Update READMEs

2021-12-22 14:02:13 +01:00 · 2021-12-22 14:02:13 +01:00 · f5eaaf3650
commit f5eaaf3650
parent 702d09c731
2 changed files with 57 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -41,6 +41,13 @@ rhsso_rhn_id: '<sso_product_id>'

 where `sso_product_id` is the ID for the specific Red Hat Single Sign-On version, ie. _101971_ will install version _7.5_)

+
+## Included roles
+
+* `keycloak`: role for installing the service.
+* `keycloak_realm`: role for configuring a realm, with clients and users, in an installed service.
+
+
 ## License

 Apache License v2.0 or later
--- a/roles/keycloak_realm/README.md
+++ b/roles/keycloak_realm/README.md
@ -9,7 +9,12 @@ Role Defaults

 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_admin_user`| Administration console user account | `admin` |
+|`keycloak_admin_user` | Administration console user account | `admin` |
+|`keycloak_host` | hostname | `localhost` |
+|`keycloak_http_port` | HTTP port | `8080` |
+|`keycloak_https_port` | TLS HTTP port | `8443` |
+|`keycloak_auth_realm` | Name of the main authentication realm | `master` |
+

 Role Variables
 --------------
@ -19,19 +24,58 @@ The following are a set of _required_ variables for the role:
 | Variable | Description |
 |:---------|:------------|
 |`keycloak_admin_password`| Password for the administration console user account |
+|`keycloak_realm` | Name of the realm to be created |


-The following variables are _required_ only when keycloak_ha_enabled is True:
+The following variables are available for creating clients:

 | Variable | Description | Default |
 |:---------|:------------|:---------|
+|`keycloak_clients` | List of _client_ declarations for the realm | `[]` |
+|`keycloak_client_default_roles` | List of default role name for clients | `[]` |
+|`keycloak_client_users` | List of user/role mappings for a client | `[]` |


+Variable formats
+----------------
+
+* `keycloak_clients`, a list of:
+
+```yaml
+    - name: <name of the client>
+      roles: <keycloak_client_default_roles>
+      realm: <name of the realm that contains the client>
+      public_client: <true for public, false for confidential>
+      web_origins: <list of allowed we origins for the client>
+      users: <keycloak_client_users>
+```
+
+* `keycloak_client_users`, a list of:
+
+```yaml
+    - username: <username, required>
+      password: <password, required>
+      firstName: <firstName, optional>
+      lastName: <lastName, optional>
+      email: <email, optional>
+      client_roles: <list of client user/role mappings>
+```
+
+* Client user/role mappings, a list of:
+
+```yaml
+    - client: <name of the client>
+      role: <name of the role>
+      realm: <name of the realm>
+```
+
+For a comprehensive example, refer to the [playbook](playbooks/keycloak.yml).
+

 Example Playbook
 ----------------

-The following is an example playbook that makes use of the role to install keycloak
+The following is an example playbook that makes use of the role to create a realm in keycloak.

 ```yaml
 ---
@ -44,8 +88,11 @@ The following is an example playbook that makes use of the role to install keycl
            name: keycloak_realm
          vars:
            keycloak_admin_password: "changeme"
+            keycloak_realm: TestRealm
+            keycloak_clients: [...]
 ```

+
 License
 -------