fix injecting realm settings

Alfresco · Sep 16, 2024 · e32cf5f · e32cf5f
1 parent b4ecbb0
commit e32cf5f
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 7 deletions.
diff --git a/molecule/identity/verify.yml b/molecule/identity/verify.yml
@@ -81,6 +81,8 @@
           - app_config_json.oauth2.redirectUri == adf_apps_contexts[item_index]
           - app_config_json.oauth2.redirectUriLogout == adf_apps_contexts[item_index]
           - app_config_json.oauth2.redirectSilentIframeUri == '{protocol}//{hostname}{:port}' ~ adf_apps_contexts[item_index] ~ 'assets/silent-refresh.html'
+          - app_config_json.oauth2.implicitFlow == false
+          - app_config_json.oauth2.codeFlow == true
         fail_msg: "not expected {{ app_config_json }}"
       loop: "{{ range(0, adf_apps | length) | list }}"
       loop_control:

diff --git a/playbooks/acs.yml b/playbooks/acs.yml
@@ -135,7 +135,6 @@
       identity_admin_username: admin
       identity_admin_password: "{{ hostvars.localhost.identity_admin_password }}"
       identity_keycloak_http_port: "{{ ports_cfg.identity.http }}"
-      identity_default_client_implicit_flow_enabled: "{{ not code_flow_pkce_supported }}"
       when: not groups.external_identity | default([])
   tasks:
     - name: Configure Realm
@@ -145,6 +144,7 @@
         identity_keycloak_http_port: "{{ ports_cfg.identity.http }}"
         identity_known_urls:
           - "{{ alfresco_url }}"
+        identity_default_client_implicit_flow_enabled: "{{ not code_flow_pkce_supported }}"
       ansible.builtin.include_role:
         name: "../roles/identity"
         tasks_from: realm

diff --git a/roles/identity/meta/argument_specs.yml b/roles/identity/meta/argument_specs.yml
@@ -38,18 +38,15 @@ argument_specs:
         default: /auth
         description:
           Path relative to / for serving keycloak resources
-      identity_known_urls:
-        type: list
-        elements: str
-        default: []
-        description: |
-          A list of possible origin URLs which are allowed to interact with the configured realm
       identity_url:
         type: str
         default:
         description:
           Set the base URL for frontend URL and admin console, including scheme, host, port and path.
           Will override identity_keycloak_host, identity_keycloak_http_port.
+  realm:
+    short_description: Configure the keycloak realm
+    options:
       identity_default_realm_id:
         type: str
         default: alfresco
@@ -65,3 +62,9 @@ argument_specs:
         default: true
         description: |
           Enable or disable the implicit flow for the default client inside the default realm
+      identity_known_urls:
+        type: list
+        elements: str
+        default: []
+        description: |
+          A list of possible origin URLs which are allowed to interact with the configured realm