hetzner-ansible/roles/harbor/tasks/main.yml

---

- name: "Install harbor"
  include_tasks: install.yml
  args:
    apply:
      tags:
        - harbor-install

- name: "harbor BASE settings"
  block:
  - name: "BLOCK: Login with keycloak-admin"
    include_role:
      name: keycloak
      tasks_from: _authenticate

  - name: "GET available clients from <<{{ harbor_base_configuration.oidc_name }}>>-realm"
    delegate_to: localhost
    become: False
    uri:
      url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients"
      method: GET
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ access_token }}"
      status_code: [200]
    register: realm_clients

  # available clients: get needed ID
  - set_fact:
      id_of_client: '{{ ( realm_clients.json | selectattr("clientId","equalto", harbor_base_configuration.oidc_client_id ) | first ).id }}'

  - name: "BLOCK: GET client-secret for client <<{{ harbor_base_configuration.oidc_client_id }}>> in realm <<{{ harbor_base_configuration.oidc_name }}>>"
    delegate_to: localhost
    become: False
    uri:
      url: "{{ keycloak_server_url }}/auth/admin/realms/{{ harbor_base_configuration.oidc_name }}/clients/{{ id_of_client }}/client-secret"
      method: GET
      headers:
        Content-Type: "application/json"
        Authorization: "Bearer {{ access_token }}"
      status_code: [200]
    register: client_secret

  - set_fact:
      dict:
        oidc_client_secret: '{{ client_secret.json.value }}'

  - set_fact:
      harbor_base_configuration_merged: '{{ harbor_base_configuration | combine( dict ,recursive=True ) }}'

  - name: "BLOCK: Configure harbor BASE settings"
    include_tasks: configure_base_config.yml
    vars:
      base_configuration: '{{ harbor_base_configuration_merged }}'
    args:
      apply:
        tags:
          - harbor-configure-base
# end of block for base settings