Extract new keycloak_realm role out of keycloak
parent
1ded0a1cfe
commit
702d09c731
|
@ -7,4 +7,36 @@
|
||||||
include_role:
|
include_role:
|
||||||
name: ../../roles/keycloak
|
name: ../../roles/keycloak
|
||||||
vars:
|
vars:
|
||||||
keycloak_admin_password: "changeme"
|
keycloak_admin_password: "changeme"
|
||||||
|
- name: Keycloak Realm Role
|
||||||
|
include_role:
|
||||||
|
name: ../../roles/keycloak_realm
|
||||||
|
vars:
|
||||||
|
keycloak_admin_password: "changeme"
|
||||||
|
keycloak_client_default_roles:
|
||||||
|
- TestRoleAdmin
|
||||||
|
- TestRoleUser
|
||||||
|
keycloak_client_users:
|
||||||
|
- username: TestUser
|
||||||
|
password: password
|
||||||
|
client_roles:
|
||||||
|
- client: TestClient
|
||||||
|
role: TestRoleUser
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
- username: TestAdmin
|
||||||
|
password: password
|
||||||
|
client_roles:
|
||||||
|
- client: TestClient
|
||||||
|
role: TestRoleUser
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
- client: TestClient
|
||||||
|
role: TestRoleAdmin
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
keycloak_realm: TestRealm
|
||||||
|
keycloak_clients:
|
||||||
|
- name: TestClient
|
||||||
|
roles: "{{ keycloak_client_default_roles }}"
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
public_client: "{{ keycloak_client_public }}"
|
||||||
|
web_origins: "{{ keycloak_client_web_origins }}"
|
||||||
|
users: "{{ keycloak_client_users }}"
|
||||||
|
|
|
@ -10,4 +10,27 @@
|
||||||
include_role:
|
include_role:
|
||||||
name: keycloak
|
name: keycloak
|
||||||
vars:
|
vars:
|
||||||
keycloak_admin_password: "changeme"
|
keycloak_admin_password: "changeme"
|
||||||
|
- name: Keycloak Realm Role
|
||||||
|
include_role:
|
||||||
|
name: keycloak_realm
|
||||||
|
vars:
|
||||||
|
keycloak_admin_password: "changeme"
|
||||||
|
keycloak_realm: TestRealm
|
||||||
|
keycloak_clients:
|
||||||
|
- name: TestClient1
|
||||||
|
roles:
|
||||||
|
- TestClient1Admin
|
||||||
|
- TestClient1User
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
public_client: True
|
||||||
|
web_origins:
|
||||||
|
- http://testclient1origin/application
|
||||||
|
- http://testclient1origin/other
|
||||||
|
users:
|
||||||
|
- username: TestUser
|
||||||
|
password: password
|
||||||
|
client_roles:
|
||||||
|
- client: TestClient1
|
||||||
|
role: TestClient1User
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
|
|
@ -0,0 +1,59 @@
|
||||||
|
keycloak_realm
|
||||||
|
==============
|
||||||
|
|
||||||
|
Create realms and clients in [keycloak](https://keycloak.org/) or [Red Hat Single Sing-On](https://access.redhat.com/products/red-hat-single-sign-on) services.
|
||||||
|
|
||||||
|
|
||||||
|
Role Defaults
|
||||||
|
-------------
|
||||||
|
|
||||||
|
| Variable | Description | Default |
|
||||||
|
|:---------|:------------|:---------|
|
||||||
|
|`keycloak_admin_user`| Administration console user account | `admin` |
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
The following are a set of _required_ variables for the role:
|
||||||
|
|
||||||
|
| Variable | Description |
|
||||||
|
|:---------|:------------|
|
||||||
|
|`keycloak_admin_password`| Password for the administration console user account |
|
||||||
|
|
||||||
|
|
||||||
|
The following variables are _required_ only when keycloak_ha_enabled is True:
|
||||||
|
|
||||||
|
| Variable | Description | Default |
|
||||||
|
|:---------|:------------|:---------|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
The following is an example playbook that makes use of the role to install keycloak
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
---
|
||||||
|
- hosts: ...
|
||||||
|
collections:
|
||||||
|
- middleware_automation.keycloak
|
||||||
|
tasks:
|
||||||
|
- name: Include keycloak role
|
||||||
|
include_role:
|
||||||
|
name: keycloak_realm
|
||||||
|
vars:
|
||||||
|
keycloak_admin_password: "changeme"
|
||||||
|
```
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
Apache License 2.0
|
||||||
|
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
* [Guido Grazioli](https://github.com/guidograzioli)
|
||||||
|
* [Romain Pelisse](https://github.com/rpelisse)
