Merge pull request #87 from world-direct/feature/profiles

Keycloak: add feature enabling/disabling

roles/keycloak/README.md

@@ -77,6 +77,7 @@ Role Defaults
 |`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` if `keycloak_service_restart_on_failure` else `` |
 |`keycloak_service_restartsec`| systemd RestartSec | `10s` if `keycloak_service_restart_on_failure` else `` |
 |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak.pid` |
+|`keycloak_features` | List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]` | `[]`
 |`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` |
 |`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` |
 |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |

roles/keycloak/defaults/main.yml

@@ -16,6 +16,7 @@ keycloak_config_dir: "{{ keycloak_jboss_home }}/standalone/configuration"
 keycloak_config_standalone_xml: "keycloak.xml"
 keycloak_config_path_to_standalone_xml: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
 keycloak_config_override_template: ''
+keycloak_config_path_to_properties: "{{ keycloak_jboss_home }}/standalone/configuration/profile.properties"
 keycloak_service_user: keycloak
 keycloak_service_group: keycloak
 keycloak_service_pidfile: "/run/keycloak.pid"
@@ -45,6 +46,7 @@ keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
 keycloak_java_opts: "-Xms1024m -Xmx2048m"
 keycloak_prefer_ipv4: True
+keycloak_features: []
 
 ### Enable configuration for database backend, clustering and remote caches on infinispan
 keycloak_ha_enabled: False

roles/keycloak/meta/argument_specs.yml

@@ -89,6 +89,11 @@ argument_specs:
                 default: "/run/keycloak.pid"
                 description: "PID file path for service"
                 type: "str"
+            keycloak_features:
+                # line 17 of keycloak/defaults/main.yml
+                default: "[]"
+                description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`"
+                type: "list"
             keycloak_bind_address:
                 # line 34 of keycloak/defaults/main.yml
                 default: "0.0.0.0"
@@ -96,7 +101,7 @@ argument_specs:
                 type: "str"
             keycloak_management_port_bind_address:
                 default: "127.0.0.1"
-                description: "Address for binding the managemnt ports"
+                description: "Address for binding the management ports"
                 type: "str"
             keycloak_host:
                 # line 35 of keycloak/defaults/main.yml
@@ -318,7 +323,7 @@ argument_specs:
                 default: "{{ True if keycloak_ha_enabled else False }}"
                 description: "Enable remote cache store when in clustered ha configurations"
                 type: "bool"
-            keycloak_db_background_validation: 
+            keycloak_db_background_validation:
                 default: False
                 description: "Enable background validation of database connection"
                 type: "bool"

roles/keycloak/tasks/install.yml

@@ -268,3 +268,15 @@
     - keycloak_ha_enabled
     - keycloak_remote_cache_enabled
     - keycloak_config_override_template | length == 0
+
+- name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}"
+  become: yes
+  ansible.builtin.template:
+    src: keycloak-profile.properties.j2
+    dest: "{{ keycloak_config_path_to_properties }}"
+    owner: "{{ keycloak_service_user }}"
+    group: "{{ keycloak_service_group }}"
+    mode: 0640
+  notify:
+    - restart keycloak
+  when: keycloak_features | length > 0

roles/keycloak/templates/keycloak-profile.properties.j2

@@ -0,0 +1,3 @@
+{% for feature in keycloak.features %}
+feature.{{ feature.name }}={{ feature.status | default('enabled') }}
+{% endfor %}

roles/keycloak/vars/main.yml

@@ -14,6 +14,7 @@ keycloak:
   health_url: "{{ keycloak_management_url }}/health"
   cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh"
   config_template_source: "{{ keycloak_config_override_template if keycloak_config_override_template | length > 0 else 'standalone-ha.xml.j2' if keycloak_remote_cache_enabled else 'standalone.xml.j2' }}"
+  features: "{{ keycloak_features }}"
 
 # database
 keycloak_jdbc: