diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c1a95bf..540fe4f 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,3 +15,4 @@ jobs: with: fqcn: 'middleware_automation/keycloak' collection_fqcn: 'middleware_automation.keycloak' + historical_docs: 'false' diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml index 0d59050..0480f9a 100644 --- a/molecule/quarkus/converge.yml +++ b/molecule/quarkus/converge.yml @@ -19,6 +19,16 @@ keycloak_quarkus_systemd_wait_for_timeout: 20 keycloak_quarkus_systemd_wait_for_delay: 2 keycloak_quarkus_systemd_wait_for_log: true + keycloak_quarkus_providers: + - id: http-client + spi: connections + default: true + restart: true + properties: + - key: default-connection-pool-size + value: 10 + - id: spid-saml + url: https://github.com/italia/spid-keycloak-provider/releases/download/24.0.2/spid-provider.jar roles: - role: keycloak_quarkus - role: keycloak_realm diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index f1d17fb..ed44e21 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -145,6 +145,33 @@ Role Defaults |`keycloak_quarkus_ks_vault_type`| Type of the keystore used for the vault SPI | `PKCS12` | +#### Configuring providers + +| Variable | Description | Default | +|:---------|:------------|:--------| +|`keycloak_quarkus_providers`| List of provider definitions; see below | `[]` | + +Provider definition: + +```yaml +keycloak_quarkus_providers: + - id: http-client # required + spi: connections # required if url is not specified + default: true # optional, whether to set default for spi, default false + restart: true # optional, whether to restart, default true + url: https://.../.../custom_spi.jar # optional, url for download + properties: # optional, list of key-values + - key: default-connection-pool-size + value: 10 +``` + +the definition above will generate the following build command: + +``` +bin/kc.sh build --spi-connections-provider=http-client --spi-connections-http-client-default-connection-pool-size=10 +``` + + Role Variables -------------- diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 1999dd8..771dc85 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -144,3 +144,5 @@ keycloak_quarkus_ks_vault_enabled: false keycloak_quarkus_ks_vault_file: "{{ keycloak_quarkus_config_dir }}/keystore.p12" keycloak_quarkus_ks_vault_type: PKCS12 keycloak_quarkus_ks_vault_pass: + +keycloak_quarkus_providers: [] diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index c1ebe8f..0669dc5 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -372,6 +372,10 @@ argument_specs: description: "Activation delay for service systemd unit (seconds)" default: 10 type: 'int' + keycloak_quarkus_providers: + description: "List of provider definition dicts: { 'id': str, 'spi': str, 'url': str, 'default': bool, 'properties': list of key/value }" + default: [] + type: "list" keycloak_quarkus_jdbc_download_url: description: "Override the default Maven Central download URL for the JDBC driver" type: "str" diff --git a/roles/keycloak_quarkus/tasks/install.yml b/roles/keycloak_quarkus/tasks/install.yml index 085f3d7..d95887f 100644 --- a/roles/keycloak_quarkus/tasks/install.yml +++ b/roles/keycloak_quarkus/tasks/install.yml @@ -164,3 +164,15 @@ when: - rhbk_enable is defined and rhbk_enable - keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url is defined + +- name: "Download custom providers" + ansible.builtin.get_url: + url: "{{ item.url }}" + dest: "{{ keycloak.home }}/providers/{{ item.id }}.jar" + owner: "{{ keycloak.service_user }}" + group: "{{ keycloak.service_group }}" + mode: '0640' + become: true + loop: "{{ keycloak_quarkus_providers }}" + when: item.url is defined and item.url | length > 0 + notify: "{{ ['rebuild keycloak config', 'restart keycloak'] if not item.restart is defined or not item.restart else [] }}" diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml index 4f9eec9..e0a76d5 100644 --- a/roles/keycloak_quarkus/tasks/prereqs.yml +++ b/roles/keycloak_quarkus/tasks/prereqs.yml @@ -56,3 +56,12 @@ when: keytool_check.rc != 0 ansible.builtin.fail: msg: "keytool NOT found in the PATH, but is required for setting up the configuration key store" + +- name: "Validate providers" + ansible.builtin.assert: + that: + - item.id is defined and item.id | length > 0 + - (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) + quiet: true + fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property" + loop: "{{ keycloak_quarkus_providers }}" diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2 index 065eea7..f55ee80 100644 --- a/roles/keycloak_quarkus/templates/keycloak.conf.j2 +++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2 @@ -97,3 +97,14 @@ vault-file={{ keycloak_quarkus_ks_vault_file }} vault-type={{ keycloak_quarkus_ks_vault_type }} vault-pass={{ keycloak_quarkus_ks_vault_pass }} {% endif %} + + +# Providers +{% for provider in keycloak_quarkus_providers %} +{% if provider.default is defined and provider.default %} +spi-{{ provider.spi }}-provider={{ provider.id }} +{% endif %} +{% if provider.properties is defined %}{% for property in provider.properties %} +spi-{{ provider.spi }}-{{ provider.id }}-{{ property.key }}={{ property.value }} +{% endfor %}{% endif %} +{% endfor %}