gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '44c7509e11'
${ noResults }
hetzner-ansible/roles/keycloak/tasks/_configure_realm_admin_user...

110 lines
3.4 KiB
YAML
Raw Blame History

---
- name: "Reading users of realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_users
delegate_to: 127.0.0.1
become: false
- name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
set_fact:
realm_users_json: "{{ realm_users.json }}"
delegate_to: 127.0.0.1
become: false
- name: "Reading realm admin user id for <{{ current_realm_admin_user.username }}>"
set_fact:
realm_admin_user_id: "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?username==`{{ current_realm_admin_user.username }}`].id"
delegate_to: 127.0.0.1
become: false
- name: "Printing realm admin user id for <{{ current_realm_admin_user.username }}>"
debug:
msg: "{{ realm_admin_user_id }}"
delegate_to: 127.0.0.1
become: false
when:
- debug
- name: "Reading realm clients"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_clients
delegate_to: 127.0.0.1
become: false
- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)"
set_fact:
realm_clients_json: "{{ realm_clients.json }}"
delegate_to: 127.0.0.1
become: false
- name: "Reading realm management client id"
set_fact:
realm_management_client_id: "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?clientId=='realm-management'].id"
delegate_to: 127.0.0.1
become: false
- name: "Printing realm management client id"
debug:
msg: "{{ realm_management_client_id }}"
delegate_to: 127.0.0.1
become: false
when:
- debug
- name: "Reading available role mappings for realm management client"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_admin_user_client_available_roles_response
delegate_to: 127.0.0.1
become: false
- name: "Reading realm admin role id for management client"
set_fact:
realm_admin_role_id: "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?name=='realm-admin'].id"
delegate_to: 127.0.0.1
become: false
- name: "Printing realm admin role id for management client"
debug:
msg: "{{ realm_admin_role_id }}"
delegate_to: 127.0.0.1
become: false
when:
- debug
- name: "Adding realm admin role to user {{ realm_admin_user_id }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}"
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [204]
changed_when: True
when: realm_admin_role_id != 'None'
delegate_to: 127.0.0.1
become: false
Reference in New Issue View Git Blame Copy Permalink