kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-09-14 14:26:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
f576b4257973d74d0ff26d2bb59a06a3e4204d7d
computer-playbook/roles/web-app-xwiki/tasks/04_extensions.yml
Kevin Veen-Birkenbach f576b42579 XWiki: two-phase bootstrap + extension install before enabling auth; add XOR validation 
- Add 02_validation.yml to prevent OIDC+LDAP enabled simultaneously
- Introduce _flush_config.yml with switches (OIDC/LDAP/superadmin)
- Bootstrap with native+superadmin → create admin → install extensions (superadmin) → enable final auth
- Refactor REST vars (XWIKI_REST_BASE, XWIKI_REST_XWIKI, XWIKI_REST_EXTENSION_INSTALL)
- Update templates to use switch vars; gate OIDC block in properties
- Idempotent REST readiness waits

Conversation: https://chatgpt.com/share/68c40c1e-2b3c-800f-b59f-8d37baa9ebb2
2025-09-12 14:04:02 +02:00

38 lines
1.4 KiB
YAML
Raw Blame History

- name: "Check if OIDC extension installed"
uri:
url: "{{ XWIKI_REST_XWIKI }}/extensions/{{ XWIKI_EXT_OIDC_ID | urlencode }}"
method: GET
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: yes
status_code: [200, 404, 302]
register: xwiki_oidc_ext
when: XWIKI_OIDC_ENABLED | bool
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
- name: "Check if LDAP extension installed"
uri:
url: "{{ XWIKI_REST_XWIKI }}/extensions/{{ XWIKI_EXT_LDAP_ID | urlencode }}"
method: GET
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: yes
status_code: [200, 404, 302]
register: xwiki_ldap_ext
when: XWIKI_LDAP_ENABLED | bool
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
- name: "Install LDAP and/or OIDC extensions"
uri:
url: "{{ XWIKI_REST_EXTENSION_INSTALL }}"
method: PUT
user: "{{ XWIKI_SUPERADMIN_USERNAME }}"
password: "{{ XWIKI_SUPERADMIN_PASSWORD }}"
force_basic_auth: yes
headers: { Content-Type: "text/xml" }
body: "{{ lookup('template', 'installjobrequest.xml.j2') }}"
status_code: 200
when:
- (XWIKI_OIDC_ENABLED | bool and xwiki_oidc_ext.status == 404) or
(XWIKI_LDAP_ENABLED | bool and (xwiki_ldap_ext is not skipped) and xwiki_ldap_ext.status == 404)
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"
Reference in New Issue View Git Blame Copy Permalink