Remove Keycloak (#15567)

remove keycloak

tools/docker-compose/ansible/plumb_keycloak.yml

@@ -1,96 +0,0 @@
----
-- name: Plumb a keycloak instance
-  hosts: localhost
-  connection: local
-  gather_facts: False
-  vars:
-    private_key_file: ../_sources/keycloak.key
-    public_key_file: ../_sources/keycloak.cert
-    awx_host: "https://localhost:8043"
-    keycloak_realm_template: ../_sources/keycloak.awx.realm.json
-    keycloak_user: admin
-    keycloak_pass: admin
-    cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN="
-  tasks:
-    - name: Generate certificates for keycloak
-      ansible.builtin.command: 'openssl req -new -x509 -days 365 -nodes -out {{ public_key_file }} -keyout {{ private_key_file }} -subj "{{ cert_subject }}"'
-      args:
-        creates: "{{ public_key_file }}"
-
-    - name: Load certs, existing and new SAML settings
-      ansible.builtin.set_fact:
-        private_key: "{{ private_key_content }}"
-        public_key: "{{ public_key_content }}"
-        public_key_trimmed: "{{ public_key_content | regex_replace('-----BEGIN CERTIFICATE-----\\\\n', '') | regex_replace('\\\\n-----END CERTIFICATE-----', '') }}"
-        existing_saml: "{{ lookup('awx.awx.controller_api', 'settings/saml', host=awx_host, verify_ssl=false) }}"
-        new_saml: "{{ lookup('template', 'saml_settings.json.j2') }}"
-        existing_oidc: "{{ lookup('awx.awx.controller_api', 'settings/oidc', host=awx_host, verify_ssl=false) }}"
-        new_oidc: "{{ lookup('template', 'oidc_settings.json.j2') }}"
-      vars:
-        # We add the extra \\ in here so that when jinja is templating out the files we end up with \n in the strings.
-        public_key_content: "{{ lookup('file', public_key_file) | regex_replace('\n', '\\\\n') }}"
-        private_key_content: "{{ lookup('file', private_key_file) | regex_replace('\n', '\\\\n') }}"
-
-    - name: Displauy existing SAML configuration
-      ansible.builtin.debug:
-        msg:
-          - "Here is your existing SAML configuration for reference:"
-          - "{{ existing_saml }}"
-          - "Here is your existing OIDC configuration for reference:"
-          - "{{ existing_oidc }}"
-
-    - ansible.builtin.pause:
-        prompt: "Continuing to run this will replace your existing saml and OIDC settings (displayed above). They will all be captured except for your private key. Be sure that is backed up before continuing"
-
-    - name: Write out the existing content
-      ansible.builtin.copy:
-        dest: "../_sources/{{ item.filename }}"
-        content: "{{ item.content }}"
-      loop:
-        - filename: "existing_saml_adapter_settings.json"
-          content: "{{ existing_saml }}"
-        - filename: "existing_oidc_adapter_settings.json"
-          content: "{{ existing_oidc }}"
-
-    - name: Configure AWX SAML adapter
-      awx.awx.settings:
-        settings: "{{ new_saml }}"
-        controller_host: "{{ awx_host }}"
-        validate_certs: False
-
-    - name: Configure AWX OIDC adapter
-      awx.awx.settings:
-        settings: "{{ new_oidc }}"
-        controller_host: "{{ awx_host }}"
-        validate_certs: False
-
-    - name: Get a keycloak token
-      ansible.builtin.uri:
-        url: "https://localhost:8443/auth/realms/master/protocol/openid-connect/token"
-        method: POST
-        body_format: form-urlencoded
-        body:
-          client_id: "admin-cli"
-          username: "{{ keycloak_user }}"
-          password: "{{ keycloak_pass }}"
-          grant_type: "password"
-        validate_certs: False
-      register: keycloak_response
-
-    - name: Template the AWX realm
-      ansible.builtin.template:
-        src: keycloak.awx.realm.json.j2
-        dest: "{{ keycloak_realm_template }}"
-
-    - name: Create the AWX realm
-      ansible.builtin.uri:
-        url: "https://localhost:8443/auth/admin/realms"
-        method: POST
-        body_format: json
-        body: "{{ lookup('file', keycloak_realm_template) }}"
-        validate_certs: False
-        headers:
-          Authorization: "Bearer {{ keycloak_response.json.access_token }}"
-        status_code: 201
-      register: realm_creation
-      changed_when: True

tools/docker-compose/ansible/roles/sources/defaults/main.yml

@@ -20,9 +20,6 @@ work_sign_key_dir: '../_sources/receptor'
 work_sign_private_keyfile: "{{ work_sign_key_dir }}/work_private_key.pem"
 work_sign_public_keyfile: "{{ work_sign_key_dir }}/work_public_key.pem"
 
-# SSO variables
-enable_keycloak: false
-
 # Hashicorp Vault
 enable_vault: false
 vault_tls: false

tools/docker-compose/ansible/roles/sources/templates/docker-compose.yml.j2

@@ -127,25 +127,6 @@ services:
     - "awx_{{ container_postfix }}"
   {% endfor %}
 {% endif %}
-{% if enable_keycloak|bool %}
-  keycloak:
-    image: quay.io/keycloak/keycloak:15.0.2
-    container_name: tools_keycloak_1
-    hostname: keycloak
-    user: "{{ ansible_user_uid }}"
-    networks:
-      - awx
-    ports:
-      - "8443:8443"
-    environment:
-      DB_VENDOR: postgres
-      DB_ADDR: postgres
-      DB_DATABASE: keycloak
-      DB_USER: {{ pg_username }}
-      DB_PASSWORD: {{ pg_password }}
-    depends_on:
-      - postgres
-{% endif %}
 {% if enable_splunk|bool %}
   splunk:
     image: splunk/splunk:latest