Merge pull request #15 from guidograzioli/fqcn-builtins

fix: use FQCN
main
Harsha Cherukuri 2022-03-01 12:42:09 -05:00 committed by GitHub
commit ffd146d392
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 84 additions and 79 deletions

View File

@ -3,10 +3,10 @@
hosts: all hosts: all
tasks: tasks:
- name: Disable beta repos - name: Disable beta repos
command: yum config-manager --disable '*beta*' ansible.builtin.command: yum config-manager --disable '*beta*'
ignore_errors: yes ignore_errors: yes
- name: Install sudo - name: Install sudo
yum: ansible.builtin.yum:
name: sudo name: sudo
state: present state: present

View File

@ -5,6 +5,6 @@
- name: Populate service facts - name: Populate service facts
ansible.builtin.service_facts: ansible.builtin.service_facts:
- name: Check if keycloak service started - name: Check if keycloak service started
assert: ansible.builtin.assert:
that: that:
- ansible_facts.services["keycloak.service"]["state"] == "running" - ansible_facts.services["keycloak.service"]["state"] == "running"

View File

@ -5,7 +5,7 @@
- middleware_automation.keycloak - middleware_automation.keycloak
tasks: tasks:
- name: Include keycloak role - name: Include keycloak role
include_role: ansible.builtin.include_role:
name: keycloak name: middleware_automation.keycloak.keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"

View File

@ -3,8 +3,8 @@
hosts: keycloak hosts: keycloak
tasks: tasks:
- name: Keycloak Realm Role - name: Keycloak Realm Role
include_role: ansible.builtin.include_role:
name: keycloak_realm name: middleware_automation.keycloak.keycloak_realm
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
keycloak_realm: TestRealm keycloak_realm: TestRealm

View File

@ -4,11 +4,11 @@
collections: collections:
- middleware_automation.redhat_csp_download - middleware_automation.redhat_csp_download
roles: roles:
- redhat_csp_download - middleware_automation.redhat_csp_download.redhat_csp_download
tasks: tasks:
- name: Keycloak Role - name: Keycloak Role
include_role: ansible.builtin.include_role:
name: keycloak name: middleware_automation.keycloak.keycloak
vars: vars:
keycloak_admin_password: "changeme" keycloak_admin_password: "changeme"
keycloak_rhsso_enable: True keycloak_rhsso_enable: True

View File

@ -1,3 +1,3 @@
--- ---
- name: restart keycloak - name: restart keycloak
include_tasks: restart_keycloak.yml ansible.builtin.include_tasks: restart_keycloak.yml

View File

@ -1,7 +1,7 @@
--- ---
- block: - block:
- name: "Check if package {{ package_name }} is already installed" - name: "Check if package {{ package_name }} is already installed"
command: rpm -q {{ package_name }} ansible.builtin.command: rpm -q {{ package_name }}
args: args:
warn: no warn: no
register: rpm_info register: rpm_info
@ -9,6 +9,6 @@
rescue: rescue:
- name: "Add {{ package_name }} to the yum install list if missing" - name: "Add {{ package_name }} to the yum install list if missing"
set_fact: ansible.builtin.set_fact:
packages_to_install: "{{ packages_to_install + [ package_name ] }}" packages_to_install: "{{ packages_to_install + [ package_name ] }}"
when: rpm_info.failed when: rpm_info.failed

View File

@ -1,18 +1,18 @@
--- ---
- name: Set facts - name: Set facts
set_fact: ansible.builtin.set_fact:
update_cache: true update_cache: true
packages_to_install: [] packages_to_install: []
- name: "Check packages to be installed" - name: "Check packages to be installed"
include_tasks: check.yml ansible.builtin.include_tasks: check.yml
loop: "{{ packages_list | flatten }}" loop: "{{ packages_list | flatten }}"
loop_control: loop_control:
loop_var: package_name loop_var: package_name
- name: "Install packages: {{ packages_to_install }}" - name: "Install packages: {{ packages_to_install }}"
become: yes become: yes
yum: ansible.builtin.yum:
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: present state: present
when: packages_to_install | length > 0 when: packages_to_install | length > 0

View File

@ -7,7 +7,7 @@
- name: Enable and start the firewalld service - name: Enable and start the firewalld service
become: yes become: yes
systemd: ansible.builtin.systemd:
name: firewalld name: firewalld
enabled: yes enabled: yes
state: started state: started

