Provide keycloak realm as configmap (#70)

8c22917b · Varac · 4c412da9 · 4c412da9 · 8c22917b · 8c22917b
Verified Commit 8c22917b authored 6 years ago by Varac
--- a/ansible/roles/setup/files/k8s-config/realm.json
+++ b/ansible/roles/setup/files/k8s-config/realm.json
-{
-    "realm": "OpenAppStack",
-    "enabled": true,
-    "sslRequired": "external",
-    "registrationAllowed": true,
-    "requiredCredentials": [ "password" ],
-    "roles" : {
-        "realm" : [
-            {
-                "name": "user",
-                "description": "User privileges"
-            },
-            {
-                "name": "admin",
-                "description": "Administrator privileges"
-            }
-        ]
-    }
-}
--- a/ansible/roles/setup/files/k8s-config/realm.yml
+++ b/ansible/roles/setup/files/k8s-config/realm.yml
 apiVersion: v1
-data:
-  realm.json: ewogICAgInJlYWxtIjogIk9wZW5BcHBTdGFjayIsCiAgICAiZW5hYmxlZCI6IHRydWUsCiAgICAic3NsUmVxdWlyZWQiOiAiZXh0ZXJuYWwiLAogICAgInJlZ2lzdHJhdGlvbkFsbG93ZWQiOiB0cnVlLAogICAgInJlcXVpcmVkQ3JlZGVudGlhbHMiOiBbICJwYXNzd29yZCIgXSwKICAgICJyb2xlcyIgOiB7CiAgICAgICAgInJlYWxtIiA6IFsKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgIm5hbWUiOiAidXNlciIsCiAgICAgICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiVXNlciBwcml2aWxlZ2VzIgogICAgICAgICAgICB9LAogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAibmFtZSI6ICJhZG1pbiIsCiAgICAgICAgICAgICAgICAiZGVzY3JpcHRpb24iOiAiQWRtaW5pc3RyYXRvciBwcml2aWxlZ2VzIgogICAgICAgICAgICB9CiAgICAgICAgXQogICAgfQp9Cg==
-kind: Secret
+kind: configmap
 metadata:
-  creationTimestamp: null
-  name: realm-secret
+  name: keycloak-realm
+data:
+  realm.json: |-
+    {
+      "realm": "OpenAppStack",
+      "enabled": true,
+      "sslRequired": "external",
+      "registrationAllowed": true,
+      "requiredCredentials": [
+        "password"
+      ],
+      "roles": {
+        "realm": [
+          {
+            "name": "user",
+            "description": "User privileges"
+          },
+          {
+            "name": "admin",
+            "description": "Administrator privileges"
+          }
+        ]
+      }
+    }
--- a/ansible/roles/setup/tasks/main.yml
+++ b/ansible/roles/setup/tasks/main.yml
@@ -83,14 +83,19 @@
    repo: 'https://code.greenhost.net/openappstack/charts'
    dest: '/oas/source/repos/charts'

- name: Configure Keycloak secret
-  # realm.yml got generated by:
-  # kubectl create secret generic realm-secret --from-file=realm.json --dry-run -o yaml > realm.yml
+- name: Configure Keycloak realm configmap
  k8s:
    state: present
    namespace: default
+    force: True
    definition: "{{ lookup('file', 'k8s-config/realm.yml') }}"

+- name: Remove old Keycloak secret
+  k8s:
+    state: absent
+    namespace: default
+    kind: secret
+    name: "realm-secret"

 - name: Ensure /oas/config/values/apps directory
  file: