diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 8137cfd..40923c9 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -2,10 +2,6 @@ - name: Prepare hosts: all tasks: - - name: Disable beta repos - ansible.builtin.command: yum config-manager --disable '*beta*' - ignore_errors: yes - - name: Install sudo ansible.builtin.yum: name: diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml index 1f77fe5..0d898fb 100644 --- a/molecule/quarkus/converge.yml +++ b/molecule/quarkus/converge.yml @@ -5,6 +5,29 @@ keycloak_quarkus_admin_pass: "remembertochangeme" keycloak_admin_password: "remembertochangeme" keycloak_realm: TestRealm + keycloak_quarkus_offline_install: True + keycloak_quarkus_host: instance:8443 + keycloak_quarkus_http_relative_path: '' + keycloak_quarkus_log: file + keycloak_quarkus_https_enabled: True + keycloak_quarkus_key_file: conf/key.pem + keycloak_quarkus_cert_file: conf/cert.pem + pre_tasks: + - command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance' + delegate_to: localhost + - lineinfile: + dest: /etc/hosts + line: "127.0.0.1 instance" + state: present + delegate_to: localhost + become: yes + - copy: + src: "{{ item }}" + dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}" + mode: 0444 + loop: + - cert.pem + - key.pem roles: - role: keycloak_quarkus - role: keycloak_realm diff --git a/molecule/quarkus/molecule.yml b/molecule/quarkus/molecule.yml index ea8ad61..785de19 100644 --- a/molecule/quarkus/molecule.yml +++ b/molecule/quarkus/molecule.yml @@ -16,7 +16,9 @@ platforms: port_bindings: - "8080/tcp" - "8443/tcp" - - "8009/tcp" + - "8009/tcp" + published_ports: + - 0.0.0.0:8443:8443/tcp provisioner: name: ansible config_options: diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml index ef973cd..9b469a4 100644 --- a/molecule/quarkus/verify.yml +++ b/molecule/quarkus/verify.yml @@ -9,3 +9,19 @@ that: - ansible_facts.services["keycloak.service"]["state"] == "running" - ansible_facts.services["keycloak.service"]["status"] == "enabled" + - name: Fetch openID config + shell: | + curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq . + delegate_to: localhost + register: openid_config + - debug: + msg: " {{ openid_config.stdout | from_json }}" + delegate_to: localhost + - name: Verify endpoint URLs + assert: + that: + - (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance:8443/realms/master/protocol/openid-connect/ext/ciba/auth' + - (openid_config.stdout | from_json)['issuer'] == 'https://instance:8443/realms/master' + - (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/auth' + - (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance:8443/realms/master/protocol/openid-connect/token' + delegate_to: localhost diff --git a/playbooks/keycloak_quarkus.yml b/playbooks/keycloak_quarkus.yml index ebed89b..7aeb311 100644 --- a/playbooks/keycloak_quarkus.yml +++ b/playbooks/keycloak_quarkus.yml @@ -3,7 +3,12 @@ hosts: all vars: keycloak_admin_password: "remembertochangeme" + keycloak_quarkus_host: localhost:8443 + keycloak_quarkus_log: file + keycloak_quarkus_https_enabled: True + keycloak_quarkus_key_file: conf/key.pem + keycloak_quarkus_cert_file: conf/cert.pem collections: - middleware_automation.keycloak roles: - - keycloak_quarkus \ No newline at end of file + - keycloak_quarkus