Optimized RBAC variables and async in keycloak

2025-10-31 10:19:09 +00:00 · 2025-08-18 00:15:41 +02:00
parent 6443771d93
commit 29df95ed82
5 changed files with 9 additions and 7 deletions
--- a/roles/web-app-keycloak/tasks/05_rbac_client_scope.yml
+++ b/roles/web-app-keycloak/tasks/05_rbac_client_scope.yml
@@ -5,7 +5,7 @@
    {{
      (
        KEYCLOAK_DICTIONARY_REALM.clientScopes
-        | selectattr('name','equalto', KEYCLOAK_RBAC_GROUP_CLAIME)
+        | selectattr('name','equalto', KEYCLOAK_RBAC_GROUP_CLAIM)
        | list | first
      ) | to_json
    }}
@@ -27,7 +27,7 @@
    scope_id_rbac: >-
      {{ (
          all_scopes.stdout | from_json
-          | selectattr('name','equalto', KEYCLOAK_RBAC_GROUP_CLAIME)
+          | selectattr('name','equalto', KEYCLOAK_RBAC_GROUP_CLAIM)
          | list | first | default({})
        ).id | default('') }}

@@ -70,3 +70,5 @@
  register: add_opt
  changed_when: true
  failed_when: add_opt.rc != 0
+  async: "{{ ASYNC_TIME if ASYNC_ENABLED | bool else omit }}"
+  poll:  "{{ ASYNC_POLL if ASYNC_ENABLED | bool else omit }}"
--- a/roles/web-app-keycloak/templates/import/clients/default.json.j2
+++ b/roles/web-app-keycloak/templates/import/clients/default.json.j2
@@ -54,7 +54,7 @@
    "organization",
    "offline_access",
    "microprofile-jwt",
-    "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}",
+    "{{ KEYCLOAK_RBAC_GROUP_CLAIM }}",
    "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
  ]
 }
--- a/roles/web-app-keycloak/templates/import/realm.json.j2
+++ b/roles/web-app-keycloak/templates/import/realm.json.j2
@@ -1430,7 +1430,7 @@
    "phone",
    "microprofile-jwt",
    "organization",
-    "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}",
+    "{{ KEYCLOAK_RBAC_GROUP_CLAIM }}",
    "{{ applications | get_app_conf(application_id, 'scopes.nextcloud', True) }}"
  ],
  "browserSecurityHeaders": {
--- a/roles/web-app-keycloak/templates/import/scopes/rbac.json.j2
+++ b/roles/web-app-keycloak/templates/import/scopes/rbac.json.j2
@@ -1,5 +1,5 @@
 {
-  "name": "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}",
+  "name": "{{ KEYCLOAK_RBAC_GROUP_CLAIM }}",
  "description": "RBAC Groups",
  "protocol": "openid-connect",
  "attributes": {
@@ -22,7 +22,7 @@
        "id.token.claim": "true",
        "lightweight.claim": "false",
        "access.token.claim": "true",
-        "claim.name": "{{ KEYCLOAK_RBAC_GROUP_CLAIME }}"
+        "claim.name": "{{ KEYCLOAK_RBAC_GROUP_CLAIM }}"
      }
    }
  ]
--- a/roles/web-app-keycloak/vars/main.yml
+++ b/roles/web-app-keycloak/vars/main.yml
@@ -14,7 +14,7 @@ KEYCLOAK_SERVER_INTERNAL_URL:       "http://127.0.0.1:8080"
 KEYCLOAK_LOAD_DEPENDENCIES:         "{{ applications | get_app_conf(application_id, 'load_dependencies') }}"

 # RBAC
-KEYCLOAK_RBAC_GROUP_CLAIME:         "{{ RBAC.GROUP.CLAIM }}"
+KEYCLOAK_RBAC_GROUP_CLAIM:         "{{ RBAC.GROUP.CLAIM }}"
 KEYCLOAK_RBAC_GROUP_NAME:           "{{ RBAC.GROUP.NAME }}"

 ## Health