|
|
@ -0,0 +1,44 @@
|
||||||
|
---
|
||||||
|
### Keycloak configuration settings
|
||||||
|
keycloak_host: localhost
|
||||||
|
keycloak_http_port: 8080
|
||||||
|
keycloak_https_port: 8443
|
||||||
|
|
||||||
|
### Keycloak administration console user
|
||||||
|
keycloak_admin_user: admin
|
||||||
|
keycloak_auth_realm: master
|
||||||
|
keycloak_auth_client: admin-cli
|
||||||
|
|
||||||
|
### Keycloak realm client defaults
|
||||||
|
# list of clients to create in the realm
|
||||||
|
#
|
||||||
|
# Refer to the playbook for a comprehensive example.
|
||||||
|
#
|
||||||
|
# Each client has the form:
|
||||||
|
# { name: '', roles: [], realm: '', public_client: bool, web_origins: '', users: [] }
|
||||||
|
# where roles is a list of default role names for the client
|
||||||
|
# and users is a list of account, see below for the format definition
|
||||||
|
# an empty name will skip the creation of the client
|
||||||
|
keycloak_clients:
|
||||||
|
- name: ''
|
||||||
|
roles: "{{ keycloak_client_default_roles }}"
|
||||||
|
realm: "{{ keycloak_realm }}"
|
||||||
|
public_client: "{{ keycloak_client_public }}"
|
||||||
|
web_origins: "{{ keycloak_client_web_origins }}"
|
||||||
|
users: "{{ keycloak_client_users }}"
|
||||||
|
|
||||||
|
# list of roles to create in the client
|
||||||
|
keycloak_client_default_roles: []
|
||||||
|
|
||||||
|
# if True, create a public client; otherwise, a confidetial client
|
||||||
|
keycloak_client_public: True
|
||||||
|
|
||||||
|
# allowed web origins for the client
|
||||||
|
keycloak_client_web_origins: '+'
|
||||||
|
|
||||||
|
# list of user and role mappings to create in the client
|
||||||
|
# Each user has the form:
|
||||||
|
# { username: '', password: '', email: '', firstName: '', lastName: '', client_roles: [] }
|
||||||
|
# where each client_role has the form:
|
||||||
|
# { client: '', role: '', realm: '' }
|
||||||
|
keycloak_client_users: []
|
|
@ -0,0 +1 @@
|
||||||
|
---
|
|
@ -51,6 +51,7 @@
|
||||||
state: present
|
state: present
|
||||||
register: create_client_result
|
register: create_client_result
|
||||||
loop: "{{ keycloak_clients | flatten }}"
|
loop: "{{ keycloak_clients | flatten }}"
|
||||||
|
when: item.name|length > 0
|
||||||
|
|
||||||
- name: Create client roles
|
- name: Create client roles
|
||||||
include_tasks: manage_client_roles.yml
|
include_tasks: manage_client_roles.yml
|
||||||
|
@ -59,15 +60,8 @@
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: client
|
loop_var: client
|
||||||
|
|
||||||
- name: Manage Users
|
- name: Create client users
|
||||||
include_tasks: manage_user.yml
|
include_tasks: manage_client_users.yml
|
||||||
loop: "{{ keycloak_users }}"
|
loop: "{{ keycloak_clients | flatten }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: user
|
loop_var: client
|
||||||
|
|
||||||
- name: Manage User Roles
|
|
||||||
include_tasks: manage_user_roles.yml
|
|
||||||
loop: "{{ keycloak_users | flatten }}"
|
|
||||||
loop_control:
|
|
||||||
loop_var: user
|
|
||||||
when: "'client_roles' in user"
|
|
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
- name: Manage Users
|
||||||
|
include_tasks: manage_user.yml
|
||||||
|
loop: "{{ client.users | flatten }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
|
||||||
|
- name: Manage User Roles
|
||||||
|
include_tasks: manage_user_roles.yml
|
||||||
|
loop: "{{ client.users | flatten }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
when: "'client_roles' in user"
|
|
@ -5,7 +5,7 @@
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
headers:
|
headers:
|
||||||
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
||||||
register: keycloak_user_serach_result
|
register: keycloak_user_search_result
|
||||||
|
|
||||||
- name: "Create User"
|
- name: "Create User"
|
||||||
uri:
|
uri:
|
||||||
|
@ -23,7 +23,7 @@
|
||||||
headers:
|
headers:
|
||||||
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
||||||
status_code: 201
|
status_code: 201
|
||||||
when: keycloak_user_serach_result.json | length == 0
|
when: keycloak_user_search_result.json | length == 0
|
||||||
|
|
||||||
- name: "Get User"
|
- name: "Get User"
|
||||||
uri:
|
uri:
|
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
# vars file for keycloak_realm
|
||||||
|
|
||||||
|
# administrator console password, this is a required variable
|
||||||
|
keycloak_admin_password:
|
||||||
|
|
||||||
|
# name of the realm to create, this is a required variable
|
||||||
|
keycloak_realm:
|
||||||
|
|
||||||
|
# keycloak realm clients, this is a required variable
|
||||||
|
keycloak_clients:
|
||||||
|
|
||||||
|
# other settings
|
||||||
|
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
|
||||||
|
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
|
||||||
|
keycloak_rhsso_enable: "{{ True if rhsso_rhn_id is defined else False }}"
|
Loading…
Reference in New Issue