fix: KC realm fixes (#18)

Author: beepdot

ansible/roles/keycloak-deploy/files/python-keycloak-0.12.0/keycloak/keycloak_main.py

@@ -1,8 +1,9 @@
 import json
+import urllib.request
+import argparse
 
 from keycloak import KeycloakOpenID
 from keycloak import KeycloakAdmin
-import urllib2, argparse, json
 
 # Import realm
 def keycloak_import_realm(keycloak_realm_file):
@@ -17,20 +18,24 @@ def keycloak_create_user(email, username, firstName, lastName, password):
                     "enabled": True,
                     "firstName": firstName,
                     "lastName": lastName,
-                    "credentials": [{"value": "12345","type": password}],
+                    "credentials": [{"value": password, "type": "password"}],
                     "realmRoles": ["user_default"]})
 
 # Create the user and assign the role to access the user management API
 def update_user_roles(config):
     realm_json = json.load(open(config['keycloak_realm_json_file_path']))
 
     # Get the id of realm-management
+    client_id = None
     for client in realm_json['clients']:
         if config['clientId'] == client['clientId']:
             client_id = client["id"]
             break
 
-    user = keycloak_admin.get_users({"username":config['keycloak_api_management_username']})
+    if client_id is None:
+        raise ValueError("Client ID not found in realm JSON")
+
+    user = keycloak_admin.get_users({"username": config['keycloak_api_management_username']})
     user_id = user[0]['id']
 
     # Read the role from file
@@ -40,13 +45,13 @@ def update_user_roles(config):
     roles = json.loads(json_data)
 
     # Get only client roles
-    clientRoles = roles[config['clientId']]
+    client_roles = roles[config['clientId']]
 
-    keycloak_admin.assign_client_role(user_id, client_id, clientRoles)
+    keycloak_admin.assign_client_role(user_id, client_id, client_roles)
 
-if  __name__ == "__main__":
-    parser = argparse.ArgumentParser(description='Configure keycloak user apis')
-    parser.add_argument('keycloak_bootstrap_config', help='configuration json file that is needed for keycloak bootstrap')
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Configure keycloak user APIs')
+    parser.add_argument('keycloak_bootstrap_config', help='Configuration JSON file needed for keycloak bootstrap')
     args = parser.parse_args()
 
     with open(args.keycloak_bootstrap_config) as keycloak_bootstrap_config:
@@ -55,35 +60,34 @@ def update_user_roles(config):
     try:
         # Get access token
         keycloak_admin = KeycloakAdmin(server_url=config['keycloak_auth_server_url'],
-                            username=config['keycloak_management_user'],
-                            password=config['keycloak_management_password'],
-                            realm_name="master",
-                            client_id='admin-cli',
-                            verify=False)
+                                       username=config['keycloak_management_user'],
+                                       password=config['keycloak_management_password'],
+                                       realm_name="master",
+                                       client_id='admin-cli',
+                                       verify=False)
         # Import realm
         keycloak_import_realm(config['keycloak_realm_json_file_path'])
 
         # Set realm name to sunbird
         keycloak_admin.realm_name = config['keycloak_realm']
 
-        # Add user for user api
+        # Add user for user API
         keycloak_create_user(email=config['keycloak_api_management_user_email'],
-            username=config['keycloak_api_management_username'],
-            firstName=config['keycloak_api_management_user_first_name'],
-            lastName=config['keycloak_api_management_user_last_name'],
-            password=config['keycloak_api_management_user_password'])
+                             username=config['keycloak_api_management_username'],
+                             firstName=config['keycloak_api_management_user_first_name'],
+                             lastName=config['keycloak_api_management_user_last_name'],
+                             password=config['keycloak_api_management_user_password'])
 
-        # Update user roles for access user management API's
+        # Update user roles for access user management APIs
         config['clientId'] = "realm-management"
         update_user_roles(config)
 
         # Update user roles for SSO
         config['clientId'] = "admin-cli"
         update_user_roles(config)
-    # If keycloak is returning the error realm does exists
+    # If Keycloak is returning the error realm does exist
     except Exception as e:
         if "409" in str(e):
-            print "Skipping error: " + str(e)
+            print("Skipping error: " + str(e))
         else:
-            raise
-
+            raise

ansible/roles/keycloak-deploy/tasks/bootstrap.yml

@@ -26,19 +26,19 @@
 
 - name: start keycloak with script upload feature temporarily
   shell: "nohup {{keycloak_home}}/bin/standalone.sh -Dkeycloak.profile.feature.upload_scripts=enabled -b={{ansible_default_ipv4.address}} -bprivate={{ansible_default_ipv4.address}} --server-config standalone-ha.xml &"
-  become: yes
+  become: true
   become_user: "{{ wildfly_user }}"
   notify: wait for keycloak to start
 
 - meta: flush_handlers
 
 - name: Install dependencies for keycloak
   apt:
-    name: ["python-setuptools"]
+    name: ["python-setuptools", "python3.7-dev", "python3.7-distutils"]
     update_cache: true
 
 - name: Ensure python packages are installed
-  apt: 
+  apt:
     name: ["python-pip", "python-dev"]
     update_cache: yes
   when: ansible_os_family == 'Debian' and ansible_distribution_version | float < 18
@@ -55,7 +55,7 @@
     dest: /tmp/
 
 - name: Initialize python library to run keycloak bootstrap script
-  shell: cd /tmp/python-keycloak-0.12.0 && python setup.py install
+  shell: cd /tmp/python-keycloak-0.12.0 && python3.7 setup.py install
 
 - name: Save keycloak vars to json
   template:
@@ -81,7 +81,7 @@
     dest: /tmp
 
 - name: Run the keycloak bootstrap script
-  shell: cd /tmp/keycloak/ && python keycloak_main.py /tmp/keycloak-bootstrap.conf.json
+  shell: cd /tmp/keycloak/ && python3.7 keycloak_main.py /tmp/keycloak-bootstrap.conf.json
   register: out
   until: '"404" not in out.stderr'
   retries: 2