Add base role and playbook, molecule configuration

2026-06-13 20:15:55 +00:00 · 2021-12-14 11:26:42 +01:00
parent b23c54409f
commit 187473447d
35 changed files with 3658 additions and 0 deletions
--- a/roles/keycloak/tasks/manage_realm.yml
+++ b/roles/keycloak/tasks/manage_realm.yml
@@ -0,0 +1,73 @@
+---
+- name: Generate keycloak auth token
+  uri:
+    url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
+    method: POST
+    body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
+    validate_certs: no
+  register: keycloak_auth_response
+  until: keycloak_auth_response.status == 200
+  retries: 5
+  delay: 2
+
+- name: "Determine if realm exists"
+  uri:
+    url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
+    method: GET
+    status_code:
+      - 200
+      - 404
+    headers:
+      Accept: "application/json"
+      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+  register: keycloak_realm_exists
+
+- name: Create Realm
+  uri:
+    url: "{{ keycloak_url }}/auth/admin/realms"
+    method: POST
+    body: "{{ lookup('template','realm.json.j2') }}"
+    validate_certs: no
+    body_format: json
+    headers:
+      Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+    status_code: 201
+  when: keycloak_realm_exists.status == 404
+
+- name: Create Client
+  community.general.keycloak_client:
+    auth_client_id: "{{ keycloak_auth_client }}"
+    auth_keycloak_url: "{{ keycloak_url }}/auth"
+    auth_realm: "{{ keycloak_auth_realm }}"
+    auth_username: "{{ keycloak_admin_user }}"
+    auth_password: "{{ keycloak_admin_password }}"
+    client_id: "{{ item.name }}"
+    realm: "{{ item.realm }}"
+    default_roles: "{{ item.roles | default(omit) }}"
+    root_url: "{{ item.root_url | default('') }}"
+    redirect_uris: "{{ demo_app_redirect_uris | default([]) }}"
+    public_client: "{{ item.public_client | default(False) }}"
+    web_origins: "{{ item.web_origins | default('+') }}"
+    state: present
+  register: create_client_result
+  loop: "{{ keycloak_clients | flatten }}"
+
+- name: Create client roles
+  include_tasks: manage_client_roles.yml
+  when: keycloak_rhsso_enable
+  loop: "{{ keycloak_clients | flatten }}"
+  loop_control:
+    loop_var: client
+
+- name: Manage Users
+  include_tasks: manage_user.yml
+  loop: "{{ keycloak_users }}"
+  loop_control:
+    loop_var: user
+
+- name: Manage User Roles
+  include_tasks: manage_user_roles.yml
+  loop: "{{ keycloak_users | flatten }}"
+  loop_control:
+    loop_var: user
+  when: "'client_roles' in user"