From 697023620128485980f5d942fa28a39d7680a983 Mon Sep 17 00:00:00 2001
From: Antonio Costa <a.costa@trikorasolutions.com>
Date: Wed, 25 Oct 2023 16:03:29 +0200
Subject: [PATCH] feat: add a destination variable for the log link

docs: argument specs for the keycloak_quarkus_log_target

docs: added parameter to the roles README

fix: role variable is keycloak_log_target and not keycloak_quarkus_log_target
---
 molecule/default/converge.yml                 |  1 +
 molecule/default/verify.yml                   | 28 +++++++++++++++
 molecule/quarkus/converge.yml                 |  1 +
 molecule/quarkus/verify.yml                   | 34 +++++++++++++++++++
 roles/keycloak/README.md                      |  2 +-
 roles/keycloak/defaults/main.yml              |  3 ++
 roles/keycloak/meta/argument_specs.yml        |  4 +++
 roles/keycloak/tasks/main.yml                 |  2 +-
 roles/keycloak_quarkus/README.md              |  1 +
 roles/keycloak_quarkus/defaults/main.yml      |  1 +
 .../keycloak_quarkus/meta/argument_specs.yml  |  4 +++
 roles/keycloak_quarkus/tasks/main.yml         |  2 +-
 12 files changed, 80 insertions(+), 3 deletions(-)

diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
index d3742e7..afd6ea2 100644
--- a/molecule/default/converge.yml
+++ b/molecule/default/converge.yml
@@ -10,6 +10,7 @@
         port: 16667
       - host: myhost2
         port: 16668
+    keycloak_log_target: /tmp/keycloak
   roles:
     - role: keycloak
   tasks:
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 92a245e..36f49b1 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -55,3 +55,31 @@
       ansible.builtin.assert:
         that:
           - (keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') | first)["attributes"]["post.logout.redirect.uris"] == '/public/logout'
+    - name: Check log folder
+      ansible.builtin.stat:
+        path: "/tmp/keycloak"
+      register: keycloak_log_folder
+    - name: Check that keycloak log folder exists and is a link
+      ansible.builtin.assert:
+        that:
+          - keycloak_log_folder.stat.exists
+          - not keycloak_log_folder.stat.isdir
+          - keycloak_log_folder.stat.islnk
+    - name: Check log file
+      ansible.builtin.stat:
+        path: "/tmp/keycloak/server.log"
+      register: keycloak_log_file
+    - name: Check if keycloak file exists
+      ansible.builtin.assert:
+        that:
+          - keycloak_log_file.stat.exists
+          - not keycloak_log_file.stat.isdir
+    - name: Check default log folder
+      ansible.builtin.stat:
+        path: "/var/log/keycloak"
+      register: keycloak_default_log_folder
+      failed_when: false
+    - name: Check that default keycloak log folder doesn't exist
+      ansible.builtin.assert:
+        that:
+          - not keycloak_default_log_folder.stat.exists
diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml
index 22f9ff4..cb35230 100644
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@@ -11,6 +11,7 @@
     keycloak_quarkus_https_enabled: True
     keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/key.pem"
     keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/cert.pem"
+    keycloak_quarkus_log_target: /tmp/keycloak
   roles:
     - role: keycloak_quarkus
     - role: keycloak_realm
diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml
index e956ca6..2d75c32 100644
--- a/molecule/quarkus/verify.yml
+++ b/molecule/quarkus/verify.yml
@@ -37,3 +37,37 @@
               - (openid_config.stdout | from_json)['authorization_endpoint'] == 'https://instance/realms/master/protocol/openid-connect/auth'
               - (openid_config.stdout | from_json)['token_endpoint'] == 'https://instance/realms/master/protocol/openid-connect/token'
           delegate_to: localhost
+
+    - name: Check log folder
+      ansible.builtin.stat:
+        path: "/tmp/keycloak"
+      register: keycloak_log_folder
+
+    - name: Check that keycloak log folder exists and is a link
+      ansible.builtin.assert:
+        that:
+          - keycloak_log_folder.stat.exists
+          - not keycloak_log_folder.stat.isdir
+          - keycloak_log_folder.stat.islnk
+          
+    - name: Check log file
+      ansible.builtin.stat:
+        path: "/tmp/keycloak/keycloak.log"
+      register: keycloak_log_file
+
+    - name: Check if keycloak file exists
+      ansible.builtin.assert:
+        that:
+          - keycloak_log_file.stat.exists
+          - not keycloak_log_file.stat.isdir
+
+    - name: Check default log folder
+      ansible.builtin.stat:
+        path: "/var/log/keycloak"
+      register: keycloak_default_log_folder
+      failed_when: false
+
+    - name: Check that default keycloak log folder doesn't exist
+      ansible.builtin.assert:
+        that:
+          - not keycloak_default_log_folder.stat.exists
diff --git a/roles/keycloak/README.md b/roles/keycloak/README.md
index aae309b..ed10963 100644
--- a/roles/keycloak/README.md
+++ b/roles/keycloak/README.md
@@ -117,7 +117,7 @@ Role Defaults
 |`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled |
 |`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `False` |
 |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |
-
+|`keycloak_log_target`| Set the destination of the keycloak log folder link | `/var/log/keycloak` |
 
