keycloak_quarkus: add https to molecule test setup

2025-08-03 04:34:33 -07:00 · 2022-05-31 09:24:00 +02:00 · 2022-05-31 09:24:00 +02:00 · 391749830e
commit 391749830e
parent 469036e9e7
5 changed files with 48 additions and 6 deletions
--- a/molecule/default/prepare.yml
+++ b/molecule/default/prepare.yml
@ -2,10 +2,6 @@
 - name: Prepare
  hosts: all
  tasks:
-    - name: Disable beta repos
-      ansible.builtin.command: yum config-manager --disable '*beta*'
-      ignore_errors: yes
-
    - name: Install sudo
      ansible.builtin.yum:
        name:
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@ -5,6 +5,29 @@
    keycloak_quarkus_admin_pass: "remembertochangeme"
    keycloak_admin_password: "remembertochangeme"
    keycloak_realm: TestRealm
+    keycloak_quarkus_offline_install: True
+    keycloak_quarkus_host: instance:8443
+    keycloak_quarkus_http_relative_path: ''
+    keycloak_quarkus_log: file
+    keycloak_quarkus_https_enabled: True
+    keycloak_quarkus_key_file: conf/key.pem
+    keycloak_quarkus_cert_file: conf/cert.pem
+  pre_tasks:
+    - command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance'
+      delegate_to: localhost
+    - lineinfile:
+        dest: /etc/hosts
+        line: "127.0.0.1 instance"
+        state: present
+      delegate_to: localhost
+      become: yes
+    - copy:
+        src: "{{ item }}"
+        dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}"
+        mode: 0444
+      loop:
+        - cert.pem
+        - key.pem
  roles:
    - role: keycloak_quarkus
    - role: keycloak_realm
--- a/molecule/quarkus/molecule.yml
+++ b/molecule/quarkus/molecule.yml
@ -16,7 +16,9 @@ platforms:
    port_bindings:
      - "8080/tcp"
      - "8443/tcp"
-      - "8009/tcp"      
+      - "8009/tcp"
+    published_ports:
+      - 0.0.0.0:8443:8443/tcp
 provisioner:
  name: ansible
  config_options:
--- a/molecule/quarkus/verify.yml
+++ b/molecule/quarkus/verify.yml
@ -9,3 +9,19 @@
        that:
          - ansible_facts.services["keycloak.service"]["state"] == "running"
          - ansible_facts.services["keycloak.service"]["status"] == "enabled"
+    - name: Fetch openID config
+      shell: |
+        curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq .
+      delegate_to: localhost
+      register: openid_config
+    - debug:
+        msg: " {{ openid_config.stdout | from_json }}"
+      delegate_to: localhost
+    - name: Verify endpoint URLs
+      assert:
+        that:
+          - (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth'
+          - (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master'
+          - (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth'
+          - (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token'
+      delegate_to: localhost
--- a/playbooks/keycloak_quarkus.yml
+++ b/playbooks/keycloak_quarkus.yml
@ -3,7 +3,12 @@
  hosts: all
  vars:
    keycloak_admin_password: "remembertochangeme"
+    keycloak_quarkus_host: localhost:8443
+    keycloak_quarkus_log: file
+    keycloak_quarkus_https_enabled: True
+    keycloak_quarkus_key_file: conf/key.pem
+    keycloak_quarkus_cert_file: conf/cert.pem
  collections:
    - middleware_automation.keycloak
  roles:
-    - keycloak_quarkus
+    - keycloak_quarkus