mirror of
https://github.com/ansible-middleware/keycloak.git
synced 2025-04-06 02:40:30 -07:00
77 lines
3.4 KiB
YAML
77 lines
3.4 KiB
YAML
---
|
|
- name: Validate admin console password
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_quarkus_admin_pass | length > 12
|
|
quiet: true
|
|
fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
|
|
success_msg: "{{ 'Console administrator password OK' }}"
|
|
|
|
- name: Validate relative path
|
|
ansible.builtin.assert:
|
|
that:
|
|
- keycloak_quarkus_http_relative_path is regex('^/.*')
|
|
quiet: true
|
|
fail_msg: "The relative path for keycloak_quarkus_http_relative_path must begin with /"
|
|
success_msg: "{{ 'Relative path OK' }}"
|
|
|
|
- name: Validate configuration
|
|
ansible.builtin.assert:
|
|
that:
|
|
- (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
|
|
(not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
|
|
(not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
|
|
quiet: true
|
|
fail_msg: "HA setup requires a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
|
|
success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
|
|
|
|
- name: Validate OS family
|
|
ansible.builtin.assert:
|
|
that:
|
|
- ansible_os_family in ["RedHat", "Debian"]
|
|
quiet: true
|
|
fail_msg: "Can only install on RedHat or Debian OS families; found {{ ansible_os_family }}"
|
|
success_msg: "Installing on {{ ansible_os_family }}"
|
|
|
|
- name: Load OS specific variables
|
|
ansible.builtin.include_vars: "vars/{{ ansible_os_family | lower }}.yml"
|
|
tags:
|
|
- always
|
|
|
|
- name: Ensure required packages are installed
|
|
ansible.builtin.include_tasks: fastpackages.yml
|
|
vars:
|
|
packages_list: "{{ keycloak_quarkus_prereq_package_list }}"
|
|
|
|
- name: "Validate keytool"
|
|
when: keycloak_quarkus_config_key_store_password | length > 0
|
|
block:
|
|
- name: "Attempt to run keytool"
|
|
changed_when: false
|
|
ansible.builtin.command: keytool -help
|
|
register: keytool_check
|
|
ignore_errors: true
|
|
|
|
- name: "Fail when no keytool found"
|
|
when: keytool_check.rc != 0
|
|
ansible.builtin.fail:
|
|
msg: "keytool NOT found in the PATH, but is required for setting up the configuration key store"
|
|
|
|
- name: "Validate providers"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- item.id is defined and item.id | length > 0
|
|
- (item.spi is defined and item.spi | length > 0) or (item.url is defined and item.url | length > 0) or (item.maven is defined and item.maven.repository_url is defined and item.maven.repository_url | length > 0 and item.maven.group_id is defined and item.maven.group_id | length > 0 and item.maven.artifact_id is defined and item.maven.artifact_id | length > 0) or (item.local_path is defined and item.local_path | length > 0)
|
|
quiet: true
|
|
fail_msg: "Providers definition is incorrect; `id` and one of `spi`, `url`, `local_path`, or `maven` are mandatory. `key` and `value` are mandatory for each property"
|
|
loop: "{{ keycloak_quarkus_providers }}"
|
|
|
|
- name: "Validate policies"
|
|
ansible.builtin.assert:
|
|
that:
|
|
- item.name is defined and item.name | length > 0
|
|
- item.url is defined and item.url | length > 0
|
|
- item.type is not defined or item.type | lower in keycloak_quarkus_supported_policy_types
|
|
quiet: true
|
|
fail_msg: "Policy definition is incorrect: `name` and one of `url` are mandatory, `type` needs to be left empty or one of {{ keycloak_quarkus_supported_policy_types }}."
|
|
loop: "{{ keycloak_quarkus_policies }}"
|