nicolas
/
OpenShift-Lab
mirror of https://github.com/nmasse-itix/OpenShift-Lab.git
1
0
Fork 0
Code Issues Releases Wiki Activity
My Ansible Playbook to install an OpenShift Lab
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
42 Commits
1 Branch
1 Tag
160 KiB
 
Tree: 59ba181134
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '59ba181134'
${ noResults }
OpenShift-Lab/roles/sso/tasks/post-install.yml

112 lines
3.6 KiB
Raw Blame History

---
- name: Prepare the OAuth Request to RH-SSO (static params)
set_fact:
oauth_payload: "grant_type=password"
- name: Prepare the OAuth Request to RH-SSO (urlencode dynamic params)
set_fact:
oauth_payload: '{{ oauth_payload ~ "&" ~ item.key ~ "=" ~ (item.value|urlencode) }}'
with_dict:
client_id: '{{ sso_default_client_id }}'
username: '{{ sso_service_username }}'
password: '{{ sso_service_password }}'
- name: Authenticate to RH-SSO using the service account
uri:
url: 'https://{{ sso_route_name }}/auth/realms/{{ sso_realm }}/protocol/openid-connect/token'
body: '{{ oauth_payload }}'
method: POST
validate_certs: no
return_content: yes
register: response
changed_when: false
- name: Extract the access_token
set_fact:
access_token: '{{ response.json |json_query("access_token") }}'
- debug: msg="access_token = {{ access_token }}"
- name: Create an Initial Access Token in RH-SSO
uri:
url: 'https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/clients-initial-access'
validate_certs: no
method: POST
body: '{{ sso_initial_access_token_request }}'
body_format: json
headers:
Authorization: 'Bearer {{ access_token }}'
register: response
- name: Extract the Initial Access Token from the RH-SSO response
set_fact:
initial_access_token: '{{ response.json |json_query("token") }}'
- debug: msg="initial_access_token = {{ initial_access_token }}"
- name: Get the current Realm configuration
uri:
url: 'https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}'
validate_certs: no
headers:
Authorization: 'Bearer {{ access_token }}'
register: response
- name: Change the Realm configuration to extend the token lifetimes (see variable sso_default_realm_settings)
set_fact:
realm_config: '{{ response.json |combine(sso_default_realm_settings) }}'
- name: Update the Realm configuration
uri:
url: 'https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}'
validate_certs: no
headers:
Authorization: 'Bearer {{ access_token }}'
method: PUT
body: "{{ realm_config }}"
body_format: json
status_code: 204
- name: Create the Demo User
uri:
url: https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/users
validate_certs: no
headers:
Authorization: 'Bearer {{ access_token }}'
method: POST
body: "{{ sso_demo_user }}"
body_format: json
status_code: "201,409"
register: response
changed_when: response.status == 201
- set_fact:
user_has_been_created: true
user_url: "{{ response.location }}"
when: response.status == 201
- name: Retrieve the id of the Demo User
uri:
url: 'https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/users?username={{ sso_demo_user.username|urlencode }}'
validate_certs: no
headers:
Authorization: 'Bearer {{ access_token }}'
register: response
changed_when: false
failed_when: response.status != 200 or (response.json|length != 1)
when: user_has_been_created is not defined
- set_fact:
user_url: "https://{{ sso_route_name }}/auth/admin/realms/{{ sso_realm }}/users/{{ response.json[0].id }}"
when: user_has_been_created is not defined
- name: Set the password of the Demo User
uri:
url: "{{ user_url }}/reset-password"
validate_certs: no
headers:
Authorization: 'Bearer {{ access_token }}'
method: PUT
body: "{{ sso_demo_user.credentials[0] }}"
body_format: json
status_code: 204