From 9c97baf03be1b88960b0bafa4c978788f8b8e8b2 Mon Sep 17 00:00:00 2001
From: Guido Grazioli <ggraziol@redhat.com>
Date: Fri, 17 Dec 2021 14:56:28 +0100
Subject: [PATCH] Add mariadb default, add config validation

---
 roles/keycloak/defaults/main.yml | 14 +++++++++++++-
 roles/keycloak/tasks/install.yml | 16 ++++++++--------
 roles/keycloak/tasks/prereqs.yml | 17 +++++++++++++++++
 3 files changed, 38 insertions(+), 9 deletions(-)

diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
index 372bf1f..db15e0f 100644
--- a/roles/keycloak/defaults/main.yml
+++ b/roles/keycloak/defaults/main.yml
@@ -36,6 +36,7 @@ keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
 # enable auto configuration for database backend, clustering and remote caches on infinispan
 keycloak_ha_enabled: False
+keycloak_db_enabled: False
 
 # keycloak administration console user
 keycloak_admin_user: admin
@@ -58,9 +59,10 @@ keycloak_remotecache:
   trust_store_path: /path/to/jks/keystore
   trust_store_password: changeme
 
+keycloak_jdbc_engine: postgres
 keycloak_jdbc:
   postgres:
-    enabled: "{{ keycloak_ha_enabled }}"
+    enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'postgres' }}"
     driver_module_name: "org.postgresql"
     driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
     driver_version: 9.4.1212
@@ -69,3 +71,13 @@ keycloak_jdbc:
     connection_url: "{{ postgres_jdbc_url | default('jdbc:postgresql://localhost:5432/keycloak') }}"
     db_user: "{{ postgres_db_user | default('keycloak-user') }}"
     db_password: "{{ postgres_db_pass | default('keycloak-pass') }}"
+  mariadb:
+    enabled: "{{ keycloak_ha_enabled and keycloak_jdbc_engine == 'mariadb' }}"
+    driver_module_name: "org.mariadb"
+    driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
+    driver_version: 2.7.4
+    driver_jar_filename: "mariadb-java-client-2.7.4.jar"
+    driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/2.7.4/mariadb-java-client-2.7.4.jar"
+    connection_url: "{{ mariadb_jdbc_url | default('jdbc:mariadb://localhost:3306/keycloak') }}"
+    db_user: "{{ mariadb_db_user | default('keycloak-user') }}"
+    db_password: "{{ mariadb_db_pass | default('keycloak-pass') }}"
diff --git a/roles/keycloak/tasks/install.yml b/roles/keycloak/tasks/install.yml
index 599a380..3b0db49 100644
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -112,19 +112,19 @@
   become: yes
   when: keycloak_rhsso_enable
 
-- name: "Install Postresql driver"
+- name: "Install {{ keycloak_jdbc_engine }} driver"
   include_role:
     name: wildfly_driver
     tasks_from: jdbc_driver.yml
   vars:
       wildfly_user: "{{ keycloak_service_user }}"
-      jdbc_driver_module_dir: "{{ keycloak_jdbc.postgres.driver_module_dir }}"
-      jdbc_driver_version: "{{ keycloak_jdbc.postgres.driver_version }}"
-      jdbc_driver_jar_filename: "{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_jar_url: "{{ keycloak_jdbc.postgres.driver_jar_url }}"
-      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc.postgres.driver_module_dir }}/{{ keycloak_jdbc.postgres.driver_jar_filename }}"
-      jdbc_driver_module_name: "{{ keycloak_jdbc.postgres.driver_module_name }}"
-  when: keycloak_jdbc.postgres.enabled
+      jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
+      jdbc_driver_version: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_version }}"
+      jdbc_driver_jar_filename: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_jar_url: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
+      jdbc_driver_jar_installation_path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
+      jdbc_driver_module_name: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
+  when: keycloak_jdbc[keycloak_jdbc_engine].enabled
 
 - name: "Deploy Keycloak's standalone.xml"
   become: yes
diff --git a/roles/keycloak/tasks/prereqs.yml b/roles/keycloak/tasks/prereqs.yml
index b6abb88..aab3788 100644
--- a/roles/keycloak/tasks/prereqs.yml
+++ b/roles/keycloak/tasks/prereqs.yml
@@ -1,4 +1,21 @@
 ---
+- name: "Validate configuration"
+  assert:
+    that:
+      - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
+    quiet: True
+    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_ha_enabled"
+    success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
+
+- name: "Validate credentials"
+  assert:
+    that:
+      - (rhn_username is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+      - (rhn_password is defined and rhsso_rhn_id is defined) or rhsso_rhn_id is not defined
+    quiet: True
+    fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
+    success_msg: "{{ 'Installing Red Hat Single Sign-On' if rhsso_rhn_id is defined else 'Installing keycloak.org' }}"
+
 - set_fact:
     required_packages:
     - "{{ jvm_package | default('java-1.8.0-openjdk-devel') }}"