Chabdeltsang/Neah-Enkun
Template
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ajout de la configuration du client Keycloak et du scope profile dans les playbooks Ansible, incluant l'installation de packages supplémentaires pour Docker.

Browse Source
This commit is contained in:
Kevin 2025-02-20 18:29:16 +01:00
parent 937075cfff
commit e1b2fd5394
2 changed files with 84 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ansible/playbooks/1_docker.yml
View File

@ -9,6 +9,8 @@
git_dest: "/opt/Neah-Enkun"
git_branch: "master"
traefik_service_name: "traefik"
packages:
- jq
docker_packages:
- apt-transport-https
- ca-certificates
@ -33,6 +35,15 @@
delay: 5
tasks:
- name: Installation de packages supplémentaires
apt:
name: "{{ packages }}"
state: present
register: pkg_status
until: pkg_status is success
retries: 3
delay: 5
- name: Installer les dépendances pour Docker
apt:
name: "{{ docker_packages }}"

73
ansible/playbooks/3_keycloak.yml
View File

@ -33,6 +33,16 @@
- account/view-profile
student_permissions:
- master-realm/view-users
keycloak_client:
client_id: "front"
client_secret: "Klsbm7hzyXscypXU0wUPPVBrttFPt6Pn"
root_url: "http://neah.local/"
redirect_uris:
- "http://neah.local/*"
- "http://localhost:3000/*"
web_origins:
- "http://neah.local"
- "http://localhost:3000"
tasks:
- name: Lancer le service Keycloak
@ -130,6 +140,69 @@
debug:
msg: "Erreur lors de l'attribution des permissions aux rôles"
- name: Configurer le client front
block:
- name: Créer le client
shell: >
docker exec {{ keycloak_container }} {{ keycloak_bin }} create clients -r {{ keycloak_realm }}
-s clientId={{ keycloak_client.client_id }}
-s secret={{ keycloak_client.client_secret }}
-s protocol=openid-connect
-s publicClient=false
-s authorizationServicesEnabled=true
-s serviceAccountsEnabled=true
-s standardFlowEnabled=true
-s implicitFlowEnabled=true
-s directAccessGrantsEnabled=true
-s rootUrl={{ keycloak_client.root_url }}
-s baseUrl={{ keycloak_client.root_url }}
-s 'redirectUris=["{{ keycloak_client.redirect_uris | join('","') }}"]'
-s 'webOrigins=["{{ keycloak_client.web_origins | join('","') }}"]'
register: create_client
until: create_client is success
retries: 3
delay: 5
when: check_config.rc != 0
rescue:
- name: Gérer les erreurs de création du client
debug:
msg: "Erreur lors de la création du client front"
- name: Configurer le Client Scope Profile
block:
- name: Récupérer l'ID du scope profile
shell: |
ID=$(docker exec {{ keycloak_container }} {{ keycloak_bin }} get client-scopes -r {{ keycloak_realm }} --fields id,name --format json | jq -r '.[] | select(.name=="profile") | .id')
echo $ID
register: profile_scope_id
until: profile_scope_id.stdout != ""
retries: 3
delay: 5
- name: Ajouter le Mapper realm roles au scope profile
shell: >
docker exec {{ keycloak_container }} {{ keycloak_bin }} create client-scopes/{{ profile_scope_id.stdout | trim }}/protocol-mappers/models
-r {{ keycloak_realm }}
-s name="realm roles"
-s protocol="openid-connect"
-s protocolMapper="oidc-usermodel-realm-role-mapper"
-s 'config."id.token.claim"=true'
-s 'config."access.token.claim"=true'
-s 'config."userinfo.token.claim"=true'
-s 'config."claim.name"="realm_roles"'
-s 'config."introspection.token.claim"=true'
-s 'config."multivalued"=true'
register: create_mapper
until: create_mapper is success
retries: 3
delay: 5
when: profile_scope_id.stdout != ""
when: check_config.rc != 0
rescue:
- name: Gérer les erreurs de configuration du mapper
debug:
msg: "Erreur lors de la configuration du mapper realm roles"
- name: Supprimer l'administrateur temporaire
block:
- name: Récupérer les informations