ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-05 10:20:27 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

#222: Add support for maven providers

Browse source
This commit is contained in:
Helmut Wolf 2024-05-13 17:20:21 +02:00
parent 1b69191a6e
commit 4b902adc8d
5 changed files with 69 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
requirements.txt
View file

@ -1,6 +1,7 @@
################################################# #################################################
# python dependencies required to be installed # python dependencies required to be installed
# on the controller host with: # on the controller host with:
# pip install -r requirements.txt # pip install -r requirements.txt
# #
netaddr netaddr
lxml # for community.general.maven_artifact

1
requirements.yml
View file

@ -2,3 +2,4 @@
collections: collections:
- name: middleware_automation.common - name: middleware_automation.common
- name: ansible.posix - name: ansible.posix
- name: community.general # for `maven_artifact`

34
roles/keycloak_quarkus/README.md
View file

@ -4,6 +4,29 @@ keycloak_quarkus
Install [keycloak](https://keycloak.org/) >= 20.0.0 (quarkus) server configurations. Install [keycloak](https://keycloak.org/) >= 20.0.0 (quarkus) server configurations.
Requirements
------------
This role requires the `python3-netaddr` and `lxml` library installed on the controller node.
* to install via yum/dnf: `dnf install python3-netaddr python3-lxml`
* to install via apt: `apt install python3-netaddr python3-lxml`
* or via the collection: `pip install -r requirements.txt`
Dependencies
------------
The roles depends on:
* [middleware_automation.common](https://github.com/ansible-middleware/common)
* [ansible-posix](https://docs.ansible.com/ansible/latest/collections/ansible/posix/index.html)
* [community.general](https://docs.ansible.com/ansible/latest/collections/community/general/index.html)
To install all the dependencies via galaxy:
ansible-galaxy collection install -r requirements.yml
Role Defaults Role Defaults
------------- -------------
@ -160,10 +183,17 @@ Provider definition:
```yaml ```yaml
keycloak_quarkus_providers: keycloak_quarkus_providers:
- id: http-client # required - id: http-client # required
spi: connections # required if url is not specified spi: connections # required if neither url nor maven are specified
default: true # optional, whether to set default for spi, default false default: true # optional, whether to set default for spi, default false
restart: true # optional, whether to restart, default true restart: true # optional, whether to restart, default true
url: https://.../.../custom_spi.jar # optional, url for download url: https://.../.../custom_spi.jar # optional, url for download via http
maven: # optional, for download using maven
repository_url: https://maven.pkg.github.com/OWNER/REPOSITORY # optional, maven repo url
group_id: my.group # optional, maven group id
artifact_id: artifact # optional, maven artifact id
version: 24.0.4 # optional, defaults to latest
username: user # optional, cf. https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-apache-maven-registry#authenticating-to-github-packages
password: pat # optional, provide a PAT for accessing Github's Apache Maven registry
properties: # optional, list of key-values properties: # optional, list of key-values
- key: default-connection-pool-size - key: default-connection-pool-size
value: 10 value: 10

33
roles/keycloak_quarkus/tasks/install.yml
View file

@ -215,7 +215,7 @@
- rhbk_enable is defined and rhbk_enable - rhbk_enable is defined and rhbk_enable
- keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined - keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined
- name: "Download custom providers" - name: "Download custom providers via http"
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ item.url }}" url: "{{ item.url }}"
dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar" dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
@ -227,7 +227,36 @@
when: item.url is defined and item.url | length > 0 when: item.url is defined and item.url | length > 0
notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}" notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"
- name: Ensure required folder structure for policies exits # this requires the `lxml` package to be installed; we redirect this step to localhost such that we do need to install it on the remote hosts
- name: "Download custom providers to localhost using maven"
community.general.maven_artifact:
repository_url: "{{ item.maven.repository_url }}"
group_id: "{{ item.maven.group_id }}"
artifact_id: "{{ item.maven.artifact_id }}"
version: "{{ item.maven.version | default(omit) }}"
username: "{{ item.maven.username | default(omit) }}"
password: "{{ item.maven.password | default(omit) }}"
dest: "{{ local_path.stat.path }}/{{ item.id }}.jar"
delegate_to: "localhost"
run_once: true
loop: "{{ keycloak_quarkus_providers }}"
when: item.maven is defined
no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"
- name: "Upload local maven SPIs"
ansible.builtin.copy:
src: "{{ local_path.stat.path }}/{{ item.id }}.jar"
dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar"
owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}"
mode: '0640'
become: true
loop: "{{ keycloak_quarkus_providers }}"
when: item.maven is defined
no_log: "{{ item.maven.password is defined and item.maven.password | length > 0 | default(false) }}"
- name: Ensure required folder structure for policies exists
ansible.builtin.file: ansible.builtin.file:
path: "{{ keycloak.home }}/data/{{ item | lower }}" path: "{{ keycloak.home }}/data/{{ item | lower }}"
state: directory state: directory

4
roles/keycloak_quarkus/tasks/prereqs.yml
View file

@ -61,9 +61,9 @@
ansible.builtin.assert: ansible.builtin.assert:
that: that:
- item.id is defined and item.id | length > 0 - item.id is defined and item.id | length > 0
- (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) or (item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and item.maven.group_id is defined and item.maven.group_id | length > 0 and item.maven.artifact_id is defined and item.maven.artifact_id | length > 0)
quiet: true quiet: true
fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property" fail_msg: "Providers definition is incorrect; `id` and one of `spi`, `url`, or `maven` are mandatory. `key` and `value` are mandatory for each property"
loop: "{{ keycloak_quarkus_providers }}" loop: "{{ keycloak_quarkus_providers }}"
- name: "Validate policies" - name: "Validate policies"