#222: Add support for maven providers

2025-07-29 08:01:33 -07:00 · 2024-05-13 17:20:21 +02:00 · 2024-05-13 17:20:21 +02:00 · 4b902adc8d
commit 4b902adc8d
parent 1b69191a6e
5 changed files with 69 additions and 8 deletions
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@ -215,7 +215,7 @@
    - rhbk_enable is defined and rhbk_enable
    - keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined

- name: "Download custom providers"
+- name: "Download custom providers via http"
  ansible.builtin.get_url:
    url: "{{ item.url }}"
    dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
@ -227,7 +227,36 @@
  when: item.url is defined and item.url | length > 0
  notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"

- name: Ensure required folder structure for policies exits
+# this requires the `lxml` package to be installed; we redirect this step to localhost such that we do need to install it on the remote hosts
+- name: "Download custom providers to localhost using maven"
+  community.general.maven_artifact:
+    repository_url: "{{ item.maven.repository_url }}"
+    group_id: "{{ item.maven.group_id }}"
+    artifact_id: "{{ item.maven.artifact_id }}"
+    version: "{{ item.maven.version | default(omit) }}"
+    username: "{{ item.maven.username | default(omit) }}"
+    password: "{{ item.maven.password | default(omit) }}"
+    dest: "{{ local_path.stat.path }}/{{ item.id }}.jar"
+  delegate_to: "localhost"
+  run_once: true
+  loop: "{{ keycloak_quarkus_providers }}"
+  when: item.maven is defined
+  no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
+  notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"
+
+- name: "Upload local maven SPIs"
+  ansible.builtin.copy:
+    src: "{{ local_path.stat.path }}/{{ item.id }}.jar"
+    dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: '0640'
+  become: true
+  loop: "{{ keycloak_quarkus_providers }}"
+  when: item.maven is defined
+  no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
+
+- name: Ensure required folder structure for policies exists
  ansible.builtin.file:
    path: "{{ keycloak.home }}/data/{{ item | lower }}"
    state: directory
--- a/roles/keycloak_quarkus/tasks/prereqs.yml
+++ b/roles/keycloak_quarkus/tasks/prereqs.yml
@ -61,9 +61,9 @@
  ansible.builtin.assert:
    that:
      - item.id is defined and item.id | length > 0
-      - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0)
+      - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) or (item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and item.maven.group_id is defined and item.maven.group_id | length > 0 and item.maven.artifact_id is defined and item.maven.artifact_id | length > 0)
    quiet: true
-    fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property"
+    fail_msg: "Providers definition is incorrect; `id` and one of `spi`, `url`, or `maven` are mandatory. `key` and `value` are mandatory for each property"
  loop: "{{ keycloak_quarkus_providers }}"

 - name: "Validate policies"