kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-17 15:56:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
c64ac0b4dce3097422474094a84d4712a69899a3
computer-playbook/roles/web-app-xwiki/tasks/04_extensions.yml
Kevin Veen-Birkenbach c64ac0b4dc web-app-xwiki: verify extensions via Groovy page + new filter 
- Added new filter 'xwiki_extension_status' (strips HTML, handles  ) -> returns 200/404
- Introduced checker tasks (_check_extension_via_groovy.yml) instead of REST probe
- Added early assert: superadmin login before extension installation
- Collect and assert probe results in 04_extensions.yml
- Set OIDC extension version to 'latest' (empty string)

https://chatgpt.com/share/68ca36cb-ac38-800f-8281-8dea480b6676
2025-09-17 06:20:28 +02:00

103 lines
3.4 KiB
YAML
Raw Blame History

# Installs OIDC / LDAP using a temporary Groovy page that calls the
# Extension Script Service (services.extension.install).
# Avoids REST job API and any Namespace class import for portability.
#
# Flow:
# - Bootstrap config renders with both auth backends OFF (already in your role).
# - This file installs required extensions on the current wiki.
# - Final config later turns auth ON (already in your role).
#
# Notes:
# - We print machine-readable markers so Ansible can assert deterministically.
# - We protect XWiki's {{groovy}} wiki macro from Jinja by using {% raw %}…{% endraw %}.
- name: "XWIKI | Build Groovy installer code from static file (base64 payload)"
vars:
_wanted_b64: "{{ XWIKI_PLUGINS | to_json | b64encode }}"
set_fact:
_install_code: >-
{{ lookup('file', 'roles/web-app-xwiki/files/extension_installer_b64.groovy')
| regex_replace('__WANTED_B64__', _wanted_b64) }}
- name: "XWIKI | PUT installer page Main.InstallExtensions"
uri:
url: "{{ [XWIKI_REST_XWIKI_PAGES, 'InstallExtensions'] | url_join }}"
method: PUT
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true
status_code: [200, 201, 202, 204]
headers:
Content-Type: "application/xml"
Accept: "application/xml"
body: |
<page xmlns="http://www.xwiki.org">
<title>InstallExtensions</title>
<content><![CDATA[
{% raw %}{{groovy}}{% endraw %}
{{ _install_code | indent(8, False) }}
{% raw %}{{/groovy}}{% endraw %}
]]></content>
<syntax>xwiki/2.1</syntax>
</page>
register: _put_page
- name: "XWIKI | Execute installer page"
uri:
url: "http://127.0.0.1:{{ XWIKI_HOST_PORT }}/bin/view/XWiki/InstallExtensions?xpage=plain"
method: GET
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true
status_code: [200]
return_content: yes
timeout: 300
register: _exec_page
retries: 20
delay: 15
until: _exec_page is succeeded
- name: "XWIKI | Verify requested extensions via Groovy checker"
include_tasks: _check_extension_via_groovy.yml
loop: "{{ XWIKI_PLUGINS }}"
loop_control:
loop_var: plugin
label: "{{ plugin.id }}"
vars:
ext_id: "{{ plugin.id }}"
result_var: "probe_{{ plugin.id | regex_replace('[^A-Za-z0-9_]', '_') }}"
- name: "XWIKI | Collect probe results"
set_fact:
_xwiki_probe_results: "{{ _xwiki_probe_results | default([]) + [ {
'id': plugin.id,
'status': (
(hostvars[inventory_hostname]['probe_' ~ (plugin.id | regex_replace('[^A-Za-z0-9_]', '_'))]
| default({})).status
| default(404) | int
)
} ] }}"
loop: "{{ XWIKI_PLUGINS }}"
loop_control:
loop_var: plugin
changed_when: false
# Fail if any extension is missing
- name: "XWIKI | Assert all requested extensions are installed"
vars:
missing: "{{ _xwiki_probe_results | selectattr('status','equalto',404) | map(attribute='id') | list }}"
fail:
msg: "Missing extensions: {{ missing | join(', ') }}"
when: missing | length > 0
- name: "XWIKI | Delete installer page"
uri:
url: "{{ [XWIKI_REST_XWIKI_PAGES, 'InstallExtensions'] | url_join }}"
method: DELETE
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: true
status_code: [204, 200, 202, 404]
register: _delete_page
changed_when: _delete_page.status != 404
Reference in New Issue View Git Blame Copy Permalink