[PR #7127/9a7a7a96 backport][stable-7] Add keycloak_realm_key module (#7291)

Add keycloak_realm_key module (#7127) * Add keycloak_realm_key module * keycloak_realm_key: make "ansible-test sanity" happy Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> * keycloak_realm_key: support check_mode * keycloak_realm_key: add integration tests * keycloak_realm_key: remove FIXME comment * keycloak_realm_key: fix EOL in integration test variables * keycloak_realm_key: remove unused import * keycloak_realm_key: remove integration test realm at the end of test suite * keycloak_realm_key: add version_added metadata * keycloak_realm_key: add documentation for end_state * keycloak_realm_key: support the "certificate" parameter As with "private_key" changing the certificate after creation is not possible because we can't compare the current value to the desired value. * keycloak_realm_key: document default for certificate parameter Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> * keycloak_realm_key: implement diff mode * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_realm_key: remove note about literal linefeeds * keycloak_realm_key: remove defaults from priority and certificate * keycloak_realm_key: mark diff and check modes as partially supported * keycloak_realm_key: implement "force" parameter This ensures that the desired state is always enforced on keys that should be, and are, present. * keycloak_realm_key: fix yaml parsing error in documentation * keycloak_realm_key: document why check_mode support is partial * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_realm_key: documentation and metadata fixes * keycloak_realm_key: small documentation fix * keycloak_realm_key: change version_added to 7.5.0 * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 9a7a7a9658) Co-authored-by: Samuli Seppänen <samuli.seppanen@gmail.com>
2025-06-27 10:40:22 -07:00 · 2023-09-19 22:09:54 +00:00 · 2023-09-19 22:09:54 +00:00 · 24b6441580
commit 24b6441580
parent 4381ac1bf3
6 changed files with 912 additions and 0 deletions
--- a/tests/integration/targets/keycloak_realm_key/aliases
+++ b/tests/integration/targets/keycloak_realm_key/aliases
@ -0,0 +1,5 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+unsupported
--- a/tests/integration/targets/keycloak_realm_key/readme.adoc
+++ b/tests/integration/targets/keycloak_realm_key/readme.adoc
@ -0,0 +1,27 @@
+// Copyright (c) Ansible Project
+// GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+// SPDX-License-Identifier: GPL-3.0-or-later
+
+To be able to run these integration tests a keycloak server must be
+reachable under a specific url with a specific admin user and password.
+The exact values expected for these parameters can be found in
+'vars/main.yml' file. A simple way to do this is to use the official
+keycloak docker images like this:
+
+----
+docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH=<url-path> -e KEYCLOAK_ADMIN=<admin_user> -e KEYCLOAK_ADMIN_PASSWORD=<admin_password> quay.io/keycloak/keycloak:20.0.2 start-dev
+----
+
+Example with concrete values inserted:
+
+----
+docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH=/auth -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:20.0.2 start-dev
+----
+
+This test suite can run against a fresh unconfigured server instance
+(no preconfiguration required) and cleans up after itself (undoes all
+its config changes) as long as it runs through completly. While its active
+it changes the server configuration in the following ways:
+
