molecule/default/verify.yml - ansible/role/keycloak - Gitiles

 ---
 # keycloak molecule/default/verify.yml
 #
 # SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
 # SPDX-License-Identifier: Apache-2.0

 - name: Verify
   hosts: all
   tasks:
   - name: "Create Token for service Keycloak"
     uri:
       url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token"
       method: POST
       body_format: form-urlencoded
       body:
         username: "{{ keycloak_admin_username }}"
         password: "{{ keycloak_admin_password }}"
         grant_type: "password"
         client_id: "admin-cli"
     register: keycloak_token

   - name: "Get Client List"
     uri:
       url: "{{ keycloak_admin_api }}/clients"
       method: GET
       headers:
         Accept: "application/json"
         Authorization: "Bearer {{ keycloak_token.json.access_token }}"
     register: keycloak_userlist

   - name: Check if the Keycloak client json output contains our client
     set_fact:
       find: true
     with_items: "{{ keycloak_userlist.json }}"
     when: item.name == keycloak_client_settings[0].name

   - name: Fail if our client isn't installed correctly
     assert:
       that:
         - find is defined

   - name: "Get existing LDAP configuration"
     uri:
       url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider"
       method: GET
       headers:
         Accept: "application/json"
         Authorization: "Bearer {{ keycloak_token.json.access_token }}"
     register: keycloak_components_list

   - name: Check if the Keycloak already has the LDAP configuration
     set_fact:
       ldap_id: "{{ item.id }}"
     with_items: "{{ keycloak_components_list.json }}"
     when: item.name == "ldap"

   - name: Generate a local json file for LDAP configuration
     become: false
     delegate_to: localhost
     template:
       src: "{{ item }}.j2"
       dest: "/tmp/{{ item }}"
       mode: "0600"
     with_items:
       - ldap.testconnection
       - ldap.testuser

   - name: Test LDAP Authentication
     uri:
       url: "{{ keycloak_admin_api }}/testLDAPConnection"
       method: POST
       src: /tmp/ldap.testconnection
       status_code: [204]
       headers:
         Content-Type: application/json
         Authorization: "Bearer {{ keycloak_token.json.access_token }}"

   - name: Create user via Keycloak
     uri:
       url: "{{ keycloak_admin_api }}/users"
       method: POST
       src: /tmp/ldap.testuser
       status_code: [201]
       headers:
         Content-Type: application/json
         Authorization: "Bearer {{ keycloak_token.json.access_token }}"
     register: keycloak_create_user_response

   - name: Get User ID from previous response
     set_fact:
       user_id: "{{ keycloak_create_user_response.location | basename }}"

   - name: Verify created user via LDAP
     community.general.ldap_entry:
       dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
       objectClass: "{{ keyclaok_ldap_user_object }}"
       server_uri: "{{ keycloak_ldap_server }}"
       bind_dn: "{{ keycloak_ldap_admin_dn }}"
       bind_pw: "{{ keycloak_ldap_admin_password }}"
     register: result

   - name: Delete user via Keycloak
     uri:
       url: "{{ keycloak_admin_api }}/users/{{ user_id }}"
       method: DELETE
       status_code: [204]
       headers:
         Content-Type: application/json
         Authorization: "Bearer {{ keycloak_token.json.access_token }}"

   - name: Verify removed user via LDAP
     community.general.ldap_entry:
       dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
       objectClass: "{{ keyclaok_ldap_user_object }}"
       server_uri: "{{ keycloak_ldap_server }}"
       bind_dn: "{{ keycloak_ldap_admin_dn }}"
       bind_pw: "{{ keycloak_ldap_admin_password }}"
     register: result
     failed_when:
       - '"missing attribute" not in result.details'

   - name: Remove local LDAP json file
     delegate_to: localhost
     file:
       path: "/tmp/{{ item }}"
       state: absent
     with_items:
       - ldap.testconnection
       - ldap.testuser
	---
	# keycloak molecule/default/verify.yml
	#
	# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
	# SPDX-License-Identifier: Apache-2.0

	- name: Verify
	hosts: all
	tasks:
	- name: "Create Token for service Keycloak"
	uri:
	url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token"
	method: POST
	body_format: form-urlencoded
	body:
	username: "{{ keycloak_admin_username }}"
	password: "{{ keycloak_admin_password }}"
	grant_type: "password"
	client_id: "admin-cli"
	register: keycloak_token

	- name: "Get Client List"
	uri:
	url: "{{ keycloak_admin_api }}/clients"
	method: GET
	headers:
	Accept: "application/json"
	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
	register: keycloak_userlist

	- name: Check if the Keycloak client json output contains our client
	set_fact:
	find: true
	with_items: "{{ keycloak_userlist.json }}"
	when: item.name == keycloak_client_settings[0].name

	- name: Fail if our client isn't installed correctly
	assert:
	that:
	- find is defined

	- name: "Get existing LDAP configuration"
	uri:
	url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider"
	method: GET
	headers:
	Accept: "application/json"
	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
	register: keycloak_components_list

	- name: Check if the Keycloak already has the LDAP configuration
	set_fact:
	ldap_id: "{{ item.id }}"
	with_items: "{{ keycloak_components_list.json }}"
	when: item.name == "ldap"

	- name: Generate a local json file for LDAP configuration
	become: false
	delegate_to: localhost
	template:
	src: "{{ item }}.j2"
	dest: "/tmp/{{ item }}"
	mode: "0600"
	with_items:
	- ldap.testconnection
	- ldap.testuser

	- name: Test LDAP Authentication
	uri:
	url: "{{ keycloak_admin_api }}/testLDAPConnection"
	method: POST
	src: /tmp/ldap.testconnection
	status_code: [204]
	headers:
	Content-Type: application/json
	Authorization: "Bearer {{ keycloak_token.json.access_token }}"

	- name: Create user via Keycloak
	uri:
	url: "{{ keycloak_admin_api }}/users"
	method: POST
	src: /tmp/ldap.testuser
	status_code: [201]
	headers:
	Content-Type: application/json
	Authorization: "Bearer {{ keycloak_token.json.access_token }}"
	register: keycloak_create_user_response

	- name: Get User ID from previous response
	set_fact:
	user_id: "{{ keycloak_create_user_response.location \| basename }}"

	- name: Verify created user via LDAP
	community.general.ldap_entry:
	dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
	objectClass: "{{ keyclaok_ldap_user_object }}"
	server_uri: "{{ keycloak_ldap_server }}"
	bind_dn: "{{ keycloak_ldap_admin_dn }}"
	bind_pw: "{{ keycloak_ldap_admin_password }}"
	register: result

	- name: Delete user via Keycloak
	uri:
	url: "{{ keycloak_admin_api }}/users/{{ user_id }}"
	method: DELETE
	status_code: [204]
	headers:
	Content-Type: application/json
	Authorization: "Bearer {{ keycloak_token.json.access_token }}"

	- name: Verify removed user via LDAP
	community.general.ldap_entry:
	dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
	objectClass: "{{ keyclaok_ldap_user_object }}"
	server_uri: "{{ keycloak_ldap_server }}"
	bind_dn: "{{ keycloak_ldap_admin_dn }}"
	bind_pw: "{{ keycloak_ldap_admin_password }}"
	register: result
	failed_when:
	- '"missing attribute" not in result.details'

	- name: Remove local LDAP json file
	delegate_to: localhost
	file:
	path: "/tmp/{{ item }}"
	state: absent
	with_items:
	- ldap.testconnection
	- ldap.testuser