kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 15:39:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

web-app-keycloak: sync Google reCAPTCHA config from realm dictionary

Browse Source 
This adds update/06_recaptcha.yml to update the registration reCAPTCHA authenticator
from KEYCLOAK_DICTIONARY_REALM and wires it into the main Keycloak task flow.

Ref: https://chatgpt.com/share/6929f91c-cc98-800f-9562-1c6ea802d72d
This commit is contained in:
Kevin Veen-Birkenbach
2025-11-28 20:34:02 +01:00
parent c2a181edd4
commit 4dd1769225
2 changed files with 55 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
roles/web-app-keycloak/tasks/main.yml
View File

@@ -31,3 +31,8 @@
- name: "Load LDAP Update routines for '{{ application_id }}'" - name: "Load LDAP Update routines for '{{ application_id }}'"
include_tasks: update/05_ldap.yml include_tasks: update/05_ldap.yml
when: KEYCLOAK_LDAP_ENABLED | bool when: KEYCLOAK_LDAP_ENABLED | bool
- name: "Load reCAPTCHA Update routines for '{{ application_id }}'"
include_tasks: update/06_recaptcha.yml
when: applications | get_app_conf(application_id, 'features.recaptcha', False)

50
roles/web-app-keycloak/tasks/update/06_recaptcha.yml Normal file
View File

@@ -0,0 +1,50 @@
- name: "Extract Google reCAPTCHA config from realm dictionary"
set_fact:
kc_recaptcha_cfg: >-
{{
KEYCLOAK_DICTIONARY_REALM.authenticatorConfig
| selectattr('alias','equalto','Google reCaptcha')
| map(attribute='config')
| first | default({}, true)
}}
- name: "Sanity check: reCAPTCHA config exists in dictionary"
assert:
that:
- kc_recaptcha_cfg | length > 0
fail_msg: "Google reCAPTCHA config not found in KEYCLOAK_DICTIONARY_REALM.authenticatorConfig."
when: MODE_ASSERT | bool
- name: "Fetch executions of 'registration form' flow"
shell: >
{{ KEYCLOAK_EXEC_KCADM }} get
"authentication/flows/registration%20form/executions"
-r {{ KEYCLOAK_REALM }} --format json
register: kc_reg_exec
changed_when: false
- name: "Extract reCAPTCHA authenticator config id"
set_fact:
kc_recaptcha_cfg_id: >-
{{
kc_reg_exec.stdout | from_json
| selectattr('providerId','equalto','registration-recaptcha-action')
| map(attribute='authenticationConfig')
| first | default('')
}}
- name: "Update Google reCAPTCHA authenticator config from dictionary"
when: kc_recaptcha_cfg_id | length > 0
shell: |
cat <<'JSON' | {{ KEYCLOAK_EXEC_KCADM }} update authentication/config/{{ kc_recaptcha_cfg_id }} -r {{ KEYCLOAK_REALM }} -f -
{{
{
'alias': 'Google reCaptcha',
'config': kc_recaptcha_cfg
} | to_json
}}
JSON
register: kc_recaptcha_update
changed_when: kc_recaptcha_update.rc == 0
failed_when: kc_recaptcha_update.rc != 0
no_log: "{{ MASK_CREDENTIALS_IN_LOGS | bool }}"