2ccdf4aebf
Wait for Authentik API to be available before attempting to configure flows. This prevents 404 errors when the API is not yet ready.
98 lines
3.2 KiB
YAML
98 lines
3.2 KiB
YAML
---
|
|
# Configure Authentik flows (invitation, recovery, 2FA) via API
|
|
|
|
- name: Use bootstrap token for API access
|
|
set_fact:
|
|
authentik_api_token: "{{ client_secrets.authentik_bootstrap_token }}"
|
|
|
|
- name: Wait for Authentik API to be ready
|
|
shell: |
|
|
for i in {1..30}; do
|
|
if docker exec authentik-server curl -sf -H "Authorization: Bearer {{ authentik_api_token }}" http://localhost:9000/api/v3/core/tenants/ > /dev/null 2>&1; then
|
|
echo "Authentik API is ready"
|
|
exit 0
|
|
fi
|
|
echo "Waiting for Authentik API... attempt $i/30"
|
|
sleep 5
|
|
done
|
|
exit 1
|
|
register: api_wait
|
|
changed_when: false
|
|
|
|
- name: Copy invitation flow configuration script to server
|
|
copy:
|
|
src: configure_invitation_flow.py
|
|
dest: /tmp/configure_invitation_flow.py
|
|
mode: '0755'
|
|
|
|
- name: Copy recovery flow configuration script to server
|
|
copy:
|
|
src: configure_recovery_flow.py
|
|
dest: /tmp/configure_recovery_flow.py
|
|
mode: '0755'
|
|
|
|
- name: Copy 2FA enforcement configuration script to server
|
|
copy:
|
|
src: configure_2fa_enforcement.py
|
|
dest: /tmp/configure_2fa_enforcement.py
|
|
mode: '0755'
|
|
|
|
- name: Copy scripts into container
|
|
shell: |
|
|
docker cp /tmp/configure_invitation_flow.py authentik-server:/tmp/
|
|
docker cp /tmp/configure_recovery_flow.py authentik-server:/tmp/
|
|
docker cp /tmp/configure_2fa_enforcement.py authentik-server:/tmp/
|
|
changed_when: false
|
|
|
|
- name: Configure invitation flow
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_invitation_flow.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: invitation_result
|
|
changed_when: "'success' in invitation_result.stdout"
|
|
|
|
- name: Configure recovery flow
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_recovery_flow.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: recovery_result
|
|
changed_when: "'success' in recovery_result.stdout"
|
|
|
|
- name: Configure 2FA enforcement
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_2fa_enforcement.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: twofa_result
|
|
changed_when: "'success' in twofa_result.stdout"
|
|
|
|
- name: Cleanup configuration scripts from host
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- /tmp/configure_invitation_flow.py
|
|
- /tmp/configure_recovery_flow.py
|
|
- /tmp/configure_2fa_enforcement.py
|
|
|
|
- name: Display flows configuration status
|
|
debug:
|
|
msg: |
|
|
========================================
|
|
Authentik Flows Configuration
|
|
========================================
|
|
|
|
✓ Invitation Flow: {{ 'Configured' if invitation_result.rc == 0 else 'Failed' }}
|
|
{{ (invitation_result.stdout | from_json).message | default('') }}
|
|
|
|
✓ Recovery Flow: {{ 'Configured' if recovery_result.rc == 0 else 'Failed' }}
|
|
{{ (recovery_result.stdout | from_json).message | default('') }}
|
|
|
|
✓ 2FA Enforcement: {{ 'Configured' if twofa_result.rc == 0 else 'Failed' }}
|
|
{{ (twofa_result.stdout | from_json).message | default('') }}
|
|
|
|
Email configuration is active and flows
|
|
will send emails via Mailgun SMTP.
|
|
========================================
|