View File

@ -1,6 +1,6 @@
--- ---
- name: Validate parameters - name: Validate parameters
assert: ansible.builtin.assert:
that: that:
- keycloak_jboss_home is defined - keycloak_jboss_home is defined
- keycloak_service_user is defined - keycloak_service_user is defined
@ -12,7 +12,7 @@
- name: Check for an existing deployment - name: Check for an existing deployment
become: yes become: yes
stat: ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
register: existing_deploy register: existing_deploy
@ -20,24 +20,24 @@
- name: Stop the old keycloak service - name: Stop the old keycloak service
become: yes become: yes
ignore_errors: yes ignore_errors: yes
systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
state: stopped state: stopped
- name: Remove the old Keycloak deployment - name: Remove the old Keycloak deployment
become: yes become: yes
file: ansible.builtin.file:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
state: absent state: absent
when: existing_deploy.stat.exists and keycloak_force_install|bool when: existing_deploy.stat.exists and keycloak_force_install|bool
- name: check for an existing deployment after possible forced removal - name: check for an existing deployment after possible forced removal
become: yes become: yes
stat: ansible.builtin.stat:
path: "{{ keycloak_jboss_home }}" path: "{{ keycloak_jboss_home }}"
- name: create Keycloak service user/group - name: create Keycloak service user/group
become: yes become: yes
user: ansible.builtin.user:
name: "{{ keycloak_service_user }}" name: "{{ keycloak_service_user }}"
home: /opt/keycloak home: /opt/keycloak
system: yes system: yes
@ -45,7 +45,7 @@
- name: create Keycloak install location - name: create Keycloak install location
become: yes become: yes
file: ansible.builtin.file:
dest: "{{ keycloak_dest }}" dest: "{{ keycloak_dest }}"
state: directory state: directory
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
@ -54,23 +54,23 @@
## check remote archive ## check remote archive
- name: Set download archive path - name: Set download archive path
set_fact: ansible.builtin.set_fact:
archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}" archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
- name: Check download archive path - name: Check download archive path
stat: ansible.builtin.stat:
path: "{{ archive }}" path: "{{ archive }}"
register: archive_path register: archive_path
## download to controller ## download to controller
- name: Check local download archive path - name: Check local download archive path
stat: ansible.builtin.stat:
path: "{{ lookup('env', 'PWD') }}" path: "{{ lookup('env', 'PWD') }}"
register: local_path register: local_path
delegate_to: localhost delegate_to: localhost
- name: Download keycloak archive - name: Download keycloak archive
get_url: ansible.builtin.get_url:
url: "{{ keycloak_download_url }}" url: "{{ keycloak_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
delegate_to: localhost delegate_to: localhost
@ -82,7 +82,7 @@
- not keycloak_offline_install - not keycloak_offline_install
- name: Perform download from RHN - name: Perform download from RHN
redhat_csp_download: middleware_automation.redhat_csp_download.redhat_csp_download:
url: "{{ keycloak_rhsso_download_url }}" url: "{{ keycloak_rhsso_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
username: "{{ rhn_username }}" username: "{{ rhn_username }}"
@ -98,7 +98,7 @@
- keycloak_rhn_url in keycloak_rhsso_download_url - keycloak_rhn_url in keycloak_rhsso_download_url
- name: Download rhsso archive from alternate location - name: Download rhsso archive from alternate location
get_url: ansible.builtin.get_url:
url: "{{ keycloak_rhsso_download_url }}" url: "{{ keycloak_rhsso_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
delegate_to: localhost delegate_to: localhost
@ -111,14 +111,14 @@
- not keycloak_rhn_url in keycloak_rhsso_download_url - not keycloak_rhn_url in keycloak_rhsso_download_url
- name: Check downloaded archive - name: Check downloaded archive
stat: ansible.builtin.stat:
path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
register: local_archive_path register: local_archive_path
delegate_to: localhost delegate_to: localhost
## copy and unpack ## copy and unpack
- name: Copy archive to target nodes - name: Copy archive to target nodes
copy: ansible.builtin.copy:
src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
dest: "{{ archive }}" dest: "{{ archive }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
@ -132,13 +132,13 @@
become: yes become: yes
- name: "Check target directory: {{ keycloak.home }}" - name: "Check target directory: {{ keycloak.home }}"
stat: ansible.builtin.stat:
path: "{{ keycloak.home }}" path: "{{ keycloak.home }}"
register: path_to_workdir register: path_to_workdir
become: yes become: yes
- name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target" - name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target"
unarchive: ansible.builtin.unarchive:
remote_src: yes remote_src: yes
src: "{{ archive }}" src: "{{ archive }}"
dest: "{{ keycloak_dest }}" dest: "{{ keycloak_dest }}"
@ -152,13 +152,13 @@
- restart keycloak - restart keycloak
- name: Inform decompression was not executed - name: Inform decompression was not executed
debug: ansible.builtin.debug:
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression" msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
when: when:
- not new_version_downloaded.changed and path_to_workdir.stat.exists - not new_version_downloaded.changed and path_to_workdir.stat.exists
- name: "Reown installation directory to {{ keycloak_service_user }}" - name: "Reown installation directory to {{ keycloak_service_user }}"
file: ansible.builtin.file:
path: "{{ keycloak.home }}" path: "{{ keycloak.home }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
@ -168,8 +168,8 @@
# driver and configuration # driver and configuration
- name: "Install {{ keycloak_jdbc_engine }} driver" - name: "Install {{ keycloak_jdbc_engine }} driver"
include_role: ansible.builtin.include_role:
name: wildfly_driver name: middleware_automation.wildfly.wildfly_driver
vars: vars:
wildfly_user: "{{ keycloak_service_user }}" wildfly_user: "{{ keycloak_service_user }}"
jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}" jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
@ -182,7 +182,7 @@
- name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}" - name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
become: yes become: yes
template: ansible.builtin.template:
src: templates/standalone.xml.j2 src: templates/standalone.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
@ -194,7 +194,7 @@
- name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}" - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
become: yes become: yes
template: ansible.builtin.template:
src: templates/standalone-infinispan.xml.j2 src: templates/standalone-infinispan.xml.j2
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"

View File

@ -2,25 +2,25 @@
# tasks file for keycloak # tasks file for keycloak
- name: Check prerequisites - name: Check prerequisites
include_tasks: prereqs.yml ansible.builtin.include_tasks: prereqs.yml
tags: tags:
- prereqs - prereqs
- name: Include install tasks - name: Include install tasks
include_tasks: tasks/install.yml ansible.builtin.include_tasks: tasks/install.yml
- name: Include systemd tasks - name: Include systemd tasks
include_tasks: tasks/systemd.yml ansible.builtin.include_tasks: tasks/systemd.yml
- name: Link default logs directory - name: Link default logs directory
file: ansible.builtin.file:
state: link state: link
src: "{{ keycloak_jboss_home }}/standalone/log" src: "{{ keycloak_jboss_home }}/standalone/log"
dest: /var/log/keycloak dest: /var/log/keycloak
- block: - block:
- name: Check admin credentials by generating a token - name: Check admin credentials by generating a token
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
@ -31,7 +31,7 @@
delay: 2 delay: 2
rescue: rescue:
- name: "Create {{ keycloak.service_name }} admin user" - name: "Create {{ keycloak.service_name }} admin user"
command: ansible.builtin.command:
args: args:
argv: argv:
- "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh" - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
@ -41,9 +41,9 @@
changed_when: yes changed_when: yes
become: yes become: yes
- name: "Restart {{ keycloak.service_name }}" - name: "Restart {{ keycloak.service_name }}"
include_tasks: tasks/restart_keycloak.yml ansible.builtin.include_tasks: tasks/restart_keycloak.yml
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
uri: ansible.builtin.uri:
url: "{{ keycloak.health_url }}" url: "{{ keycloak.health_url }}"
register: keycloak_status register: keycloak_status
until: keycloak_status.status == 200 until: keycloak_status.status == 200

View File

@ -1,6 +1,6 @@
--- ---
- name: Validate configuration - name: Validate configuration
assert: ansible.builtin.assert:
that: that:
- (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled) - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
quiet: True quiet: True
@ -8,7 +8,7 @@
success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}" success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
- name: Validate credentials - name: Validate credentials
assert: ansible.builtin.assert:
that: that:
- (rhn_username is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install - (rhn_username is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
- (rhn_password is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install - (rhn_password is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
@ -17,7 +17,7 @@
success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}" success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}"
- name: Set required packages facts - name: Set required packages facts
set_fact: ansible.builtin.set_fact:
required_packages: required_packages:
- "{{ jvm_package }}" - "{{ jvm_package }}"
- unzip - unzip

