You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
106 lines
3.8 KiB
106 lines
3.8 KiB
---
|
|
|
|
- name: Configure Red Hat SSO according to the 3scale inventory file
|
|
hosts: localhost
|
|
gather_facts: no
|
|
vars:
|
|
ansible_connection: local
|
|
sso_admin_username: admin
|
|
sso_admin_realm: master
|
|
sso_admin_client_id: admin-cli
|
|
tasks:
|
|
- assert:
|
|
that:
|
|
- sso_admin_password is defined
|
|
- sso_hostname is defined
|
|
msg: >
|
|
Please pass the SSO admin credentials as extra vars
|
|
|
|
- set_fact:
|
|
threescale_inventory: '{{ lookup(''env'', ''THREESCALE_INVENTORY'')|b64decode|from_json }}'
|
|
when: 'threescale_inventory is not defined and lookup(''env'', ''THREESCALE_INVENTORY'')|length > 0'
|
|
|
|
- set_fact:
|
|
threescale_inventory: '{{ lookup(''file'', ''{{ playbook_dir }}/../3scale-inventory.yaml'')|from_yaml }}'
|
|
when: 'threescale_inventory is not defined'
|
|
|
|
- name: Authenticate to RH-SSO
|
|
uri:
|
|
url: 'https://{{ sso_hostname }}/auth/realms/{{ sso_admin_realm }}/protocol/openid-connect/token'
|
|
body: 'grant_type=password&client_id={{ sso_admin_client_id|urlencode }}&username={{ sso_admin_username|urlencode }}&password={{ sso_admin_password|urlencode }}'
|
|
method: POST
|
|
validate_certs: no
|
|
register: auth_response
|
|
changed_when: false
|
|
|
|
- name: Delete the RH-SSO realm
|
|
uri:
|
|
url: 'https://{{ sso_hostname }}/auth/admin/realms/{{ item }}'
|
|
method: DELETE
|
|
validate_certs: no
|
|
headers:
|
|
Authorization: 'Bearer {{ access_token }}'
|
|
status_code: "204,404"
|
|
register: delete_realm_response
|
|
changed_when: delete_realm_response.status == 204
|
|
with_items: '{{ realms }}'
|
|
vars:
|
|
realms: '{{ threescale_inventory|json_query(''@.*[].sso.realm'')|unique }}'
|
|
access_token: '{{ auth_response.json.access_token }}'
|
|
|
|
- name: Create the RH-SSO realm
|
|
uri:
|
|
url: 'https://{{ sso_hostname }}/auth/admin/realms'
|
|
body:
|
|
id: '{{ item }}'
|
|
enabled: true
|
|
realm: '{{ item }}'
|
|
displayName: '{{ item }}'
|
|
notBefore: 0
|
|
revokeRefreshToken: false
|
|
refreshTokenMaxReuse: 0
|
|
registrationAllowed: false
|
|
registrationEmailAsUsername: false
|
|
rememberMe: false
|
|
verifyEmail: false
|
|
loginWithEmailAllowed: false
|
|
duplicateEmailsAllowed: false
|
|
resetPasswordAllowed: false
|
|
bruteForceProtected: false
|
|
permanentLockout: false
|
|
roles:
|
|
realm: []
|
|
defaultRoles: []
|
|
requiredCredentials:
|
|
- password
|
|
scopeMappings: []
|
|
editUsernameAllowed: false
|
|
accessTokenLifespanForImplicitFlow: 86400 # 1 day
|
|
accessTokenLifespan: 86400 # 1 day
|
|
accessCodeLifespanUserAction: 86400 # 1 day
|
|
accessCodeLifespanLogin: 86400 # 1 day
|
|
accessCodeLifespan: 86400 # 1 day
|
|
ssoSessionIdleTimeout: 86400 # 1 day
|
|
ssoSessionMaxLifespan: 86400 # 1 day
|
|
offlineSessionIdleTimeout: 2592000 # 30 days
|
|
actionTokenGeneratedByAdminLifespan: 86400 # 1 day
|
|
actionTokenGeneratedByUserLifespan: 86400 # 1 day
|
|
sslRequired: none
|
|
body_format: json
|
|
method: POST
|
|
validate_certs: no
|
|
headers:
|
|
Authorization: 'Bearer {{ access_token }}'
|
|
status_code: "201,409"
|
|
register: create_realm_response
|
|
changed_when: create_realm_response.status == 201
|
|
with_items: '{{ realms }}'
|
|
vars:
|
|
realms: '{{ threescale_inventory|json_query(''@.*[].sso.realm'')|unique }}'
|
|
access_token: '{{ auth_response.json.access_token }}'
|
|
|
|
- include_tasks: "common/create-sso-client.yml"
|
|
with_items: '{{ clients }}'
|
|
vars:
|
|
clients: '{{ threescale_inventory|json_query(''@.*[].{client_id: sso.client_id, client_secret: sso.client_secret, realm: sso.realm, admin_portal: threescale.admin_portal }'')|unique }}'
|
|
access_token: '{{ auth_response.json.access_token }}'
|
|
|