ansible-keycloak/roles/keycloak_realm/tasks/main.yml

---
- name: Generate keycloak auth token
  uri:
    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
    method: POST
    body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
    validate_certs: no
  register: keycloak_auth_response
  until: keycloak_auth_response.status == 200
  retries: 5
  delay: 2

- name: "Determine if realm exists"
  uri:
    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
    method: GET
    status_code:
      - 200
      - 404
    headers:
      Accept: "application/json"
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
  register: keycloak_realm_exists

- name: Create Realm
  uri:
    url: "{{ keycloak_url }}/auth/admin/realms"
    method: POST
    body: "{{ lookup('template','realm.json.j2') }}"
    validate_certs: no
    body_format: json
    headers:
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
    status_code: 201
  when: keycloak_realm_exists.status == 404

- name: Create or update a Keycloak client
  community.general.keycloak_client:
    auth_client_id: "{{ keycloak_auth_client }}"
    auth_keycloak_url: "{{ keycloak_url }}/auth"
    auth_realm: "{{ keycloak_auth_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
    realm: "{{ item.realm }}"
    client_id: "{{ item.client_id | default(omit) }}"
    id: "{{ item.id | default(omit) }}"
    name: "{{ item.name | default(omit) }}"
    description: "{{ item.description | default(omit) }}"
    root_url: "{{ item.root_url | default('') }}"
    admin_url: "{{ item.admin_url | default('') }}"
    base_url: "{{ item.base_url | default('') }}"
    enabled: "{{ item.enabled | default(True) }}"
    client_authenticator_type: "{{ item.client_authenticator_type | default(omit) }}"
    secret: "{{ item.secret | default(omit) }}"
    redirect_uris: "{{ item.redirect_uris | default(omit) }}"
    web_origins: "{{ item.web_origins | default('+') }}"
    not_before: "{{ item.not_before | default(omit) }}"
    bearer_only: "{{ item.bearer_only | default(omit) }}"
    consent_required: "{{ item.consent_required | default(omit) }}"
    standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}"
    implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}"
    direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}"
    service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
    authorization_services_enabled: "{{ item.authorization_services_enabled | default(omit) }}"
    public_client: "{{ item.public_client | default(False) }}"
    frontchannel_logout: "{{ item.frontchannel_logout | default(omit) }}"
    protocol: "{{ item.protocol | default(omit) }}"
    full_scope_allowed: "{{ item.full_scope_allowed | default(omit) }}"
    node_re_registration_timeout: "{{ item.node_re_registration_timeout | default(omit) }}"
    client_template: "{{ item.client_template | default(omit) }}"
    use_template_config: "{{ item.use_template_config | default(omit) }}"
    use_template_scope: "{{ item.use_template_scope | default(omit) }}"
    use_template_mappers: "{{ item.use_template_mappers | default(omit) }}"
    registered_nodes: "{{ item.registered_nodes | default(omit) }}"
    registration_access_token: "{{ item.registration_access_token | default(omit) }}"
    surrogate_auth_required: "{{ item.surrogate_auth_required | default(omit) }}"
    default_roles: "{{ item.default_roles | default(omit) }}"
    authentication_flow_binding_overrides: "{{ item.authentication_flow_binding_overrides | default(omit) }}"
    protocol_mappers: "{{ item.protocol_mappers | default(omit) }}"
    attributes: "{{ item.attributes | default(omit) }}"
    state: present
  register: create_client_result
  loop: "{{ keycloak_clients | flatten }}"
  when: keycloak_clients is defined

- name: Create client roles
  include_tasks: manage_client_roles.yml
  when: keycloak_rhsso_enable
  loop: "{{ keycloak_clients | flatten }}"
  loop_control:
    loop_var: client

- name: Create client users
  include_tasks: manage_client_users.yml
  loop: "{{ keycloak_clients | flatten }}"
  loop_control:
    loop_var: client
  when: "'users' in keycloak_clients"
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`---`
			`- name: Generate keycloak auth token`
			`uri:`
			`url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"`
			`method: POST`
			`body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"`
			`validate_certs: no`
			`register: keycloak_auth_response`
			`until: keycloak_auth_response.status == 200`
			`retries: 5`
			`delay: 2`

			`- name: "Determine if realm exists"`
			`uri:`
			`url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"`
			`method: GET`
			`status_code:`
			`- 200`
			`- 404`
			`headers:`
			`Accept: "application/json"`
			`Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"`
			`register: keycloak_realm_exists`

