Update molecule test for keystore vault

molecule/quarkus/converge.yml

@@ -1,16 +1,20 @@
 ---
 - name: Converge
   hosts: all
-  vars: 
+  vars:
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm
     keycloak_quarkus_host: instance
     keycloak_quarkus_log: file
-    keycloak_quarkus_https_key_file_enabled: True
+    keycloak_quarkus_log_level: debug
+    keycloak_quarkus_https_key_file_enabled: true
     keycloak_quarkus_key_file: "/opt/keycloak/certs/key.pem"
     keycloak_quarkus_cert_file: "/opt/keycloak/certs/cert.pem"
     keycloak_quarkus_log_target: /tmp/keycloak
+    keycloak_quarkus_ks_vault_enabled: true
+    keycloak_quarkus_ks_vault_file: "/opt/keycloak/certs/keystore.p12"
+    keycloak_quarkus_ks_vault_pass: keystorepassword
   roles:
     - role: keycloak_quarkus
     - role: keycloak_realm

molecule/quarkus/prepare.yml

@@ -21,7 +21,12 @@
         path: "/opt/keycloak/certs/"
         mode: 0755
 
-    - name: Copy certificates
+    - name: Create vault keystore
+      ansible.builtin.command: keytool -importpass -alias TestRealm_testalias -keystore keystore.p12 -storepass keystorepassword
+      delegate_to: localhost
+      changed_when: False
+
+    - name: Copy certificates and vault
       become: yes
       ansible.builtin.copy:
         src: "{{ item }}"
@@ -30,3 +35,4 @@
       loop:
         - cert.pem
         - key.pem
+        - keystore.p12

molecule/quarkus/verify.yml

@@ -10,6 +10,7 @@
         that:
           - ansible_facts.services["keycloak.service"]["state"] == "running"
           - ansible_facts.services["keycloak.service"]["status"] == "enabled"
+        fail_msg: "Service not running"
 
     - name: Set internal envvar
       ansible.builtin.set_fact:
@@ -40,7 +41,7 @@
 
     - name: Check log folder
       ansible.builtin.stat:
-        path: "/tmp/keycloak"
+        path: /tmp/keycloak
       register: keycloak_log_folder
 
     - name: Check that keycloak log folder exists and is a link
@@ -49,11 +50,12 @@
           - keycloak_log_folder.stat.exists
           - not keycloak_log_folder.stat.isdir
           - keycloak_log_folder.stat.islnk
+        fail_msg: "Service log symlink not correctly created"
 
     - name: Check log file
       become: yes
       ansible.builtin.stat:
-        path: "/tmp/keycloak/keycloak.log"
+        path: /tmp/keycloak/keycloak.log
       register: keycloak_log_file
 
     - name: Check if keycloak file exists
@@ -65,7 +67,7 @@
     - name: Check default log folder
       become: yes
       ansible.builtin.stat:
-        path: "/var/log/keycloak"
+        path: /var/log/keycloak
       register: keycloak_default_log_folder
       failed_when: false
 
@@ -73,3 +75,14 @@
       ansible.builtin.assert:
         that:
           - not keycloak_default_log_folder.stat.exists
+
+    - name: Read content of logs
+      ansible.builtin.slurp:
+        src: /tmp/keycloak/keycloak.log
+      register: slurped_log
+
+    - name: Verify keystore vault loaded
+      ansible.builtin.assert:
+        that:
+          - "'Configured KeystoreVaultProviderFactory with the keystore file' in slurped_log.content | b64decode"
+        fail_msg: "Service failed to use keystore vault correctly"