+  * creating, modifying and deleting some keycloak groups
+
--- a/tests/integration/targets/keycloak_realm_key/tasks/main.yml
+++ b/tests/integration/targets/keycloak_realm_key/tasks/main.yml
@ -0,0 +1,373 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+- name: Remove Keycloak test realm to avoid failures from previous failed runs
+  community.general.keycloak_realm:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    realm: "{{ realm }}"
+    id: "{{ realm }}"
+    state: absent
+
+- name: Create Keycloak test realm
+  community.general.keycloak_realm:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    realm: "{{ realm }}"
+    id: "{{ realm }}"
+    state: present
+
+- name: Create custom realm key (check mode)
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 150
+  check_mode: true
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["150"]
+      - result.msg == "Realm key testkey would be created"
+
+- name: Create custom realm key
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 150
+  diff: true
+  register: result
+
+- name: Assert that realm key was created
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["150"]
+      - result.msg == "Realm key testkey created"
+
+- name: Create custom realm key (test for idempotency)
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 150
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is not changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["150"]
+      - result.msg == "Realm key testkey was in sync"
+
+- name: Update custom realm key (check mode)
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 140
+  check_mode: true
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["140"]
+      - result.msg == "Realm key testkey would be changed: config.priority ['150'] -> ['140']"
+
+- name: Update custom realm key
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 140
+  diff: true
+  register: result
+
+- name: Assert that realm key was updated
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["140"]
+      - result.msg == "Realm key testkey changed: config.priority ['150'] -> ['140']"
+
+- name: Update custom realm key (test for idempotency)
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 140
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is not changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["140"]
+      - result.msg == "Realm key testkey was in sync"
+
+- name: Force update custom realm key
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    force: true
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key_2 }}"
+      certificate: ""
+      enabled: true
+      active: true
+      priority: 140
+  register: result
+
+- name: Assert that forced update ran correctly
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["140"]
+      - result.msg == "Realm key testkey was forcibly updated"
+
+- name: Remove custom realm key
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: absent
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      priority: 140
+  diff: true
+  register: result
+
+- name: Assert that realm key was deleted
+  assert:
+    that:
+      - result is changed
+      - result.end_state == {}
+      - result.msg == "Realm key testkey deleted"
+
+- name: Remove custom realm key (test for idempotency)
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey
+    state: absent
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: ""
+      priority: 140
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is not changed
+      - result.end_state == {}
