From 2a6888ddf37f2ff7541a3c8c44ac4e7ce2a33ebc Mon Sep 17 00:00:00 2001
From: Brian Veltman <2551674+brianveltman@users.noreply.github.com>
Date: Fri, 15 Dec 2023 18:53:21 +0100
Subject: [PATCH] Adding option to enable Log4j visualizer (#387)

---------

Co-authored-by: Olivier Clavel <olivier.clavel@gmail.com>
---
 README.md         |  9 ++++++++-
 defaults/main.yml |  3 +++
 tasks/main.yml    | 10 ++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 91b2927e..87c55785 100644
--- a/README.md
+++ b/README.md
@@ -39,6 +39,7 @@ _(Created with [gh-md-toc](https://github.com/ekalinin/github-markdown-toc))_
       * [API access for this role](#api-access-for-this-role)
       * [Branding capabalities](#branding-capabalities)
       * [Audit capability](#audit-capability)
+      * [Log4j Visualizer](#log4j-visualizer)
       * [Reverse proxy setup](#reverse-proxy-setup)
       * [LDAP configuration](#ldap-configuration)
       * [Privileges](#privileges)
@@ -310,6 +311,13 @@ Header and footer branding, those can contain HTML.
 
 The [Auditing capability of nexus](https://help.sonatype.com/repomanager3/security/auditing) is off by default. You can turn it on by switching this to `true`. Please note that the audit data is stored in nexus db, persits accross reboots and is not automatically rotated/cleared.
 
+### Log4j Visualizer
+```yaml
+    nexus_log4j_visualizer_enabled: false
+```
+
+By default the log4j visualizer is set to false. You can enable this by switching to `true`. This will add the log4j-visualizer capability to your Nexus instance.
+
 ### Reverse proxy setup
 ```yaml
     httpd_setup_enable: false
@@ -650,7 +658,6 @@ Configuring blobstore on S3 is provided as a convenience and is not part of the
     #   # negative_cache_enabled: true
     #   # negative_cache_ttl: 1440
     # Content disposition is only supported for raw and maven2 proxies and can be set to attachment or inline. Inline is Nexus default, even when the property is not set explicitly.
-    #   # content_disposition: inline
     # To set HTTP request settings:
     #   # enable_circular_redirects: true
     #   # enable_cookies: true
diff --git a/defaults/main.yml b/defaults/main.yml
index 4ca4ef9b..ceb9c1bb 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -100,6 +100,9 @@ nexus_docker_bearer_token_realm: false
 # Enable/disable audit capability
 nexus_audit_enabled: false
 
+# Enable/disable log4j visualizer
+nexus_log4j_visualizer_enabled: false
+
 # email server
 nexus_email_server_enabled: false
 nexus_email_server_host: localhost
diff --git a/tasks/main.yml b/tasks/main.yml
index 11b48b0e..3f228157 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -251,6 +251,16 @@
       capability_typeId: audit
       capability_enabled: "{{ nexus_audit_enabled | bool }}"
       capability_properties: {}
+
+- name: Configure log4j-visualizer capability
+  ansible.builtin.include_tasks: call_script.yml
+  vars:
+    script_name: setup_capability
+    call_args:
+      capability_typeId: "log4j-visualizer"
+      capability_enabled: "{{ nexus_log4j_visualizer_enabled | bool }}"
+      capability_properties: {}
+
 - name: Define backup task if backup is configured
   ansible.builtin.set_fact:
     _nexus_backup_task: