From 8da14833542e6cb81979a869715e8d539130f607 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Jan 2022 00:16:48 -0600 Subject: [PATCH 1/5] Client Creation Enhancement --- roles/keycloak_realm/tasks/main.yml | 63 +++++++++++-------- .../tasks/manage_client_roles.yml | 5 ++ 2 files changed, 43 insertions(+), 25 deletions(-) diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml index 9945fec..8e27e0b 100644 --- a/roles/keycloak_realm/tasks/main.yml +++ b/roles/keycloak_realm/tasks/main.yml @@ -34,42 +34,54 @@ status_code: 201 when: keycloak_realm_exists.status == 404 -- name: Create user federation - community.general.keycloak_user_federation: - auth_keycloak_url: "{{ keycloak_url }}/auth" - auth_realm: "{{ keycloak_auth_realm }}" - auth_username: "{{ keycloak_admin_user }}" - auth_password: "{{ keycloak_admin_password }}" - realm: "{{ item.realm }}" - name: "{{ item.name }}" - state: present - provider_id: "{{ item.provider_id }}" - provider_type: "{{ item.provider_type | default(org.keycloak.storage.UserStorageProvider) }}" - config: "{{ item.config }}" - mappers: "{{ item.mappers | default(omit) }}" - register: create_user_federation_result - loop: "{{ keycloak_user_federation | flatten }}" - when: keycloak_user_federation is defined - - -- name: Create Client +- name: Create or update a Keycloak client community.general.keycloak_client: auth_client_id: "{{ keycloak_auth_client }}" auth_keycloak_url: "{{ keycloak_url }}/auth" auth_realm: "{{ keycloak_auth_realm }}" auth_username: "{{ keycloak_admin_user }}" auth_password: "{{ keycloak_admin_password }}" - client_id: "{{ item.name }}" realm: "{{ item.realm }}" - default_roles: "{{ item.roles | default(omit) }}" + client_id: "{{ item.client_id | default(omit) }}" + id: "{{ item.id | default(omit) }}" + name: "{{ item.name | default(omit) }}" + description: "{{ item.description | default(omit) }}" root_url: "{{ item.root_url | default('') }}" - redirect_uris: "{{ demo_app_redirect_uris | default([]) }}" - public_client: "{{ item.public_client | default(False) }}" + admin_url: "{{ item.admin_url | default('') }}" + base_url: "{{ item.base_url | default('') }}" + enabled: "{{ item.enabled | default(True) }}" + client_authenticator_type: "{{ item.client_authenticator_type | default(omit) }}" + secret: "{{ item.secret | default(omit) }}" + redirect_uris: "{{ item.redirect_uris | default(omit) }}" web_origins: "{{ item.web_origins | default('+') }}" + not_before: "{{ item.not_before | default(omit) }}" + bearer_only: "{{ item.bearer_only | default(omit) }}" + consent_required: "{{ item.consent_required | default(omit) }}" + standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}" + implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}" + direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}" + service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}" + authorization_services_enabled: "{{ item.authorization_services_enabled | default(omit) }}" + public_client: "{{ item.public_client | default(False) }}" + frontchannel_logout: "{{ item.frontchannel_logout | default(omit) }}" + protocol: "{{ item.protocol | default(omit) }}" + full_scope_allowed: "{{ item.full_scope_allowed | default(omit) }}" + node_re_registration_timeout: "{{ item.node_re_registration_timeout | default(omit) }}" + client_template: "{{ item.client_template | default(omit) }}" + use_template_config: "{{ item.use_template_config | default(omit) }}" + use_template_scope: "{{ item.use_template_scope | default(omit) }}" + use_template_mappers: "{{ item.use_template_mappers | default(omit) }}" + registered_nodes: "{{ item.registered_nodes | default(omit) }}" + registration_access_token: "{{ item.registration_access_token | default(omit) }}" + surrogate_auth_required: "{{ item.surrogate_auth_required | default(omit) }}" + default_roles: "{{ item.default_roles | default(omit) }}" + authentication_flow_binding_overrides: "{{ item.authentication_flow_binding_overrides | default(omit) }}" + protocol_mappers: "{{ item.protocol_mappers | default(omit) }}" + attributes: "{{ item.attributes | default(omit) }}" state: present register: create_client_result loop: "{{ keycloak_clients | flatten }}" - when: item.name|length > 0 + when: keycloak_clients is defined - name: Create client roles include_tasks: manage_client_roles.yml @@ -82,4 +94,5 @@ include_tasks: manage_client_users.yml loop: "{{ keycloak_clients | flatten }}" loop_control: - loop_var: client \ No newline at end of file + loop_var: client + when: "'users' in keycloak_clients" \ No newline at end of file diff --git a/roles/keycloak_realm/tasks/manage_client_roles.yml b/roles/keycloak_realm/tasks/manage_client_roles.yml index d7fca8d..5e5383f 100644 --- a/roles/keycloak_realm/tasks/manage_client_roles.yml +++ b/roles/keycloak_realm/tasks/manage_client_roles.yml @@ -3,10 +3,15 @@ name: "{{ item }}" realm: "{{ client.realm }}" client_id: "{{ client.name }}" + description: "{{ item.description | default(omit) }}" auth_client_id: "{{ keycloak_auth_client }}" auth_keycloak_url: "{{ keycloak_url }}/auth" auth_realm: "{{ keycloak_auth_realm }}" auth_username: "{{ keycloak_admin_user }}" auth_password: "{{ keycloak_admin_password }}" + attributes: "{{ item.attributes | default(omit) }}" + token: "{{ item.token | default(omit) }}" + validate_certs: "{{ item.validate_certs | default(omit) }}" state: present loop: "{{ client.roles | flatten }}" + when: "'roles' in client" From 249e1840bb270ca695d07a7922842432207794cf Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Jan 2022 09:47:47 -0600 Subject: [PATCH 2/5] Updated molecule --- molecule/default/converge.