+      - result.msg == "Realm key testkey not present"
+
+- name: Create custom realm key with a custom certificate
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey_with_certificate
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "{{ realm_private_key }}"
+      certificate: "{{ realm_certificate }}"
+      enabled: true
+      active: true
+      priority: 150
+  diff: true
+  register: result
+
+- name: Assert that realm key with custom certificate was created
+  assert:
+    that:
+      - result is changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey_with_certificate"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["150"]
+      - result.msg == "Realm key testkey_with_certificate created"
+
+- name: Attempt to change the private key and the certificate
+  community.general.keycloak_realm_key:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    name: testkey_with_certificate
+    state: present
+    parent_id: "{{ realm }}"
+    config:
+      private_key: "a different private key string"
+      certificate: "a different certificate string"
+      enabled: true
+      active: true
+      priority: 150
+  diff: true
+  register: result
+
+- name: Assert that nothing has changed
+  assert:
+    that:
+      - result is not changed
+      - result.end_state != {}
+      - result.end_state.name == "testkey_with_certificate"
+      - result.end_state.parentId == "realm_key_test"
+      - result.end_state.providerId == "rsa"
+      - result.end_state.providerType == "org.keycloak.keys.KeyProvider"
+      - result.end_state.config.active == ["true"]
+      - result.end_state.config.enabled == ["true"]
+      - result.end_state.config.algorithm == ["RS256"]
+      - result.end_state.config.priority == ["150"]
+      - result.msg == "Realm key testkey_with_certificate was in sync"
+
+- name: Remove Keycloak test realm
+  community.general.keycloak_realm:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    realm: "{{ realm }}"
+    id: "{{ realm }}"
+    state: absent
--- a/tests/integration/targets/keycloak_realm_key/vars/main.yml
+++ b/tests/integration/targets/keycloak_realm_key/vars/main.yml
@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+url: http://localhost:8080/auth
+admin_realm: master
+admin_user: admin
+admin_password: password
+realm: realm_key_test
+realm_private_key_name: testkey
+realm_private_key: |
+  -----BEGIN PRIVATE KEY-----
+  MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQC9Mi7IKXPhqGiWGwgEYEXnqc8nytG1pHbC6QYZe1gUa43jDtGYQln36It02BGw4e5XydCUj+M26X2sH+kKaV+KHEnJtcEqdAuVX1QaDVzeiOoo1/B9HC8By6NZBsOSdxpat3EvilQ+R7NP9yi53J08+vfeZSEGyPmKV1me7nJnRh3/zcRsOi92GTsBd7gApKfP8sorDjY8m9NRuPLwleK2nh/aRvj1yK8x3UAqUIbOCVaE39bSN6VUTFK2Q/+MX3vF0Zugsk7PKKmfqcEW6wj7dtSElbX4uhrfTkGMmwIWdIiLDNRA/jVRvGxUB1SyMy6kmMC8jC2QGWpZgfkSKtHlAgMBAAECggEACWkSVh7ntmjtwM+Z47vVJkt2NBS8vxPt206DYOeXbzaVUV6mkrP0LSZKL3bi1GE8fW3am9UXWF8fQt04dm3c1G4JRojtkXrBq72Y3Y3eGWyGdx8chWCOPwDdwFsbhbC6ZRo8PUDcZVekJd1Vj38XbBXQl+WAUcnTzauAF+1kz9mhJq1gpglIbB+8l7VjMXwXeaGWJQ5OL/MSsq7r3P1elVjHwprFBM7HHA5+RTu/KY/GcEutgm5uwTRqRZNC1IBXAQtBO7HQJbuLqDPTQ3RRCPEur8R+0dk5bF+8IyzQ8Bh+Dhuou9xzfS/A7lV6L/CZSpv4Bvq1H3Uxk+orXf2Q2QKBgQDBOf1nSJB0VgQdIcdtgVpVgQ2SyWAd+N8Qk7QsyVQf9f7ZqiFLejWJbaaeY9WtfZ01D8tgHJfPqsO1/Jux255mtkyk2K2c6dav1Lsd4l+iPfidsDJNWkcd59nQqwC9BLjzWK/J4rO20apm34abLaZ9oVk8Mgz8VWJWOxTgCr+COQKBgQD6qP1lm6rzlCSIEz9eCuGPkQkVo+NIP437e3i+sxtkLlMgnmfzSwSJdVF8AKH3gXi3NyWjfBVYeAZEkm1kHF8IWOiK4U1y95Vx3uud3NX4SC+cjePc+pDPQJiz9L+zq9I6WFZWmm7n/9heTxu/l0vxI4FHaBmt95BMwLJNkzbdDQKBgCHGwUUMqjOr1YxCG1pJAkFwDa9bBDI5DsUXDKfHia0Mkz/5PVi0RCeBw15slS1+h7x+xk5GsULb1to5Df5JJadOtpcaST7koWKbDRpsN8tkidEGu8RJw6S2opyXR8nCyZHALvpbZo7Ol7rj1+PIVxIe4jpjhWGWi1oHed6wAkoBAoGAJx2F5XxEUhx1EvMF+XPzPQciBsl7Z0PbsTnUXtXuWVTNThLKH/I99AFlxNcIb2o530VwzzFG13Zra/n5rhyrS88sArgj8OPn40wpMopKraL+Iw0VWN+VB3KKIdL4s14FwWsVlhAlbHjFV/o6V0yR4kBrJSx+jWJLl16etHJbpmUCgYBUWCQwcT1aw9XHWJXiNYTnQSYg88hgGYhts1qSzhfu+n1t2BlAlxM0gu2+gez21mM8uiYsqbU2OZeG2U4as6kdai8Q4tzNQt2f1r3ZewJN/QHrkx6FT94PNa0w4ILiQ9Eu7xssaHcYjHyrI1NlbMKypVy6waDG2ajLOFAVeHGpOg==
