ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-05 10:20:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Providers config and custom providers

Browse source
This commit is contained in:
Guido Grazioli 2024-04-30 10:45:20 +02:00
parent a33393a477
commit 43b9ffcb64
7 changed files with 75 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
molecule/quarkus/converge.yml
View file

@ -19,6 +19,16 @@
keycloak_quarkus_systemd_wait_for_timeout: 20 keycloak_quarkus_systemd_wait_for_timeout: 20
keycloak_quarkus_systemd_wait_for_delay: 2 keycloak_quarkus_systemd_wait_for_delay: 2
keycloak_quarkus_systemd_wait_for_log: true keycloak_quarkus_systemd_wait_for_log: true
keycloak_quarkus_providers:
- id: http-client
spi: connections
default: true
restart: true
properties:
- key: default-connection-pool-size
value: 10
- id: spid-saml
url: https://github.com/italia/spid-keycloak-provider/releases/download/24.0.2/spid-provider.jar
roles: roles:
- role: keycloak_quarkus - role: keycloak_quarkus
- role: keycloak_realm - role: keycloak_realm

27
roles/keycloak_quarkus/README.md
View file

@ -145,6 +145,33 @@ Role Defaults
|`keycloak_quarkus_ks_vault_type`| Type of the keystore used for the vault SPI | `PKCS12` | |`keycloak_quarkus_ks_vault_type`| Type of the keystore used for the vault SPI | `PKCS12` |
#### Configuring providers
| Variable | Description | Default |
|:---------|:------------|:--------|
|`keycloak_quarkus_providers`| List of provider definitions; see below | `[]` |
Provider definition:
```yaml
keycloak_quarkus_providers:
- id: http-client # required
spi: connections # required if url is not specified
default: true # optional, whether to set default for spi, default false
restart: true # optional, whether to restart, default true
url: https://.../.../custom_spi.jar # optional, url for download
properties: # optional, list of key-values
- key: default-connection-pool-size
value: 10
```
the definition above will generate the following build command:
```
bin/kc.sh build --spi-connections-provider=http-client --spi-connections-http-client-default-connection-pool-size=10
```
Role Variables Role Variables
-------------- --------------

2
roles/keycloak_quarkus/defaults/main.yml
View file

@ -144,3 +144,5 @@ keycloak_quarkus_ks_vault_enabled: false
keycloak_quarkus_ks_vault_file: "{{ keycloak_quarkus_config_dir }}/keystore.p12" keycloak_quarkus_ks_vault_file: "{{ keycloak_quarkus_config_dir }}/keystore.p12"
keycloak_quarkus_ks_vault_type: PKCS12 keycloak_quarkus_ks_vault_type: PKCS12
keycloak_quarkus_ks_vault_pass: keycloak_quarkus_ks_vault_pass:
keycloak_quarkus_providers: []

4
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -372,6 +372,10 @@ argument_specs:
description: "Activation delay for service systemd unit (seconds)" description: "Activation delay for service systemd unit (seconds)"
default: 10 default: 10
type: 'int' type: 'int'
keycloak_quarkus_providers:
description: "List of provider definition dicts: { 'id': str, 'spi': str, 'url': str, 'default': bool, 'properties': list of key/value }"
default: []
type: "list"
downstream: downstream:
options: options:
rhbk_version: rhbk_version:

12
roles/keycloak_quarkus/tasks/install.yml
View file

@ -164,3 +164,15 @@
when: when:
- rhbk_enable is defined and rhbk_enable - rhbk_enable is defined and rhbk_enable
- keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined - keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined
- name: "Download custom providers"
ansible.builtin.get_url:
url: "{{ item.url }}"
dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}"
mode: '0640'
become: true
loop: "{{ keycloak_quarkus_providers }}"
when: item.url is defined and item.url | length > 0
notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"

9
roles/keycloak_quarkus/tasks/prereqs.yml
View file

@ -56,3 +56,12 @@
when: keytool_check.rc != 0 when: keytool_check.rc != 0
ansible.builtin.fail: ansible.builtin.fail:
msg: "keytool NOT found in the PATH, but is required for setting up the configuration key store" msg: "keytool NOT found in the PATH, but is required for setting up the configuration key store"
- name: "Validate providers"
ansible.builtin.assert:
that:
- item.id is defined and item.id | length > 0
- (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0)
quiet: true
fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property"
loop: "{{ keycloak_quarkus_providers }}"

11
roles/keycloak_quarkus/templates/keycloak.conf.j2
View file

@ -97,3 +97,14 @@ vault-file={{ keycloak_quarkus_ks_vault_file }}
vault-type={{ keycloak_quarkus_ks_vault_type }} vault-type={{ keycloak_quarkus_ks_vault_type }}
vault-pass={{ keycloak_quarkus_ks_vault_pass }} vault-pass={{ keycloak_quarkus_ks_vault_pass }}
{% endif %} {% endif %}
# Providers
{% for provider in keycloak_quarkus_providers %}
{% if provider.default is defined and provider.default %}
spi-{{ provider.spi }}-provider={{ provider.id }}
{% endif %}
{% if provider.properties is defined %}{% for property in provider.properties %}
spi-{{ provider.spi }}-{{ provider.id }}-{{ property.key }}={{ property.value }}
{% endfor %}{% endif %}
{% endfor %}