Added SSH Public Key Logic for keycloak

roles/docker-keycloak/tasks/attributes/ssh_public_key.yml

@@ -0,0 +1,82 @@
+- name: "Wait until Keycloak is reachable at {{ keycloak_server_host_url }}"
+  uri:
+    url: "{{ keycloak_server_host_url }}/realms/master"
+    method: GET
+    status_code: 200
+    validate_certs: false
+  register: keycloak_check
+  retries: 30
+  delay: 5
+  until: keycloak_check.status == 200
+
+# Configure Credentials
+- name: Ensure Keycloak CLI credentials are configured
+  shell: |
+    {{ keycloak_kcadm_path }} config credentials \
+      --server {{ keycloak_server_internal_url }} \
+      --realm master \
+      --user {{ keycloak_administrator_username }} \
+      --password {{ keycloak_administrator_password }}
+
+# LDAP Source
+- name: Get ID of LDAP storage provider
+  shell: |
+    {{ keycloak_kcadm_path }} get components \
+      -r {{ keycloak_realm }} \
+      --query 'providerId=ldap' \
+      --fields id,name \
+      --format json
+  register: ldap_components
+
+- name: Extract LDAP component ID
+  set_fact:
+    ldap_component_id: "{{ (ldap_components.stdout | from_json)[0].id }}"
+
+- name: Ensure {{ ldap.attributes.ssh_public_key }} LDAP Mapper exists
+  shell: |
+    docker exec -i keycloak_application bash -c '
+      /opt/keycloak/bin/kcadm.sh get components -r {{ keycloak_realm }} \
+      | grep -q "\"name\" : \"{{ ldap.attributes.ssh_public_key }}\"" \
+      || printf "%s\n" "{
+        \"name\": \"{{ ldap.attributes.ssh_public_key }}\",
+        \"parentId\": \"{{ ldap_component_id }}\",
+        \"providerId\": \"user-attribute-ldap-mapper\",
+        \"providerType\": \"org.keycloak.storage.ldap.mappers.LDAPStorageMapper\",
+        \"config\": {
+          \"user.model.attribute\": [\"{{ ldap.attributes.ssh_public_key }}\"],
+          \"ldap.attribute\": [\"{{ ldap.attributes.ssh_public_key }}\"],
+          \"read.only\": [\"false\"],
+          \"write.only\": [\"true\"],
+          \"always.read.value.from.ldap\": [\"false\"],
+          \"multivalued\": [\"true\"]
+        }
+      }" | /opt/keycloak/bin/kcadm.sh create components -r {{ keycloak_realm }} -f -'
+  register: mapper_create
+  changed_when: mapper_create.rc == 0 and mapper_create.stdout != ""
+
+# GUI
+
+- name: Enable user profile in realm
+  shell: >
+    {{ keycloak_kcadm_path }} update realms/{{ keycloak_realm }}
+    -s 'attributes.userProfileEnabled=true'
+
+- name: Re-authenticate to Keycloak after enabling user profile
+  shell: |
+    {{ keycloak_kcadm_path }} config credentials \
+      --server {{ keycloak_server_internal_url }} \
+      --realm master \
+      --user {{ keycloak_administrator_username }} \
+      --password {{ keycloak_administrator_password }}
+
+- name: Render user-profile JSON for SSH key
+  template:
+    src:  import/user-profile.json.j2
+    dest: "{{ import_directory_host }}/user-profile.json"
+    mode: '0644'
+  notify: docker compose up
+
+- name: Apply SSH Public Key to user-profile via kcadm
+  shell: |
+    docker exec -i {{ container_name }} \
+      /opt/keycloak/bin/kcadm.sh update realms/{{ keycloak_realm }} -f {{ import_directory_docker }}user-profile.json

roles/docker-keycloak/tasks/main.yml

@@ -24,4 +24,8 @@
     dest: "{{ import_directory_host }}/{{ item | basename | regex_replace('\\.j2$', '') }}"
     mode: '770'
   loop: "{{ lookup('fileglob', '{{ role_path }}/templates/import/*.j2', wantlist=True) }}"
-  notify: docker compose up
+  notify: docker compose up
+
+# Deactivated temporary. Import now via realm.yml
+#- name: Implement SSH Public Key Attribut
+#  include_tasks: attributes/ssh_public_key.yml