gitea-admin
/
hetzner-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
prodnso
main
qa
feature/DEV-655
feature/SC-124
feature/SC-55
feature/DEV-470_2nd
feature/DEV-380_2nd
feature/DEV-380
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f96a7da1c2'
${ noResults }
hetzner-ansible/roles/keycloak_realm/tasks/main.yml

79 lines
2.2 KiB
YAML
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

---
- name: "Authenticate on keycloak for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _authenticate
- name: "Deleting realm <{{ current_realm_name }}>"
community.general.keycloak_realm:
id: "{{ current_realm_name }}"
realm: "{{ current_realm_name }}"
auth_realm: "master"
auth_client_id: "admin-cli"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
state: absent
tags:
- always
when:
- keycloak_force_prune
- name: "Setup realm for {{ inventory_hostname }}"
include_role:
name: keycloak
tasks_from: _configure_realm
- name: "Create realm users"
include_role:
name: keycloak
tasks_from: _create_realm_groups
- name: "Create realm users"
include_role:
name: keycloak
tasks_from: _create_realm_users
- name: "Create realm admin"
include_role:
name: keycloak
tasks_from: _create_realm_admin
- name: "Create user group mappings"
include_role:
name: keycloak
tasks_from: _configure_user_groupmembership_crud
vars:
realm_name: '{{ current_realm_name }}'
bearer_token: '{{ access_token }}'
username: '{{ item.username }}'
destination_group: '{{ item.destination_group }}'
loop: "{{ current_user_groupmembership | default([]) }}"
loop_control:
label: "{{ item.username }} >> {{ item.destination_group }}"
- name: "Create custom clientscope mappers"
delegate_to: 127.0.0.1
become: false
community.general.keycloak_clientscope:
auth_client_id: "admin-cli"
auth_keycloak_url: "{{ shared_service_url_keycloak }}/auth"
auth_realm: "master"
auth_username: "{{ keycloak_admin_username }}"
auth_password: "{{ keycloak_admin_password }}"
name: "groups"
realm: "{{ current_realm_name }}"
protocol: "openid-connect"
protocol_mappers:
# add custom group mapper to avoid paths in group names
- name: "groups"
protocol: "openid-connect"
protocolMapper: "oidc-group-membership-mapper"
config:
access.token.claim: true
claim.name: "groups"
full.path: false
id.token.claim: true
userinfo.token.claim: true
Reference in New Issue View Git Blame Copy Permalink