2024-05-06 00:00:10 +00:00
|
|
|
- name: Import secret.yaml to obtain secrets
|
|
|
|
include_tasks: secrets.yaml
|
|
|
|
when:
|
|
|
|
- keycloak_use_external_db
|
|
|
|
- postgres_enabled is defined and postgres_enabled
|
|
|
|
|
|
|
|
- set_fact:
|
2024-05-25 15:12:30 +00:00
|
|
|
keycloak_combined_values: "{{ keycloak_default_values | combine(keycloak_values | default({}), recursive=true) }}"
|
2024-05-06 00:00:10 +00:00
|
|
|
|
|
|
|
- name: Deploy Keycloak
|
|
|
|
kubernetes.core.helm:
|
|
|
|
release_namespace: "{{ keycloak_namespace | default(namespace) }}"
|
|
|
|
release_name: "{{ keycloak_name | default('keycloak') }}"
|
|
|
|
chart_ref: "{{ keycloak_chart_ref }}"
|
|
|
|
chart_version: "{{ keycloak_version | default(omit) }}"
|
|
|
|
release_values: "{{ keycloak_combined_values | from_yaml }}"
|
|
|
|
|
|
|
|
- name: Wait Keycloak until HTTP status is 200
|
|
|
|
uri:
|
|
|
|
url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
return_content: yes
|
|
|
|
validate_certs: no
|
|
|
|
status_code:
|
|
|
|
- 200
|
|
|
|
until: uri_output.status == 200
|
|
|
|
retries: 24 # Retries for 24 * 5 seconds = 120 seconds = 2 minutes
|
|
|
|
delay: 5 # Every 5 seconds
|
|
|
|
register: uri_output
|
|
|
|
|
|
|
|
- name: Create or update Keycloak client, authentication with credentials
|
|
|
|
community.general.keycloak_client:
|
|
|
|
client_id: admin-cli
|
|
|
|
auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
auth_realm: master
|
|
|
|
auth_username: admin
|
|
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
|
|
state: present
|
|
|
|
- name: Create or update Keycloak realms
|
|
|
|
community.general.keycloak_realm:
|
|
|
|
auth_client_id: admin-cli
|
|
|
|
auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
auth_realm: master
|
|
|
|
auth_username: admin
|
|
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
|
|
id: "{{ item.id }}"
|
|
|
|
realm: "{{ item.realm }}"
|
|
|
|
state: "{{ item.state | default('present') }}"
|
|
|
|
enabled: "{{ item.enabled | default(true) }}"
|
|
|
|
loop: "{{ keycloak_realms }}"
|
|
|
|
- name: Create or update Keycloak clients
|
|
|
|
community.general.keycloak_client:
|
|
|
|
auth_client_id: admin-cli
|
|
|
|
auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
auth_realm: master
|
|
|
|
auth_username: admin
|
|
|
|
auth_password: "{{ keycloak_admin_password }}"
|
2024-05-13 01:20:08 +00:00
|
|
|
client_id: "{{ item.client_id }}"
|
2024-05-06 00:00:10 +00:00
|
|
|
realm: "{{ item.realm }}"
|
2024-05-13 01:20:08 +00:00
|
|
|
name: "{{ \"${client_\" + item.client_id + \"}\" }}"
|
2024-05-06 00:00:10 +00:00
|
|
|
protocol: openid-connect
|
|
|
|
public_client: "{{ item.public_client | default(false) }}"
|
|
|
|
standard_flow_enabled: "{{ item.standard_flow_enabled | default(true) }}"
|
|
|
|
implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(true) }}"
|
|
|
|
direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(true) }}"
|
|
|
|
state: "{{ item.state | default('present') }}"
|
|
|
|
protocol_mappers: "{{ keycloak_clients_default_protocol_mappings }}"
|
|
|
|
loop: "{{ keycloak_clients }}"
|
|
|
|
- name: Create Keycloak groups
|
|
|
|
community.general.keycloak_group:
|
|
|
|
auth_client_id: admin-cli
|
|
|
|
auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
auth_realm: master
|
|
|
|
auth_username: admin
|
|
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
|
|
realm: "{{ item.realm }}"
|
|
|
|
name: "{{ item.name }}"
|
|
|
|
state: "{{ item.state | default('present') }}"
|
|
|
|
loop: "{{ keycloak_groups }}"
|
|
|
|
- name: Create Keycloak users
|
|
|
|
community.general.keycloak_user:
|
|
|
|
auth_client_id: admin-cli
|
|
|
|
auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth"
|
|
|
|
auth_realm: master
|
|
|
|
auth_username: admin
|
|
|
|
auth_password: "{{ keycloak_admin_password }}"
|
|
|
|
realm: "{{ item.realm }}"
|
|
|
|
state: "{{ item.state | default('present') }}"
|
|
|
|
username: "{{ item.username }}"
|
|
|
|
firstName: "{{ item.firstName }}"
|
|
|
|
lastName: "{{ item.lastName }}"
|
|
|
|
email: "{{ item.email | default( item.username + '@' + domain) }}"
|
|
|
|
enabled: "{{ item.enabled | default(true) }}"
|
|
|
|
emailVerified: "{{ item.emailVerified | default(true) }}"
|
|
|
|
credentials: "{{ item.credentials }}"
|
|
|
|
groups: "{{ item.groups }}"
|
|
|
|
loop: "{{ keycloak_users }}"
|