Skip to content

Commit

Permalink
Update molecule test for keystore vault
Browse files Browse the repository at this point in the history
  • Loading branch information
@guidograzioli
guidograzioli committed Apr 18, 2024
1 parent f7bcac7 commit cd8d61a
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 6 deletions.
8 changes: 6 additions & 2 deletions molecule/quarkus/converge.yml
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,20 @@
---
- name: Converge
hosts: all
vars:
vars:
keycloak_quarkus_admin_pass: "remembertochangeme"
keycloak_admin_password: "remembertochangeme"
keycloak_realm: TestRealm
keycloak_quarkus_host: instance
keycloak_quarkus_log: file
keycloak_quarkus_https_key_file_enabled: True
keycloak_quarkus_log_level: debug
keycloak_quarkus_https_key_file_enabled: true
keycloak_quarkus_key_file: "/opt/keycloak/certs/key.pem"
keycloak_quarkus_cert_file: "/opt/keycloak/certs/cert.pem"
keycloak_quarkus_log_target: /tmp/keycloak
keycloak_quarkus_ks_vault_enabled: true
keycloak_quarkus_ks_vault_file: "/opt/keycloak/certs/keystore.p12"
keycloak_quarkus_ks_vault_pass: keystorepassword
roles:
- role: keycloak_quarkus
- role: keycloak_realm
Expand Down
8 changes: 7 additions & 1 deletion molecule/quarkus/prepare.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,12 @@
path: "/opt/keycloak/certs/"
mode: 0755

- name: Copy certificates
- name: Create vault keystore
ansible.builtin.command: keytool -importpass -alias TestRealm_testalias -keystore keystore.p12 -storepass keystorepassword
delegate_to: localhost
changed_when: False

- name: Copy certificates and vault
become: yes
ansible.builtin.copy:
src: "{{ item }}"
Expand All @@ -30,3 +35,4 @@
loop:
- cert.pem
- key.pem
- keystore.p12
19 changes: 16 additions & 3 deletions molecule/quarkus/verify.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
that:
- ansible_facts.services["keycloak.service"]["state"] == "running"
- ansible_facts.services["keycloak.service"]["status"] == "enabled"
fail_msg: "Service not running"

- name: Set internal envvar
ansible.builtin.set_fact:
Expand Down Expand Up @@ -40,7 +41,7 @@

- name: Check log folder
ansible.builtin.stat:
path: "/tmp/keycloak"
path: /tmp/keycloak
register: keycloak_log_folder

- name: Check that keycloak log folder exists and is a link
Expand All @@ -49,11 +50,12 @@
- keycloak_log_folder.stat.exists
- not keycloak_log_folder.stat.isdir
- keycloak_log_folder.stat.islnk
fail_msg: "Service log symlink not correctly created"

- name: Check log file
become: yes
ansible.builtin.stat:
path: "/tmp/keycloak/keycloak.log"
path: /tmp/keycloak/keycloak.log
register: keycloak_log_file

- name: Check if keycloak file exists
Expand All @@ -65,11 +67,22 @@
- name: Check default log folder
become: yes
ansible.builtin.stat:
path: "/var/log/keycloak"
path: /var/log/keycloak
register: keycloak_default_log_folder
failed_when: false

- name: Check that default keycloak log folder doesn't exist
ansible.builtin.assert:
that:
- not keycloak_default_log_folder.stat.exists

- name: Read content of logs
ansible.builtin.slurp:
src: /tmp/keycloak/keycloak.log
register: slurped_log

- name: Verify keystore vault loaded
ansible.builtin.assert:
that:
- "'Configured KeystoreVaultProviderFactory with the keystore file' in slurped_log.content | b64decode"
fail_msg: "Service failed to use keystore vault correctly"

0 comments on commit cd8d61a

Please sign in to comment.