mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-06 10:50:31 -07:00
89 lines
3.6 KiB
YAML
89 lines
3.6 KiB
YAML
---
|
|
- name: Verify
|
|
hosts: all
|
|
vars:
|
|
keycloak_admin_password: "remembertochangeme"
|
|
keycloak_jvm_package: java-11-openjdk-headless
|
|
keycloak_uri: "http://localhost:{{ 8080 + ( keycloak_jboss_port_offset | default(0) ) }}"
|
|
keycloak_management_port: "http://localhost:{{ 9990 + ( keycloak_jboss_port_offset | default(0) ) }}"
|
|
keycloak_jboss_port_offset: 10
|
|
tasks:
|
|
- name: Populate service facts
|
|
ansible.builtin.service_facts:
|
|
- name: Check if keycloak service started
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ansible_facts.services["keycloak.service"]["state"] == "running"
|
|
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
|
|
- name: Verify we are running on requested jvm # noqa blocked_modules command-instead-of-module
|
|
ansible.builtin.shell: |
|
|
set -o pipefail
|
|
ps -ef | grep '/etc/alternatives/jre_11/' | grep -v grep
|
|
args:
|
|
executable: /bin/bash
|
|
changed_when: no
|
|
- name: Verify token api call
|
|
ansible.builtin.uri:
|
|
url: "{{ keycloak_uri }}/auth/realms/master/protocol/openid-connect/token"
|
|
method: POST
|
|
body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password"
|
|
validate_certs: no
|
|
register: keycloak_auth_response
|
|
until: keycloak_auth_response.status == 200
|
|
retries: 2
|
|
delay: 2
|
|
- name: Fetch openid-connect config
|
|
ansible.builtin.uri:
|
|
url: "{{ keycloak_uri }}/auth/realms/TestRealm/.well-known/openid-configuration"
|
|
method: GET
|
|
validate_certs: no
|
|
status_code: 200
|
|
register: keycloak_openid_config
|
|
- name: Verify expected config
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_openid_config.json.registration_endpoint == 'http://localhost:8080/auth/realms/TestRealm/clients-registrations/openid-connect'
|
|
- name: Get test realm clients
|
|
ansible.builtin.uri:
|
|
url: "{{ keycloak_uri }}/auth/admin/realms/TestRealm/clients"
|
|
method: GET
|
|
validate_certs: no
|
|
status_code: 200
|
|
headers:
|
|
Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
|
|
register: keycloak_query_clients
|
|
- name: Verify expected config
|
|
ansible.builtin.assert:
|
|
that:
|
|
- (keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') | first)["attributes"]["post.logout.redirect.uris"] == '/public/logout'
|
|
- name: "Privilege escalation as some files/folders may requires it"
|
|
become: yes
|
|
block:
|
|
- name: Check log folder
|
|
ansible.builtin.stat:
|
|
path: "/tmp/keycloak"
|
|
register: keycloak_log_folder
|
|
- name: Check that keycloak log folder exists and is a link
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_log_folder.stat.exists
|
|
- not keycloak_log_folder.stat.isdir
|
|
- keycloak_log_folder.stat.islnk
|
|
- name: Check log file
|
|
ansible.builtin.stat:
|
|
path: "/tmp/keycloak/server.log"
|
|
register: keycloak_log_file
|
|
- name: Check if keycloak file exists
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_log_file.stat.exists
|
|
- not keycloak_log_file.stat.isdir
|
|
- name: Check default log folder
|
|
ansible.builtin.stat:
|
|
path: "/var/log/keycloak"
|
|
register: keycloak_default_log_folder
|
|
failed_when: false
|
|
- name: Check that default keycloak log folder doesn't exist
|
|
ansible.builtin.assert:
|
|
that:
|
|
- not keycloak_default_log_folder.stat.exists
|