34 lines
1.6 KiB
YAML
34 lines
1.6 KiB
YAML
---
|
|
# Simple task to update 1 client for hydra.
|
|
# Parameter: client_id
|
|
|
|
- fail: msg='Error, client does not exist. Please define the client first'
|
|
when: hydra_clients|selectattr("client_id", "equalto", client_id)|list|length == 0
|
|
|
|
- name: Create or overwrite hydra-client
|
|
template:
|
|
src: hydra-client.json.j2
|
|
dest: "/etc/hydra/clients.d/{{ item.client_id }}.json"
|
|
with_items: "{{ hydra_clients }}"
|
|
when: item.client_id == client_id
|
|
become: true
|
|
|
|
- name: Update client
|
|
command: >
|
|
podman exec -t cadoles-pod-hydra-v1 /bin/sh -c "hydra clients update '{{ client_id }}'
|
|
--endpoint http://127.0.0.1:4445
|
|
--name '{{ item.client_name | default(item.client_id) }}'
|
|
--secret '{{ item.client_secret | default(lookup('ansible.builtin.password', '/dev/null chars=ascii_lowercase,digits length=32 seed=inventory_hostname')) }}'
|
|
--grant-types '{{ ','.join(item.grant_types) if "grant_types" in item else "authorization_code, refresh_token" }}'
|
|
--post-logout-callbacks '{{ ','.join(item.post_logout_redirect_uris) if "post_logout_redirect_uris" in item else "" }}'
|
|
--callbacks '{{ ','.join(item.redirect_uris) }}'
|
|
--response-types '{{ ','.join(item.response_types) if "response_types" in item else "code" }}'
|
|
--logo-uri '{{ item.logo_uri if "logo_uri" in item else "" }}'
|
|
--scope '{{ ','.join(item.scope) if "scope" in item else "openid profile email webhook" }}'
|
|
--token-endpoint-auth-method '{{ item.token_endpoint_auth_method if "token_endpoint_auth_method" in item else "client_secret_post" }}'
|
|
"
|
|
with_items: "{{ hydra_clients }}"
|
|
when: item.client_id == client_id
|
|
become: true
|
|
|