gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a32ffa7ea2'
${ noResults }
hetzner-ansible/roles/keycloak/tasks/_create_realm_admin.yml

143 lines
4.4 KiB
YAML
Raw Blame History

---
- name: "Reading users of realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_users
delegate_to: 127.0.0.1
- name: "Printing realm users"
debug:
msg: "{{ realm_users }}"
when:
- debug
- name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
set_fact:
realm_users_json: "{{ realm_users.json }}"
- name: "Reading user ids of realm {{ current_realm_name }}"
set_fact:
realm_user_usernames: "{{ realm_users_json | json_query(jmesquery) }}"
vars:
jmesquery: '[*].username'
- name: "Printing usernames of realm {{ current_realm_name }}"
debug:
msg: "{{ realm_user_usernames }}"
when:
- debug
- name: "Creating users for realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-realm-create-user.json.j2') }}"
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [201]
with_items: [
{
"username": "{{ connect_realm_admin_username }}",
"password": "{{ connect_realm_admin_password }}",
}
]
when: current_realm_user.username not in realm_user_usernames
changed_when: True
loop_control:
loop_var: current_realm_user
delegate_to: 127.0.0.1
- name: "Reading users of realm {{ current_realm_name }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_users
delegate_to: 127.0.0.1
- name: "Saving users of realm {{ current_realm_name }} as variable (fact)"
set_fact:
realm_users_json: "{{ realm_users.json }}"
- name: "Reading realm admin user id"
set_fact:
realm_admin_user_id: "{{ realm_users_json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?username==`{{ connect_realm_admin_username }}`].id"
- name: "Printing realm admin user id"
debug:
msg: "{{ realm_admin_user_id }}"
when:
- debug
- name: "Reading realm clients"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/clients"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_clients
delegate_to: 127.0.0.1
- name: "Saving clients of realm {{ current_realm_name }} as variable (fact)"
set_fact:
realm_clients_json: "{{ realm_clients.json }}"
- name: "Reading realm management client id"
set_fact:
realm_management_client_id: "{{ realm_clients_json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?clientId=='realm-management'].id"
- name: "Printing realm management client id"
debug:
msg: "{{ realm_management_client_id }}"
when:
- debug
- name: "Reading available role mappings for realm management client"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}/available"
method: GET
headers:
Authorization: "Bearer {{ access_token}} "
status_code: [200]
register: realm_admin_user_client_available_roles_response
delegate_to: 127.0.0.1
- name: "Reading realm admin role id for management client"
set_fact:
realm_admin_role_id: "{{ realm_admin_user_client_available_roles_response.json | json_query(jmesquery) | first | default('None') }}"
vars:
jmesquery: "[?name=='realm-admin'].id"
- name: "Printing realm admin role id for management client"
debug:
msg: "{{ realm_admin_role_id }}"
when:
- debug
- name: "Adding realm admin role to user {{ realm_admin_user_id }}"
uri:
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ current_realm_name }}/users/{{ realm_admin_user_id }}/role-mappings/clients/{{ realm_management_client_id }}"
method: POST
body_format: json
body: "{{ lookup('template','keycloak-become-realm-admin-user.json.j2') }}"
headers:
Content-Type: "application/json"
Authorization: "Bearer {{ access_token }}"
status_code: [204]
changed_when: True
when: realm_admin_role_id != 'None'
delegate_to: 127.0.0.1
Reference in New Issue View Git Blame Copy Permalink