From 437174c1cced3338e08fa06f4376565950f2da65 Mon Sep 17 00:00:00 2001 From: Kevin Date: Thu, 20 Feb 2025 16:33:27 +0100 Subject: [PATCH] =?UTF-8?q?Ajout=20de=20la=20gestion=20des=20r=C3=B4les=20?= =?UTF-8?q?et=20des=20permissions=20pour=20Keycloak=20dans=20le=20playbook?= =?UTF-8?q?=20Ansible,=20incluant=20la=20cr=C3=A9ation=20de=20r=C3=B4les?= =?UTF-8?q?=20et=20de=20groupes,=20ainsi=20que=20l'attribution=20de=20perm?= =?UTF-8?q?issions=20sp=C3=A9cifiques=20aux=20r=C3=B4les=20TEACHERS=20et?= =?UTF-8?q?=20STUDENTS.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/playbooks/3_keycloak.yml | 68 ++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/ansible/playbooks/3_keycloak.yml b/ansible/playbooks/3_keycloak.yml index e06f69c..ff83427 100644 --- a/ansible/playbooks/3_keycloak.yml +++ b/ansible/playbooks/3_keycloak.yml @@ -18,6 +18,21 @@ keycloak_admin_last_name: "Administrator" check_file: "/opt/keycloak/data/.configured" keycloak_bin: "/opt/keycloak/bin/kcadm.sh" + keycloak_roles: + - TEACHERS + - STUDENTS + keycloak_groups: + - TESTING + teacher_permissions: + - account/view-groups + - account/view-applications + - master-realm/manage-users + - account/delete-account + - master-realm/view-users + - account/manage-account + - account/view-profile + student_permissions: + - master-realm/view-users tasks: - name: Lancer le service Keycloak @@ -62,6 +77,59 @@ debug: msg: "Erreur lors de la configuration de l'utilisateur administrateur" + - name: Créer les rôles + block: + - name: Créer le rôle {{ item }} + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create roles -r {{ keycloak_realm }} -s name={{ item }} + register: create_role + with_items: "{{ keycloak_roles }}" + until: create_role is success + retries: 3 + delay: 5 + when: check_config.rc != 0 + rescue: + - name: Gérer les erreurs de création des rôles + debug: + msg: "Erreur lors de la création du rôle {{ item }}" + + - name: Créer les groupes + block: + - name: Créer le groupe {{ item }} + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} create groups -r {{ keycloak_realm }} -s name={{ item }} + register: create_group + with_items: "{{ keycloak_groups }}" + until: create_group is success + retries: 3 + delay: 5 + when: check_config.rc != 0 + rescue: + - name: Gérer les erreurs de création des groupes + debug: + msg: "Erreur lors de la création du groupe {{ item }}" + + - name: Attribuer les permissions aux rôles + block: + - name: Attribuer les permissions au rôle TEACHERS + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --rname TEACHERS --cclientid {{ item.split('/')[0] }} --rolename {{ item.split('/')[1] }} + with_items: "{{ teacher_permissions }}" + register: add_teacher_perms + until: add_teacher_perms is success + retries: 3 + delay: 5 + + - name: Attribuer les permissions au rôle STUDENTS + shell: docker exec {{ keycloak_container }} {{ keycloak_bin }} add-roles -r {{ keycloak_realm }} --rname STUDENTS --cclientid {{ item.split('/')[0] }} --rolename {{ item.split('/')[1] }} + with_items: "{{ student_permissions }}" + register: add_student_perms + until: add_student_perms is success + retries: 3 + delay: 5 + when: check_config.rc != 0 + rescue: + - name: Gérer les erreurs d'attribution des permissions + debug: + msg: "Erreur lors de l'attribution des permissions aux rôles" + - name: Supprimer l'administrateur temporaire block: - name: Récupérer les informations