Merge pull request #26 from guidograzioli/keycloak_admin_password_var

move admin pwd param from vars to defaults and assert
2022-03-25 09:57:21 +01:00 · 2022-03-25 09:57:21 +01:00 · 10ff1763c1
parent 6270762a3a 85b0a2549a
commit 10ff1763c1
12 changed files with 24 additions and 17 deletions
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@ -2,17 +2,15 @@
 - name: Converge
  hosts: all
  vars: 
+    keycloak_admin_password: "remembertochangeme"
  tasks:
    - name: Include keycloak role
      include_role:
        name: ../../roles/keycloak
-      vars:
-        keycloak_admin_password: "changeme"
    - name: Keycloak Realm Role
      include_role:
        name: ../../roles/keycloak_realm
      vars:
-        keycloak_admin_password: "changeme"
        keycloak_client_default_roles:
          - TestRoleAdmin
          - TestRoleUser
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -8,3 +8,4 @@
      ansible.builtin.assert:
        that:
          - ansible_facts.services["keycloak.service"]["state"] == "running"
+          - ansible_facts.services["keycloak.service"]["status"] == "enabled"
--- a/playbooks/keycloak_realm.yml
+++ b/playbooks/keycloak_realm.yml
@ -6,7 +6,7 @@
      ansible.builtin.include_role:
        name: middleware_automation.keycloak.keycloak_realm
      vars:
-        keycloak_admin_password: "changeme"
+        keycloak_admin_password: "remembertochangeme"
        keycloak_realm: TestRealm
        keycloak_user_federation:
          - realm: TestRealm
--- a/playbooks/rhsso.yml
+++ b/playbooks/rhsso.yml
@ -2,7 +2,7 @@
 - name: Playbook for Keycloak Hosts
  hosts: keycloak
  vars:
-    keycloak_admin_password: "changeme"
+    keycloak_admin_password: "remembertochangeme"
    keycloak_rhsso_enable: True
  collections:
    - middleware_automation.redhat_csp_download
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@ -32,6 +32,9 @@ keycloak_service_group: keycloak
 keycloak_service_pidfile: "/run/keycloak.pid"
 keycloak_configure_firewalld: False

+### administrator console password
+keycloak_admin_password: ''
+
 ### Common configuration settings
 keycloak_bind_address: 0.0.0.0
 keycloak_host: localhost
--- a/roles/keycloak/meta/main.yml
+++ b/roles/keycloak/meta/main.yml
@ -23,5 +23,7 @@ galaxy_info:
    - keycloak
    - redhat
    - rhel
-    - rhn
-    - sso
+    - sso
+    - authentication
+    - identity
+    - security
--- a/roles/keycloak/tasks/firewalld.yml
+++ b/roles/keycloak/tasks/firewalld.yml
@ -1,5 +1,5 @@
 ---
- name: Ensures required package firewalld are installed
+- name: Ensure required package firewalld are installed
  ansible.builtin.include_tasks: fastpackages.yml
  vars:
    packages_list:
--- a/roles/keycloak/tasks/prereqs.yml
+++ b/roles/keycloak/tasks/prereqs.yml
@ -1,4 +1,12 @@
 ---
+- name: Validate admin console password
+  ansible.builtin.assert:
+    that:
+      - keycloak_admin_password | length > 12
+    quiet: True
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 16+ char long string"
+    success_msg: "{{ 'Console administrator password OK' }}"
+
 - name: Validate configuration
  ansible.builtin.assert:
    that:
@ -16,7 +24,7 @@
    fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
    success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}"

- name: Ensures required packages are installed
+- name: Ensure required packages are installed
  ansible.builtin.include_tasks: fastpackages.yml
  vars:
    packages_list:
--- a/roles/keycloak/vars/main.yml
+++ b/roles/keycloak/vars/main.yml
@ -1,8 +1,4 @@
 ---
-# required variables for keycloak
-# administrator console password
-keycloak_admin_password:
-
 # internal variables below
 rhsso_rhn_ids:
  '7.5.0':
--- a/roles/keycloak_realm/README.md
+++ b/roles/keycloak_realm/README.md
@ -30,8 +30,8 @@ The following are a set of _required_ variables for the role:

 | Variable | Description |
 |:---------|:------------|
-|`keycloak_admin_password`| Password for the administration console user account |
 |`keycloak_realm` | Name of the realm to be created |
+|`keycloak_admin_password`| Password for the administration console user account |


 The following variables are available for creating clients:
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@ -11,6 +11,8 @@ keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli

+# administrator console password, this is a required variable
+keycloak_admin_password: ''

 ### Keycloak realms, clients, roles, federation
 # list of clients to create in the realm
--- a/roles/keycloak_realm/vars/main.yml
+++ b/roles/keycloak_realm/vars/main.yml
@ -1,9 +1,6 @@
 ---
 # vars file for keycloak_realm

-# administrator console password, this is a required variable
-keycloak_admin_password:
-
 # name of the realm to create, this is a required variable
 keycloak_realm: