add test

molecule/debian/converge.yml

@@ -0,0 +1,40 @@
+---
+- name: Converge
+  hosts: all
+  vars:
+    keycloak_admin_password: "remembertochangeme"
+    keycloak_quarkus_admin_pass: "remembertochangeme"
+    keycloak_realm: TestRealm
+    keycloak_quarkus_log: file
+    keycloak_quarkus_frontend_url: 'http://localhost:8080/'
+    keycloak_quarkus_start_dev: True
+    keycloak_quarkus_proxy_mode: none
+    keycloak_client_default_roles:
+      - TestRoleAdmin
+      - TestRoleUser
+    keycloak_client_users:
+      - username: TestUser
+        password: password
+        client_roles:
+          - client: TestClient
+            role: TestRoleUser
+      - username: TestAdmin
+        password: password
+        client_roles:
+          - client: TestClient
+            role: TestRoleUser
+          - client: TestClient
+            role: TestRoleAdmin
+    keycloak_clients:
+      - name: TestClient
+        roles: "{{ keycloak_client_default_roles }}"
+        public_client: "{{ keycloak_client_public }}"
+        web_origins: "{{ keycloak_client_web_origins }}"
+        users: "{{ keycloak_client_users }}"
+        client_id: TestClient
+        attributes:
+          post.logout.redirect.uris: '/public/logout'
+  roles:
+    - role: keycloak_quarkus
+    - role: keycloak_realm
+      keycloak_realm: TestRealm

molecule/debian/molecule.yml

@@ -0,0 +1,44 @@
+---
+driver:
+  name: docker
+platforms:
+  - name: instance
+    image: ghcr.io/hspaans/molecule-containers:debian-11
+    pre_build_image: true
+    privileged: true
+    port_bindings:
+      - "8080/tcp"
+      - "8443/tcp"
+      - "8009/tcp"
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+    ssh_connection:
+      pipelining: false
+  playbooks:
+    prepare: prepare.yml
+    converge: converge.yml
+    verify: verify.yml
+  inventory:
+    host_vars:
+      localhost:
+        ansible_python_interpreter: /usr/bin/python3
+  env:
+    ANSIBLE_FORCE_COLOR: "true"
+    ANSIBLE_REMOTE_TMP: /tmp/.ansible/tmp
+verifier:
+  name: ansible
+scenario:
+  test_sequence:
+    - cleanup
+    - destroy
+    - create
+    - prepare
+    - converge
+    - idempotence
+    - side_effect
+    - verify
+    - cleanup
+    - destroy

molecule/debian/prepare.yml

@@ -0,0 +1,11 @@
+---
+- name: Prepare
+  hosts: all
+  gather_facts: yes
+  tasks:
+    - name: Install sudo
+      ansible.builtin.apt:
+        name:
+          - sudo
+          - openjdk-17-jdk-headless
+        state: present

molecule/debian/roles

@@ -0,0 +1 @@
+../../roles

molecule/debian/verify.yml

@@ -0,0 +1,52 @@
+---
+- name: Verify
+  hosts: all
+  vars:
+    keycloak_admin_password: "remembertochangeme"
+    keycloak_uri: "http://localhost:{{ 8080 + ( keycloak_jboss_port_offset | default(0) ) }}"
+    keycloak_management_port: "http://localhost:{{ 9990 + ( keycloak_jboss_port_offset | default(0) ) }}"
+    keycloak_jboss_port_offset: 10
+  tasks:
+    - name: Populate service facts
+      ansible.builtin.service_facts:
+
+    - name: Check if keycloak service started
+      ansible.builtin.assert:
+        that:
+          - ansible_facts.services["keycloak.service"]["state"] == "running"
+          - ansible_facts.services["keycloak.service"]["status"] == "enabled"
+
+    - name: Verify we are running on requested JAVA_HOME # noqa blocked_modules command-instead-of-module
+      ansible.builtin.shell: |
+        set -o pipefail
+        ps -ef | grep '/opt/openjdk' | grep -v grep
+      args:
+        executable: /bin/bash
+      changed_when: False
+
+    - name: Set internal envvar
+      ansible.builtin.set_fact:
+        hera_home: "{{ lookup('env', 'HERA_HOME') }}"
+
+    - name: Verify openid config
+      block:
+        - name: Fetch openID config # noqa blocked_modules command-instead-of-module
+          ansible.builtin.shell: |
+            set -o pipefail
+            curl http://localhost:8080/realms/master/.well-known/openid-configuration -k | jq .
+          args:
+            executable: /bin/bash
+          delegate_to: localhost
+          register: openid_config
+          changed_when: False
+        - name: Verify endpoint URLs
+          ansible.builtin.assert:
+            that:
+              - (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'http://localhost:8080/realms/master/protocol/openid-connect/ext/ciba/auth'
+              - (openid_config.stdout | from_json)['issuer'] == 'http://localhost:8080/realms/master'
+              - (openid_config.stdout | from_json)['authorization_endpoint'] == 'http://localhost:8080/realms/master/protocol/openid-connect/auth'
+              - (openid_config.stdout | from_json)['token_endpoint'] == 'http://localhost:8080/realms/master/protocol/openid-connect/token'
+          delegate_to: localhost
+      when:
+        - hera_home is defined
+        - hera_home | length == 0

roles/keycloak_quarkus/tasks/main.yml

@@ -6,7 +6,7 @@
     - prereqs
     - always
 
-- name: Debian specific tasks
+- name: Distro specific tasks
   ansible.builtin.include_tasks: "{{ ansible_os_family | lower }}.yml"
   tags:
     - unbound

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -39,4 +39,4 @@
 - name: Ensure required packages are installed
   ansible.builtin.include_tasks: fastpackages.yml
   vars:
-    packages_list: "{{ keycloak_prereq_package_list }}"
+    packages_list: "{{ keycloak_quarkus_prereq_package_list }}"

roles/keycloak_quarkus/vars/debian.yml

@@ -1,6 +1,6 @@
 ---
 keycloak_quarkus_jvm_package: openjdk-17-jdk-headless
-keycloak_prereq_package_list:
+keycloak_quarkus_prereq_package_list:
       - "{{ keycloak_quarkus_jvm_package }}"
       - unzip
       - procps

roles/keycloak_quarkus/vars/redhat.yml

@@ -1,6 +1,6 @@
 ---
 keycloak_quarkus_jvm_package: java-17-openjdk-headless
-keycloak_prereq_package_list:
+keycloak_quarkus_prereq_package_list:
       - "{{ keycloak_quarkus_jvm_package }}"
       - unzip
       - procps-ng