# Installs OIDC / LDAP using a temporary Groovy page that calls the
# Extension Script Service (services.extension.install).
# Avoids REST job API and any Namespace class import for portability.
#
# Flow:
#  - Bootstrap config renders with both auth backends OFF (already in your role).
#  - This file installs required extensions on the current wiki.
#  - Final config later turns auth ON (already in your role).
#
# Notes:
#  - We print machine-readable markers so Ansible can assert deterministically.
#  - We protect XWiki's {{groovy}} wiki macro from Jinja by using {% raw %}…{% endraw %}.

- name: "XWIKI | Build Groovy installer code from static file (base64 payload)"
  vars:
    _wanted_b64: "{{ XWIKI_PLUGINS | to_json | b64encode }}"
  set_fact:
    _install_code: >-
      {{ lookup('file', 'roles/web-app-xwiki/files/extension_installer_b64.groovy')
         | regex_replace('__WANTED_B64__', _wanted_b64) }}

- name: "XWIKI | PUT installer page Main.InstallExtensions"
  uri:
    url: "{{ [XWIKI_REST_XWIKI_PAGES, 'InstallExtensions'] | url_join }}"
    method: PUT
    user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
    force_basic_auth: true
    status_code: [200, 201, 202, 204]
    headers:
      Content-Type: "application/xml"
      Accept: "application/xml"
    body: |
      <page xmlns="http://www.xwiki.org">
        <title>InstallExtensions</title>
        <content><![CDATA[
        {% raw %}{{groovy}}{% endraw %}
        {{ _install_code | indent(8, False) }}
        {% raw %}{{/groovy}}{% endraw %}
        ]]></content>
        <syntax>xwiki/2.1</syntax>
      </page>
  register: _put_page

- name: "XWIKI | Execute installer page"
  uri:
    url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/bin/view/XWiki/InstallExtensions?xpage=plain"
    method: GET
    user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
    force_basic_auth: true
    status_code: [200]
    return_content: yes
    timeout: 300
  register: _exec_page
  retries: 20
  delay: 15
  until: _exec_page is succeeded

- name: "XWIKI | Verify requested extensions via Groovy checker"
  include_tasks: _check_extension_via_groovy.yml
  loop: "{{ XWIKI_PLUGINS }}"
  loop_control:
    loop_var: plugin
    label: "{{ plugin.id }}"
  vars:
    ext_id: "{{ plugin.id }}"
    result_var: "probe_{{ plugin.id | regex_replace('[^A-Za-z0-9_]', '_') }}"

- name: "XWIKI | Collect probe results"
  set_fact:
    _xwiki_probe_results: "{{ _xwiki_probe_results | default([]) + [ {
      'id': plugin.id,
      'status': (
        (hostvars[inventory_hostname]['probe_' ~ (plugin.id | regex_replace('[^A-Za-z0-9_]', '_'))]
         | default({})).status
        | default(404) | int
      )
      } ] }}"
  loop: "{{ XWIKI_PLUGINS }}"
  loop_control:
    loop_var: plugin
  changed_when: false

# Fail if any extension is missing
- name: "XWIKI | Assert all requested extensions are installed"
  vars:
    missing: "{{ _xwiki_probe_results | selectattr('status','equalto',404) | map(attribute='id') | list }}"
  fail:
    msg: "Missing extensions: {{ missing | join(', ') }}"
  when: missing | length > 0

- name: "XWIKI | Delete installer page"
  uri:
    url: "{{ [XWIKI_REST_XWIKI_PAGES, 'InstallExtensions'] | url_join }}"
    method: DELETE
    user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
    password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
    force_basic_auth: true
    status_code: [204, 200, 202, 404]
  register: _delete_page
  changed_when: _delete_page.status != 404