keycloak_quarkus: add https to molecule test setup (#36)

* keycloak_quarkus: add https to molecule test setup

* move converge pre_tasks to prepare phase

* Update zipfile unarchive to cater for existing certs
main
Guido Grazioli 2022-05-31 19:07:18 +02:00 committed by GitHub
parent 469036e9e7
commit 76cbb4c676
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 65 additions and 12 deletions

1
.gitignore vendored
View File

@ -9,3 +9,4 @@ docs/_build/
.mypy_cache/
*.retry
changelogs/.plugin-cache.yaml
*.pem

View File

@ -2,10 +2,6 @@
- name: Prepare
hosts: all
tasks:
- name: Disable beta repos
ansible.builtin.command: yum config-manager --disable '*beta*'
ignore_errors: yes
- name: Install sudo
ansible.builtin.yum:
name:

View File

@ -5,6 +5,12 @@
keycloak_quarkus_admin_pass: "remembertochangeme"
keycloak_admin_password: "remembertochangeme"
keycloak_realm: TestRealm
keycloak_quarkus_host: instance:8443
keycloak_quarkus_http_relative_path: ''
keycloak_quarkus_log: file
keycloak_quarkus_https_enabled: True
keycloak_quarkus_key_file: conf/key.pem
keycloak_quarkus_cert_file: conf/cert.pem
roles:
- role: keycloak_quarkus
- role: keycloak_realm

View File

@ -16,7 +16,9 @@ platforms:
port_bindings:
- "8080/tcp"
- "8443/tcp"
- "8009/tcp"
- "8009/tcp"
published_ports:
- 0.0.0.0:8443:8443/tcp
provisioner:
name: ansible
config_options:

View File

@ -6,3 +6,21 @@
ansible.builtin.yum:
name: sudo
state: present
- command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
delegate_to: localhost
- lineinfile:
dest: /etc/hosts
line: "127.0.0.1 instance"
state: present
delegate_to: localhost
become: yes
- file:
state: directory
path: /opt/keycloak/keycloak-18.0.0/conf/
- copy:
src: "{{ item }}"
dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
mode: 0444
loop:
- cert.pem
- key.pem

View File

@ -9,3 +9,19 @@
that:
- ansible_facts.services["keycloak.service"]["state"] == "running"
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
- name: Fetch openID config
shell: |
curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq .
delegate_to: localhost
register: openid_config
- debug:
msg: " {{ openid_config.stdout | from_json }}"
delegate_to: localhost
- name: Verify endpoint URLs
assert:
that:
- (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth'
- (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master'
- (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth'
- (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token'
delegate_to: localhost

View File

@ -3,7 +3,13 @@
hosts: all
vars:
keycloak_admin_password: "remembertochangeme"
keycloak_quarkus_host: localhost:8443
keycloak_quarkus_http_relative_path: ''
keycloak_quarkus_log: file
keycloak_quarkus_https_enabled: True
keycloak_quarkus_key_file: conf/key.pem
keycloak_quarkus_cert_file: conf/cert.pem
collections:
- middleware_automation.keycloak
roles:
- keycloak_quarkus
- keycloak_quarkus

View File

@ -84,9 +84,9 @@
- local_archive_path.stat.exists
become: yes
- name: "Check target directory: {{ keycloak.home }}"
- name: "Check target directory: {{ keycloak.home }}/bin/"
ansible.builtin.stat:
path: "{{ keycloak.home }}"
path: "{{ keycloak.home }}/bin/"
register: path_to_workdir
become: yes
@ -95,12 +95,12 @@
remote_src: yes
src: "{{ archive }}"
dest: "{{ keycloak_quarkus_dest }}"
creates: "{{ keycloak.home }}"
creates: "{{ keycloak.home }}/bin/"
owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}"
become: yes
when:
- new_version_downloaded.changed or not path_to_workdir.stat.exists
- (not path_to_workdir.stat.exists) or new_version_downloaded.changed
notify:
- restart keycloak
@ -108,4 +108,4 @@
ansible.builtin.debug:
msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
when:
- not new_version_downloaded.changed and path_to_workdir.stat.exists
- (not new_version_downloaded.changed) and path_to_workdir.stat.exists

View File

@ -41,6 +41,14 @@
notify:
- restart keycloak
- name: Ensure logdirectory exists
ansible.builtin.file:
state: directory
path: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}"
mode: 0775
- name: "Start and wait for keycloak service"
ansible.builtin.include_tasks: start.yml
@ -52,6 +60,6 @@
- name: Link default logs directory
ansible.builtin.file:
state: link
src: "{{ keycloak.home }}/{{ keycloak.log.file }}"
src: "{{ keycloak.home }}/{{ keycloak.log.file | dirname }}"
dest: /var/log/keycloak
force: yes