View File

@ -1,6 +1,6 @@
--- ---
- name: "Restart and enable keycloack service" - name: "Restart and enable keycloack service"
systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
enabled: yes enabled: yes
state: restarted state: restarted

View File

@ -1,6 +1,6 @@
--- ---
- name: "Stop SSO service" - name: "Stop SSO service"
systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
enabled: yes enabled: yes
state: stopped state: stopped

View File

@ -1,6 +1,6 @@
- name: configure keycloak service script wrapper - name: configure keycloak service script wrapper
become: yes become: yes
template: ansible.builtin.template:
src: keycloak-service.sh.j2 src: keycloak-service.sh.j2
dest: "{{ keycloak_dest }}/keycloak-service.sh" dest: "{{ keycloak_dest }}/keycloak-service.sh"
owner: root owner: root
@ -11,7 +11,7 @@
- name: configure sysconfig file for keycloak service - name: configure sysconfig file for keycloak service
become: yes become: yes
template: ansible.builtin.template:
src: keycloak-sysconfig.j2 src: keycloak-sysconfig.j2
dest: /etc/sysconfig/keycloak dest: /etc/sysconfig/keycloak
owner: root owner: root
@ -21,7 +21,7 @@
- restart keycloak - restart keycloak
- name: configure systemd unit file for keycloak service - name: configure systemd unit file for keycloak service
template: ansible.builtin.template:
src: keycloak.service.j2 src: keycloak.service.j2
dest: /etc/systemd/system/keycloak.service dest: /etc/systemd/system/keycloak.service
owner: root owner: root
@ -34,33 +34,33 @@
- name: reload systemd - name: reload systemd
become: yes become: yes
systemd: ansible.builtin.systemd:
daemon_reload: yes daemon_reload: yes
when: systemdunit.changed when: systemdunit.changed
- name: start keycloak - name: start keycloak
systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
enabled: yes enabled: yes
state: started state: started
become: yes become: yes
- name: Check service status - name: Check service status
command: "systemctl status keycloak" ansible.builtin.command: "systemctl status keycloak"
register: keycloak_service_status register: keycloak_service_status
changed_when: False changed_when: False
- name: Verify service status - name: Verify service status
assert: ansible.builtin.assert:
that: that:
- keycloak_service_status is defined - keycloak_service_status is defined
- keycloak_service_status.stdout is defined - keycloak_service_status.stdout is defined
- name: Flush handlers - name: Flush handlers
meta: flush_handlers ansible.builtin.meta: flush_handlers
- name: "Wait until Keycloak becomes active {{ keycloak.health_url }}" - name: "Wait until Keycloak becomes active {{ keycloak.health_url }}"
uri: ansible.builtin.uri:
url: "{{ keycloak.health_url }}" url: "{{ keycloak.health_url }}"
register: keycloak_status register: keycloak_status
until: keycloak_status.status == 200 until: keycloak_status.status == 200

View File

@ -1,17 +1,18 @@
--- ---
- name: Generate keycloak auth token - name: Generate keycloak auth token
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no validate_certs: no
no_log: True
register: keycloak_auth_response register: keycloak_auth_response
until: keycloak_auth_response.status == 200 until: keycloak_auth_response.status == 200
retries: 5 retries: 5
delay: 2 delay: 2
- name: "Determine if realm exists" - name: "Determine if realm exists"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
method: GET method: GET
status_code: status_code:
@ -23,7 +24,7 @@
register: keycloak_realm_exists register: keycloak_realm_exists
- name: Create Realm - name: Create Realm
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms" url: "{{ keycloak_url }}/auth/admin/realms"
method: POST method: POST
body: "{{ lookup('template','realm.json.j2') }}" body: "{{ lookup('template','realm.json.j2') }}"
@ -47,6 +48,7 @@
provider_type: "{{ item.provider_type | default(org.keycloak.storage.UserStorageProvider) }}" provider_type: "{{ item.provider_type | default(org.keycloak.storage.UserStorageProvider) }}"
config: "{{ item.config }}" config: "{{ item.config }}"
mappers: "{{ item.mappers | default(omit) }}" mappers: "{{ item.mappers | default(omit) }}"
no_log: True
register: create_user_federation_result register: create_user_federation_result
loop: "{{ keycloak_user_federation | flatten }}" loop: "{{ keycloak_user_federation | flatten }}"
when: keycloak_user_federation is defined when: keycloak_user_federation is defined
@ -78,19 +80,20 @@
public_client: "{{ item.public_client | default(False) }}" public_client: "{{ item.public_client | default(False) }}"
protocol: "{{ item.protocol | default(omit) }}" protocol: "{{ item.protocol | default(omit) }}"
state: present state: present
no_log: True
register: create_client_result register: create_client_result
loop: "{{ keycloak_clients | flatten }}" loop: "{{ keycloak_clients | flatten }}"
when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined) when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined)
- name: Create client roles - name: Create client roles
include_tasks: manage_client_roles.yml ansible.builtin.include_tasks: manage_client_roles.yml
loop: "{{ keycloak_clients | flatten }}" loop: "{{ keycloak_clients | flatten }}"
loop_control: loop_control:
loop_var: client loop_var: client
when: "'roles' in client" when: "'roles' in client"
- name: Create client users - name: Create client users
include_tasks: manage_client_users.yml ansible.builtin.include_tasks: manage_client_users.yml
loop: "{{ keycloak_clients | flatten }}" loop: "{{ keycloak_clients | flatten }}"
loop_control: loop_control:
loop_var: client loop_var: client

