ansible-keycloak/roles/keycloak_realm/tasks/manage_user_client_roles.yml

41 lines
1.6 KiB
YAML

---
- name: "Get Realm for role"
ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
register: client_role_realm
- name: Check if Mapping is available
ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
method: GET
status_code:
- 200
headers:
Accept: "application/json"
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
register: client_role_user_available
- name: "Create Role Mapping"
ansible.builtin.uri:
url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
method: POST
body:
- id: "{{ item.id }}"
clientRole: "{{ item.clientRole }}"
containerId: "{{ item.containerId }}"
name: "{{ item.name }}"
composite: "{{ item.composite }}"
validate_certs: False
body_format: json
headers:
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
status_code: 204
loop: "{{ client_role_user_available.json | flatten }}"
when: item.name == client_role.role