guillaume
/
ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #11 from guidograzioli/polish_argument_specs 

document argument_specs
main
Guido Grazioli 2022-02-10 08:41:04 +01:00 committed by GitHub
parent 662918f5f8 20f321c628
commit ac62d2e43d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 92 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CONTRIBUTING.md
View File

@ -5,10 +5,10 @@
- Use spaces around jinja variables. `{{ var }}` over `{{var}}` - Use spaces around jinja variables. `{{ var }}` over `{{var}}`
- Variables that are internal to the role should be lowercase and start with the role name - Variables that are internal to the role should be lowercase and start with the role name
- Keep roles self contained - Roles should avoid including tasks from other roles when possible - Keep roles self contained - Roles should avoid including tasks from other roles when possible
- Plays should do nothing more than include a list of roles except where `pre_tasks` and `post_tasks` are required when possible - Plays should do nothing more than include a list of roles, except where `pre_tasks` and `post_tasks` are required, when possible
- Separators - Use valid name, ie. underscores (e.g. `my_role` `my_playbook`) not dashes (`my-role`) - Separators - Use valid names, ie. underscores (e.g. `my_role` `my_playbook`) not dashes (`my-role`)
- Paths - When defining paths, do not include trailing slashes (e.g. `my_path: /foo` not `my_path: /foo/`). When concatenating paths, follow the same convention (e.g. `{{ my_path }}/bar` not `{{ my_path }}bar`) - Paths - When defining paths, do not include trailing slashes (e.g. `my_path: /foo` not `my_path: /foo/`); when concatenating paths, follow the same convention (e.g. `{{ my_path }}/bar` not `{{ my_path }}bar`)
- Indentation - Use 2 spaces for each indent - Indentation - Use 2 spaces for each indent
- `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory - `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory
- All arguments have a specification in `meta/argument_specs.yml` - All role arguments have a specification in `meta/argument_specs.yml`
- All playbooks/roles should be focused on compatibility with Ansible Tower - All playbooks/roles should be focused on compatibility with Ansible Tower

15
README.md
View File

@ -1,4 +1,4 @@
# Ansible Collection - keycloak # Ansible Collection - middleware_automation.keycloak
[![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml) [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
@ -13,6 +13,7 @@ This collection has been tested against following Ansible versions: **>=2.9.10**
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
<!--end requires_ansible--> <!--end requires_ansible-->
## Installation ## Installation
### Installing the Collection from Ansible Galaxy ### Installing the Collection from Ansible Galaxy
@ -54,12 +55,12 @@ A requirement file is provided to install:
Both playbooks include the `keycloak` role, with different settings, as described in the following sections. Both playbooks include the `keycloak` role, with different settings, as described in the following sections.
For service configuration details, refer to the [keycloak role README](roles/keycloak/README.md). For full service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO) ### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO)
The general flag `keycloak_rhsso_enable` controls what to install between upstream(Keycloak, when `False`) or Red Hat Single Sign-On (when `True`). The general flag `keycloak_rhsso_enable` controls what to install between upstream (Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise. The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise.
@ -133,15 +134,15 @@ ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e
### Config Playbook ### Config Playbook
[`playbooks/keycloak-realm.yml`](playbooks/keycloak-realm.yml) creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist. [`playbooks/keycloak_realm.yml`](playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
### Example configuration command ### Example configuration command
Execute the following command from the source root directory Execute the following command from the source root directory:
```bash ```bash
ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test ansible-playbook -i <ansible_hosts> playbooks/keycloak_realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
``` ```
- `keycloak_admin_password` password for the administration console user account. - `keycloak_admin_password` password for the administration console user account.
