98 lines
4.3 KiB
YAML
98 lines
4.3 KiB
YAML
---
|
|
- name: Generate keycloak auth token
|
|
uri:
|
|
url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
|
|
method: POST
|
|
body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
|
|
validate_certs: no
|
|
register: keycloak_auth_response
|
|
until: keycloak_auth_response.status == 200
|
|
retries: 5
|
|
delay: 2
|
|
|
|
- name: "Determine if realm exists"
|
|
uri:
|
|
url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
- 404
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
|
register: keycloak_realm_exists
|
|
|
|
- name: Create Realm
|
|
uri:
|
|
url: "{{ keycloak_url }}/auth/admin/realms"
|
|
method: POST
|
|
body: "{{ lookup('template','realm.json.j2') }}"
|
|
validate_certs: no
|
|
body_format: json
|
|
headers:
|
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
|
status_code: 201
|
|
when: keycloak_realm_exists.status == 404
|
|
|
|
- name: Create or update a Keycloak client
|
|
community.general.keycloak_client:
|
|
auth_client_id: "{{ keycloak_auth_client }}"
|
|
auth_keycloak_url: "{{ keycloak_url }}/auth"
|
|
auth_realm: "{{ keycloak_auth_realm }}"
|
|
auth_username: "{{ keycloak_admin_user }}"
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
realm: "{{ item.realm }}"
|
|
client_id: "{{ item.client_id | default(omit) }}"
|
|
id: "{{ item.id | default(omit) }}"
|
|
name: "{{ item.name | default(omit) }}"
|
|
description: "{{ item.description | default(omit) }}"
|
|
root_url: "{{ item.root_url | default('') }}"
|
|
admin_url: "{{ item.admin_url | default('') }}"
|
|
base_url: "{{ item.base_url | default('') }}"
|
|
enabled: "{{ item.enabled | default(True) }}"
|
|
client_authenticator_type: "{{ item.client_authenticator_type | default(omit) }}"
|
|
secret: "{{ item.secret | default(omit) }}"
|
|
redirect_uris: "{{ item.redirect_uris | default(omit) }}"
|
|
web_origins: "{{ item.web_origins | default('+') }}"
|
|
not_before: "{{ item.not_before | default(omit) }}"
|
|
bearer_only: "{{ item.bearer_only | default(omit) }}"
|
|
consent_required: "{{ item.consent_required | default(omit) }}"
|
|
standard_flow_enabled: "{{ item.standard_flow_enabled | default(omit) }}"
|
|
implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(omit) }}"
|
|
direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(omit) }}"
|
|
service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
|
|
authorization_services_enabled: "{{ item.authorization_services_enabled | default(omit) }}"
|
|
public_client: "{{ item.public_client | default(False) }}"
|
|
frontchannel_logout: "{{ item.frontchannel_logout | default(omit) }}"
|
|
protocol: "{{ item.protocol | default(omit) }}"
|
|
full_scope_allowed: "{{ item.full_scope_allowed | default(omit) }}"
|
|
node_re_registration_timeout: "{{ item.node_re_registration_timeout | default(omit) }}"
|
|
client_template: "{{ item.client_template | default(omit) }}"
|
|
use_template_config: "{{ item.use_template_config | default(omit) }}"
|
|
use_template_scope: "{{ item.use_template_scope | default(omit) }}"
|
|
use_template_mappers: "{{ item.use_template_mappers | default(omit) }}"
|
|
registered_nodes: "{{ item.registered_nodes | default(omit) }}"
|
|
registration_access_token: "{{ item.registration_access_token | default(omit) }}"
|
|
surrogate_auth_required: "{{ item.surrogate_auth_required | default(omit) }}"
|
|
default_roles: "{{ item.default_roles | default(omit) }}"
|
|
authentication_flow_binding_overrides: "{{ item.authentication_flow_binding_overrides | default(omit) }}"
|
|
protocol_mappers: "{{ item.protocol_mappers | default(omit) }}"
|
|
attributes: "{{ item.attributes | default(omit) }}"
|
|
state: present
|
|
register: create_client_result
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
when: keycloak_clients is defined
|
|
|
|
- name: Create client roles
|
|
include_tasks: manage_client_roles.yml
|
|
when: keycloak_rhsso_enable
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
loop_control:
|
|
loop_var: client
|
|
|
|
- name: Create client users
|
|
include_tasks: manage_client_users.yml
|
|
loop: "{{ keycloak_clients | flatten }}"
|
|
loop_control:
|
|
loop_var: client
|
|
when: "'users' in keycloak_clients" |