kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 15:06:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(keycloak): implement SPOT with Realm

Browse Source 
Replace 01_import.yml with 01_initialize.yml (KEYCLOAK_HOST_IMPORT_DIR)
Add generic 02_update.yml (kcadm updater for clients/components)
- Resolve ID → read current → merge (kc_merge_path optional)
- Preserve immutable fields; support kc_force_attrs
Update tasks/main.yml:
- Readiness via KEYCLOAK_MASTER_REALM_URL; kcadm login
- Merge LDAP component config from Realm when KEYCLOAK_LDAP_ENABLED
- Update client settings incl. frontchannel.logout.url
realm.json.j2: include ldap.json in UserStorageProvider
ldap.json.j2: use KEYCLOAK_LDAP_* vars for bindDn/credential/connectionUrl
vars/main.yml: add KEYCLOAK_* URLs/dirs and KEYCLOAK_DICTIONARY_REALM(_RAW)
docker-compose.yml.j2: mount KEYCLOAK_HOST_IMPORT_DIR
Cleanup: remove 02_update_client_redirects.yml, 03_update-ldap-bind.yml, 04_ssh_public_key.yml; drop obsolete config flag; formatting

Note: redirectUris/webOrigins ordering may still cause changed=true; consider sorting for stability in a follow-up.
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-17 14:27:33 +02:00
parent 20c8d46f54
commit 7d0502ebc5
14 changed files with 182 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
roles/web-app-keycloak/config/main.yml
View File

@@ -1,10 +1,9 @@
actions:
import_realm: True # Import REALM
update_ldap_bind: True # Updates LDAP binds
features:
matomo: true
css: true
desktop: true
desktop: true
ldap: true
central_database: true
recaptcha: true