@ -153,7 +154,7 @@ ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_adm
localhost ansible_connection=local localhost ansible_connection=local
``` ```
For configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md). For full configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
## License ## License

0
playbooks/keycloak-realm.yml → playbooks/keycloak_realm.yml
View File

102
roles/keycloak/meta/argument_specs.yml
View File

@ -4,162 +4,162 @@ argument_specs:
keycloak_version: keycloak_version:
# line 3 of keycloak/defaults/main.yml # line 3 of keycloak/defaults/main.yml
default: "15.0.2" default: "15.0.2"
description: "TODO document argument" description: "keycloak.org package version"
type: "str" type: "str"
keycloak_archive: keycloak_archive:
# line 4 of keycloak/defaults/main.yml # line 4 of keycloak/defaults/main.yml
default: "keycloak-{{ keycloak_version }}.zip" default: "keycloak-{{ keycloak_version }}.zip"
description: "TODO document argument" description: "keycloak install archive filename"
type: "str" type: "str"
keycloak_download_url: keycloak_download_url:
# line 5 of keycloak/defaults/main.yml # line 5 of keycloak/defaults/main.yml
default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}" default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
description: "TODO document argument" description: "Download URL for keycloak"
type: "str" type: "str"
keycloak_download_url_9x: keycloak_download_url_9x:
# line 6 of keycloak/defaults/main.yml # line 6 of keycloak/defaults/main.yml
default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}" default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
description: "TODO document argument" description: "Download URL for keycloak (deprecated)"
type: "str" type: "str"
keycloak_installdir: keycloak_installdir:
# line 7 of keycloak/defaults/main.yml # line 7 of keycloak/defaults/main.yml
default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}" default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
description: "TODO document argument" description: "Installation path"
type: "str" type: "str"
keycloak_rhsso_version: keycloak_rhsso_version:
# line 10 of keycloak/defaults/main.yml # line 10 of keycloak/defaults/main.yml
default: "7.5.0" default: "7.5.0"
description: "TODO document argument" description: "Red Hat Single Sign-On version"
type: "str" type: "str"
rhsso_rhn_id: rhsso_rhn_id:
# line 11 of keycloak/defaults/main.yml # line 11 of keycloak/defaults/main.yml
default: "{{ rhsso_rhn_ids[keycloak_rhsso_version] }}" default: "{{ rhsso_rhn_ids[keycloak_rhsso_version] }}"
description: "TODO document argument" description: "Customer Portal product ID for Red Hat SSO"
type: "str" type: "str"
keycloak_rhsso_archive: keycloak_rhsso_archive:
# line 12 of keycloak/defaults/main.yml # line 12 of keycloak/defaults/main.yml
default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip" default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
description: "TODO document argument" description: "ed Hat SSO install archive filename"
type: "str" type: "str"
keycloak_rhsso_installdir: keycloak_rhsso_installdir:
# line 13 of keycloak/defaults/main.yml # line 13 of keycloak/defaults/main.yml
default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}" default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
description: "TODO document argument" description: "Installation path for Red Hat SSO"
type: "str" type: "str"
keycloak_rhn_url: keycloak_rhn_url:
# line 14 of keycloak/defaults/main.yml # line 14 of keycloak/defaults/main.yml
default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=" default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId="
description: "TODO document argument" description: "Base download URI for customer portal"
type: "str" type: "str"
keycloak_rhsso_download_url: keycloak_rhsso_download_url:
# line 15 of keycloak/defaults/main.yml # line 15 of keycloak/defaults/main.yml
default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}" default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
description: "TODO document argument" description: "Full download URI for Red Hat SSO"
type: "str" type: "str"
keycloak_rhsso_enable: keycloak_rhsso_enable:
# line 18 of keycloak/defaults/main.yml # line 18 of keycloak/defaults/main.yml
default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}" default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
description: "TODO document argument" description: "Enable Red Hat Single Sign-on installation"
type: "str" type: "str"
keycloak_offline_install: keycloak_offline_install:
# line 20 of keycloak/defaults/main.yml # line 20 of keycloak/defaults/main.yml
default: false default: false
description: "TODO document argument" description: "Perform an offline install"
type: "bool" type: "bool"
jvm_package: jvm_package:
# line 23 of keycloak/defaults/main.yml # line 23 of keycloak/defaults/main.yml
default: "java-1.8.0-openjdk-devel" default: "java-1.8.0-openjdk-devel"
