You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
57 lines
2.1 KiB
YAML
57 lines
2.1 KiB
YAML
---
|
|
- name: "GETTING all groups for realm <<{{ realm_name }}>>"
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
uri:
|
|
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/groups"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ bearer_token }} "
|
|
status_code: [200]
|
|
register: get_all_groups
|
|
|
|
- name: "GETTING all users for realm <<{{ realm_name }}>>"
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
uri:
|
|
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ bearer_token }} "
|
|
status_code: [200]
|
|
register: get_all_users
|
|
|
|
- set_fact:
|
|
group_id: '{{ ( get_all_groups.json | selectattr("name","equalto",destination_group) | first ).id }}'
|
|
user_id: '{{ ( get_all_users.json | selectattr("username","equalto",username) | first ).id }}'
|
|
|
|
- name: "GETTING all group for user <<{{ username }}>> in realm<<{{ realm_name }}>>"
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
uri:
|
|
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/"
|
|
method: GET
|
|
headers:
|
|
Authorization: "Bearer {{ bearer_token }} "
|
|
status_code: [200]
|
|
register: get_all_groups_for_current_user
|
|
|
|
- set_fact:
|
|
already_in_group: '{{ get_all_groups_for_current_user.json | selectattr("name","equalto",destination_group) }}'
|
|
|
|
- name: "ADDING USER <{{ client_id }}> for realm <{{ realm_name }}> to Group <<{{ destination_group }}>>"
|
|
delegate_to: 127.0.0.1
|
|
become: false
|
|
uri:
|
|
url: "{{ keycloak_server_url }}/auth/admin/realms/{{ realm_name }}/users/{{ user_id }}/groups/{{ group_id }}"
|
|
method: PUT
|
|
body_format: json
|
|
headers:
|
|
Authorization: "Bearer {{ bearer_token }} "
|
|
status_code: [204]
|
|
changed_when: True
|
|
when:
|
|
- get_all_users.json | selectattr("username", "equalto", username) | list | length == 1
|
|
- get_all_groups.json | selectattr("name", "equalto", destination_group) | list | length == 1
|
|
- get_all_groups_for_current_user.json | selectattr("name", "equalto", destination_group) | list | length == 0 # do PUT-reqeust only if user is not member of group
|