From 26316ddc506872b794b48f1c3edf882a94490b1d Mon Sep 17 00:00:00 2001 From: Helmut Wolf Date: Tue, 14 May 2024 11:54:45 +0200 Subject: [PATCH] #222: add support for local providers to be uploaded --- molecule/quarkus/converge.yml | 2 ++ roles/keycloak_quarkus/README.md | 11 +++++++++-- roles/keycloak_quarkus/meta/argument_specs.yml | 2 +- roles/keycloak_quarkus/tasks/install.yml | 11 +++++++++++ roles/keycloak_quarkus/tasks/prereqs.yml | 4 ++-- 5 files changed, 25 insertions(+), 5 deletions(-) diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml index 6186af4..2fa1ceb 100644 --- a/molecule/quarkus/converge.yml +++ b/molecule/quarkus/converge.yml @@ -39,6 +39,8 @@ version: 24.0.4 # optional # username: myUser # optional # password: myPAT # optional + # - id: my-static-theme + # local_path: /tmp/my-static-theme.jar keycloak_quarkus_policies: - name: "xato-net-10-million-passwords.txt" url: "https://github.com/danielmiessler/SecLists/raw/master/Passwords/xato-net-10-million-passwords.txt" diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index 028097c..28f81aa 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -178,15 +178,22 @@ Role Defaults |:---------|:------------|:--------| |`keycloak_quarkus_providers`| List of provider definitions; see below | `[]` | +Providers support different sources: + +* `url`: http download for SPIs not requiring authentication +* `maven`: maven download for SPIs hosted publicly on Apache Maven Central or private Maven repositories like Github Maven requiring authentication +* `local_path`: static SPIs to be uploaded + Provider definition: ```yaml keycloak_quarkus_providers: - - id: http-client # required - spi: connections # required if neither url nor maven are specified + - id: http-client # required; "{{ id }}.jar" identifies the file name on RHBK + spi: connections # required if neither url, local_path nor maven are specified; required for setting properties default: true # optional, whether to set default for spi, default false restart: true # optional, whether to restart, default true url: https://.../.../custom_spi.jar # optional, url for download via http + local_path: my_theme_spi.jar # optional, path on local controller for SPI to be uploaded maven: # optional, for download using maven repository_url: https://maven.pkg.github.com/OWNER/REPOSITORY # optional, maven repo url group_id: my.group # optional, maven group id diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index b630d6a..f4c9f51 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -391,7 +391,7 @@ argument_specs: default: 10 type: 'int' keycloak_quarkus_providers: - description: "List of provider definition dicts: { 'id': str, 'spi': str, 'url': str, 'default': bool, 'properties': list of key/value TODO:add maven}" + description: "List of provider definition dicts: { 'id': str, 'spi': str, 'url': str, 'local_path': str, 'maven': { 'repository_url': str, 'group_id': str, 'artifact_id': str, 'version': str, 'username': str, optional, 'password': str, optional }, 'default': bool, 'properties': list of key/value }" default: [] type: "list" keycloak_quarkus_supported_policy_types: diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml index 8d604e6..6c8b31d 100644 --- a/roles/keycloak_quarkus/tasks/install.yml +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -256,6 +256,17 @@ when: item.maven is defined no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}" +- name: "Upload local SPIs" + ansible.builtin.copy: + src: "{{ item.local_path}}" + dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar" + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + mode: '0640' + become: true + loop: "{{ keycloak_quarkus_providers }}" + when: item.local_path is defined + - name: Ensure required folder structure for policies exists ansible.builtin.file: path: "{{ keycloak.home }}/data/{{ item | lower }}" diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml index 064cc10..12f9b23 100644 --- a/roles/keycloak_quarkus/tasks/prereqs.yml +++ b/roles/keycloak_quarkus/tasks/prereqs.yml @@ -61,9 +61,9 @@ ansible.builtin.assert: that: - item.id is defined and item.id | length > 0 - - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) or (item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and item.maven.group_id is defined and item.maven.group_id | length > 0 and item.maven.artifact_id is defined and item.maven.artifact_id | length > 0) + - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) or (item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and item.maven.group_id is defined and item.maven.group_id | length > 0 and item.maven.artifact_id is defined and item.maven.artifact_id | length > 0) or (item.local_path is defined and item.local_path | length > 0) quiet: true - fail_msg: "Providers definition is incorrect; `id` and one of `spi`, `url`, or `maven` are mandatory. `key` and `value` are mandatory for each property" + fail_msg: "Providers definition is incorrect; `id` and one of `spi`, `url`, `local_path`, or `maven` are mandatory. `key` and `value` are mandatory for each property" loop: "{{ keycloak_quarkus_providers }}" - name: "Validate policies"