Raw refactoring of roles

2025-08-29 15:06:26 +02:00 · 2025-05-09 17:47:33 +02:00
parent 82f442f40e
commit 5b47333955
177 changed files with 1483 additions and 1041 deletions
--- a/roles/docker-keycloak/meta/schema.yml
+++ b/roles/docker-keycloak/meta/schema.yml
@@ -0,0 +1,10 @@
+credentials:
+  database_password:
+    description: "Password for the Keycloak PostgreSQL database"
+    algorithm: "bcrypt"
+    validation: "^\\$2[aby]\\$.{56}$"
+
+  administrator_password:
+    description: "Password for the Keycloak administrator user (used in bootstrap and CLI access)"
+    algorithm: "sha256"
+    validation: "^[a-f0-9]{64}$"
--- a/roles/docker-keycloak/templates/env.j2
+++ b/roles/docker-keycloak/templates/env.j2
@@ -10,13 +10,13 @@ KC_HTTP_ENABLED=                true
 KC_HEALTH_ENABLED=              true
 KC_METRICS_ENABLED=             true

-KEYCLOAK_ADMIN=                 "{{applications.keycloak.users.administrator.username}}"
-KEYCLOAK_ADMIN_PASSWORD=        "{{applications.keycloak.administrator_password}}"
+KEYCLOAK_ADMIN=                 "{{applications[application_id].users.administrator.username}}"
+KEYCLOAK_ADMIN_PASSWORD=        "{{applications[application_id].credentials.administrator_password}}"
 KC_DB=                          postgres
 KC_DB_URL=                      {{database_url_jdbc}}
 KC_DB_USERNAME=                 {{database_username}}
 KC_DB_PASSWORD=                 {{database_password}}

 # If the initial administrator already exists and the environment variables are still present at startup, an error message stating the failed creation of the initial administrator is shown in the logs. Keycloak ignores the values and starts up correctly.
-KC_BOOTSTRAP_ADMIN_USERNAME=    {{users.administrator.username}}
-KC_BOOTSTRAP_ADMIN_PASSWORD=    {{users.administrator.password}}
+KC_BOOTSTRAP_ADMIN_USERNAME=    "{{applications[application_id].users.administrator.username}}"
+KC_BOOTSTRAP_ADMIN_PASSWORD=    "{{applications[application_id].credentials.administrator_password}}"
--- a/roles/docker-keycloak/vars/configuration.yml
+++ b/roles/docker-keycloak/vars/configuration.yml
@@ -0,0 +1,15 @@
+version:              "latest"
+users:
+  administrator:
+    username:         "{{users.administrator.username}}"  # Administrator Username for Keycloak
+import_realm:         True                                # If True realm will be imported. If false skip.
+credentials:
+#   database_password:                                    # Needs to be defined in inventory file
+#   administrator_password:                               # Needs to be defined in inventory file
+features:
+  matomo:             true
+  css:                true
+  landingpage_iframe: true
+  ldap:               true
+  central_database:   true
+  recaptcha:          true
--- a/roles/docker-keycloak/vars/main.yml
+++ b/roles/docker-keycloak/vars/main.yml
@@ -1,6 +1,6 @@
 application_id:  	        "keycloak"
 database_type:            "postgres"
-database_password:        "{{applications.keycloak.credentials.database.password}}"
+database_password:        "{{applications[application_id].credentials.database_password}}"
 container_name:           "{{application_id}}_application"
 realm:                    "{{primary_domain}}"                              # This is the name of the default realm which is used by the applications
 import_directory_host:    "{{docker_compose.directories.volumes}}import/"   # Directory in which keycloack import files are placed on the host