Enable config of a key store and trust store

2025-04-05 18:30:27 -07:00 · 2023-10-13 16:17:35 +02:00 · 2023-10-13 16:17:35 +02:00 · e842462a22
commit e842462a22
parent 00e6cb6b0e
6 changed files with 57 additions and 10 deletions
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@ -8,7 +8,7 @@
    keycloak_quarkus_host: instance
    keycloak_quarkus_http_relative_path: ''
    keycloak_quarkus_log: file
-    keycloak_quarkus_https_enabled: True
+    keycloak_quarkus_https_key_file_enabled: True
    keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/key.pem"
    keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/cert.pem"
  roles:
--- a/playbooks/keycloak_quarkus.yml
+++ b/playbooks/keycloak_quarkus.yml
@ -7,7 +7,7 @@
    keycloak_quarkus_port: 8443
    keycloak_quarkus_http_relative_path: ''
    keycloak_quarkus_log: file
-    keycloak_quarkus_https_enabled: True
+    keycloak_quarkus_https_key_file_enabled: True
    keycloak_quarkus_key_file: conf/key.pem
    keycloak_quarkus_cert_file: conf/cert.pem
  roles:
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@ -37,9 +37,16 @@ Role Defaults
 |`keycloak_quarkus_frontend_url`| Service public URL | `http://localhost:8080/auth` |
 |`keycloak_quarkus_http_relative_path` | Service context path | `auth` |
 |`keycloak_quarkus_http_enabled`| Enable listener on HTTP port | `True` |
-|`keycloak_quarkus_https_enabled`| Enable listener on HTTPS port | `False` |
+|`keycloak_quarkus_https_key_file_enabled`| Enable listener on HTTPS port | `False` |
 |`keycloak_quarkus_key_file`| The file path to a private key in PEM format | `{{ keycloak.home }}/conf/server.key.pem` |
 |`keycloak_quarkus_cert_file`| The file path to a server certificate or certificate chain in PEM format | `{{ keycloak.home }}/conf/server.crt.pem` |
+|`keycloak_quarkus_https_key_store_enabled`| Enable configuration of HTTPS via a key store | `False` |
+|`keycloak_quarkus_key_store_file`| The file pat to the key store | `{{ keycloak.home }}/conf/key_store.p12` |
+|`keycloak_quarkus_key_store_password`| Password for the key store | `""` |
+|`keycloak_quarkus_https_trust_store_enabled`| Enalbe confiugration of a trust store | `False` |
+|`keycloak_quarkus_trust_store_file`| The file pat to the trust store | `{{ keycloak.home }}/conf/trust_store.p12` |
+|`keycloak_quarkus_trust_store_password`| Password for the trust store | `""` |
+


 * Database configuration
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@ -2,7 +2,7 @@
 ### Configuration specific to keycloak
 keycloak_quarkus_version: 22.0.3
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
-keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"  
+keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"

 # whether to install from local archive
@ -37,9 +37,17 @@ keycloak_quarkus_jgroups_port: 7600
 keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m"

 ### TLS/HTTPS configuration
-keycloak_quarkus_https_enabled: False
+keycloak_quarkus_https_key_file_enabled: False
 keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/server.key.pem"
 keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/server.crt.pem"
+#### key store configuration
+keycloak_quarkus_https_key_store_enabled: False
+keycloak_quarkus_key_store_file: "{{ keycloak.home }}/conf/key_store.p12"
+keycloak_quarkus_key_store_password: ''
+##### trust store configuration
+keycloak_quarkus_https_trust_store_enabled: False
+keycloak_quarkus_trust_store_file: "{{ keycloak.home }}/conf/trust_store.p12"
+keycloak_quarkus_trust_store_password: ''

 ### Enable configuration for database backend, clustering and remote caches on infinispan
 keycloak_quarkus_ha_enabled: False
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@ -100,16 +100,16 @@ argument_specs:
            keycloak_quarkus_http_enabled:
                default: true
                description: "Enable listener on HTTP port"
-                type: "bool"                
+                type: "bool"
            keycloak_quarkus_http_port:
                # line 29 of defaults/main.yml
                default: 8080
                description: "HTTP port"
                type: "int"
-            keycloak_quarkus_https_enabled:
+            keycloak_quarkus_https_key_file_enabled:
                default: false
-                description: "Enable listener on HTTPS port"
-                type: "bool" 
+                description: "Enable configuration of HTTPS via files in PEM format"
+                type: "bool"
            keycloak_quarkus_key_file:
                default: "{{ keycloak.home }}/conf/server.key.pem"
                description: "The file path to a private key in PEM format"
@ -118,6 +118,30 @@ argument_specs:
                default: "{{ keycloak.home }}/conf/server.crt.pem"
                description: "The file path to a server certificate or certificate chain in PEM format"
                type: "str"
+            keycloak_quarkus_https_key_store_enabled:
+                default: false
+                description: "Enable configuration of HTTPS via a key store"
+                type: "bool"
+            keycloak_quarkus_key_store_file:
+                default: "{{ keycloak.home }}/conf/key_store.p12"
+                description: "The file path to the key store"
+                type: "str"
+            keycloak_quarkus_key_store_password:
+                default: ""
+                description: "Password for the key store"
+                type: "str"
+            keycloak_quarkus_https_trust_store_enabled:
+                default: false
+                description: "Enalbe confiugration of a trust store"
+                type: "bool"
+            keycloak_quarkus_trust_store_file:
+                default: "{{ keycloak.home }}/conf/trust_store.p12"
+                description: "The file pat to the trust store"
+                type: "str"
+            keycloak_quarkus_trust_store_password:
+                 default: ""
+                 description: "Password for the trust store"
+                 type: "str"
            keycloak_quarkus_https_port:
                # line 30 of defaults/main.yml
                default: 8443
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@ -18,10 +18,18 @@ http-port={{ keycloak_quarkus_http_port }}

 # HTTPS
 https-port={{ keycloak_quarkus_https_port }}
-{% if keycloak_quarkus_https_enabled %}
+{% if keycloak_quarkus_https_key_file_enabled %}
 https-certificate-file={{ keycloak_quarkus_cert_file}}
 https-certificate-key-file={{ keycloak_quarkus_key_file }}
 {% endif %}
+{% if keycloak_quarkus_https_key_store_enabled %}
+https-key-store-file={{ keycloak_quarkus_key_store_file }}
+https-key-store-password={{ keycloak_quarkus_key_store_password }}
+{% endif %}
+{% if keycloak_quarkus_https_trust_store_enabled %}
+https-trust-store-file={{ keycloak_quarkus_trust_store_file }}
+https-trust-store-password={{ keycloak_quarkus_trust_store_password }}
+{% endif %}

 # Hostname for the Keycloak server.
 hostname={{ keycloak_quarkus_host }}