Test: Installation of key material via Ansible role

molecule/quarkus/converge.yml

@@ -9,11 +9,13 @@
     keycloak_quarkus_log: file
     keycloak_quarkus_log_level: debug
     keycloak_quarkus_https_key_file_enabled: true
-    keycloak_quarkus_key_file: "/opt/keycloak/certs/key.pem"
+    keycloak_quarkus_key_file_copy_enabled: true
-    keycloak_quarkus_cert_file: "/opt/keycloak/certs/cert.pem"
+    keycloak_quarkus_key_file_src: key.pem
+    keycloak_quarkus_cert_file_copy_enabled: true
+    keycloak_quarkus_cert_file_src: cert.pem
     keycloak_quarkus_log_target: /tmp/keycloak
     keycloak_quarkus_ks_vault_enabled: true
-    keycloak_quarkus_ks_vault_file: "/opt/keycloak/certs/keystore.p12"
+    keycloak_quarkus_ks_vault_file: "/opt/keycloak/vault/keystore.p12"
     keycloak_quarkus_ks_vault_pass: keystorepassword
     keycloak_quarkus_systemd_wait_for_port: true
     keycloak_quarkus_systemd_wait_for_timeout: 20

molecule/quarkus/prepare.yml

@@ -14,11 +14,11 @@
       delegate_to: localhost
       changed_when: False
 
-    - name: Create conf directory # risky-file-permissions in test user account does not exist yet
+    - name: Create vault directory
       become: true
       ansible.builtin.file:
         state: directory
-        path: "/opt/keycloak/certs/"
+        path: "/opt/keycloak/vault"
         mode: 0755
 
     - name: Make sure a jre is available (for keytool to prepare keystore)
@@ -39,10 +39,6 @@
     - name: Copy certificates and vault
       become: true
       ansible.builtin.copy:
-        src: "{{ item }}"
+        src: keystore.p12
-        dest: "/opt/keycloak/certs/{{ item }}"
+        dest: /opt/keycloak/vault/keystore.p12
         mode: 0444
-      loop:
-        - cert.pem
-        - key.pem
-        - keystore.p12