You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.3 KiB
YAML
120 lines
3.3 KiB
YAML
---
|
|
|
|
- name: Read realms
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ access_token}} "
|
|
status_code: [200]
|
|
register: realms
|
|
tags:
|
|
- update_realms
|
|
|
|
#- name: Print realms
|
|
# debug:
|
|
# msg: "{{ realms }}"
|
|
# tags:
|
|
# - update_realms
|
|
|
|
- name: Save realms as variable (fact)
|
|
set_fact:
|
|
realms_json: "{{ realms.json }}"
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Read realm ids
|
|
set_fact:
|
|
realm_ids: "{{ realms_json | json_query(jmesquery) }}"
|
|
vars:
|
|
jmesquery: '[*].id'
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Create realm {{ current_realm_name }}
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms
|
|
method: POST
|
|
body_format: json
|
|
body: "{{ lookup('template','keycloak-realm-create.json.j2') }}"
|
|
headers:
|
|
Authorization: "Bearer {{ access_token}} "
|
|
status_code: [201]
|
|
when: current_realm_name not in realm_ids
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Read clients from realm {{ current_realm_name }}
|
|
uri:
|
|
url: http://localhost:{{ service_port_keycloak_external }}/auth/admin/realms/{{ current_realm_name }}/clients
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ access_token}} "
|
|
status_code: [200]
|
|
register: realm_clients
|
|
tags:
|
|
- update_realms
|
|
|
|
#- name: Print clients from realm {{ current_realm_name }}
|
|
# debug:
|
|
# msg: "{{ realm_clients }}"
|
|
# tags:
|
|
# - update_realms
|
|
|
|
- name: Save clients from realm as variable (fact)
|
|
set_fact:
|
|
realm_clients_json: "{{ realm_clients.json }}"
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Save client ids from realm {{ current_realm_name }}
|
|
set_fact:
|
|
realm_client_ids: "{{ realm_clients_json | json_query(jmesquery) }}"
|
|
vars:
|
|
jmesquery: '[*].{id: id, clientId: clientId}'
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Print client ids
|
|
debug:
|
|
msg: "{{ realm_client_ids }}"
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Create clients from realm {{ current_realm_name }}
|
|
include_tasks: configure_client.yml
|
|
vars:
|
|
realm_name: '{{ current_realm_name }}'
|
|
client_id: '{{ client.clientId }}'
|
|
client_name: '{{ client.name }}'
|
|
admin_url: '{{ client.admin_url }}'
|
|
root_url: '{{ client.root_url }}'
|
|
redirect_uris: '{{ client.redirect_uris }}'
|
|
secret: '{{ client.secret }}'
|
|
web_origins: '{{ client.web_origins }}'
|
|
access_token: '{{ keycloak_authentication.json.access_token }}'
|
|
with_items: "{{ current_realm_clients }}"
|
|
loop_control:
|
|
loop_var: client
|
|
tags:
|
|
- update_realms
|
|
|
|
- name: Create realm {{ current_realm_name }} LDAP user storage provider
|
|
include_tasks: configure_user_storage_provider_ldap.yml
|
|
vars:
|
|
realm: '{{ current_realm_name }}'
|
|
provider_name: '{{ provider.name }}'
|
|
usersDn: '{{ provider.usersDn }}'
|
|
ldap_username: '{{ provider.username }}'
|
|
ldap_password: '{{ provider.password }}'
|
|
ldap_connection_url: '{{ provider.connection_url }}'
|
|
ldap_username_attribute: '{{ provider.username_attribute }}'
|
|
custom_user_search_filter: '{{ provider.custom_user_search_filter }}'
|
|
search_scope: '{{ provider.search_scope }}'
|
|
access_token: '{{ keycloak_authentication.json.access_token }}'
|
|
with_items: "{{ current_realm_ldaps }}"
|
|
loop_control:
|
|
loop_var: provider
|
|
tags:
|
|
- update_realms
|