View File

@ -10,3 +10,4 @@
auth_password: "{{ keycloak_admin_password }}" auth_password: "{{ keycloak_admin_password }}"
state: present state: present
loop: "{{ client.roles | flatten }}" loop: "{{ client.roles | flatten }}"
no_log: True

View File

@ -1,12 +1,12 @@
--- ---
- name: Manage Users - name: Manage Users
include_tasks: manage_user.yml ansible.builtin.include_tasks: manage_user.yml
loop: "{{ client.users | flatten }}" loop: "{{ client.users | flatten }}"
loop_control: loop_control:
loop_var: user loop_var: user
- name: Manage User Roles - name: Manage User Roles
include_tasks: manage_user_roles.yml ansible.builtin.include_tasks: manage_user_roles.yml
loop: "{{ client.users | flatten }}" loop: "{{ client.users | flatten }}"
loop_control: loop_control:
loop_var: user loop_var: user

View File

@ -1,6 +1,6 @@
--- ---
- name: "Check if User Already Exists" - name: "Check if User Already Exists"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
validate_certs: no validate_certs: no
headers: headers:
@ -8,7 +8,7 @@
register: keycloak_user_search_result register: keycloak_user_search_result
- name: "Create User" - name: "Create User"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users"
method: POST method: POST
body: body:
@ -26,7 +26,7 @@
when: keycloak_user_search_result.json | length == 0 when: keycloak_user_search_result.json | length == 0
- name: "Get User" - name: "Get User"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
validate_certs: no validate_certs: no
headers: headers:
@ -34,7 +34,7 @@
register: keycloak_user register: keycloak_user
- name: "Update User Password" - name: "Update User Password"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
method: PUT method: PUT
body: body:

View File

@ -1,6 +1,6 @@
--- ---
- name: "Get Realm for role" - name: "Get Realm for role"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}"
method: GET method: GET
status_code: status_code:
@ -11,7 +11,7 @@
register: client_role_realm register: client_role_realm
- name: Check if Mapping is available - name: Check if Mapping is available
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available" url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
method: GET method: GET
status_code: status_code:
@ -22,7 +22,7 @@
register: client_role_user_available register: client_role_user_available
- name: "Create Role Mapping" - name: "Create Role Mapping"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
method: POST method: POST
body: body:

View File

@ -1,6 +1,6 @@
--- ---
- name: "Get User {{ user.username }}" - name: "Get User {{ user.username }}"
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}" url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
headers: headers:
validate_certs: no validate_certs: no
@ -8,18 +8,19 @@
register: keycloak_user register: keycloak_user
- name: Refresh keycloak auth token - name: Refresh keycloak auth token
uri: ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no validate_certs: no
register: keycloak_auth_response register: keycloak_auth_response
no_log: True
until: keycloak_auth_response.status == 200 until: keycloak_auth_response.status == 200
retries: 5 retries: 5
delay: 2 delay: 2
- name: "Manage Client Role Mapping for {{ user.username }}" - name: "Manage Client Role Mapping for {{ user.username }}"
include_tasks: manage_user_client_roles.yml ansible.builtin.include_tasks: manage_user_client_roles.yml
loop: "{{ user.client_roles | flatten }}" loop: "{{ user.client_roles | flatten }}"
loop_control: loop_control:
loop_var: client_role loop_var: client_role