mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-05 10:20:27 -07:00
102 lines
4.1 KiB
YAML
102 lines
4.1 KiB
YAML
---
|
|
- name: Validate admin console password
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_quarkus_admin_pass | length > 12
|
|
quiet: true
|
|
fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
|
|
success_msg: "{{ 'Console administrator password OK' }}"
|
|
|
|
- name: Validate relative path
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_quarkus_http_relative_path is regex('^/.*')
|
|
quiet: true
|
|
fail_msg: "The relative path for keycloak_quarkus_http_relative_path must begin with /"
|
|
success_msg: "{{ 'Relative path OK' }}"
|
|
|
|
- name: Validate configuration
|
|
ansible.builtin.assert:
|
|
that:
|
|
- (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
|
|
(not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
|
|
(not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
|
|
quiet: true
|
|
fail_msg: "HA setup requires a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
|
|
success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
|
|
|
|
- name: Validate OS family
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ansible_os_family in ["RedHat", "Debian"]
|
|
quiet: true
|
|
fail_msg: "Can only install on RedHat or Debian OS families; found {{ ansible_os_family }}"
|
|
success_msg: "Installing on {{ ansible_os_family }}"
|
|
|
|
- name: Load OS specific variables
|
|
ansible.builtin.include_vars: "vars/{{ ansible_os_family | lower }}.yml"
|
|
tags:
|
|
- always
|
|
|
|
- name: Ensure required packages are installed
|
|
ansible.builtin.include_tasks: fastpackages.yml
|
|
vars:
|
|
packages_list: "{{ keycloak_quarkus_prereq_package_list }}"
|
|
|
|
- name: "Validate keytool"
|
|
when: keycloak_quarkus_config_key_store_password | length > 0
|
|
block:
|
|
- name: "Attempt to run keytool"
|
|
changed_when: false
|
|
ansible.builtin.command: keytool -help
|
|
register: keytool_check
|
|
ignore_errors: true
|
|
|
|
- name: "Fail when no keytool found"
|
|
when: keytool_check.rc != 0
|
|
ansible.builtin.fail:
|
|
msg: "keytool NOT found in the PATH, but is required for setting up the configuration key store"
|
|
|
|
- name: "Validate providers"
|
|
ansible.builtin.assert:
|
|
that: >
|
|
item.id is defined and item.id | length > 0 and
|
|
( (item.spi is defined and item.spi | length > 0) or
|
|
(item.url is defined and item.url | length > 0) or
|
|
( item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and
|
|
item.maven.group_id is defined and item.maven.group_id | length > 0 and
|
|
item.maven.artifact_id is defined and item.maven.artifact_id | length > 0) or
|
|
(item.local_path is defined and item.local_path | length > 0)
|
|
)
|
|
quiet: true
|
|
fail_msg: >
|
|
Providers definition incorrect; `id` and one of `spi`, `url`, `local_path`, or `maven` are mandatory. `key` and `value` are mandatory for each property
|
|
loop: "{{ keycloak_quarkus_providers }}"
|
|
|
|
- name: "Validate policies"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- item.name is defined and item.name | length > 0
|
|
- item.url is defined and item.url | length > 0
|
|
- item.type is not defined or item.type | lower in keycloak_quarkus_supported_policy_types
|
|
quiet: true
|
|
fail_msg: >
|
|
Policy definition is incorrect: `name` and one of `url` are mandatory, `type` needs to be left empty or one of {{ keycloak_quarkus_supported_policy_types }}.
|
|
loop: "{{ keycloak_quarkus_policies }}"
|
|
|
|
- name: "Validate additional env variables"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- item.key is defined and item.key | length > 0
|
|
- item.value is defined and item.value | length > 0
|
|
quiet: true
|
|
fail_msg: "Additional env variable definition is incorrect: `key` and `value` are mandatory."
|
|
no_log: true
|
|
loop: "{{ keycloak_quarkus_additional_env_vars }}"
|
|
|
|
- name: "Validate proxy-headers"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_quarkus_proxy_headers | lower in ['', 'forwarded', 'xforwarded']
|
|
quiet: true
|
|
fail_msg: "keycloak_quarkus_proxy_headers must be either '', 'forwarded' or 'xforwarded'"
|