325c9e6cf8
Changed from /api/v3/core/tenants/ to /api/v3/flows/instances/ which returns proper JSON instead of 404 HTML during initialization.
100 lines
3.2 KiB
YAML
100 lines
3.2 KiB
YAML
---
|
|
# Configure Authentik flows (invitation, recovery, 2FA) via API
|
|
|
|
- name: Use bootstrap token for API access
|
|
set_fact:
|
|
authentik_api_token: "{{ client_secrets.authentik_bootstrap_token }}"
|
|
|
|
- name: Wait for Authentik API to be ready
|
|
shell: |
|
|
i=1
|
|
while [ $i -le 30 ]; do
|
|
if docker exec authentik-server curl -sf -H "Authorization: Bearer {{ authentik_api_token }}" http://localhost:9000/api/v3/flows/instances/ > /dev/null 2>&1; then
|
|
echo "Authentik API is ready"
|
|
exit 0
|
|
fi
|
|
echo "Waiting for Authentik API... attempt $i/30"
|
|
sleep 5
|
|
i=$((i+1))
|
|
done
|
|
exit 1
|
|
register: api_wait
|
|
changed_when: false
|
|
|
|
- name: Copy invitation flow configuration script to server
|
|
copy:
|
|
src: configure_invitation_flow.py
|
|
dest: /tmp/configure_invitation_flow.py
|
|
mode: '0755'
|
|
|
|
- name: Copy recovery flow configuration script to server
|
|
copy:
|
|
src: configure_recovery_flow.py
|
|
dest: /tmp/configure_recovery_flow.py
|
|
mode: '0755'
|
|
|
|
- name: Copy 2FA enforcement configuration script to server
|
|
copy:
|
|
src: configure_2fa_enforcement.py
|
|
dest: /tmp/configure_2fa_enforcement.py
|
|
mode: '0755'
|
|
|
|
- name: Copy scripts into container
|
|
shell: |
|
|
docker cp /tmp/configure_invitation_flow.py authentik-server:/tmp/
|
|
docker cp /tmp/configure_recovery_flow.py authentik-server:/tmp/
|
|
docker cp /tmp/configure_2fa_enforcement.py authentik-server:/tmp/
|
|
changed_when: false
|
|
|
|
- name: Configure invitation flow
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_invitation_flow.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: invitation_result
|
|
changed_when: "'success' in invitation_result.stdout"
|
|
|
|
- name: Configure recovery flow
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_recovery_flow.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: recovery_result
|
|
changed_when: "'success' in recovery_result.stdout"
|
|
|
|
- name: Configure 2FA enforcement
|
|
shell: |
|
|
docker exec authentik-server python3 /tmp/configure_2fa_enforcement.py \
|
|
"http://localhost:9000" \
|
|
"{{ authentik_api_token }}"
|
|
register: twofa_result
|
|
changed_when: "'success' in twofa_result.stdout"
|
|
|
|
- name: Cleanup configuration scripts from host
|
|
file:
|
|
path: "{{ item }}"
|
|
state: absent
|
|
loop:
|
|
- /tmp/configure_invitation_flow.py
|
|
- /tmp/configure_recovery_flow.py
|
|
- /tmp/configure_2fa_enforcement.py
|
|
|
|
- name: Display flows configuration status
|
|
debug:
|
|
msg: |
|
|
========================================
|
|
Authentik Flows Configuration
|
|
========================================
|
|
|
|
✓ Invitation Flow: {{ 'Configured' if invitation_result.rc == 0 else 'Failed' }}
|
|
{{ (invitation_result.stdout | from_json).message | default('') }}
|
|
|
|
✓ Recovery Flow: {{ 'Configured' if recovery_result.rc == 0 else 'Failed' }}
|
|
{{ (recovery_result.stdout | from_json).message | default('') }}
|
|
|
|
✓ 2FA Enforcement: {{ 'Configured' if twofa_result.rc == 0 else 'Failed' }}
|
|
{{ (twofa_result.stdout | from_json).message | default('') }}
|
|
|
|
Email configuration is active and flows
|
|
will send emails via Mailgun SMTP.
|
|
========================================
|