Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New iam client registration #11

Merged
merged 8 commits into from
Mar 6, 2024
Merged

New iam client registration #11

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2254a69
Implemented new IAM client registration
Feb 22, 2024
99a8691
Implemented new iam-client policy
Feb 28, 2024
cc00a02
Implemented new iam-client policy
Feb 28, 2024
917c305
Implemented new iam-client policy
Feb 28, 2024
1f27aa0
Implemented new iam-client policy
Mar 1, 2024
895a283
Fixed the grafana_port variable check
Mar 4, 2024
f9135fd
New IAM client registration
Mar 4, 2024
b5d7895
Removed whitespace
Mar 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@ monitoring_iam_groups: "beta_testers" # group1 group2
monitoring_iam_admin_groups: "" # group1 group2
monitoring_server_ip: "" # 192.168.1.42
monitoring_dns_name: ""
monitoring_iam_client_id: ""
monitoring_iam_token: ""

service_grafana: yes
service_grafana_port: 3000
Expand Down
62 changes: 14 additions & 48 deletions tasks/grafana.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,59 +32,25 @@
dest: /usr/local/share/dodasts/monitoring
directory_mode: 0755


- name: check if the oidc client file already exists
stat:
path: "/usr/local/share/dodasts/monitoring/.client-iam.json"
register: oidc_config


- block:
- name: Retrieve registration endpoint from OpenID configuration
uri:
url: "{{ monitoring_iam_url }}/.well-known/openid-configuration"
method: GET
return_content: yes
register: openid_config

- name: Set registration endpoint variable
set_fact:
registration_endpoint: "{{ openid_config.json.registration_endpoint }}"

- name: Register iam client
uri:
url: "{{ registration_endpoint }}"
validate_certs: "no"
method: POST
status_code: 201
headers:
Content-Type: "application/json"
body:
redirect_uris:
- "https://{{ monitoring_dns_name }}:{{ service_grafana_port }}/login/generic_oauth"
client_name: "oc-client"
token_endpoint_auth_method: client_secret_basic
scope: openid email profile
grant_types:
- authorization_code
response_types:
- code
body_format: json
return_content: yes
register: iam_response

- name: Save client info
copy:
content: "{{ iam_response.json }}"
dest: "/usr/local/share/dodasts/monitoring/.client-iam.json"
when: not oidc_config.stat.exists|bool

# ---------- IAM Client retrieving, updating and local saving ----------
- name: Check vars before interacting with the IAM issuer
ansible.builtin.assert:
that:
- monitoring_iam_url | length > 0
- monitoring_iam_client_id | length > 0
- monitoring_iam_token | length > 0
- monitoring_dns_name | length > 0
- service_grafana_port is defined
fail_msg: Not defined variable among monitoring_iam_url, monitoring_iam_client_id, monitoring_iam_token, monitoring_dns_name and service_grafana_port.

- name: Collect, Update and store locally the IAM Client info
ansible.builtin.include_tasks: iam-client.yml
# ----------------------------------------------------------------------

- name: Retrieve client info
set_fact:
iam_response: "{{ lookup('file', '/usr/local/share/dodasts/monitoring/.client-iam.json') }}"


- name: Create grafana config
template:
src: grafana.ini.j2
Expand Down
50 changes: 50 additions & 0 deletions tasks/iam-client.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
- name: Define the new redirect_uri variable
ansible.builtin.set_fact:
mon_iam_redirect_uri: "https://{{ monitoring_dns_name }}:{{ service_grafana_port }}/login/generic_oauth"

- name: Retrieve registration endpoint from OpenID configuration
ansible.builtin.uri:
url: "{{ monitoring_iam_url }}/.well-known/openid-configuration"
method: GET
return_content: yes
register: openid_config

- name: Set registration endpoint variable
ansible.builtin.set_fact:
registration_endpoint: "{{ openid_config.json.registration_endpoint }}"

- name: Retrieve the IAM client info
ansible.builtin.uri:
url: "{{ registration_endpoint }}/{{ monitoring_iam_client_id }}"
method: GET
status_code: 200
headers:
Accept: "application/json"
Authorization: "Bearer {{ monitoring_iam_token }}"
return_content: true
register: iam_client_get_response

- name: Modify client JSON
ansible.builtin.set_fact:
modified_client_info: "{{ iam_client_get_response.json | combine({'redirect_uris': iam_client_get_response.json.redirect_uris + [mon_iam_redirect_uri]}) }}"

- name: Update client
ansible.builtin.uri:
url: "{{ registration_endpoint }}/{{ monitoring_iam_client_id }}"
validate_certs: "no"
method: PUT
status_code: 200
headers:
Authorization: "Bearer {{ monitoring_iam_token }}"
Content-Type: application/json
body_format: json
body: "{{ modified_client_info }}"
return_content: true
register: iam_response

- name: Save client info
ansible.builtin.copy:
content: "{{ modified_client_info }}"
dest: /usr/local/share/dodasts/monitoring/.client-iam.json
mode: "0644"
Loading