External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-23 07:28:02 -03:30
Code Issues Packages Projects Releases Wiki Activity
awx/tools/docker-compose/ansible/plumb_keycloak.yml
John Westcott IV c92468062d
SAML user attribute flags issue #5303 (PR #11430) 
* Adding SAML option in SAML configuration to specify system auditor and system superusers by role or attribute
* Adding keycloak container and documentation on how to start keycloak alongside AWX (including configuration of both)
2022-01-10 16:52:44 -05:00

82 lines
3.1 KiB
YAML
Raw Blame History

---
- name: Plumb a keycloak instance
hosts: localhost
connection: local
gather_facts: False
vars:
private_key_file: ../_sources/keycloak.key
public_key_file: ../_sources/keycloak.cert
awx_host: "https://localhost:8043"
keycloak_realm_template: ../_sources/keycloak.awx.realm.json
keycloak_user: admin
keycloak_pass: admin
cert_subject: "/C=US/ST=NC/L=Durham/O=awx/CN="
tasks:
- name: Generate certificates for keycloak
command: 'openssl req -new -x509 -days 365 -nodes -out {{ public_key_file }} -keyout {{ private_key_file }} -subj "{{ cert_subject }}"'
args:
creates: "{{ public_key_file }}"
- name: Load certs, existing and new SAML settings
set_fact:
private_key: "{{ private_key_content }}"
public_key: "{{ public_key_content }}"
public_key_trimmed: "{{ public_key_content | regex_replace('-----BEGIN CERTIFICATE-----\\\\n', '') | regex_replace('\\\\n-----END CERTIFICATE-----', '') }}"
existing_saml: "{{ lookup('awx.awx.controller_api', 'settings/saml', host=awx_host, verify_ssl=false) }}"
new_saml: "{{ lookup('template', 'saml_settings.json.j2') }}"
vars:
# We add the extra \\ in here so that when jinja is templating out the files we end up with \n in the strings.
public_key_content: "{{ lookup('file', public_key_file) | regex_replace('\n', '\\\\n') }}"
private_key_content: "{{ lookup('file', private_key_file) | regex_replace('\n', '\\\\n') }}"
- name: Displauy existing SAML configuration
debug:
msg:
- "Here is your existing SAML configuration for reference:"
- "{{ existing_saml }}"
- pause:
prompt: "Continuing to run this will replace your existing saml settings (displayed above). They will all be captured except for your private key. Be sure that is backed up before continuing"
- name: Write out the existing content
copy:
dest: "../_sources/existing_saml_adapter_settings.json"
content: "{{ existing_saml }}"
- name: Configure AWX SAML adapter
awx.awx.settings:
settings: "{{ new_saml }}"
controller_host: "{{ awx_host }}"
validate_certs: False
- name: Get a keycloak token
uri:
url: "https://localhost:8443/auth/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
client_id: "admin-cli"
username: "{{ keycloak_user }}"
password: "{{ keycloak_pass }}"
grant_type: "password"
validate_certs: False
register: keycloak_response
- name: Template the AWX realm
template:
src: keycloak.awx.realm.json.j2
dest: "{{ keycloak_realm_template }}"
- name: Create the AWX realm
uri:
url: "https://localhost:8443/auth/admin/realms"
method: POST
body_format: json
body: "{{ lookup('file', keycloak_realm_template) }}"
validate_certs: False
headers:
Authorization: "Bearer {{ keycloak_response.json.access_token }}"
status_code: 201
register: realm_creation
changed_when: True
Reference in New Issue View Git Blame Copy Permalink