description: "TODO document argument" description: "RHEL java package runtime rpm"
type: "str" type: "str"
keycloak_dest: keycloak_dest:
# line 24 of keycloak/defaults/main.yml # line 24 of keycloak/defaults/main.yml
default: "/opt/keycloak" default: "/opt/keycloak"
description: "TODO document argument" description: "Root installation directory"
type: "str" type: "str"
keycloak_jboss_home: keycloak_jboss_home:
# line 25 of keycloak/defaults/main.yml # line 25 of keycloak/defaults/main.yml
default: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}" default: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
description: "TODO document argument" description: "Installation work directory"
type: "str" type: "str"
keycloak_config_dir: keycloak_config_dir:
# line 26 of keycloak/defaults/main.yml # line 26 of keycloak/defaults/main.yml
default: "{{ keycloak_jboss_home }}/standalone/configuration" default: "{{ keycloak_jboss_home }}/standalone/configuration"
description: "TODO document argument" description: "Path for configuration"
type: "str" type: "str"
keycloak_config_standalone_xml: keycloak_config_standalone_xml:
# line 27 of keycloak/defaults/main.yml # line 27 of keycloak/defaults/main.yml
default: "keycloak.xml" default: "keycloak.xml"
description: "TODO document argument" description: "Service configuration filename"
type: "str" type: "str"
keycloak_config_path_to_standalone_xml: keycloak_config_path_to_standalone_xml:
# line 28 of keycloak/defaults/main.yml # line 28 of keycloak/defaults/main.yml
default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}" default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
description: "TODO document argument" description: "Custom path for configuration"
type: "str" type: "str"
keycloak_service_user: keycloak_service_user:
# line 29 of keycloak/defaults/main.yml # line 29 of keycloak/defaults/main.yml
default: "keycloak" default: "keycloak"
description: "TODO document argument" description: "posix account username"
type: "str" type: "str"
keycloak_service_group: keycloak_service_group:
# line 30 of keycloak/defaults/main.yml # line 30 of keycloak/defaults/main.yml
default: "keycloak" default: "keycloak"
description: "TODO document argument" description: "posix account group"
type: "str" type: "str"
keycloak_service_pidfile: keycloak_service_pidfile:
# line 31 of keycloak/defaults/main.yml # line 31 of keycloak/defaults/main.yml
default: "/run/keycloak.pid" default: "/run/keycloak.pid"
description: "TODO document argument" description: "PID file path for service"
type: "str" type: "str"
keycloak_bind_address: keycloak_bind_address:
# line 34 of keycloak/defaults/main.yml # line 34 of keycloak/defaults/main.yml
default: "0.0.0.0" default: "0.0.0.0"
description: "TODO document argument" description: "Address for binding service ports"
type: "str" type: "str"
keycloak_host: keycloak_host:
# line 35 of keycloak/defaults/main.yml # line 35 of keycloak/defaults/main.yml
default: "localhost" default: "localhost"
description: "TODO document argument" description: "Hostname for service"
type: "str" type: "str"
keycloak_http_port: keycloak_http_port:
# line 36 of keycloak/defaults/main.yml # line 36 of keycloak/defaults/main.yml
default: 8080 default: 8080
description: "TODO document argument" description: "Listening HTTP port"
type: "int" type: "int"
keycloak_https_port: keycloak_https_port:
# line 37 of keycloak/defaults/main.yml # line 37 of keycloak/defaults/main.yml
default: 8443 default: 8443
description: "TODO document argument" description: "Listening HTTPS port"
type: "int" type: "int"
keycloak_ajp_port: keycloak_ajp_port:
# line 38 of keycloak/defaults/main.yml # line 38 of keycloak/defaults/main.yml
default: 8009 default: 8009
description: "TODO document argument" description: "Listening AJP port"
type: "int" type: "int"
keycloak_jgroups_port: keycloak_jgroups_port:
# line 39 of keycloak/defaults/main.yml # line 39 of keycloak/defaults/main.yml
default: 7600 default: 7600
description: "TODO document argument" description: "jgroups cluster tcp port"
type: "int" type: "int"
keycloak_management_http_port: keycloak_management_http_port:
# line 40 of keycloak/defaults/main.yml # line 40 of keycloak/defaults/main.yml
default: 9990 default: 9990
description: "TODO document argument" description: "Management port (http)"
type: "int" type: "int"
keycloak_management_https_port: keycloak_management_https_port:
# line 41 of keycloak/defaults/main.yml # line 41 of keycloak/defaults/main.yml
default: 9993 default: 9993
description: "TODO document argument" description: "Management port (https)"
type: "int" type: "int"
keycloak_java_opts: keycloak_java_opts:
# line 42 of keycloak/defaults/main.yml # line 42 of keycloak/defaults/main.yml
default: "-Xms1024m -Xmx2048m" default: "-Xms1024m -Xmx2048m"
description: "TODO document argument" description: "Additional JVM options"
