ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 19:00:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #207 from InfoSec812/Issue_206-_-fix-misnamed-params-and-allow-invalid-certs

Browse source 
jdbc_download and validate_certs params update
This commit is contained in:
Guido Grazioli 2024-05-03 08:47:38 +02:00 committed by GitHub
commit ba127153ff
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 31 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
github.json Normal file
View file

13
roles/keycloak/meta/argument_specs.yml
View file

@ -316,6 +316,19 @@ argument_specs:
default: '/var/log/keycloak' default: '/var/log/keycloak'
type: "str" type: "str"
description: "Set the destination of the keycloak log folder link" description: "Set the destination of the keycloak log folder link"
keycloak_jdbc_download_url:
description: "Override the default Maven Central download URL for the JDBC driver"
type: "str"
keycloak_jdbc_download_user:
description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location"
type: "str"
keycloak_jdbc_download_pass:
description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_jdbc_download_user)"
type: "str"
keycloak_jdbc_download_validate_certs:
default: true
description: "Allow the option to ignore invalid certificates when downloading JDBC drivers from a custom URL"
type: "bool"
downstream: downstream:
options: options:
sso_version: sso_version:

9
roles/keycloak/tasks/jdbc_driver.yml
View file

@ -16,6 +16,12 @@
become: true become: true
when: when:
- not dest_path.stat.exists - not dest_path.stat.exists
- name: "Verify valid parameters for download credentials when specified"
ansible.builtin.fail:
msg: >-
When JDBC driver download credentials are set, both the username and the password MUST be set
when:
- (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or (keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined)
- name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}" - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
ansible.builtin.get_url: ansible.builtin.get_url:
@ -23,6 +29,9 @@
dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}" dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/{{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_filename }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
url_username: "{{ keycloak_jdbc_download_user | default(omit) }}"
url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}"
mode: 0640 mode: 0640
become: true become: true

4
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -385,6 +385,10 @@ argument_specs:
keycloak_quarkus_jdbc_download_pass: keycloak_quarkus_jdbc_download_pass:
description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_quarkus_jdbc_download_user)" description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_quarkus_jdbc_download_user)"
type: "str" type: "str"
keycloak_quarkus_jdbc_download_validate_certs:
default: true
description: "Allow the option to ignore invalid certificates when downloading JDBC drivers from a custom URL"
type: "bool"
downstream: downstream:
options: options:
rhbk_version: rhbk_version:

9
roles/keycloak_quarkus/tasks/jdbc_driver.yml
View file

@ -4,15 +4,16 @@
msg: >- msg: >-
When JDBC driver download credentials are set, both the username and the password MUST be set When JDBC driver download credentials are set, both the username and the password MUST be set
when: when:
- (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or (keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined) - (keycloak_quarkus_jdbc_download_user is undefined and keycloak_quarkus_jdbc_download_pass is not undefined) or (keycloak_quarkus_jdbc_download_pass is undefined and keycloak_quarkus_jdbc_download_user is not undefined)
- name: "Retrieve JDBC Driver from {{ keycloak_jdbc_download_user | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}" - name: "Retrieve JDBC Driver from {{ keycloak_jdbc_download_user | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}"
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ keycloak_jdbc_download_url | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}" url: "{{ keycloak_quarkus_jdbc_download_url | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}"
dest: "{{ keycloak.home }}/providers" dest: "{{ keycloak.home }}/providers"
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
url_username: "{{ keycloak_jdbc_download_user | default(omit) }}" url_username: "{{ keycloak_quarkus_jdbc_download_user | default(omit) }}"
url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}" url_password: "{{ keycloak_quarkus_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_quarkus_jdbc_download_validate_certs | default(omit) }}"
mode: '0640' mode: '0640'
become: true become: true
notify: notify: