guillaume
/
ansible-keycloak
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update keycloak_realm to test nicely with keycloak_quarkus

main
Guido Grazioli 2022-04-07 14:07:28 +02:00
parent 419c862341
commit cf92da9e94
No known key found for this signature in database
GPG Key ID: 22C8C31EF2BC093B
7 changed files with 22 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
roles/keycloak_realm/defaults/main.yml
View File

@ -10,6 +10,7 @@ keycloak_rhsso_enable: False
keycloak_admin_user: admin keycloak_admin_user: admin
keycloak_auth_realm: master keycloak_auth_realm: master
keycloak_auth_client: admin-cli keycloak_auth_client: admin-cli
keycloak_context: /auth
# administrator console password, this is a required variable # administrator console password, this is a required variable
keycloak_admin_password: '' keycloak_admin_password: ''

7
roles/keycloak_realm/meta/argument_specs.yml
View File

@ -4,7 +4,12 @@ argument_specs:
keycloak_host: keycloak_host:
# line 3 of keycloak_realm/defaults/main.yml # line 3 of keycloak_realm/defaults/main.yml
default: "localhost" default: "localhost"
description: "hostname for rest calls" description: "Hostname for rest calls"
type: "str"
keycloak_context:
# line 5 of keycloak_realm/defaults/main.yml
default: "/auth"
description: "Context path for rest calls"
type: "str" type: "str"
keycloak_http_port: keycloak_http_port:
# line 4 of keycloak_realm/defaults/main.yml # line 4 of keycloak_realm/defaults/main.yml

10
roles/keycloak_realm/tasks/main.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: Generate keycloak auth token - name: Generate keycloak auth token
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no validate_certs: no
@ -13,7 +13,7 @@
- name: "Determine if realm exists" - name: "Determine if realm exists"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}"
method: GET method: GET
status_code: status_code:
- 200 - 200
@ -25,7 +25,7 @@
- name: Create Realm - name: Create Realm
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms"
method: POST method: POST
body: "{{ lookup('template','realm.json.j2') }}" body: "{{ lookup('template','realm.json.j2') }}"
validate_certs: no validate_certs: no
@ -37,7 +37,7 @@
- name: Create user federation - name: Create user federation
community.general.keycloak_user_federation: community.general.keycloak_user_federation:
auth_keycloak_url: "{{ keycloak_url }}/auth" auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
auth_realm: "{{ keycloak_auth_realm }}" auth_realm: "{{ keycloak_auth_realm }}"
auth_username: "{{ keycloak_admin_user }}" auth_username: "{{ keycloak_admin_user }}"
auth_password: "{{ keycloak_admin_password }}" auth_password: "{{ keycloak_admin_password }}"
@ -56,7 +56,7 @@
- name: Create or update a Keycloak client - name: Create or update a Keycloak client
community.general.keycloak_client: community.general.keycloak_client:
auth_client_id: "{{ keycloak_auth_client }}" auth_client_id: "{{ keycloak_auth_client }}"
auth_keycloak_url: "{{ keycloak_url }}/auth" auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
auth_realm: "{{ keycloak_auth_realm }}" auth_realm: "{{ keycloak_auth_realm }}"
auth_username: "{{ keycloak_admin_user }}" auth_username: "{{ keycloak_admin_user }}"
auth_password: "{{ keycloak_admin_password }}" auth_password: "{{ keycloak_admin_password }}"

2
roles/keycloak_realm/tasks/manage_client_roles.yml
View File

@ -4,7 +4,7 @@
realm: "{{ client.realm }}" realm: "{{ client.realm }}"
client_id: "{{ client.name }}" client_id: "{{ client.name }}"
auth_client_id: "{{ keycloak_auth_client }}" auth_client_id: "{{ keycloak_auth_client }}"
auth_keycloak_url: "{{ keycloak_url }}/auth" auth_keycloak_url: "{{ keycloak_url }}{{ keycloak_context }}"
auth_realm: "{{ keycloak_auth_realm }}" auth_realm: "{{ keycloak_auth_realm }}"
auth_username: "{{ keycloak_admin_user }}" auth_username: "{{ keycloak_admin_user }}"
auth_password: "{{ keycloak_admin_password }}" auth_password: "{{ keycloak_admin_password }}"

8
roles/keycloak_realm/tasks/manage_user.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: "Check if User Already Exists" - name: "Check if User Already Exists"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
validate_certs: no validate_certs: no
headers: headers:
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -9,7 +9,7 @@
- name: "Create User" - name: "Create User"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users"
method: POST method: POST
body: body:
enabled: true enabled: true
@ -27,7 +27,7 @@
- name: "Get User" - name: "Get User"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
validate_certs: no validate_certs: no
headers: headers:
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -35,7 +35,7 @@
- name: "Update User Password" - name: "Update User Password"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
method: PUT method: PUT
body: body:
type: password type: password

6
roles/keycloak_realm/tasks/manage_user_client_roles.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: "Get Realm for role" - name: "Get Realm for role"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}"
method: GET method: GET
status_code: status_code:
- 200 - 200
@ -12,7 +12,7 @@
- name: Check if Mapping is available - name: Check if Mapping is available
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
method: GET method: GET
status_code: status_code:
- 200 - 200
@ -23,7 +23,7 @@
- name: "Create Role Mapping" - name: "Create Role Mapping"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
method: POST method: POST
body: body:
- id: "{{ item.id }}" - id: "{{ item.id }}"

4
roles/keycloak_realm/tasks/manage_user_roles.yml
View File

@ -1,7 +1,7 @@
--- ---
- name: "Get User {{ user.username }}" - name: "Get User {{ user.username }}"
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
headers: headers:
validate_certs: no validate_certs: no
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@ -9,7 +9,7 @@
- name: Refresh keycloak auth token - name: Refresh keycloak auth token
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no validate_certs: no