feat: fully template keycloak clients

2025-12-06 06:41:36 +01:00 · 2023-01-10 23:03:34 +01:00
parent 93df06e477
commit 88ecce43b0
4 changed files with 43 additions and 35 deletions
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@@ -29,15 +29,26 @@ keycloak_clients:
        party_secret : "HISTORY_PURGED_SECRETKG0j"
        client_id: z_images
        client_secret: "HISTORY_PURGED_SECRET"
-        redirect_uris: '"https://images.atlantishq.de/*","https://images.athq.de/*","https://images.potaris.de/*"'
+        redirect_uris: 
+            - "https://images.atlantishq.de/*"
+            - "https://images.athq.de/*"
+            - "https://images.potaris.de/*"
+        description: "Images Factory"
+        keycloak_id: "00000000-0000-0000-0000-000000000001"
    simple-log-server:
        party_secret : "8fZpHISTORY_PURGED_SECRET"
        client_id: z_sls
        client_secret: ""
-        redirect_uris: '"https://sls.atlantishq.de/*"'
+        redirect_uris: 
+            - "https://sls.atlantishq.de/*"
+        description: "Simple Log Server"
+        keycloak_id: "00000000-0000-0000-0000-000000000002"

    soundlib-interface:
        party_secret : "zdHRHISTORY_PURGED_SECRET"
        client_id: z_soundlib
        client_secret: ""
-        redirect_uris: '"https://sounds.atlantishq.de/*"'
+        redirect_uris: 
+            - "https://sounds.atlantishq.de/*"
+        description: "Soundlib interface"
+        keycloak_id: "00000000-0000-0000-0000-000000000003"
--- a/roles/usermanagement/tasks/main.yaml
+++ b/roles/usermanagement/tasks/main.yaml
@@ -3,6 +3,11 @@
    name: /data/
    state: directory

+- name: Create keycloak psql mount
+  file:
+    name: /data/keycloak-postgres/
+    state: directory
+
 - name: Create compose directory keycloak
  file:
    name: "/opt/keycloak/"
@@ -39,33 +44,25 @@
  retries: 10
  delay: 20

-#- name: Image Client
-#  local_action:
-#    module: keycloak_client
-#    auth_client_id: admin-cli
-#    auth_keycloak_url: https://keycloak.atlantishq.de/
-#    auth_realm: master
-#    auth_username: admin
-#    auth_password: "{{ keycloak_admin_password }}"
-#    state: present
-#    realm: master
-#    client_id: web1
-#    id: 00000000-0000-0000-0000-000000000001
-#    name: Images Upload
-#    description: Client for Web1 Services
-#    enabled: True
-#    client_authenticator_type: client-secret
-#    secret: "{{ keycloak_images_client_secret }}"
-#    redirect_uris:
-#      - https://images.atlantishq.de/*
-#      - https://images.potaris.de/*
-#      - https://sls.atlantishq.de/*
-#      - https://sounds.potaris.de/*
-#      - https://serienampel.atlantishq.de/*
-#    web_origins:
-#      - https://images.atlantishq.de/*
-#      - https://images.potaris.de/*
-#      - https://sls.atlantishq.de/*
-#      - https://serienampel.atlantishq.de/*
-#    frontchannel_logout: False
-#    protocol: openid-connect
+- name: Create Keycloak Clients
+  local_action:
+    module: keycloak_client
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://keycloak.atlantishq.de/
+    auth_realm: master
+    auth_username: admin
+    auth_password: "{{ keycloak_admin_password }}"
+    state: present
+    realm: master
+    client_id: '{{ keycloak_clients[item]["client_id"] }}'
+    id: '{{ keycloak_clients[item]["keycloak_id"] }}'
+    name: '{{ keycloak_clients[item]["client_id"] }}'
+    description: '{{ keycloak_clients[item]["description"] }}'
+    enabled: True
+    client_authenticator_type: client-secret
+    secret: '{{ keycloak_clients[item]["client_secret"] }}'
+    redirect_uris: '{{ keycloak_clients[item]["redirect_uris"] }}'
+    web_origins: '{{ keycloak_clients[item]["redirect_uris"] }}'
+    frontchannel_logout: False
+    protocol: openid-connect
+  with_items: "{{ keycloak_clients.keys() | list }}"
--- a/roles/usermanagement/templates/keycloak.yaml
+++ b/roles/usermanagement/templates/keycloak.yaml
@@ -37,7 +37,7 @@ services:
    secrets:
    - postgres_password
    volumes:
-    - postgres-data:/var/lib/postgresql/data
+    - /data/keycloak-postgres/:/var/lib/postgresql/data

 secrets:
  postgres_password:
--- a/templates/oidc_client_secrets.json.j2
+++ b/templates/oidc_client_secrets.json.j2
@@ -5,7 +5,7 @@
        "client_id": "{{ keycloak_clients[item].client_id }}",
        "client_secret": "{{ keycloak_clients[item].client_secret }}",
        "redirect_uris": [
-            {{ keycloak_clients[item].redirect_uris }}
+            {{ '"' + keycloak_clients[item].redirect_uris | join('","') + '"' }}
        ],
        "userinfo_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/userinfo", 
        "token_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token",