- name: Import secret.yaml to obtain secrets include_tasks: secrets.yaml when: - keycloak_use_external_db - postgres_enabled is defined and postgres_enabled - set_fact: keycloak_combined_values: "{{ keycloak_default_values | combine(keycloak_values | default({}), recursive=true) }}" - name: Deploy Keycloak kubernetes.core.helm: release_namespace: "{{ keycloak_namespace | default(namespace) }}" release_name: "{{ keycloak_name | default('keycloak') }}" chart_ref: "{{ keycloak_chart_ref }}" chart_version: "{{ keycloak_version | default(omit) }}" release_values: "{{ keycloak_combined_values | from_yaml }}" - name: Wait Keycloak until HTTP status is 200 uri: url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" return_content: yes validate_certs: no status_code: - 200 until: uri_output.status == 200 retries: 24 # Retries for 24 * 5 seconds = 120 seconds = 2 minutes delay: 5 # Every 5 seconds register: uri_output - name: Create or update Keycloak client, authentication with credentials community.general.keycloak_client: client_id: admin-cli auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" auth_realm: master auth_username: admin auth_password: "{{ keycloak_admin_password }}" state: present - name: Create or update Keycloak realms community.general.keycloak_realm: auth_client_id: admin-cli auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" auth_realm: master auth_username: admin auth_password: "{{ keycloak_admin_password }}" id: "{{ item.id }}" realm: "{{ item.realm }}" state: "{{ item.state | default('present') }}" enabled: "{{ item.enabled | default(true) }}" loop: "{{ keycloak_realms }}" - name: Create or update Keycloak clients community.general.keycloak_client: auth_client_id: admin-cli auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" auth_realm: master auth_username: admin auth_password: "{{ keycloak_admin_password }}" client_id: "{{ item.client_id }}" realm: "{{ item.realm }}" name: "{{ \"${client_\" + item.client_id + \"}\" }}" protocol: openid-connect public_client: "{{ item.public_client | default(false) }}" standard_flow_enabled: "{{ item.standard_flow_enabled | default(true) }}" implicit_flow_enabled: "{{ item.implicit_flow_enabled | default(true) }}" direct_access_grants_enabled: "{{ item.direct_access_grants_enabled | default(true) }}" state: "{{ item.state | default('present') }}" protocol_mappers: "{{ keycloak_clients_default_protocol_mappings }}" loop: "{{ keycloak_clients }}" - name: Create Keycloak groups community.general.keycloak_group: auth_client_id: admin-cli auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" auth_realm: master auth_username: admin auth_password: "{{ keycloak_admin_password }}" realm: "{{ item.realm }}" name: "{{ item.name }}" state: "{{ item.state | default('present') }}" loop: "{{ keycloak_groups }}" - name: Create Keycloak users community.general.keycloak_user: auth_client_id: admin-cli auth_keycloak_url: "https://{{ keycloak_short_name }}.{{ domain }}/auth" auth_realm: master auth_username: admin auth_password: "{{ keycloak_admin_password }}" realm: "{{ item.realm }}" state: "{{ item.state | default('present') }}" username: "{{ item.username }}" firstName: "{{ item.firstName }}" lastName: "{{ item.lastName }}" email: "{{ item.email | default( item.username + '@' + domain) }}" enabled: "{{ item.enabled | default(true) }}" emailVerified: "{{ item.emailVerified | default(true) }}" credentials: "{{ item.credentials }}" groups: "{{ item.groups }}" loop: "{{ keycloak_users }}"