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index aa66e44..55f17ef 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -40,3 +40,4 @@ public_client: "{{ keycloak_client_public }}" web_origins: "{{ keycloak_client_web_origins }}" users: "{{ keycloak_client_users }}" + client_id: TestClient From bd84d99fd1764a4b41a71c7a516b1996f611fc85 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Jan 2022 10:03:08 -0600 Subject: [PATCH 3/5] Updated keycloak_realm/tasks/main.yml --- roles/keycloak_realm/tasks/main.yml | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml index 8e27e0b..343b036 100644 --- a/roles/keycloak_realm/tasks/main.yml +++ b/roles/keycloak_realm/tasks/main.yml @@ -50,34 +50,15 @@ admin_url: "{{ item.admin_url | default('') }}" base_url: "{{ item.base_url | default('') }}" enabled: "{{ item.enabled | default(True) }}" - client_authenticator_type: "{{ item.client_authenticator_type | default(omit) }}" - secret: "{{ item.secret | default(omit) }}" redirect_uris: "{{ item.redirect_uris | default(omit) }}" web_origins: "{{ item.web_origins | default('+') }}" - not_before: "{{ item.not_before | default(omit) }}" bearer_only: "{{ item.bearer_only | default(omit) }}" - consent_required: "{{ item.consent_required | default(omit) }}" standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}" implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}" direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}" service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}" - authorization_services_enabled: "{{ item.authorization_services_enabled | default(omit) }}" public_client: "{{ item.public_client | default(False) }}" - frontchannel_logout: "{{ item.frontchannel_logout | default(omit) }}" protocol: "{{ item.protocol | default(omit) }}" - full_scope_allowed: "{{ item.full_scope_allowed | default(omit) }}" - node_re_registration_timeout: "{{ item.node_re_registration_timeout | default(omit) }}" - client_template: "{{ item.client_template | default(omit) }}" - use_template_config: "{{ item.use_template_config | default(omit) }}" - use_template_scope: "{{ item.use_template_scope | default(omit) }}" - use_template_mappers: "{{ item.use_template_mappers | default(omit) }}" - registered_nodes: "{{ item.registered_nodes | default(omit) }}" - registration_access_token: "{{ item.registration_access_token | default(omit) }}" - surrogate_auth_required: "{{ item.surrogate_auth_required | default(omit) }}" - default_roles: "{{ item.default_roles | default(omit) }}" - authentication_flow_binding_overrides: "{{ item.authentication_flow_binding_overrides | default(omit) }}" - protocol_mappers: "{{ item.protocol_mappers | default(omit) }}" - attributes: "{{ item.attributes | default(omit) }}" state: present register: create_client_result loop: "{{ keycloak_clients | flatten }}" From 0fdd89d571bc5bbbd2998884563c94bef640d544 Mon Sep 17 00:00:00 2001 From: root Date: Wed, 19 Jan 2022 11:41:20 -0600 Subject: [PATCH 4/5] Updated keycloak_realm/tasks/manage_client_roles.yml --- roles/keycloak_realm/tasks/manage_client_roles.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/roles/keycloak_realm/tasks/manage_client_roles.yml b/roles/keycloak_realm/tasks/manage_client_roles.yml index 5e5383f..85cf156 100644 --- a/roles/keycloak_realm/tasks/manage_client_roles.yml +++ b/roles/keycloak_realm/tasks/manage_client_roles.yml @@ -9,9 +9,6 @@ auth_realm: "{{ keycloak_auth_realm }}" auth_username: "{{ keycloak_admin_user }}" auth_password: "{{ keycloak_admin_password }}" - attributes: "{{ item.attributes | default(omit) }}" - token: "{{ item.token | default(omit) }}" - validate_certs: "{{ item.validate_certs | default(omit) }}" state: present loop: "{{ client.roles | flatten }}" when: "'roles' in client" From 2324d4070e8c07c3b7f03ea37f1febae9f36a756 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 27 Jan 2022 08:17:30 -0600 Subject: [PATCH 5/5] Addressed review comments --- roles/keycloak_realm/tasks/main.yml | 3 ++- roles/keycloak_realm/tasks/manage_client_roles.yml | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml index 343b036..ab1a3d4 100644 --- a/roles/keycloak_realm/tasks/main.yml +++ b/roles/keycloak_realm/tasks/main.yml @@ -42,6 +42,7 @@ auth_username: "{{ keycloak_admin_user }}" auth_password: "{{ keycloak_admin_password }}" realm: "{{ item.realm }}" + default_roles: "{{ item.roles | default(omit) }}" client_id: "{{ item.client_id | default(omit) }}" id: "{{ item.id | default(omit) }}" name: "{{ item.name | default(omit) }}" @@ -62,7 +63,7 @@ state: present register: create_client_result loop: "{{ keycloak_clients | flatten }}" - when: keycloak_clients is defined + when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined) - name: Create client roles include_tasks: manage_client_roles.yml diff --git a/roles/keycloak_realm/tasks/manage_client_roles.yml b/roles/keycloak_realm/tasks/manage_client_roles.yml index 85cf156..05df77f 100644 --- a/roles/keycloak_realm/tasks/manage_client_roles.yml +++ b/roles/keycloak_realm/tasks/manage_client_roles.yml @@ -3,7 +3,6 @@ name: "{{ item }}" realm: "{{ client.realm }}" client_id: "{{ client.name }}" - description: "{{ item.description | default(omit) }}" auth_client_id: "{{ keycloak_auth_client }}" auth_keycloak_url: "{{ keycloak_url }}/auth" auth_realm: "{{ keycloak_auth_realm }}"