Enhance Authentik role by adding Helm wait timeout for oauth2-proxy and improving task conditions for admin access and OAuth2 provider upserts. Update README with new variable descriptions and adjust Longhorn deployment tasks to ensure proper rollout before Loki installation, enhancing overall deployment reliability.

2026-05-14 15:52:42 -04:00
parent 5e5c6ef671
commit 4bc8da0225
9 changed files with 57 additions and 11 deletions
--- a/ansible/roles/noble_authentik/tasks/main.yml
+++ b/ansible/roles/noble_authentik/tasks/main.yml
@@ -276,7 +276,15 @@
      environment:
        KUBECONFIG: "{{ noble_kubeconfig }}"
      register: noble_authentik_worker_admin_access
-      changed_when: true
+      changed_when: >-
+        "worker:" in (noble_authentik_worker_admin_access.stdout | default(""))
+        and "authentik Admins" in (noble_authentik_worker_admin_access.stdout | default(""))
+      failed_when: >-
+        (noble_authentik_worker_admin_access.rc | default(-1)) != 0
+        or (
+          "worker:" not in (noble_authentik_worker_admin_access.stdout | default(""))
+          or "authentik Admins" not in (noble_authentik_worker_admin_access.stdout | default(""))
+        )
      when:
        - noble_authentik_configure_idp | default(true) | bool
        - noble_authentik_ensure_admin_ui_access | default(true) | bool
@@ -321,7 +329,15 @@
      environment:
        KUBECONFIG: "{{ noble_kubeconfig }}"
      register: noble_authentik_worker_oidc_upsert
-      changed_when: true
+      changed_when: >-
+        "worker: OAuth2 providers + applications upserted"
+        in (noble_authentik_worker_oidc_upsert.stdout | default(""))
+      failed_when: >-
+        (noble_authentik_worker_oidc_upsert.rc | default(-1)) != 0
+        or (
+          "worker: OAuth2 providers + applications upserted"
+          not in (noble_authentik_worker_oidc_upsert.stdout | default(""))
+        )
      when:
        - noble_authentik_configure_idp | default(true) | bool
        - (noble_authentik_oidc_provision_via | default('worker') | lower) == 'worker'
@@ -366,7 +382,10 @@
      environment:
        KUBECONFIG: "{{ noble_kubeconfig }}"
      register: noble_authentik_worker_user_groups
-      changed_when: true
+      changed_when: >-
+        "worker: bootstrap user group membership updated"
+        in (noble_authentik_worker_user_groups.stdout | default(""))
+      failed_when: (noble_authentik_worker_user_groups.rc | default(-1)) != 0
      when:
        - noble_authentik_configure_idp | default(true) | bool
        - (noble_authentik_oidc_provision_via | default('worker') | lower) == 'worker'
@@ -467,7 +486,7 @@
          - --force-conflicts
          - --wait
          - --timeout
-          - 10m
+          - "{{ noble_authentik_oauth2_proxy_helm_wait_timeout }}"
      environment:
        KUBECONFIG: "{{ noble_kubeconfig }}"
      changed_when: true