2b3c-800f-b59f-8d37baa9ebb2
This commit is contained in:
Kevin Veen-Birkenbach
2025-09-12 14:04:02 +02:00
parent b0f10aa0d0
commit f576b42579
8 changed files with 103 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
roles/web-app-xwiki/tasks/03_administrator.yml Normal file
View File

@@ -0,0 +1,43 @@
---
# Wait until REST endpoint is available (01_core usually ensures this, but add safety)
- name: "XWIKI | Wait until REST answers"
uri:
url: "{{ XWIKI_REST_BASE }}"
status_code: [200, 401]
register: _rest_ping
retries: 60
delay: 5
until: _rest_ping is succeeded
# Check if the target admin already exists
# 404 => missing, 302 => DW redirect (treat as missing for bootstrap)
- name: "XWIKI | Check if target admin user exists"
uri:
url: "{{ XWIKI_REST_XWIKI }}/users/{{ XWIKI_ADMIN_USER | urlencode }}"
method: GET
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true
status_code: [200, 404, 302]
register: _admin_exists
# Create admin user if not existing (or DW still redirecting)
- name: "XWIKI | Create admin user via REST"
uri:
url: "{{ XWIKI_REST_XWIKI }}/users"
method: POST
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true
status_code: 201
headers:
Content-Type: "application/xml"
body: |
<user>
<firstName>{{ users.administrator.firstname | default('Admin') }}</firstName>
<lastName>{{ users.administrator.lastname | default('User') }}</lastName>
<email>{{ users.administrator.email }}</email>
<username>{{ XWIKI_ADMIN_USER }}</username>
<password>{{ XWIKI_ADMIN_PASS }}</password>
</user>
when: _admin_exists.status in [404, 302]