Kevin Veen-Birkenbach
4fa1c6cfbd
Highlights
- Quote all file modes as strings ("0755"/"0770") across multiple roles to avoid YAML octal quirks and improve portability.
- Keycloak: introduce actions.{import_realm,update_ldap_bind} feature flags and wire them via vars/config.
- Implement idempotent LDAP bind updater (tasks/03_update-ldap-bind.yml):
* kcadm login with no_log protection,
* fetch LDAP UserStorage component by name,
* compare current bindDn/bindCredential and update only when changed.
- Keycloak realm import template: keep providerId="ldap" and set name from keycloak_ldap_component_name.
- Centralize Keycloak readiness check in tasks/main.yml; remove duplicate waits from 02_update_client_redirects.yml and 04_ssh_public_key.yml.
- 01_import.yml: fix typo (keycloak), quote modes, tidy spacing, and replace Jinja-in-Jinja fileglob with concatenation.
- 02_update_client_redirects.yml: correct assert fail_msg filename; keep login-first flow.
- Minor template/vars tidy-ups (spacing, comments, consistent variable usage).
Files touched (excerpt)
- roles/*/*: replace 0755/0770 → "0755"/"0770"
- roles/web-app-keycloak/config/main.yml: add actions map
- roles/web-app-keycloak/vars/main.yml: unify Keycloak vars and feature flags
- roles/web-app-keycloak/tasks/{01_import,02_update_client_redirects,03_update-ldap-bind,04_ssh_public_key,main}.yml
- roles/web-app-keycloak/templates/{docker-compose.yml.j2,import/realm.json.j2}
https://chatgpt.com/share/689bda16-b138-800f-8258-e13f6d7d8239
Syncope (DRAFT)
🔥 Description
Apache Syncope is a powerful and flexible open-source system for managing digital identities in enterprise environments. It offers Identity Governance and Administration (IGA) capabilities, including user provisioning, role management, auditing, workflow integration, and more. Syncope is designed to handle complex identity life cycles across multiple systems, both on-premise and in the cloud.
This role deploys Apache Syncope using Docker Compose, automating the setup of its core services, database, and reverse proxy integration.
📖 Overview
Optimized for Archlinux, this role brings up a fully functional Syncope stack based on the official Docker Compose samples. It includes all core components like Syncope Core, Console, and Enduser, with secure environment management and HTTPS integration.
Key Features
- Complete Identity Management: Centralized user, group, and policy management.
- Extensible Architecture: Integrates easily with external identity providers (LDAP, Active Directory, etc.).
- Modern Interfaces: Provides REST APIs and web consoles for administrators and end-users.
- Open Standards Support: SAML 2.0, OAuth 2.0, OpenID Connect, SCIM.
🎯 Purpose
The Syncope (Docker Deployment) role provides a fully automated environment for testing, development, or production setups of Apache Syncope, simplifying the complexities of IAM deployment.
🚀 Features
- PostgreSQL Database Setup: Integrated database management for Syncope.
- Syncope Core + Console + Enduser Deployment: All critical services brought up automatically.
- Nginx Reverse Proxy with SSL: Secured access with HTTPS termination.
- Credential and Secrets Management: Handles sensitive user credentials securely.
- Customizable Paths and Environment: Easy adjustment for your domain and access paths.