feat: backup appwritefix: CORS error by adding platforms

playbooks/bootstrap_appwrite.yml

@@ -0,0 +1,176 @@
+---
+# Bootstraps a fresh Appwrite instance:
+#   1. Creates the console admin user
+#   2. Creates the BAB project
+#   3. Registers web platforms (CORS allowed origins)
+#   4. Generates an Ansible automation API key
+#   5. Stores the API key secret in Vault at kv/oys/bab-appwrite-api-key
+#
+# Run once per environment after install_appwrite.yml.
+# Safe to re-run: account and project creation tolerate 409.
+# Platform and API key creation are NOT idempotent — re-running creates
+# duplicates. Delete stale entries from the console.
+#
+# Required vars (from inventory):
+#   appwrite_domain        - e.g. appwrite.toal.ca (used to build admin URL)
+#   appwrite_project       - project ID to create
+#   appwrite_project_name  - human-readable project name (default: BAB)
+#   appwrite_web_platforms - list of {name, hostname} dicts for CORS origins
+#
+# Note: uses appwrite_domain directly, not appwrite_admin_uri, because
+# appwrite_admin_uri may point to an app-layer proxy (e.g. nginx) that
+# does not expose the Appwrite admin/console endpoints.
+
+- name: Bootstrap Appwrite — Admin, Project, and API Key
+  hosts: appwrite
+  gather_facts: false
+
+  vars:
+    appwrite_admin_uri: "https://{{ appwrite_domain }}/v1"
+
+  tasks:
+    - name: Read admin credentials from Vault
+      community.hashi_vault.vault_kv2_get:
+        path: oys/bab_admin
+        engine_mount_point: kv
+      register: vault_admin
+      no_log: true
+      delegate_to: localhost
+
+    - name: Create Appwrite console admin account
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/account"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+        body:
+          userId: "{{ appwrite_admin_user_id | default('bab-admin') }}"
+          email: "{{ vault_admin.secret.bab_admin_user }}"
+          password: "{{ vault_admin.secret.bab_admin_password }}"
+        status_code: [201, 409, 501]
+        return_content: true
+      delegate_to: localhost
+      no_log: true
+
+    - name: Create admin session
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/account/sessions/email"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+        body:
+          email: "{{ vault_admin.secret.bab_admin_user }}"
+          password: "{{ vault_admin.secret.bab_admin_password }}"
+        status_code: [201]
+        return_content: true
+      register: admin_session
+      delegate_to: localhost
+      no_log: false
+
+    - name: Create JWT from admin session
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/account/jwt"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+          Cookie: "{{ admin_session.cookies_string }}"
+        status_code: [201]
+        return_content: true
+      register: admin_jwt
+      delegate_to: localhost
+      no_log: true
+
+    - name: Get admin user teams
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/teams"
+        method: GET
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+          X-Appwrite-JWT: "{{ admin_jwt.json.jwt }}"
+        status_code: [200]
+        return_content: true
+      register: admin_teams
+      delegate_to: localhost
+
+    - name: Create BAB project
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/projects"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+          X-Appwrite-JWT: "{{ admin_jwt.json.jwt }}"
+        body:
+          projectId: "{{ appwrite_project }}"
+          name: "{{ appwrite_project_name | default('BAB') }}"
+          teamId: "{{ admin_teams.json.teams[0]['$id'] }}"
+          region: default
+        status_code: [201, 409]
+        return_content: true
+      delegate_to: localhost
+      no_log: false
+
+    - name: Register web platforms (CORS allowed origins)
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/projects/{{ appwrite_project }}/platforms"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+          X-Appwrite-JWT: "{{ admin_jwt.json.jwt }}"
+        body:
+          type: web
+          name: "{{ item.name }}"
+          hostname: "{{ item.hostname }}"
+        status_code: [201]
+        return_content: true
+      loop: "{{ appwrite_web_platforms | default([]) }}"
+      delegate_to: localhost
+
+    - name: Create Ansible automation API key
+      ansible.builtin.uri:
+        url: "{{ appwrite_admin_uri }}/projects/{{ appwrite_project }}/keys"
+        method: POST
+        body_format: json
+        headers:
+          X-Appwrite-Project: console
+          X-Appwrite-Response-Format: "1.6"
+          X-Appwrite-JWT: "{{ admin_jwt.json.jwt }}"
+        body:
+          name: ansible-automation
+          scopes:
+            - databases.read
+            - databases.write
+            - collections.read
+            - collections.write
+            - attributes.read
+            - attributes.write
+            - indexes.read
+            - indexes.write
+            - documents.read
+            - documents.write
+            - users.read
+            - users.write
+        status_code: [201]
+        return_content: true
+      register: api_key
+      delegate_to: localhost
+      no_log: true
+
+    - name: Store API key secret in Vault
+      community.hashi_vault.vault_kv2_write:
+        path: oys/bab-appwrite-api-key
+        engine_mount_point: kv
+        data:
+          appwrite_api_key: "{{ api_key.json.secret }}"
+      delegate_to: localhost
+      no_log: true