From 11aab0f5e2bc68f7b895de3f10e4a39e67639ed1 Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Thu, 18 Jul 2024 12:53:49 +0200
Subject: [PATCH] add verify steps for quarkus/keycloak_realm

---
 molecule/quarkus/verify.yml | 41 +++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml
index dd8490f..24c27aa 100644
--- a/molecule/quarkus/verify.yml
+++ b/molecule/quarkus/verify.yml
@@ -1,6 +1,8 @@
 ---
 - name: Verify
   hosts: all
+  vars:
+     keycloak_admin_password: "remembertochangeme"
   tasks:
     - name: Populate service facts
       ansible.builtin.service_facts:
@@ -84,3 +86,42 @@
       changed_when: false
       failed_when: slurped_log.rc != 0
       register: slurped_log
+
+    - name: Verify token api call
+      ansible.builtin.uri:
+        url: "https://localhost:8443/realms/master/protocol/openid-connect/token"
+        method: POST
+        body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password"
+        validate_certs: no
+      register: keycloak_auth_response
+      until: keycloak_auth_response.status == 200
+      retries: 2
+      delay: 2
+
+    - name: "Get Clients"
+      ansible.builtin.uri:
+        url: "https://localhost:8443/admin/realms/TestRealm/clients"
+        headers:
+          validate_certs: false
+          Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+      register: keycloak_clients
+
+    - name: Get client uuid
+      ansible.builtin.set_fact:
+        keycloak_client_uuid: "{{ ((keycloak_clients.json | selectattr('clientId', '==', 'TestClient')) | first).id }}"
+
+    - name: "Get Client {{ keycloak_client_uuid }}"
+      ansible.builtin.uri:
+        url: "https://localhost:8443/admin/realms/TestRealm/clients/{{ keycloak_client_uuid }}"
+        headers:
+          validate_certs: false
+          Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+      register: keycloak_test_client
+
+    - name: "Get Client roles"
+      ansible.builtin.uri:
+        url: "https://localhost:8443/admin/realms/TestRealm/clients/{{ keycloak_client_uuid }}/roles"
+        headers:
+          validate_certs: false
+          Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+      register: keycloak_test_client_roles
\ No newline at end of file