You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
247 lines
8.6 KiB
YAML
247 lines
8.6 KiB
YAML
---
|
|
- name: "Getting Token for service access on Keycloak"
|
|
uri:
|
|
url: "{{ keycloak_baseurl }}/auth/realms/master/protocol/openid-connect/token"
|
|
method: POST
|
|
body_format: form-urlencoded
|
|
body:
|
|
username: "{{ keycloak_username }}"
|
|
password: "{{ keycloak_password }}"
|
|
grant_type: "password"
|
|
client_id: "admin-cli"
|
|
register: keycloak_token
|
|
run_once: True
|
|
|
|
- name: "Find out, if realm {{ d4science_realm_name }} exists on Keycloak"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
- 404
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "Bearer {{ keycloak_token.json.access_token }}"
|
|
register: d4science_realm_check
|
|
run_once: True
|
|
|
|
- name: "Create and configure d4science realm named: {{ d4science_realm_name }}"
|
|
vars:
|
|
authorization: "Bearer {{ keycloak_token.json.access_token }}"
|
|
block:
|
|
|
|
- name: "Create new {{ d4science_realm_name }} realm on Keycloak"
|
|
uri:
|
|
url: "{{ keycloak_baseurl }}/auth/admin/realms"
|
|
method: POST
|
|
body: "{{ lookup('template', 'd4science_realm.json.j2') }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: d4science_realm_create
|
|
|
|
- name: "Getting {{ d4science_realm_name }} registration flow executions"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/authentication/flows/registration/executions"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: registration_executions
|
|
|
|
- name: "Enabling ReCaptcha registration flow executions"
|
|
uri:
|
|
url: "{{d4science_realm_url}}/authentication/flows/registration/executions"
|
|
method: PUT
|
|
body: "{'id':'{{ registration_executions.json | json_query(query_id) }}','requirement':'REQUIRED','providerId': 'registration-recaptcha-action' }"
|
|
body_format: "json"
|
|
status_code:
|
|
- 204
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
vars:
|
|
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
|
|
|
|
- name: "Configuring ReCaptcha"
|
|
uri:
|
|
url: "{{d4science_realm_url}}/authentication/executions/{{ registration_executions.json | json_query(query_id) }}/config"
|
|
method: POST
|
|
body: "{'alias':'reCaptcha','config':{'secret':'{{ recaptcha_secret }}','site.key':'{{ recaptcha_key }}','useRecaptchaNet':'false'}}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
vars:
|
|
query_id: "[?providerId == 'registration-recaptcha-action'] | [0].id"
|
|
|
|
|
|
- name: "Adding Infrastructure-Manager realm role"
|
|
uri:
|
|
url: "{{d4science_realm_url}}/roles"
|
|
method: POST
|
|
body: "{{ lookup('file', 'infrastructure-manager_role.json') }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
|
|
- name: "Adding Infrastructure-Client realm role"
|
|
uri:
|
|
url: "{{d4science_realm_url}}/roles"
|
|
method: POST
|
|
body: "{{ lookup('file', 'infrastructure-client_role.json') }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
|
|
- name: "Adding orchestrator client to realm"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients"
|
|
method: POST
|
|
body: "{{ lookup('template', 'orchestrator_client.json.j2') }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: orchestrator_client_create
|
|
|
|
- name: "Adding lr62_portal client to realm"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients"
|
|
method: POST
|
|
body: "{{ lookup('template', 'lr62_portal_client.json.j2') }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 201
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: lr62_client_create
|
|
|
|
- name: "Getting orchestrator service-account-user"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients/{{ orchestrator_client_create.location.split('/').pop() }}/service-account-user"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: orchestrator_sau
|
|
|
|
- name: "Getting lr62_portal service-account-user"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients/{{ lr62_client_create.location.split('/').pop() }}/service-account-user"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: lr62_sau
|
|
|
|
- name: "Getting {{ d4science_realm_name }} realm roles"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/roles"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: d4s_realm_roles
|
|
|
|
- name: "Assigning infrastructure-manager role to orchestrator SAU"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/realm"
|
|
method: POST
|
|
body: "{{ d4s_realm_roles.json | json_query(\"[?name == 'Infrastructure-Manager']\") }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 204
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: lr62_client_create
|
|
|
|
- name: "Assigning infrastructure-client role to lr62_portal SAU"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/users/{{ lr62_sau.json.id }}/role-mappings/realm"
|
|
method: POST
|
|
body: "{{ d4s_realm_roles.json | json_query(query) }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 204
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: lr62_client_create
|
|
vars:
|
|
query: "[?name == 'Infrastructure-Client']"
|
|
|
|
|
|
- name: "Getting realm-management client by clientId"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients?clientId=realm-management"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: realm_management_client
|
|
|
|
- name: "Getting realm-management client roles"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/clients/{{ realm_management_client.json[0].id }}/roles"
|
|
method: GET
|
|
status_code:
|
|
- 200
|
|
headers:
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
register: realm_management_roles
|
|
|
|
- name: "Assigning realm-management roles to orchestrator SAU"
|
|
uri:
|
|
url: "{{ d4science_realm_url }}/users/{{ orchestrator_sau.json.id }}/role-mappings/clients/{{ realm_management_client.json[0].id }}"
|
|
method: POST
|
|
body: "{{ realm_management_roles.json | json_query(query) }}"
|
|
body_format: "json"
|
|
status_code:
|
|
- 204
|
|
headers:
|
|
Content-type: "application/json"
|
|
Accept: "application/json"
|
|
Authorization: "{{ authorization }}"
|
|
vars:
|
|
query: "[?contains([`manage-users`, `view-users`, `manage-clients`, `query-clients`, `query-users`], name)]"
|
|
|
|
run_once: True
|
|
when: "d4science_realm_check.status == 404"
|
|
|