From 89944a6cd14e13a9dd9c590bd1ee486d269a881d Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Tue, 5 Dec 2023 20:28:24 +0100
Subject: [PATCH] downstream: add rhbk bits

---
 .../keycloak_quarkus/meta/argument_specs.yml  | 50 +++++++++++++++++++
 roles/keycloak_quarkus/meta/main.yml          |  1 +
 roles/keycloak_quarkus/tasks/install.yml      | 42 +++++++++++++++-
 3 files changed, 92 insertions(+), 1 deletion(-)

diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
index 2d3dadf..76384f4 100644
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -292,3 +292,53 @@ argument_specs:
                 default: true
                 type: "bool"
                 description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
+    downstream:
+        options:
+            rhbk_version:
+                default: "22.0.6"
+                description: "Red Hat Build of Keycloak version"
+                type: "str"
+            rhbk_archive:
+                default: "rhbk-{{ rhbk_version }}.zip"
+                description: "Red Hat Build of Keycloak install archive filename"
+                type: "str"
+            rhbk_dest:
+                default: "/opt/rhbk"
+                description: "Root installation directory"
+                type: "str"
+            rhbk_installdir:
+                default: "{{ rhbk_dest }}/rhbk-{{ rhbk_version.split('.')[0] }}.{{ rhbk_version.split('.')[1] }}"
+                description: "Installation path for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_apply_patches:
+                default: false
+                description: "Install Red Hat Build of Keycloak most recent cumulative patch"
+                type: "bool"
+            rhbk_enable:
+                default: true
+                description: "Enable Red Hat Build of Keycloak installation"
+                type: "str"
+            rhbk_offline_install:
+                default: false
+                description: "Perform an offline install"
+                type: "bool"
+            rhbk_service_name:
+                default: "rhbk"
+                description: "systemd service name for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_service_desc:
+                default: "Red Hat Build of Keycloak"
+                description: "systemd description for Red Hat Build of Keycloak"
+                type: "str"
+            rhbk_patch_version:
+                required: false
+                description: "Red Hat Build of Keycloak latest cumulative patch version to apply; defaults to latest version when rhbk_apply_patches is True"
+                type: "str"
+            rhbk_patch_bundle:
+                default: "rhbk-{{ rhbk_patch_version | default('[0-9]+[.][0-9]+[.][0-9]+') }}-patch.zip"
+                description: "Red Hat Build of Keycloak patch archive filename"
+                type: "str"
+            rhbk_product_category:
+                default: "rhbk"
+                description: "JBossNetwork API category for Red Hat Build of Keycloak"
+                type: "str"
diff --git a/roles/keycloak_quarkus/meta/main.yml b/roles/keycloak_quarkus/meta/main.yml
index 469a71d..8d7331d 100644
--- a/roles/keycloak_quarkus/meta/main.yml
+++ b/roles/keycloak_quarkus/meta/main.yml
@@ -24,3 +24,4 @@ galaxy_info:
     - authentication
     - identity
     - security
+    - rhbk
diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml
index 887aa31..25106f9 100644
--- a/roles/keycloak_quarkus/tasks/install.yml
+++ b/roles/keycloak_quarkus/tasks/install.yml
@@ -57,11 +57,51 @@
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
     mode: 0640
   delegate_to: localhost
+  run_once: true
   when:
     - archive_path is defined
     - archive_path.stat is defined
     - not archive_path.stat.exists
     - not keycloak.offline_install
+    - not rhbk_enable is defined or not rhbk_enable
+
+- name: Perform download from RHN using JBoss Network API
+  delegate_to: localhost
+  run_once: true
+  when:
+    - archive_path is defined
+    - archive_path.stat is defined
+    - not archive_path.stat.exists
+    - rhbk_enable is defined and rhbk_enable
+    - not keycloak.offline_install
+  block:
+    - name: Retrieve product download using JBoss Network API
+      middleware_automation.common.product_search:
+        client_id: "{{ rhn_username }}"
+        client_secret: "{{ rhn_password }}"
+        product_type: DISTRIBUTION
+        product_version: "{{ rhbk_version }}"
+        product_category: "{{ rhbk_product_category }}"
+      register: rhn_products
+      no_log: "{{ omit_rhn_output | default(true) }}"
+      delegate_to: localhost
+      run_once: true
+
+    - name: Determine install zipfile from search results
+      ansible.builtin.set_fact:
+        rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + rhbk_archive + '$') }}"
+      delegate_to: localhost
+      run_once: true
+
+    - name: Download Red Hat Build of Keycloak
+      middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user
+        client_id: "{{ rhn_username }}"
+        client_secret: "{{ rhn_password }}"
+        product_id: "{{ (rhn_filtered_products | first).id }}"
+        dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+      no_log: "{{ omit_rhn_output | default(true) }}"
+      delegate_to: localhost
+      run_once: true
 
 - name: Check downloaded archive
   ansible.builtin.stat:
@@ -76,7 +116,7 @@
     dest: "{{ archive }}"
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
-    mode: 0750
+    mode: 0640
   register: new_version_downloaded
   when:
     - not archive_path.stat.exists