INF-162 - Enable the LDAP configuration from REST API
- Create LDAP configuration
- Create LDAP mappers
- Enable Audit logging
- Verify the LDAP Authentication in Molecule environment
- Verify the user operation, create from Keycloak and search from LDAP
Change-Id: Ie6ea7f40cfe403ee3747a30b0bfb3acc9c72057f
diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
index 74ba85a..15e0431 100644
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@@ -9,7 +9,7 @@
tasks:
- name: "Create Token for service Keycloak"
uri:
- url: http://localhost:8080/auth/realms/master/protocol/openid-connect/token
+ url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token"
method: POST
body_format: form-urlencoded
body:
@@ -21,7 +21,7 @@
- name: "Get Client List"
uri:
- url: http://localhost:8080/auth/admin/realms/master/clients
+ url: "{{ keycloak_admin_api }}/clients"
method: GET
headers:
Accept: "application/json"
@@ -38,3 +38,92 @@
assert:
that:
- find is defined
+
+ - name: "Get existing LDAP configuration"
+ uri:
+ url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider"
+ method: GET
+ headers:
+ Accept: "application/json"
+ Authorization: "Bearer {{ keycloak_token.json.access_token }}"
+ register: keycloak_components_list
+
+ - name: Check if the Keycloak already has the LDAP configuration
+ set_fact:
+ ldap_id: "{{ item.id }}"
+ with_items: "{{ keycloak_components_list.json }}"
+ when: item.name == "ldap"
+
+ - name: Generate a local json file for LDAP configuration
+ become: false
+ delegate_to: localhost
+ template:
+ src: "{{ item }}.j2"
+ dest: "/tmp/{{ item }}"
+ mode: "0600"
+ with_items:
+ - ldap.testconnection
+ - ldap.testuser
+
+ - name: Test LDAP Authentication
+ uri:
+ url: "{{ keycloak_admin_api }}/testLDAPConnection"
+ method: POST
+ src: /tmp/ldap.testconnection
+ status_code: [204]
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ keycloak_token.json.access_token }}"
+
+ - name: Create user via Keycloak
+ uri:
+ url: "{{ keycloak_admin_api }}/users"
+ method: POST
+ src: /tmp/ldap.testuser
+ status_code: [201]
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ keycloak_token.json.access_token }}"
+ register: keycloak_create_user_response
+
+ - name: Get User ID from previous response
+ set_fact:
+ user_id: "{{ keycloak_create_user_response.location | basename }}"
+
+ - name: Verify created user via LDAP
+ community.general.ldap_entry:
+ dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
+ objectClass: "{{ keyclaok_ldap_user_object }}"
+ server_uri: "{{ keycloak_ldap_server }}"
+ bind_dn: "{{ keycloak_ldap_admin_dn }}"
+ bind_pw: "{{ keycloak_ldap_admin_password }}"
+ register: result
+
+ - name: Delete user via Keycloak
+ uri:
+ url: "{{ keycloak_admin_api }}/users/{{ user_id }}"
+ method: DELETE
+ status_code: [204]
+ headers:
+ Content-Type: application/json
+ Authorization: "Bearer {{ keycloak_token.json.access_token }}"
+
+ - name: Verify removed user via LDAP
+ community.general.ldap_entry:
+ dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
+ objectClass: "{{ keyclaok_ldap_user_object }}"
+ server_uri: "{{ keycloak_ldap_server }}"
+ bind_dn: "{{ keycloak_ldap_admin_dn }}"
+ bind_pw: "{{ keycloak_ldap_admin_password }}"
+ register: result
+ failed_when:
+ - '"missing attribute" not in result.details'
+
+ - name: Remove local LDAP json file
+ delegate_to: localhost
+ file:
+ path: "/tmp/{{ item }}"
+ state: absent
+ with_items:
+ - ldap.testconnection
+ - ldap.testuser