Raw refactoring of roles

This commit is contained in:
2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions

View File

@@ -0,0 +1,10 @@
credentials:
database_password:
description: "Password for the Keycloak PostgreSQL database"
algorithm: "bcrypt"
validation: "^\\$2[aby]\\$.{56}$"
administrator_password:
description: "Password for the Keycloak administrator user (used in bootstrap and CLI access)"
algorithm: "sha256"
validation: "^[a-f0-9]{64}$"

View File

@@ -10,13 +10,13 @@ KC_HTTP_ENABLED= true
KC_HEALTH_ENABLED= true
KC_METRICS_ENABLED= true
KEYCLOAK_ADMIN= "{{applications.keycloak.users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications.keycloak.administrator_password}}"
KEYCLOAK_ADMIN= "{{applications[application_id].users.administrator.username}}"
KEYCLOAK_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"
KC_DB= postgres
KC_DB_URL= {{database_url_jdbc}}
KC_DB_USERNAME= {{database_username}}
KC_DB_PASSWORD= {{database_password}}
# If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
KC_BOOTSTRAP_ADMIN_USERNAME= {{users.administrator.username}}
KC_BOOTSTRAP_ADMIN_PASSWORD= {{users.administrator.password}}
KC_BOOTSTRAP_ADMIN_USERNAME= "{{applications[application_id].users.administrator.username}}"
KC_BOOTSTRAP_ADMIN_PASSWORD= "{{applications[application_id].credentials.administrator_password}}"

View File

@@ -0,0 +1,15 @@
version: "latest"
users:
administrator:
username: "{{users.administrator.username}}" # Administrator Username for Keycloak
import_realm: True # If True realm will be imported. If false skip.
credentials:
# database_password: # Needs to be defined in inventory file
# administrator_password: # Needs to be defined in inventory file
features:
matomo: true
css: true
landingpage_iframe: true
ldap: true
central_database: true
recaptcha: true

View File

@@ -1,6 +1,6 @@
application_id: "keycloak"
database_type: "postgres"
database_password: "{{applications.keycloak.credentials.database.password}}"
database_password: "{{applications[application_id].credentials.database_password}}"
container_name: "{{application_id}}_application"
realm: "{{primary_domain}}" # This is the name of the default realm which is used by the applications
import_directory_host: "{{docker_compose.directories.volumes}}import/" # Directory in which keycloack import files are placed on the host