type: "str" type: "str"
keycloak_prefer_ipv4: keycloak_prefer_ipv4:
# line 43 of keycloak/defaults/main.yml # line 43 of keycloak/defaults/main.yml
default: true default: true
description: "TODO document argument" description: "Prefer IPv4 stack and addresses for port binding"
type: "bool" type: "bool"
keycloak_ha_enabled: keycloak_ha_enabled:
# line 46 of keycloak/defaults/main.yml # line 46 of keycloak/defaults/main.yml
@ -179,52 +179,52 @@ argument_specs:
keycloak_auth_realm: keycloak_auth_realm:
# line 52 of keycloak/defaults/main.yml # line 52 of keycloak/defaults/main.yml
default: "master" default: "master"
description: "TODO document argument" description: "Name for rest authentication realm"
type: "str" type: "str"
keycloak_auth_client: keycloak_auth_client:
# line 53 of keycloak/defaults/main.yml # line 53 of keycloak/defaults/main.yml
default: "admin-cli" default: "admin-cli"
description: "TODO document argument" description: "Authentication client for configuration REST calls"
type: "str" type: "str"
keycloak_force_install: keycloak_force_install:
# line 55 of keycloak/defaults/main.yml # line 55 of keycloak/defaults/main.yml
default: false default: false
description: "TODO document argument" description: "Remove pre-existing versions of service"
type: "bool" type: "bool"
keycloak_modcluster_url: keycloak_modcluster_url:
# line 58 of keycloak/defaults/main.yml # line 58 of keycloak/defaults/main.yml
default: "localhost" default: "localhost"
description: "TODO document argument" description: "URL for the modcluster reverse proxy"
type: "str" type: "str"
keycloak_frontend_url: keycloak_frontend_url:
# line 59 of keycloak/defaults/main.yml # line 59 of keycloak/defaults/main.yml
default: "http://localhost" default: "http://localhost"
description: "TODO document argument" description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
type: "str" type: "str"
infinispan_user: infinispan_user:
# line 62 of keycloak/defaults/main.yml # line 62 of keycloak/defaults/main.yml
default: "supervisor" default: "supervisor"
description: "TODO document argument" description: "Username for connecting to infinispan"
type: "str" type: "str"
infinispan_pass: infinispan_pass:
# line 63 of keycloak/defaults/main.yml # line 63 of keycloak/defaults/main.yml
default: "supervisor" default: "supervisor"
description: "TODO document argument" description: "Password for connecting to infinispan"
type: "str" type: "str"
infinispan_url: infinispan_url:
# line 64 of keycloak/defaults/main.yml # line 64 of keycloak/defaults/main.yml
default: "localhost" default: "localhost"
description: "TODO document argument" description: "URL for the infinispan remote-cache server"
type: "str" type: "str"
infinispan_sasl_mechanism: infinispan_sasl_mechanism:
# line 65 of keycloak/defaults/main.yml # line 65 of keycloak/defaults/main.yml
default: "SCRAM-SHA-512" default: "SCRAM-SHA-512"
description: "TODO document argument" description: "Authentication type to infinispan server"
type: "str" type: "str"
infinispan_use_ssl: infinispan_use_ssl:
# line 66 of keycloak/defaults/main.yml # line 66 of keycloak/defaults/main.yml
default: false default: false
description: "TODO document argument" description: "Enable hotrod client TLS communication"
type: "bool" type: "bool"
infinispan_trust_store_path: infinispan_trust_store_path:
# line 68 of keycloak/defaults/main.yml # line 68 of keycloak/defaults/main.yml
@ -234,45 +234,45 @@ argument_specs:
infinispan_trust_store_password: infinispan_trust_store_password:
# line 69 of keycloak/defaults/main.yml # line 69 of keycloak/defaults/main.yml
default: "changeit" default: "changeit"
description: "TODO document argument" description: "Path to truststore containing infinispan server certificate"
type: "str" type: "str"
keycloak_jdbc_engine: keycloak_jdbc_engine:
# line 72 of keycloak/defaults/main.yml # line 72 of keycloak/defaults/main.yml
default: "postgres" default: "postgres"
description: "TODO document argument" description: "Backend database flavour when db is enabled: [ postgres, mariadb ]"
type: "str" type: "str"
keycloak_db_user: keycloak_db_user:
# line 74 of keycloak/defaults/main.yml # line 74 of keycloak/defaults/main.yml
default: "keycloak-user" default: "keycloak-user"
description: "TODO document argument" description: "Username for connecting to database"
type: "str" type: "str"
keycloak_db_pass: keycloak_db_pass:
# line 75 of keycloak/defaults/main.yml # line 75 of keycloak/defaults/main.yml
default: "keycloak-pass" default: "keycloak-pass"
description: "TODO document argument" description: "Password for connecting to database"
type: "str" type: "str"
keycloak_jdbc_url: keycloak_jdbc_url:
# line 76 of keycloak/defaults/main.yml # line 76 of keycloak/defaults/main.yml
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}" default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
