Matrix Authentication Service (MAS)installation fails when migrating from oidc enabled server

[tiran133]

Describe the bug MAS installation fails when following config is used

To Reproduce My vars.yml file looks like this:

matrix_authentication_service_enabled: true
matrix_authentication_service_migration_in_progress: true
matrix_synapse_oidc_enabled: true

The issue is the validation https://github.com/spantaleev/matrix-docker-ansible-deploy/blob/93e45e6173836b403ab2bafb5f6fea06c9ff3791/roles/custom/matrix-synapse/tasks/validate_config.yml#L186-L189

Expected behavior The MAS installation should go through since it will not be activated because of matrix_authentication_service_migration_in_progress: true

Possible fix

validate_config.yml

- name: Fail if OpenID Connect is enabled for Synapse when auth is delegated to Matrix Authentication Service
  ansible.builtin.fail:
    msg: "When Synapse is delegating authentication to Matrix Authentication Service (`matrix_synapse_matrix_authentication_service_enabled: true`), it doesn't make sense to enable OpenID Connect (`matrix_synapse_oidc_enabled: true`), because it is not Synapse that is handling authentication. Synapse will refuse to start otherwise."
  when: matrix_synapse_matrix_authentication_service_enabled and matrix_synapse_oidc_enabled and not matrix_authentication_service_migration_in_progress

homeserver.yaml.j2

{% if matrix_synapse_matrix_authentication_service_enabled and not matrix_authentication_service_migration_in_progress %}
matrix_authentication_service:
  enabled: true
  endpoint: {{ matrix_synapse_matrix_authentication_service_endpoint | to_json }}
  secret: {{ matrix_synapse_matrix_authentication_service_secret | to_json }}
{% endif %}