+  -----END PRIVATE KEY-----
+realm_certificate: |
+  -----BEGIN CERTIFICATE-----
+  MIIDQDCCAiigAwIBAgIUMfPlHWcZn6xfeSjfbhgmt4yy6mMwDQYJKoZIhvcNAQELBQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDAeFw0yMzA4MTgxMTU5MDFaFw0zMzA4MTUxMTU5MDFaMEIxCzAJBgNVBAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQgQ29tcGFueSBMdGQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9Mi7IKXPhqGiWGwgEYEXnqc8nytG1pHbC6QYZe1gUa43jDtGYQln36It02BGw4e5XydCUj+M26X2sH+kKaV+KHEnJtcEqdAuVX1QaDVzeiOoo1/B9HC8By6NZBsOSdxpat3EvilQ+R7NP9yi53J08+vfeZSEGyPmKV1me7nJnRh3/zcRsOi92GTsBd7gApKfP8sorDjY8m9NRuPLwleK2nh/aRvj1yK8x3UAqUIbOCVaE39bSN6VUTFK2Q/+MX3vF0Zugsk7PKKmfqcEW6wj7dtSElbX4uhrfTkGMmwIWdIiLDNRA/jVRvGxUB1SyMy6kmMC8jC2QGWpZgfkSKtHlAgMBAAGjLjAsMAsGA1UdDwQEAwIEkDAdBgNVHQ4EFgQUcZirWRV5EzRhanUVSQ9rmAavVbEwDQYJKoZIhvcNAQELBQADggEBAIt2aFr/sxvtZfDc+Nb9tgspBuoX8f9Gf9mrS6dTdvdqSMHQrcoejSEEAZNljdSpKAhnhyR3+uCIev++WS4tixZoooQ8aYxDGNIwyry51GNEK7LKXVRmkbZFODidRuYZ1XWQORaJoaXWplaPaNtLvUr1swachz36K4n8/UIi109w/addajOHFbFGAzUmGRR4saMZPGrQCaNFje7G1o5wb/mQD1L+Jfk81Id5/F6NFBsSEIi+/O7Xs7fOWuab6cdfwI7zQQclEo55WQkLXefFLn+Ju0Ftgl023awpNEE4pjl6jD5VSEOkQ+I2sxGvymgjz7Av4zPOD/Lr05lRnMxf8dA=
+  -----END CERTIFICATE-----
+realm_private_key_2: |
+  -----BEGIN PRIVATE KEY-----
+  MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCyQ5FKuqbnWEtt
+  KI0FHKFvd+G/RyEI2ow29Ytjs3fZ7/gMYfXozHLLJl3jgCOvSf9Ta55arL0XnCCf
+  RKQb0vpgMmOTQw++A1UmNXe8atTczZMRiHMHFdLhXUvUKthcMGOrTH8xegCnm0bG
+  rZwimjQDog/kROMAN78Uv8SD1lMpGBxPr2DWXNl4kRF670m/jC0cM7SeDGCCKVF5
+  SEh6rMDgI62AxKnbtxuAbF9SOO/6kTsYv5+dc8wxDEb0aaT1jC1CLhjAVmjc6vO7
+  WHE0LLas+ARs4ghMONLN6VdOkJxBuEtlLqM3M+/viD1TRftZCeLarYLWdEsg8Yz9
+  Ufb0oawzAgMBAAECggEARqPDxWsljHNOoFj7WNU5m6RTzqpvCsUf3v96Vu3dRn1z
+  O+Ttv2yU6K+xcN9sRJ/8D6CLxb7Bx8NUoghfR69ZDBmrn8VpTZCgg12Yrw9efojw
+  CHibrGkXgbqou9CmoBGEzXKozIBeFgzQBRby0jts9SuZRImPspxkmeJMCzo5BgUg
+  ksNibaWikvUJYMgFc7PdXEvxhCKcWTTGC3fxJwpRxXkqKsYDa3JhdhloH8hHqynm
+  o7WEXeGAn4UV7C1tg3OdTciHn/ONMRItPcyonwk19meZTvsEub6ZsNjVg/5oJVBr
+  WG8vPZBi1VzAMayDXxDOnEAKW5eJXRSNX1vZ7EQTEQKBgQDXg5pSp9hVdVZc+eN/
+  Ab/1NMMdgrQdbyTeB9esjLiwNuXysQm/KaG8gTkLpiKVvJ8R7SOcxb9Y5Gt9Y5Ej
+  eu943V4zLDIzNt/ST4bXGW/gQ84zkMBdhKz9hKA5tartVjI1ycznjpDbgn/jAYPI
+  8VXGmjID2oDIJ7P+dLD8lMBDvQKBgQDTwIyimy+4EwFUuuppfWArXRsqsWUScGWD
+  +06xbc+Ld92LJBvakvSTdDNnS/PlYGl/fJjqQ4wq5UPREJYCi3UW9I5jtfsIg8Pl
+  oCnIhEYkn8xPZ7X8grU4emkM6QAPhstCDlXE6t0T202TpYVYjtEEDRQu4rKAbJ0h
+  gqSh5Ge2rwKBgEjrx6jWEBYCaOF20ComTmxKmQaANi+Lbt8NqkVBLDC7spymmJSt
+  IoOk+cdeRG+D7hLjuVwPcQpD57b6nJ5zt1mfFYOdHbNEiwEfVZGskrVAXCIIhX5f
+  KSVy3cAJHzfFJaIbkRB8pbkQc/M8jPnN5ucXP3scUNzoyjd8BnLAZjnFAoGAWwwY
+  rDYTz48EbH0uG4uYFS0kaDf8YHBJhfVBgdLYgXxZmuE8xL+ZP+mfzJOA3CiXVASr
+  71Z551vKzBLYnWF/SA6BRuhRdvjI+2vha2FMk6TOAXpzao59AzrG/pEUwJhRvyZQ
+  xKnDwyzxb0GlU02dG6PQANTisYuCCI2W4jFGUusCgYB72p5o5uBr7qrFMTdMMxxe
+  f/9Go/9QBR/uNYk3D/rWj0F/bXGbiYMddNMD4v3XE24NL4ZvBJn0Po64Tuz5+wtu
+  5ICKc6ED1l55MPsKdegVMpXGIFRjZt2TtCk4FE68m5QJpT1IIK7I9jv0+FGKjFYa
+  ukdTEghu13cANd8eKpxBsQ==
+  -----END PRIVATE KEY-----