From 283376694aa3a7fca5c4287c71f8b070fe0467b9 Mon Sep 17 00:00:00 2001 From: friedrich goerz Date: Mon, 11 Oct 2021 14:50:17 +0200 Subject: [PATCH] DEV-197: added stuff to remove realm-client --- remove-realm.yml | 95 +++++++++++++++++++++++++ roles/keycloak/tasks/_delete_client.yml | 56 +++++++++++++++ 2 files changed, 151 insertions(+) create mode 100644 remove-realm.yml create mode 100644 roles/keycloak/tasks/_delete_client.yml diff --git a/remove-realm.yml b/remove-realm.yml new file mode 100644 index 0000000..5c814d1 --- /dev/null +++ b/remove-realm.yml @@ -0,0 +1,95 @@ +--- + +# creates realm/clients on shared keycloak service +# - connect-realm: configuration to use with connect/wordpress + +# Parameters: +# playbook inventory +# stage := the type of the stage (e.g. dev, int, qa, prod) +# tenant_id := (unique key for the tenant, e.g. customer) +# cluster_name := (business name for the cluster, e.g. product, department ) +# cluster_size := (WIP node count for the cluster) +# cluster_services_str := (services to setup, e.g. 'connect,wordpress') +# playbook roles (keycloak / oidc) +# current_realm_name := +# current_realm_display_name := +# smardigo message callback +# scope_id := (scope id of the management process) +# process_instance_id := (process instance id of the management process) +# smardigo_management_action := (smardigo management action anme of the management process) + +############################################################# +# Creating inventory dynamically for given parameters +############################################################# + +- hosts: localhost + connection: local + gather_facts: false + + pre_tasks: + - name: "REMOVE REALM / Check if ansible version is at least 2.10.x" + assert: + that: + - ansible_version.major >= 2 + - ansible_version.minor >= 10 + msg: "The ansible version has to be at least ({{ ansible_version.full }})" + - set_fact: + cluster_services: "{{ cluster_services_str | split(',') }}" + + tasks: + - name: Add hosts + add_host: + name: "{{ stage }}-{{ tenant_id }}-{{ cluster_name }}-{{ '%02d' | format(item|int) }}" + groups: "{{ ['stage_' + stage ] + cluster_services }}" + with_sequence: start=1 end={{ cluster_size | default(1) }} + changed_when: False + +############################################################# +# Setup realms for created inventory +############################################################# + +- hosts: "stage_{{ stage }}" + serial: "{{ serial_number | default(1) }}" + gather_facts: false + become: false + + collections: + - hetzner.hcloud + - community.general + + pre_tasks: + - name: "REMOVE REALM / Import autodiscover pre-tasks" + include_tasks: tasks/autodiscover_pre_tasks.yml + - name: "REMOVE REALM / Parsing cluster_services_str into cluster_services" + set_fact: + cluster_services: "{{ cluster_services_str | split(',') }}" + - name: "REMOVE REALM / Delete client in realm <{{ current_realm_name }}>" + include_role: + name: keycloak + tasks_from: _delete_client + +############################################################# +# Sending smardigo management message to process +############################################################# + +- hosts: "stage_{{ stage }}" + serial: "{{ serial_number | default(1) }}" + connection: local + gather_facts: false + run_once: true + + post_tasks: + - name: "Sending smardigo management message <{{ smardigo_management_action }}> to <{{ scope_id }}/{{ process_instance_id }}>" + uri: + url: "{{ smardigo_management_url }}" + method: POST + body_format: json + body: "{{ lookup('template','smardigo-management-message.json.j2') }}" + headers: + accept: "*/*" + Content-Type: "application/json" + Smardigo-User-Token: "{{ smardigo_management_token }}" + status_code: [200] + retries: 5 + delay: 5 + delegate_to: 127.0.0.1 diff --git a/roles/keycloak/tasks/_delete_client.yml b/roles/keycloak/tasks/_delete_client.yml new file mode 100644 index 0000000..cb38ce6 --- /dev/null +++ b/roles/keycloak/tasks/_delete_client.yml @@ -0,0 +1,56 @@ +--- +- name: "KEYCLOAK: DELETE clients | Authenticate with Keycloak server" + uri: + url: "{{ keycloak_server_url }}/auth/realms/master/protocol/openid-connect/token" + method: POST + body_format: form-urlencoded + body: 'username={{ keycloak_admin_username }}&password={{ keycloak_admin_password }}&client_id=admin-cli&grant_type=password' + retries: 5 + delay: 5 + register: keycloak_authentication + delegate_to: 127.0.0.1 + become: false + +- name: "KEYCLOAK: DELETE clients | Read clients from realm {{ current_realm_name }}" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients" + method: GET + headers: + Authorization: "Bearer {{ keycloak_authentication.json.access_token }}" + status_code: [200] + register: realm_clients + delegate_to: 127.0.0.1 + become: false + +- name: "KEYCLOAK: DELETE clients | Save clients from realm as variable (fact)" + set_fact: + realm_clients_json: "{{ realm_clients.json }}" + delegate_to: 127.0.0.1 + become: false + +- name: "KEYCLOAK: DELETE clients | Save client ids from realm <{{ current_realm_name }}>" + set_fact: + realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}" + vars: + jmesquery: '[*].{id: id, clientId: clientId}' + delegate_to: 127.0.0.1 + become: false + +- set_fact: + realm_client_id: '{{ realm_client_ids | selectattr("clientId", "equalto", cluster_name) }}' + delegate_to: 127.0.0.1 + +- assert: + that: 'realm_client_id | length == 1 ' + +- name: "KEYCLOAK: DELETE client <{{ client_id }}> for realm <{{ current_realm_name }}>" + uri: + url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients/{{ realm_client_id[0].id }}" + method: DELETE + body_format: json + headers: + Authorization: "Bearer {{ keycloak_authentication.json.access_token }} " + status_code: [204] + changed_when: True + delegate_to: 127.0.0.1 + become: false