mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-19 02:05:07 +02:00
Kevin Veen-Birkenbach
7d0502ebc5
Replace 01_import.yml with 01_initialize.yml (KEYCLOAK_HOST_IMPORT_DIR) Add generic 02_update.yml (kcadm updater for clients/components) - Resolve ID → read current → merge (kc_merge_path optional) - Preserve immutable fields; support kc_force_attrs Update tasks/main.yml: - Readiness via KEYCLOAK_MASTER_REALM_URL; kcadm login - Merge LDAP component config from Realm when KEYCLOAK_LDAP_ENABLED - Update client settings incl. frontchannel.logout.url realm.json.j2: include ldap.json in UserStorageProvider ldap.json.j2: use KEYCLOAK_LDAP_* vars for bindDn/credential/connectionUrl vars/main.yml: add KEYCLOAK_* URLs/dirs and KEYCLOAK_DICTIONARY_REALM(_RAW) docker-compose.yml.j2: mount KEYCLOAK_HOST_IMPORT_DIR Cleanup: remove 02_update_client_redirects.yml, 03_update-ldap-bind.yml, 04_ssh_public_key.yml; drop obsolete config flag; formatting Note: redirectUris/webOrigins ordering may still cause changed=true; consider sorting for stability in a follow-up.
66 lines
4.1 KiB
YAML
66 lines
4.1 KiB
YAML
# General
|
|
application_id: "web-app-keycloak" # Internal Infinito.Nexus application id
|
|
database_type: "postgres" # Database which will be used
|
|
|
|
# Keycloak
|
|
|
|
## General
|
|
KEYCLOAK_URL: "{{ domains | get_url(application_id, WEB_PROTOCOL) }}"
|
|
KEYCLOAK_REALM: "{{ OIDC.CLIENT.REALM }}" # This is the name of the default realm which is used by the applications
|
|
KEYCLOAK_REALM_URL: "{{ WEB_PROTOCOL }}://{{ KEYCLOAK_REALM }}"
|
|
KEYCLOAK_DEBUG_ENABLED: "{{ MODE_DEBUG }}"
|
|
KEYCLOAK_CLIENT_ID: "{{ OIDC.CLIENT.ID }}"
|
|
KEYCLOAK_MASTER_REALM_URL: "{{ KEYCLOAK_SERVER_HOST_URL }}/realms/master"
|
|
KEYCLOAK_HOST_IMPORT_DIR: "{{ docker_compose.directories.volumes }}import/"
|
|
KEYCLOAK_SERVER_INTERNAL_URL: "http://127.0.0.1:8080"
|
|
|
|
# Credentials
|
|
KEYCLOAK_ADMIN: "{{ applications | get_app_conf(application_id, 'users.administrator.username') }}"
|
|
KEYCLOAK_ADMIN_PASSWORD: "{{ applications | get_app_conf(application_id, 'credentials.administrator_password') }}"
|
|
|
|
## Docker
|
|
KEYCLOAK_CONTAINER: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.name') }}" # Name of the keycloak docker container
|
|
KEYCLOAK_DOCKER_IMPORT_DIR: "/opt/keycloak/data/import/" # Directory in which keycloak import files are placed in the running docker container
|
|
KEYCLOAK_EXEC_KCADM: "docker exec -i {{ KEYCLOAK_CONTAINER }} /opt/keycloak/bin/kcadm.sh" # Init script for keycloak
|
|
KEYCLOAK_IMAGE: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.image') }}" # Keycloak docker image
|
|
KEYCLOAK_VERSION: "{{ applications | get_app_conf(application_id, 'docker.services.keycloak.version') }}" # Keycloak docker version
|
|
|
|
## Server
|
|
KEYCLOAK_SERVER_HOST: "127.0.0.1:{{ ports.localhost.http[application_id] }}"
|
|
KEYCLOAK_SERVER_HOST_URL: "http://{{ KEYCLOAK_SERVER_HOST }}"
|
|
|
|
## Update
|
|
KEYCLOAK_REDIRECT_FEATURES: ["features.oauth2","features.oidc"]
|
|
KEYCLOAK_IMPORT_REALM_ENABLED: "{{ applications | get_app_conf(application_id, 'actions.import_realm') }}" # Activate realm import
|
|
KEYCLOAK_FRONTCHANNEL_LOGOUT_URL: "{{ domains | get_url('web-svc-logout', WEB_PROTOCOL) }}/"
|
|
KEYCLOAK_REDIRECT_URIS: "{{ domains | redirect_uris(applications, WEB_PROTOCOL, '/*', KEYCLOAK_REDIRECT_FEATURES) }}"
|
|
KEYCLOAK_WEB_ORIGINS: >-
|
|
{{ KEYCLOAK_REDIRECT_URIS
|
|
| map('regex_replace','/\\*$','')
|
|
| map('regex_search','^(https?://[^/]+)')
|
|
| select('string')
|
|
| list | unique }}
|
|
KEYCLOAK_POST_LOGOUT_URIS: "+"
|
|
|
|
## LDAP
|
|
KEYCLOAK_LDAP_ENABLED: "{{ applications | get_app_conf(application_id, 'features.ldap', False) }}"
|
|
KEYCLOAK_LDAP_CMP_NAME: "{{ ldap.server.domain }}" # Name of the LDAP User Federation component in Keycloak (as shown in UI)
|
|
KEYCLOAK_LDAP_BIND_DN: "{{ ldap.dn.administrator.data }}"
|
|
KEYCLOAK_LDAP_BIND_PW: "{{ ldap.bind_credential }}"
|
|
KEYCLOAK_LDAP_URL: "{{ ldap.server.uri }}"
|
|
|
|
## API
|
|
KEYCLOAK_MASTER_API_USER: "{{ applications | get_app_conf(application_id, 'users.administrator') }}" # Master Administrator
|
|
KEYCLOAK_MASTER_API_USER_NAME: "{{ KEYCLOAK_MASTER_API_USER.username }}" # Master Administrator Username
|
|
KEYCLOAK_MASTER_API_USER_PASSWORD: "{{ KEYCLOAK_MASTER_API_USER.password }}" # Master Administrator Password
|
|
|
|
|
|
# Dictionaries
|
|
KEYCLOAK_DICTIONARY_REALM_RAW: "{{ lookup('template', 'import/realm.json.j2') }}"
|
|
KEYCLOAK_DICTIONARY_REALM: >-
|
|
{{
|
|
KEYCLOAK_DICTIONARY_REALM_RAW
|
|
if (KEYCLOAK_DICTIONARY_REALM_RAW is mapping)
|
|
else (KEYCLOAK_DICTIONARY_REALM_RAW | from_json)
|
|
}}
|