update keycloak_realm to test nicely with keycloak_quarkus

2022-04-07 14:07:28 +02:00 · 2022-04-07 14:07:28 +02:00 · cf92da9e94
parent 419c862341
commit cf92da9e94
7 changed files with 22 additions and 16 deletions
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@ -10,6 +10,7 @@ keycloak_rhsso_enable: False
 keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli
+keycloak_context: /auth

 # administrator console password, this is a required variable
 keycloak_admin_password: ''
--- a/roles/keycloak_realm/meta/argument_specs.yml
+++ b/roles/keycloak_realm/meta/argument_specs.yml
@ -4,8 +4,13 @@ argument_specs:
            keycloak_host:
                # line 3 of keycloak_realm/defaults/main.yml
                default: "localhost"
-                description: "hostname for rest calls"
+                description: "Hostname for rest calls"
                type: "str"
+            keycloak_context:
+                # line 5 of keycloak_realm/defaults/main.yml
+                default: "/auth"
+                description: "Context path for rest calls"
+                type: "str"                
            keycloak_http_port:
                # line 4 of keycloak_realm/defaults/main.yml
                default: 8080
--- a/roles/keycloak_realm/tasks/main.yml
+++ b/roles/keycloak_realm/tasks/main.yml
@ -1,7 +1,7 @@
 ---
 - name: Generate keycloak auth token
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
    method: POST
    body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
    validate_certs: no
@ -13,7 +13,7 @@

 - name: "Determine if realm exists"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}"
    method: GET
    status_code:
      - 200
@ -25,7 +25,7 @@

 - name: Create Realm
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms"
    method: POST
    body: "{{ lookup('template','realm.json.j2') }}"
    validate_certs: no
@ -37,7 +37,7 @@

 - name: Create user federation
  community.general.keycloak_user_federation:
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
    auth_realm: "{{ keycloak_auth_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
@ -56,7 +56,7 @@
 - name: Create or update a Keycloak client
  community.general.keycloak_client:
    auth_client_id: "{{ keycloak_auth_client }}"
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
    auth_realm: "{{ keycloak_auth_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
--- a/roles/keycloak_realm/tasks/manage_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_client_roles.yml
@ -4,7 +4,7 @@
    realm: "{{ client.realm }}"
    client_id: "{{ client.name }}"
    auth_client_id: "{{ keycloak_auth_client }}"
-    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
    auth_realm: "{{ keycloak_auth_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
--- a/roles/keycloak_realm/tasks/manage_user.yml
+++ b/roles/keycloak_realm/tasks/manage_user.yml
@ -1,7 +1,7 @@
 ---
 - name: "Check if User Already Exists"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
    validate_certs: no
    headers:
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -9,7 +9,7 @@

 - name: "Create User"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users"
    method: POST
    body:
      enabled: true
@ -27,7 +27,7 @@

 - name: "Get User"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
    validate_certs: no
    headers:
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -35,7 +35,7 @@

 - name: "Update User Password"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
    method: PUT
    body:
      type: password
--- a/roles/keycloak_realm/tasks/manage_user_client_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_client_roles.yml
@ -1,7 +1,7 @@
 ---
 - name: "Get Realm for role"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}"
    method: GET
    status_code:
      - 200
@ -12,7 +12,7 @@

 - name: Check if Mapping is available
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
    method: GET
    status_code:
      - 200
@ -23,7 +23,7 @@

 - name: "Create Role Mapping"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
    method: POST
    body:
      - id: "{{ item.id }}"
--- a/roles/keycloak_realm/tasks/manage_user_roles.yml
+++ b/roles/keycloak_realm/tasks/manage_user_roles.yml
@ -1,7 +1,7 @@
 ---
 - name: "Get User {{ user.username }}"
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
    headers:
      validate_certs: no
      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -9,7 +9,7 @@

 - name: Refresh keycloak auth token
  ansible.builtin.uri:
-    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
    method: POST
    body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
    validate_certs: no