#224: keycloak_quarkus: Add support for policy files

roles/keycloak_quarkus/tasks/install.yml

@@ -226,3 +226,25 @@
   loop: "{{ keycloak_quarkus_providers }}"
   when: item.url is defined and item.url | length > 0
   notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}"
+
+- name: Ensure required folder structure for policies exits
+  ansible.builtin.file:
+    path: "{{ keycloak.home }}/data/{{ item | lower }}"
+    state: directory
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: '0750'
+  become: true
+  loop: "{{ keycloak_quarkus_supported_policy_types }}"
+
+- name: "Install custom policies"
+  ansible.builtin.get_url:
+    url: "{{ item.url }}"
+    dest: "{{ keycloak.home }}/data/{{ item.type|default(keycloak_quarkus_supported_policy_types | first) | lower }}/{{ item.name }}"
+    owner: "{{ keycloak.service_user }}"
+    group: "{{ keycloak.service_group }}"
+    mode: '0640'
+  become: true
+  loop: "{{ keycloak_quarkus_policies }}"
+  when: item.url is defined and item.url | length > 0
+  notify: "restart keycloak"

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -65,3 +65,13 @@
     quiet: true
     fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property"
   loop: "{{ keycloak_quarkus_providers }}"
+
+- name: "Validate policies"
+  ansible.builtin.assert:
+    that:
+      - item.name is defined and item.name | length > 0
+      - item.url is defined and item.url | length > 0
+      - item.type is not defined or item.type | lower in keycloak_quarkus_supported_policy_types
+    quiet: true
+    fail_msg: "Policy definition is incorrect: `name` and one of `url` are mandatory, `type` needs to be left empty or one of {{ keycloak_quarkus_supported_policy_types }}."
+  loop: "{{ keycloak_quarkus_policies }}"