			`- name: Create Realm`
			`uri:`
			`url: "{{ keycloak_url }}/auth/admin/realms"`
			`method: POST`
			`body: "{{ lookup('template','realm.json.j2') }}"`
			`validate_certs: no`
			`body_format: json`
			`headers:`
			`Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"`
			`status_code: 201`
			`when: keycloak_realm_exists.status == 404`

Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`- name: Create or update a Keycloak client`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`community.general.keycloak_client:`
			`auth_client_id: "{{ keycloak_auth_client }}"`
			`auth_keycloak_url: "{{ keycloak_url }}/auth"`
			`auth_realm: "{{ keycloak_auth_realm }}"`
			`auth_username: "{{ keycloak_admin_user }}"`
			`auth_password: "{{ keycloak_admin_password }}"`
			`realm: "{{ item.realm }}"`
Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`client_id: "{{ item.client_id \| default(omit) }}"`
			`id: "{{ item.id \| default(omit) }}"`
			`name: "{{ item.name \| default(omit) }}"`
			`description: "{{ item.description \| default(omit) }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`root_url: "{{ item.root_url \| default('') }}"`
Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`admin_url: "{{ item.admin_url \| default('') }}"`
			`base_url: "{{ item.base_url \| default('') }}"`
			`enabled: "{{ item.enabled \| default(True) }}"`
			`client_authenticator_type: "{{ item.client_authenticator_type \| default(omit) }}"`
			`secret: "{{ item.secret \| default(omit) }}"`
			`redirect_uris: "{{ item.redirect_uris \| default(omit) }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`web_origins: "{{ item.web_origins \| default('+') }}"`
Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`not_before: "{{ item.not_before \| default(omit) }}"`
			`bearer_only: "{{ item.bearer_only \| default(omit) }}"`
			`consent_required: "{{ item.consent_required \| default(omit) }}"`
			`standard_flow_enabled: "{{ item.standard_flow_enabled \| default(omit) }}"`
			`implicit_flow_enabled: "{{ item.implicit_flow_enabled \| default(omit) }}"`
			`direct_access_grants_enabled: "{{ item.direct_access_grants_enabled \| default(omit) }}"`
			`service_accounts_enabled: "{{ item.service_accounts_enabled \| default(omit) }}"`
			`authorization_services_enabled: "{{ item.authorization_services_enabled \| default(omit) }}"`
			`public_client: "{{ item.public_client \| default(False) }}"`
			`frontchannel_logout: "{{ item.frontchannel_logout \| default(omit) }}"`
			`protocol: "{{ item.protocol \| default(omit) }}"`
			`full_scope_allowed: "{{ item.full_scope_allowed \| default(omit) }}"`
			`node_re_registration_timeout: "{{ item.node_re_registration_timeout \| default(omit) }}"`
			`client_template: "{{ item.client_template \| default(omit) }}"`
			`use_template_config: "{{ item.use_template_config \| default(omit) }}"`
			`use_template_scope: "{{ item.use_template_scope \| default(omit) }}"`
			`use_template_mappers: "{{ item.use_template_mappers \| default(omit) }}"`
			`registered_nodes: "{{ item.registered_nodes \| default(omit) }}"`
			`registration_access_token: "{{ item.registration_access_token \| default(omit) }}"`
			`surrogate_auth_required: "{{ item.surrogate_auth_required \| default(omit) }}"`
			`default_roles: "{{ item.default_roles \| default(omit) }}"`
			`authentication_flow_binding_overrides: "{{ item.authentication_flow_binding_overrides \| default(omit) }}"`
			`protocol_mappers: "{{ item.protocol_mappers \| default(omit) }}"`
			`attributes: "{{ item.attributes \| default(omit) }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`state: present`
			`register: create_client_result`
			`loop: "{{ keycloak_clients \| flatten }}"`
Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`when: keycloak_clients is defined`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00
			`- name: Create client roles`
			`include_tasks: manage_client_roles.yml`
			`when: keycloak_rhsso_enable`
			`loop: "{{ keycloak_clients \| flatten }}"`
			`loop_control:`
			`loop_var: client`

Extract new keycloak_realm role out of keycloak 2021-12-22 09:05:48 +00:00			`- name: Create client users`
			`include_tasks: manage_client_users.yml`
			`loop: "{{ keycloak_clients \| flatten }}"`
Add base role and playbook, molecule configuration 2021-12-14 10:26:42 +00:00			`loop_control:`
Client Creation Enhancement 2022-01-19 06:16:48 +00:00			`loop_var: client`
			`when: "'users' in keycloak_clients"`