sheppy/no-secrets-athq-ansible
1
0
Fork 0
mirror of https://github.com/FAUSheppy/no-secrets-athq-ansible synced 2025-12-06 18:01:37 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat: fully template keycloak clients

Browse Source
This commit is contained in:
Johnathen Sheppard
2023-01-10 23:03:34 +01:00
parent 93df06e477
commit 88ecce43b0
4 changed files with 43 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
group_vars/all.yaml
View File

@@ -29,15 +29,26 @@ keycloak_clients:
party_secret : "HISTORY_PURGED_SECRETKG0j" party_secret : "HISTORY_PURGED_SECRETKG0j"
client_id: z_images client_id: z_images
client_secret: "HISTORY_PURGED_SECRET" client_secret: "HISTORY_PURGED_SECRET"
redirect_uris: '"https://images.atlantishq.de/*","https://images.athq.de/*","https://images.potaris.de/*"' redirect_uris:
- "https://images.atlantishq.de/*"
- "https://images.athq.de/*"
- "https://images.potaris.de/*"
description: "Images Factory"
keycloak_id: "00000000-0000-0000-0000-000000000001"
simple-log-server: simple-log-server:
party_secret : "8fZpHISTORY_PURGED_SECRET" party_secret : "8fZpHISTORY_PURGED_SECRET"
client_id: z_sls client_id: z_sls
client_secret: "" client_secret: ""
redirect_uris: '"https://sls.atlantishq.de/*"' redirect_uris:
- "https://sls.atlantishq.de/*"
description: "Simple Log Server"
keycloak_id: "00000000-0000-0000-0000-000000000002"
soundlib-interface: soundlib-interface:
party_secret : "zdHRHISTORY_PURGED_SECRET" party_secret : "zdHRHISTORY_PURGED_SECRET"
client_id: z_soundlib client_id: z_soundlib
client_secret: "" client_secret: ""
redirect_uris: '"https://sounds.atlantishq.de/*"' redirect_uris:
- "https://sounds.atlantishq.de/*"
description: "Soundlib interface"
keycloak_id: "00000000-0000-0000-0000-000000000003"

57
roles/usermanagement/tasks/main.yaml
View File

@@ -3,6 +3,11 @@
name: /data/ name: /data/
state: directory state: directory
- name: Create keycloak psql mount
file:
name: /data/keycloak-postgres/
state: directory
- name: Create compose directory keycloak - name: Create compose directory keycloak
file: file:
name: "/opt/keycloak/" name: "/opt/keycloak/"
@@ -39,33 +44,25 @@
retries: 10 retries: 10
delay: 20 delay: 20
#- name: Image Client - name: Create Keycloak Clients
# local_action: local_action:
# module: keycloak_client module: keycloak_client
# auth_client_id: admin-cli auth_client_id: admin-cli
# auth_keycloak_url: https://keycloak.atlantishq.de/ auth_keycloak_url: https://keycloak.atlantishq.de/
# auth_realm: master auth_realm: master
# auth_username: admin auth_username: admin
# auth_password: "{{ keycloak_admin_password }}" auth_password: "{{ keycloak_admin_password }}"
# state: present state: present
# realm: master realm: master
# client_id: web1 client_id: '{{ keycloak_clients[item]["client_id"] }}'
# id: 00000000-0000-0000-0000-000000000001 id: '{{ keycloak_clients[item]["keycloak_id"] }}'
# name: Images Upload name: '{{ keycloak_clients[item]["client_id"] }}'
# description: Client for Web1 Services description: '{{ keycloak_clients[item]["description"] }}'
# enabled: True enabled: True
# client_authenticator_type: client-secret client_authenticator_type: client-secret
# secret: "{{ keycloak_images_client_secret }}" secret: '{{ keycloak_clients[item]["client_secret"] }}'
# redirect_uris: redirect_uris: '{{ keycloak_clients[item]["redirect_uris"] }}'
# - https://images.atlantishq.de/* web_origins: '{{ keycloak_clients[item]["redirect_uris"] }}'
# - https://images.potaris.de/* frontchannel_logout: False
# - https://sls.atlantishq.de/* protocol: openid-connect
# - https://sounds.potaris.de/* with_items: "{{ keycloak_clients.keys() | list }}"
# - https://serienampel.atlantishq.de/*
# web_origins:
# - https://images.atlantishq.de/*
# - https://images.potaris.de/*
# - https://sls.atlantishq.de/*
# - https://serienampel.atlantishq.de/*
# frontchannel_logout: False
# protocol: openid-connect

2
roles/usermanagement/templates/keycloak.yaml
View File

@@ -37,7 +37,7 @@ services:
secrets: secrets:
- postgres_password - postgres_password
volumes: volumes:
- postgres-data:/var/lib/postgresql/data - /data/keycloak-postgres/:/var/lib/postgresql/data
secrets: secrets:
postgres_password: postgres_password:

2
templates/oidc_client_secrets.json.j2
View File

@@ -5,7 +5,7 @@
"client_id": "{{ keycloak_clients[item].client_id }}", "client_id": "{{ keycloak_clients[item].client_id }}",
"client_secret": "{{ keycloak_clients[item].client_secret }}", "client_secret": "{{ keycloak_clients[item].client_secret }}",
"redirect_uris": [ "redirect_uris": [
{{ keycloak_clients[item].redirect_uris }} {{ '"' + keycloak_clients[item].redirect_uris | join('","') + '"' }}
], ],
"userinfo_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/userinfo", "userinfo_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/userinfo",
"token_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token", "token_uri": "https://{{ keycloak_address }}/realms/master/protocol/openid-connect/token",