commit 718cd264b000402a658d75a8e4f09506edb9d219
author Hung-Wei Chiu <hungwei@opennetworking.org> Mon Sep 13 18:20:21 2021 +0000
committer Hung-Wei Chiu <hungwei@opennetworking.org> Mon Sep 13 23:53:28 2021 +0000
tree ac4941b875363c100d4bb34897d166ff4def7fb3
parent 6a075af97167ddc690af05e1ddc1c941fd62bbf7

INF-162 - Configure keycloak client setting via built-in Ansible plugin

Change-Id: Ifd6b43d148a52727e2044c0c4314203fa7711286

molecule/default/molecule.yml

diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml
index 08b9c30..5796c8d 100644
--- a/molecule/default/molecule.yml
+++ b/molecule/default/molecule.yml
@@ -21,5 +21,35 @@
       debian-11-priv:
         keycloak_admin_username: "admin"
         keycloak_admin_password: "changeme"
+        keycloak_client_settings:
+          - name: client_testing
+            client_id: https://testing.client.site/v1-saml/keycloak/saml/metadata
+            auth_realm: master
+            protocol: saml
+            description: "Testing Server"
+            attributes:
+              saml.client.signature: false
+              saml.assertion.signature: true
+              saml_idp_initiated_sso_url_name: "IdPSSOName"
+              saml.server.signature: true
+              saml_name_id_format: "username"
+            redirect_uris:
+              - https://testing.client.site/v1-saml/keycloak/saml/acs
+            protocol_mappers:
+              - config:
+                  attribute.name: "uid"
+                  attribute.nameformat: "Basic"
+                  user.attribute: "username"
+                name: "x509 username"
+                protocol: "saml"
+                protocolMapper: "saml-user-property-mapper"
+              - config:
+                  attribute.name: "member"
+                  attribute.nameformat: "Basic"
+                  full.path: "false"
+                  single: "true"
+                name: "groups"
+                protocol: "saml"
+                protocolMapper: "saml-group-membership-mapper"
 verifier:
   name: ansible

molecule/default/verify.yml

diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index f05340a..74ba85a 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -7,11 +7,34 @@
 - name: Verify
   hosts: all
   tasks:
-  - name: Check that Keycloak is running with configured username/password
-    community.general.keycloak_client:
-      auth_keycloak_url: http://localhost:8080/auth
-      auth_realm: master
-      auth_username: "{{ keycloak_admin_username }}"
-      auth_password: "{{ keycloak_admin_password }}"
-      client_id: test
-      state: present
+  - name: "Create Token for service Keycloak"
+    uri:
+      url: http://localhost:8080/auth/realms/master/protocol/openid-connect/token
+      method: POST
+      body_format: form-urlencoded
+      body:
+        username: "{{ keycloak_admin_username }}"
+        password: "{{ keycloak_admin_password }}"
+        grant_type: "password"
+        client_id: "admin-cli"
+    register: keycloak_token
+
+  - name: "Get Client List"
+    uri:
+      url: http://localhost:8080/auth/admin/realms/master/clients
+      method: GET
+      headers:
+        Accept: "application/json"
+        Authorization: "Bearer {{ keycloak_token.json.access_token }}"
+    register: keycloak_userlist
+
+  - name: Check if the Keycloak client json output contains our client
+    set_fact:
+      find: true
+    with_items: "{{ keycloak_userlist.json }}"
+    when: item.name == keycloak_client_settings[0].name
+
+  - name: Fail if our client isn't installed correctly
+    assert:
+      that:
+        - find is defined