From fd375a141d0866c75180ccef7062784b6e0580da Mon Sep 17 00:00:00 2001 From: Guido Grazioli Date: Mon, 22 May 2023 16:12:25 +0200 Subject: [PATCH] ci: update linter settings, fix new linter issues --- .ansible-lint | 5 +++-- molecule/default/verify.yml | 7 ++++--- molecule/quarkus/prepare.yml | 25 +++++++++++++++---------- molecule/quarkus/verify.yml | 20 ++++++++++++-------- roles/keycloak/tasks/rhsso_patch.yml | 6 +++--- 5 files changed, 37 insertions(+), 26 deletions(-) diff --git a/.ansible-lint b/.ansible-lint index eaa75d0..ccabc00 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -21,19 +21,20 @@ warn_list: - experimental - ignore-errors - no-handler - - fqcn-builtins - no-log-password - jinja[spacing] - jinja[invalid] - meta-no-tags - - name[template] - name[casing] - fqcn[action] - schema[meta] + - var-naming[no-role-prefix] + - key-order[task] skip_list: - vars_should_not_be_used - file_is_small_enough + - name[template] use_default_rules: true parseable: true diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 061279d..86047a4 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -15,8 +15,11 @@ - ansible_facts.services["keycloak.service"]["state"] == "running" - ansible_facts.services["keycloak.service"]["status"] == "enabled" - name: Verify we are running on requested jvm - shell: | + ansible.builtin.shell: | + set -o pipefail ps -ef | grep /usr/lib/jvm/java-11 | grep -v grep + args: + executable: /bin/bash changed_when: no - name: Verify token api call ansible.builtin.uri: @@ -48,8 +51,6 @@ headers: Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}" register: keycloak_query_clients - - debug: - msg: "{{ keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') }}" - name: Verify expected config ansible.builtin.assert: that: diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml index f54dbb8..4b85c14 100644 --- a/molecule/quarkus/prepare.yml +++ b/molecule/quarkus/prepare.yml @@ -11,25 +11,30 @@ ansible.builtin.set_fact: hera_home: "{{ lookup('env', 'HERA_HOME') }}" - - ansible.builtin.command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance' + - name: Create certificate request + ansible.builtin.command: openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -sha256 -days 365 -nodes -subj '/CN=instance' delegate_to: localhost + changed_when: False - - block: - - ansible.builtin.lineinfile: - dest: /etc/hosts - line: "127.0.0.1 instance" - state: present - delegate_to: localhost - become: yes + - name: Set /etc/hosts + ansible.builtin.lineinfile: + dest: /etc/hosts + line: "127.0.0.1 instance" + state: present + delegate_to: localhost + become: yes when: - hera_home is defined - hera_home | length == 0 - - ansible.builtin.file: + - name: Create conf directory # risky-file-permissions in test user account does not exist yet + ansible.builtin.file: state: directory path: /opt/keycloak/keycloak-18.0.0/conf/ + mode: 0755 - - ansible.builtin.copy: + - name: Copy certificates + ansible.builtin.copy: src: "{{ item }}" dest: "/opt/keycloak/keycloak-18.0.0/conf/{{ item }}" mode: 0444 diff --git a/molecule/quarkus/verify.yml b/molecule/quarkus/verify.yml index 1d4e5ae..6a3d547 100644 --- a/molecule/quarkus/verify.yml +++ b/molecule/quarkus/verify.yml @@ -4,26 +4,30 @@ tasks: - name: Populate service facts ansible.builtin.service_facts: + - name: Check if keycloak service started ansible.builtin.assert: that: - ansible_facts.services["keycloak.service"]["state"] == "running" - ansible_facts.services["keycloak.service"]["status"] == "enabled" - - set_fact: + - name: Set internal envvar + ansible.builtin.set_fact: hera_home: "{{ lookup('env', 'HERA_HOME') }}" - - block: - - name: Fetch openID config - shell: | + - name: Verify openid config + block: + - name: Fetch openID config # noqa command-instead-of-module + ansible.builtin.shell: | + set -o pipefail curl https://instance:8443/realms/master/.well-known/openid-configuration -k | jq . + args: + executable: /bin/bash delegate_to: localhost register: openid_config - - debug: - msg: " {{ openid_config.stdout | from_json }}" - delegate_to: localhost + changed_when: False - name: Verify endpoint URLs - assert: + ansible.builtin.assert: that: - (openid_config.stdout | from_json)["backchannel_authentication_endpoint"] == 'https://instance/realms/master/protocol/openid-connect/ext/ciba/auth' - (openid_config.stdout | from_json)['issuer'] == 'https://instance/realms/master' diff --git a/roles/keycloak/tasks/rhsso_patch.yml b/roles/keycloak/tasks/rhsso_patch.yml index 1b1e9a6..7f00a50 100644 --- a/roles/keycloak/tasks/rhsso_patch.yml +++ b/roles/keycloak/tasks/rhsso_patch.yml @@ -35,14 +35,14 @@ run_once: yes - name: Determine patch versions list - set_fact: + ansible.builtin.set_fact: filtered_versions: "{{ rhn_products.results | map(attribute='file_path') | select('match', '^[^/]*/rh-sso-.*[0-9]*[.][0-9]*[.][0-9]*.*$') | map('regex_replace','[^/]*/rh-sso-([0-9]*[.][0-9]*[.][0-9]*)-.*','\\1' ) | list | unique }}" when: sso_patch_version is not defined or sso_patch_version | length == 0 delegate_to: localhost run_once: yes - name: Determine latest version - set_fact: + ansible.builtin.set_fact: sso_latest_version: "{{ filtered_versions | middleware_automation.keycloak.version_sort | last }}" when: sso_patch_version is not defined or sso_patch_version | length == 0 delegate_to: localhost @@ -58,7 +58,7 @@ run_once: yes - name: "Determine selected patch from supplied version: {{ sso_patch_version }}" - set_fact: + ansible.builtin.set_fact: rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_patch_bundle + '$') }}" patch_bundle: "{{ sso_patch_bundle }}" patch_version: "{{ sso_patch_version }}"