diff --git a/tasks/hydra-update-client.yml b/tasks/hydra-update-client.yml index 47b6ffd..17f7bb8 100644 --- a/tasks/hydra-update-client.yml +++ b/tasks/hydra-update-client.yml @@ -9,15 +9,22 @@ template: src: hydra-client.json.j2 dest: "/etc/hydra/clients.d/{{ item.client_id }}.json" + +- name: Update client + command: > + podman exec -t cadoles-pod-hydra-v1 /bin/sh -c "hydra clients update '{{ client_id }}' + --endpoint http://127.0.0.1:4445 + --name '{{ item.client_name | default(item.client_id) }}' + --secret '{{ item.client_secret | default(lookup('ansible.builtin.password', '/dev/null chars=ascii_lowercase,digits length=32 seed=inventory_hostname')) }}' + --grant-types '{{ ','.join(item.grant_types) if "grant_types" in item else "authorization_code, refresh_token" }}' + --post-logout-callbacks '{{ ','.join(item.post_logout_redirect_uris) if "post_logout_redirect_uris" in item else "" }}' + --callbacks '{{ ','.join(item.redirect_uris) }}' + --response-types '{{ ','.join(item.response_types) if "response_types" in item else "code" }}' + --logo-uri '{{ item.logo_uri if "logo_uri" in item else "" }}' + --scope '{{ ','.join(item.scope) if "scope" in item else "openid profile email webhook" }}' + --token-endpoint-auth-method '{{ item.token_endpoint_auth_method if "token_endpoint_auth_method" in item else "client_secret_post" }}' + " with_items: "{{ hydra_clients }}" when: item.client_id == client_id become: true -- name: Delete client - command: podman exec -t cadoles-pod-hydra-v1 /bin/sh -c "hydra clients delete {{ client_id }} --endpoint http://127.0.0.1:4445" - ignore_errors: true - become: true - -- name: Import client - command: podman exec -t cadoles-pod-hydra-v1 /bin/sh -c "hydra clients import /etc/hydra/clients.d/{{ client_id }}.json --endpoint http://127.0.0.1:4445" - become: true