 
 Role Variables
diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 9e09804..124250e 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -114,3 +114,6 @@ keycloak_default_jdbc:
     version: 12.2.0
 # role specific vars
 keycloak_no_log: True
+
+### logging configuration
+keycloak_log_target: /var/log/keycloak
diff --git a/roles/keycloak/meta/argument_specs.yml b/roles/keycloak/meta/argument_specs.yml
index db73f3f..5b64fe9 100644
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -356,6 +356,10 @@ argument_specs:
                 required: False
                 description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration"
                 type: "str"
+            keycloak_log_target:
+                default: '/var/log/keycloak'
+                type: "str"
+                description: "Set the destination of the keycloak log folder link"
     downstream:
         options:
             sso_version:
diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
index 32aca04..7fe0222 100644
--- a/roles/keycloak/tasks/main.yml
+++ b/roles/keycloak/tasks/main.yml
@@ -34,7 +34,7 @@
   ansible.builtin.file:
     state: link
     src: "{{ keycloak_jboss_home }}/standalone/log"
-    dest: /var/log/keycloak
+    dest: "{{ keycloak_log_target }}"
   become: yes
 
 - name: Set admin credentials and restart if not already created
diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md
index f6e24cc..0ea2648 100644
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@@ -97,6 +97,7 @@ Role Defaults
 |`keycloak_quarkus_log_level`| The log level of the root category or a comma-separated list of individual categories and their levels | `info` |
 |`keycloak_quarkus_log_file`| Set the log file path and filename relative to keycloak home | `data/log/keycloak.log` |
 |`keycloak_quarkus_log_format`| Set a format specific to file log entries | `%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n` |
+|`keycloak_quarkus_log_target`| Set the destination of the keycloak log folder link | `/var/log/keycloak` |
 |`keycloak_quarkus_proxy_mode`| The proxy address forwarding mode if the server is behind a reverse proxy | `edge` |
 |`keycloak_quarkus_start_dev`| Whether to start the service in development mode (start-dev) | `False` |
 |`keycloak_quarkus_transaction_xa_enabled`| Whether to use XA transactions | `True` |
diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml
index 0ae35c1..7995d05 100644
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@@ -90,3 +90,4 @@ keycloak_quarkus_log: file
 keycloak_quarkus_log_level: info
 keycloak_quarkus_log_file: data/log/keycloak.log
 keycloak_quarkus_log_format: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
+keycloak_quarkus_log_target: /var/log/keycloak
diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
index 59f3e50..32e550b 100644
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -243,6 +243,10 @@ argument_specs:
                 default: '%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n'
                 type: "str"
                 description: "Set a format specific to file log entries"
+            keycloak_quarkus_log_target:
+                default: '/var/log/keycloak'
+                type: "str"
+                description: "Set the destination of the keycloak log folder link"
             keycloak_quarkus_proxy_mode:
                 default: 'edge'
                 type: "str"
diff --git a/roles/keycloak_quarkus/tasks/main.yml b/roles/keycloak_quarkus/tasks/main.yml
index a86a4f5..43cbb38 100644
--- a/roles/keycloak_quarkus/tasks/main.yml
+++ b/roles/keycloak_quarkus/tasks/main.yml
@@ -67,6 +67,6 @@
   ansible.builtin.file:
     state: link
     src: "{{ keycloak.log.file | dirname }}"
-    dest: /var/log/keycloak
+    dest: "{{ keycloak_quarkus_log_target }}"
     force: yes
   become: yes