#SPDX-License-Identifier: MIT-0
---
# OIDC provider configuration for Nextcloud user_oidc app

- name: Deploy OIDC config file
  ansible.builtin.template:
    src: oidc.config.php.j2
    dest: "{{ nextcloud_docker_volume_dir }}/nextcloud/config/oidc.config.php"
    owner: www-data
    group: www-data
    mode: '0640'

- name: Remove deleted OIDC providers
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    command: php /var/www/html/occ user_oidc:provider:delete "{{ item }}" --force
  loop: "{{ nextcloud_oidc_providers_removed }}"
  register: oidc_delete_result
  changed_when: "'deleted' in (oidc_delete_result.stdout | default('') | lower)"
  failed_when:
    - oidc_delete_result.rc != 0
    - "'not found' not in (oidc_delete_result.stderr | default('') | lower)"
    - "'does not exist' not in (oidc_delete_result.stderr | default('') | lower)"

- name: Create or update OIDC providers
  vars:
    _mapping: "{{ item.mapping | default({}) }}"
    _base_args:
      - php
      - /var/www/html/occ
      - user_oidc:provider
      - "{{ item.identifier }}"
      - "--clientid={{ item.client_id }}"
      - "--clientsecret={{ item.client_secret }}"
      - "--discoveryuri={{ item.discovery_url }}"
      - "--unique-uid={{ '1' if item.unique_uid | default(true) else '0' }}"
      - "--check-bearer={{ '1' if item.check_bearer | default(false) else '0' }}"
      - "--send-id-token-hint={{ '1' if item.send_id_token_hint | default(true) else '0' }}"
    _optional_args: "{{
        ((['--scope=' ~ item.scope]) if item.scope is defined else []) +
        ((['--group-provisioning=1']) if item.group_provisioning | default(false) else []) +
        ((['--mapping-uid=' ~ _mapping.uid]) if _mapping.uid is defined else []) +
        ((['--mapping-display-name=' ~ _mapping.display_name]) if _mapping.display_name is defined else []) +
        ((['--mapping-email=' ~ _mapping.email]) if _mapping.email is defined else []) +
        ((['--mapping-groups=' ~ _mapping.groups]) if _mapping.groups is defined else [])
      }}"
  community.docker.docker_container_exec:
    container: "{{ nextcloud_service_name }}-nextcloud-1"
    argv: "{{ _base_args + _optional_args }}"
  loop: "{{ nextcloud_oidc_providers }}"
  register: oidc_create_result
  changed_when: "'created' in (oidc_create_result.stdout | default('') | lower) or 'updated' in (oidc_create_result.stdout | default('') | lower)"
  no_log: true