ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-09 04:10:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #69 from guidograzioli/keycloak_realm_attrs

Browse source 
Pass attributes to realm clients
This commit is contained in:
Guido Grazioli 2023-04-01 12:20:06 +02:00 committed by GitHub
commit c0b72b6890
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 33 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
molecule/default/converge.yml
View file

@ -45,6 +45,8 @@
web_origins: "{{ keycloak_client_web_origins }}" web_origins: "{{ keycloak_client_web_origins }}"
users: "{{ keycloak_client_users }}" users: "{{ keycloak_client_users }}"
client_id: TestClient client_id: TestClient
attributes:
post.logout.redirect.uris: '/public/logout'
pre_tasks: pre_tasks:
- name: "Retrieve assets server from env" - name: "Retrieve assets server from env"
ansible.builtin.set_fact: ansible.builtin.set_fact:

33
molecule/default/verify.yml
View file

@ -4,7 +4,7 @@
vars: vars:
keycloak_admin_password: "remembertochangeme" keycloak_admin_password: "remembertochangeme"
keycloak_jvm_package: java-11-openjdk-headless keycloak_jvm_package: java-11-openjdk-headless
keycloak_port: http://localhost:8080 keycloak_uri: http://localhost:8080
keycloak_management_port: http://localhost:9990 keycloak_management_port: http://localhost:9990
tasks: tasks:
- name: Populate service facts - name: Populate service facts
@ -17,13 +17,40 @@
- name: Verify we are running on requested jvm - name: Verify we are running on requested jvm
shell: | shell: |
ps -ef | grep /usr/lib/jvm/java-11 | grep -v grep ps -ef | grep /usr/lib/jvm/java-11 | grep -v grep
changed_when: no
- name: Verify token api call - name: Verify token api call
ansible.builtin.uri: ansible.builtin.uri:
url: "{{ keycloak_port }}/auth/realms/master/protocol/openid-connect/token" url: "{{ keycloak_uri }}/auth/realms/master/protocol/openid-connect/token"
method: POST method: POST
body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password" body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password"
validate_certs: no validate_certs: no
register: keycloak_auth_response register: keycloak_auth_response
until: keycloak_auth_response.status == 200 until: keycloak_auth_response.status == 200
retries: 2 retries: 2
delay: 2 delay: 2
- name: Fetch openid-connect config
ansible.builtin.uri:
url: "{{ keycloak_uri }}/auth/realms/TestRealm/.well-known/openid-configuration"
method: GET
validate_certs: no
status_code: 200
register: keycloak_openid_config
- name: Verify expected config
ansible.builtin.assert:
that:
- keycloak_openid_config.json.registration_endpoint == 'http://localhost:8080/auth/realms/TestRealm/clients-registrations/openid-connect'
- name: Get test realm clients
ansible.builtin.uri:
url: "{{ keycloak_uri }}/auth/admin/realms/TestRealm/clients"
method: GET
validate_certs: no
status_code: 200
headers:
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
register: keycloak_query_clients
- debug:
msg: "{{ keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') }}"
- name: Verify expected config
ansible.builtin.assert:
that:
- (keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') | first)["attributes"]["post.logout.redirect.uris"] == '/public/logout'

1
roles/keycloak_realm/tasks/main.yml
View file

@ -90,6 +90,7 @@
service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}" service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
public_client: "{{ item.public_client | default(False) }}" public_client: "{{ item.public_client | default(False) }}"
protocol: "{{ item.protocol | default(omit) }}" protocol: "{{ item.protocol | default(omit) }}"
attributes: "{{ item.attributes | default(omit) }}"
state: present state: present
no_log: "{{ keycloak_no_log | default('True') }}" no_log: "{{ keycloak_no_log | default('True') }}"
register: create_client_result register: create_client_result