description: "TODO document argument" description: "URL for connecting to backend database"
type: "str" type: "str"
keycloak_jdbc_driver_version: keycloak_jdbc_driver_version:
# line 77 of keycloak/defaults/main.yml # line 77 of keycloak/defaults/main.yml
default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}" default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
description: "TODO document argument" description: "Version for the JDBC driver to download"
type: "str" type: "str"
keycloak_admin_password: keycloak_admin_password:
# line 4 of keycloak/vars/main.yml # line 4 of keycloak/vars/main.yml
required: true required: true
description: "TODO document argument" description: "Password for the administration console user account"
type: "str" type: "str"
keycloak_url: keycloak_url:
# line 12 of keycloak/vars/main.yml # line 12 of keycloak/vars/main.yml
default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}" default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
description: "TODO document argument" description: "URL for configuration rest calls"
type: "str" type: "str"
keycloak_management_url: keycloak_management_url:
# line 13 of keycloak/vars/main.yml # line 13 of keycloak/vars/main.yml
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
description: "TODO document argument" description: "URL for management console rest calls"
type: "str" type: "str"

13
roles/keycloak_realm/README.md
View File

@ -37,6 +37,7 @@ The following variables are available for creating clients:
|`keycloak_client_default_roles` | List of default role name for clients | `[]` | |`keycloak_client_default_roles` | List of default role name for clients | `[]` |
|`keycloak_client_users` | List of user/role mappings for a client | `[]` | |`keycloak_client_users` | List of user/role mappings for a client | `[]` |
The following variable are available for creating user federation: The following variable are available for creating user federation:
| Variable | Description | Default | | Variable | Description | Default |
@ -52,14 +53,15 @@ Variable formats
```yaml ```yaml
- realm: <name of the realm in which user federation should be configured, required> - realm: <name of the realm in which user federation should be configured, required>
name: <name of the user federation provider, required> name: <name of the user federation provider, required>
provider_id: <Type of the user federation provider, required> provider_id: <type of the user federation provider, required>
provider_type: < Provider Type, default is set to org.keycloak.storage.UserStorageProvider> provider_type: <Provider Type, default is set to org.keycloak.storage.UserStorageProvider>
config: <Dictionary of supported configuration values, required> config: <dictionary of supported configuration values, required>
mappers: <List of supported configuration values, required> mappers: <list of supported configuration values, required>
``` ```
Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_user_federation_module.html) for information on supported variables. Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_user_federation_module.html) for information on supported variables.
* `keycloak_clients`, a list of: * `keycloak_clients`, a list of:
```yaml ```yaml
@ -90,7 +92,8 @@ Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/ge
realm: <name of the realm> realm: <name of the realm>
``` ```
For a comprehensive example, refer to the [playbook](playbooks/keycloak.yml). For a comprehensive example, refer to the [playbook](../../playbooks/keycloak_realm.yml).
Example Playbook Example Playbook
---------------- ----------------

1
roles/keycloak_realm/defaults/main.yml
View File

@ -31,6 +31,7 @@ keycloak_auth_client: admin-cli
# public_client: "{{ keycloak_client_public }}" # public_client: "{{ keycloak_client_public }}"
# web_origins: "{{ keycloak_client_web_origins }}" # web_origins: "{{ keycloak_client_web_origins }}"
# users: "{{ keycloak_client_users }}" # users: "{{ keycloak_client_users }}"
keycloak_clients: []
# list of roles to create in the client # list of roles to create in the client
keycloak_client_default_roles: [] keycloak_client_default_roles: []

40
roles/keycloak_realm/meta/argument_specs.yml
View File

@ -4,90 +4,90 @@ argument_specs:
keycloak_host: keycloak_host:
# line 3 of keycloak_realm/defaults/main.yml # line 3 of keycloak_realm/defaults/main.yml
default: "localhost" default: "localhost"
description: "TODO document argument" description: "hostname for rest calls"
type: "str" type: "str"
keycloak_http_port: keycloak_http_port:
# line 4 of keycloak_realm/defaults/main.yml # line 4 of keycloak_realm/defaults/main.yml
default: 8080 default: 8080
description: "TODO document argument" description: "HTTP port"
type: "int" type: "int"
keycloak_https_port: keycloak_https_port:
# line 5 of keycloak_realm/defaults/main.yml # line 5 of keycloak_realm/defaults/main.yml
default: 8443 default: 8443
description: "TODO document argument" description: "HTTPS port"
type: "int" type: "int"
keycloak_management_http_port: keycloak_management_http_port:
# line 6 of keycloak_realm/defaults/main.yml # line 6 of keycloak_realm/defaults/main.yml
default: 9990 default: 9990
description: "TODO document argument" description: "Management port"
type: "int" type: "int"
keycloak_rhsso_enable: keycloak_rhsso_enable:
# line 7 of keycloak_realm/defaults/main.yml # line 7 of keycloak_realm/defaults/main.yml
default: false default: false
description: "TODO document argument" description: "Enable Red Hat Single Sign-on"
type: "bool" type: "bool"
keycloak_admin_user: keycloak_admin_user:
# line 10 of keycloak_realm/defaults/main.yml # line 10 of keycloak_realm/defaults/main.yml
default: "admin" default: "admin"
description: "TODO document argument" description: "Administration console user account"
type: "str" type: "str"
keycloak_auth_realm: keycloak_auth_realm:
# line 11 of keycloak_realm/defaults/main.yml # line 11 of keycloak_realm/defaults/main.yml
default: "master" default: "master"
description: "TODO document argument" description: "Name of the main authentication realm"
type: "str" type: "str"
keycloak_auth_client: keycloak_auth_client:
# line 12 of keycloak_realm/defaults/main.yml # line 12 of keycloak_realm/defaults/main.yml
default: "admin-cli" default: "admin-cli"
description: "TODO document argument" description: "Authentication client for configuration REST calls"
type: "str" type: "str"
keycloak_client_default_roles: keycloak_client_default_roles:
# line 36 of keycloak_realm/defaults/main.yml # line 36 of keycloak_realm/defaults/main.yml
default: "[]" default: "[]"
description: "TODO document argument" description: "List of roles to configure as client default"
type: "list" type: "list"
keycloak_client_public: keycloak_client_public:
# line 39 of keycloak_realm/defaults/main.yml # line 39 of keycloak_realm/defaults/main.yml
default: true default: true
description: "TODO document argument" description: "Configure a public realm client"
type: "bool" type: "bool"
keycloak_client_web_origins: keycloak_client_web_origins:
# line 42 of keycloak_realm/defaults/main.yml # line 42 of keycloak_realm/defaults/main.yml
default: "+" default: "+"
description: "TODO document argument" description: "Web origins for realm client"
type: "str" type: "str"
keycloak_client_users: keycloak_client_users:
# line 49 of keycloak_realm/defaults/main.yml # line 49 of keycloak_realm/defaults/main.yml
default: "[]" default: "[]"
description: "TODO document argument" description: "List of users to configure in the realm client"
type: "list" type: "list"
keycloak_user_federation: keycloak_user_federation:
# line 52 of keycloak_realm/defaults/main.yml # line 52 of keycloak_realm/defaults/main.yml
default: "[]" default: "[]"
description: "TODO document argument" description: "List of user federations to configure in the realm"
type: "list" type: "list"
keycloak_admin_password: keycloak_admin_password:
# line 5 of keycloak_realm/vars/main.yml # line 5 of keycloak_realm/vars/main.yml
required: true required: true
description: "TODO document argument" description: "Password for the administration console user account"
type: "str" type: "str"
keycloak_realm: keycloak_realm:
# line 8 of keycloak_realm/vars/main.yml # line 8 of keycloak_realm/vars/main.yml
required: true required: true
description: "TODO document argument" description: "Name of the realm to be configured"
type: "str" type: "str"
keycloak_clients: keycloak_clients:
# line 11 of keycloak_realm/vars/main.yml # line 11 of keycloak_realm/vars/main.yml
required: true default: "[]"
description: "TODO document argument" description: "List of client declarations for the realm"
type: "str" type: "list"
keycloak_url: keycloak_url:
# line 14 of keycloak_realm/vars/main.yml # line 14 of keycloak_realm/vars/main.yml
default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}" default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
description: "TODO document argument" description: "URL for configuration rest calls"
type: "str" type: "str"
keycloak_management_url: keycloak_management_url:
# line 15 of keycloak_realm/vars/main.yml # line 15 of keycloak_realm/vars/main.yml
default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
description: "TODO document argument" description: "URL for management console rest calls"
type: "str" type: "str"

3
roles/keycloak_realm/vars/main.yml
View File

@ -7,9 +7,6 @@ keycloak_admin_password:
# name of the realm to create, this is a required variable # name of the realm to create, this is a required variable
keycloak_realm: keycloak_realm:
# keycloak realm clients, this is a required variable
keycloak_clients:
# other settings # other settings
keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}" keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}" keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"