diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index 55f17ef..2ab6ad5 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -2,17 +2,15 @@ - name: Converge hosts: all vars: + keycloak_admin_password: "remembertochangeme" tasks: - name: Include keycloak role include_role: name: ../../roles/keycloak - vars: - keycloak_admin_password: "changeme" - name: Keycloak Realm Role include_role: name: ../../roles/keycloak_realm vars: - keycloak_admin_password: "changeme" keycloak_client_default_roles: - TestRoleAdmin - TestRoleUser diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 0952ba5..ef973cd 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -8,3 +8,4 @@ ansible.builtin.assert: that: - ansible_facts.services["keycloak.service"]["state"] == "running" + - ansible_facts.services["keycloak.service"]["status"] == "enabled" diff --git a/playbooks/keycloak_realm.yml b/playbooks/keycloak_realm.yml index e7d0259..8bc1962 100644 --- a/playbooks/keycloak_realm.yml +++ b/playbooks/keycloak_realm.yml @@ -6,7 +6,7 @@ ansible.builtin.include_role: name: middleware_automation.keycloak.keycloak_realm vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_realm: TestRealm keycloak_user_federation: - realm: TestRealm diff --git a/playbooks/rhsso.yml b/playbooks/rhsso.yml index 13f4ce6..ba30a74 100644 --- a/playbooks/rhsso.yml +++ b/playbooks/rhsso.yml @@ -2,7 +2,7 @@ - name: Playbook for Keycloak Hosts hosts: keycloak vars: - keycloak_admin_password: "changeme" + keycloak_admin_password: "remembertochangeme" keycloak_rhsso_enable: True collections: - middleware_automation.redhat_csp_download diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml index ebbaa05..ad1b2c6 100644 --- a/roles/keycloak/defaults/main.yml +++ b/roles/keycloak/defaults/main.yml @@ -32,6 +32,9 @@ keycloak_service_group: keycloak keycloak_service_pidfile: "/run/keycloak.pid" keycloak_configure_firewalld: False +### administrator console password +keycloak_admin_password: '' + ### Common configuration settings keycloak_bind_address: 0.0.0.0 keycloak_host: localhost diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml index 8f5bc1e..4760762 100644 --- a/roles/keycloak/meta/main.yml +++ b/roles/keycloak/meta/main.yml @@ -23,5 +23,7 @@ galaxy_info: - keycloak - redhat - rhel - - rhn - - sso \ No newline at end of file + - sso + - authentication + - identity + - security diff --git a/roles/keycloak/tasks/firewalld.yml b/roles/keycloak/tasks/firewalld.yml index 15f91cb..58a6cac 100644 --- a/roles/keycloak/tasks/firewalld.yml +++ b/roles/keycloak/tasks/firewalld.yml @@ -1,5 +1,5 @@ --- -- name: Ensures required package firewalld are installed +- name: Ensure required package firewalld are installed ansible.builtin.include_tasks: fastpackages.yml vars: packages_list: diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml index 77e8364..5d685be 100644 --- a/roles/keycloak/tasks/prereqs.yml +++ b/roles/keycloak/tasks/prereqs.yml @@ -1,4 +1,12 @@ --- +- name: Validate admin console password + ansible.builtin.assert: + that: + - keycloak_admin_password | length > 12 + quiet: True + fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 16+ char long string" + success_msg: "{{ 'Console administrator password OK' }}" + - name: Validate configuration ansible.builtin.assert: that: @@ -16,7 +24,7 @@ fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined" success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}" -- name: Ensures required packages are installed +- name: Ensure required packages are installed ansible.builtin.include_tasks: fastpackages.yml vars: packages_list: diff --git a/roles/keycloak/vars/main.yml b/roles/keycloak/vars/main.yml index ff7456a..437eac0 100644 --- a/roles/keycloak/vars/main.yml +++ b/roles/keycloak/vars/main.yml @@ -1,8 +1,4 @@ --- -# required variables for keycloak -# administrator console password -keycloak_admin_password: - # internal variables below rhsso_rhn_ids: '7.5.0': diff --git a/roles/keycloak_realm/README.md b/roles/keycloak_realm/README.md index 4a01e64..cf098a7 100644 --- a/roles/keycloak_realm/README.md +++ b/roles/keycloak_realm/README.md @@ -30,8 +30,8 @@ The following are a set of _required_ variables for the role: | Variable | Description | |:---------|:------------| -|`keycloak_admin_password`| Password for the administration console user account | |`keycloak_realm` | Name of the realm to be created | +|`keycloak_admin_password`| Password for the administration console user account | The following variables are available for creating clients: diff --git a/roles/keycloak_realm/defaults/main.yml b/roles/keycloak_realm/defaults/main.yml index c47aea3..2f33e57 100644 --- a/roles/keycloak_realm/defaults/main.yml +++ b/roles/keycloak_realm/defaults/main.yml @@ -11,6 +11,8 @@ keycloak_admin_user: admin keycloak_auth_realm: master keycloak_auth_client: admin-cli +# administrator console password, this is a required variable +keycloak_admin_password: '' ### Keycloak realms, clients, roles, federation # list of clients to create in the realm diff --git a/roles/keycloak_realm/vars/main.yml b/roles/keycloak_realm/vars/main.yml index f87e7f5..076a8a9 100644 --- a/roles/keycloak_realm/vars/main.yml +++ b/roles/keycloak_realm/vars/main.yml @@ -1,9 +1,6 @@ --- # vars file for keycloak_realm -# administrator console password, this is a required variable -keycloak_admin_password: - # name of the realm to create, this is a required variable keycloak_realm: