feat: fully template keycloak clients

2025-12-10 08:58:36 +01:00 · 2023-01-10 23:03:34 +01:00
parent 93df06e477
commit 88ecce43b0
4 changed files with 43 additions and 35 deletions
--- a/roles/usermanagement/tasks/main.yaml
+++ b/roles/usermanagement/tasks/main.yaml
@@ -3,6 +3,11 @@
    name: /data/
    state: directory

+- name: Create keycloak psql mount
+  file:
+    name: /data/keycloak-postgres/
+    state: directory
+
 - name: Create compose directory keycloak
  file:
    name: "/opt/keycloak/"
@@ -39,33 +44,25 @@
  retries: 10
  delay: 20

-#- name: Image Client
-#  local_action:
-#    module: keycloak_client
-#    auth_client_id: admin-cli
-#    auth_keycloak_url: https://keycloak.atlantishq.de/
-#    auth_realm: master
-#    auth_username: admin
-#    auth_password: "{{ keycloak_admin_password }}"
-#    state: present
-#    realm: master
-#    client_id: web1
-#    id: 00000000-0000-0000-0000-000000000001
-#    name: Images Upload
-#    description: Client for Web1 Services
-#    enabled: True
-#    client_authenticator_type: client-secret
-#    secret: "{{ keycloak_images_client_secret }}"
-#    redirect_uris:
-#      - https://images.atlantishq.de/*
-#      - https://images.potaris.de/*
-#      - https://sls.atlantishq.de/*
-#      - https://sounds.potaris.de/*
-#      - https://serienampel.atlantishq.de/*
-#    web_origins:
-#      - https://images.atlantishq.de/*
-#      - https://images.potaris.de/*
-#      - https://sls.atlantishq.de/*
-#      - https://serienampel.atlantishq.de/*
-#    frontchannel_logout: False
-#    protocol: openid-connect
+- name: Create Keycloak Clients
+  local_action:
+    module: keycloak_client
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://keycloak.atlantishq.de/
+    auth_realm: master
+    auth_username: admin
+    auth_password: "{{ keycloak_admin_password }}"
+    state: present
+    realm: master
+    client_id: '{{ keycloak_clients[item]["client_id"] }}'
+    id: '{{ keycloak_clients[item]["keycloak_id"] }}'
+    name: '{{ keycloak_clients[item]["client_id"] }}'
+    description: '{{ keycloak_clients[item]["description"] }}'
+    enabled: True
+    client_authenticator_type: client-secret
+    secret: '{{ keycloak_clients[item]["client_secret"] }}'
+    redirect_uris: '{{ keycloak_clients[item]["redirect_uris"] }}'
+    web_origins: '{{ keycloak_clients[item]["redirect_uris"] }}'
+    frontchannel_logout: False
+    protocol: openid-connect
+  with_items: "{{ keycloak_clients.keys() | list }}"
--- a/roles/usermanagement/templates/keycloak.yaml
+++ b/roles/usermanagement/templates/keycloak.yaml
@@ -37,7 +37,7 @@ services:
    secrets:
    - postgres_password
    volumes:
-    - postgres-data:/var/lib/postgresql/data
+    - /data/keycloak-postgres/:/var/lib/postgresql/data

 secrets:
  postgres_password: