-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathapb.yml
166 lines (164 loc) · 5.33 KB
/
apb.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
## Shared parameters
_bind_params: &_bind_params
# Provision bind params
- name: service_name
display_group: Provision
required: True
title: Name of the service to bind
type: string
- name: redirect_uris
display_group: Provision
required: True
title: Redirect URIs
description: Valid Redirect URIs a browser can redirect to after a successful login/logout. Simple wildcards are allowed. e.g. https://myservice-myproject.apps.example.com/*
type: string
- name: web_origins
display_group: Provision
title: Web Origins
description: Web Origins to allow CORS
type: string
# Bind secret params (which env variables to create)
- name: sso_url_name
default: SSO_URL
display_group: Binding
title: Keycloak URL Variable name
description: How the application will refer to the Keycloak URL
type: string
- name: sso_realm_name
default: SSO_REALM
display_group: Binding
title: Keycloak Realm Variable name
description: How the application will refer to the Keycloak Realm
type: string
- name: sso_client_name
default: SSO_CLIENT
display_group: Binding
title: Keycloak Client Variable name
description: How the application will refer to the Keycloak Client name
type: string
version: 1.0.0
name: keycloak-apb
description: Keycloak - Open Source Identity and Access Management
bindable: True
async: optional
tags:
- sso
- keycloak
metadata:
displayName: Keycloak (APB)
imageUrl: "https://github.com/ansibleplaybookbundle/keycloak-apb/raw/master/docs/imgs/keycloak_ico.png"
documentationUrl: "http://www.keycloak.org/documentation.html"
providerDisplayName: "Red Hat, Inc."
dependencies:
- 'docker.io/jboss/keycloak-openshift:3.4.3.Final'
- 'centos/postgresql-95-centos7:9.5'
serviceName: keycloak
plans:
- name: ephemeral
description: Deploy keycloak without persistence
free: True
metadata:
displayName: Keycloak ephemeral
parameters:
- name: admin_username
required: True
default: admin
type: string
title: Keycloak admin username
- name: admin_password
required: True
type: string
display_type: password
title: Keycloak admin password
- name: apb_keycloak_uri
required: False
type: string
title: Keycloak URL
description: URL where the applications should redirect to for authentication. Must be resolvable by the browser and pods. Leave empty to use the host generated by the route
- name: keycloak_users
required: False
type: string
display_type: textarea
title: Users
description: JSON defining the users to add to the realm and their memberships
- name: keycloak_roles
required: False
type: string
display_type: textarea
title: Roles
description: JSON defining the roles to add to the realm
bind_parameters: *_bind_params
- name: persistent
description: Deploy keycloak with persistence
free: True
default: True
metadata:
displayName: Keycloak persistent
parameters:
- name: admin_username
required: True
default: admin
type: string
title: Keycloak admin username
- name: admin_password
required: True
type: string
display_type: password
title: Keycloak admin password
- name: apb_keycloak_uri
required: False
type: string
title: Keycloak URL
description: URL where the applications should redirect to for authentication. Must be resolvable by the browser and pods. Leave empty to use the host generated by the route
- name: pvc_size
type: string
default: 200Mi
description: Database storage size
title: Storage size
- name: keycloak_users
required: False
type: string
display_type: textarea
title: Users
description: JSON defining the users to add to the realm and their memberships
- name: keycloak_roles
required: False
type: string
display_type: textarea
title: Roles
description: JSON defining the roles to add to the realm
bind_parameters: *_bind_params
- name: external
description: Allows authenticating applications to an external Keycloak instance
free: True
metadata:
displayName: Keycloak (external)
parameters:
- name: admin_username
required: True
default: admin
type: string
title: Keycloak admin username
- name: admin_password
required: True
type: string
display_type: password
title: Keycloak admin password
- name: apb_keycloak_uri
required: True
type: string
title: Keycloak URL
description: URL where the applications should redirect to for authentication. Must be resolvable by the browser and pods.
- name: keycloak_users
required: False
type: string
display_type: textarea
title: Users
description: JSON defining the users to add to the realm and their memberships
- name: keycloak_roles
required: False
type: string
display_type: textarea
title: Roles
description: JSON defining the roles to add to the realm
bind_parameters: *_bind_params