molecule/default/verify.yml

---
# keycloak molecule/default/verify.yml
#
# SPDX-FileCopyrightText: © 2021 Open Networking Foundation <support@opennetworking.org>
# SPDX-License-Identifier: Apache-2.0

- name: Verify
  hosts: all
  tasks:
  - name: "Create Token for service Keycloak"
    uri:
      url: "{{ keycloak_server }}/auth/realms/master/protocol/openid-connect/token"
      method: POST
      body_format: form-urlencoded
      body:
        username: "{{ keycloak_admin_username }}"
        password: "{{ keycloak_admin_password }}"
        grant_type: "password"
        client_id: "admin-cli"
    register: keycloak_token

  - name: "Get Client List"
    uri:
      url: "{{ keycloak_admin_api }}/clients"
      method: GET
      headers:
        Accept: "application/json"
        Authorization: "Bearer {{ keycloak_token.json.access_token }}"
    register: keycloak_userlist

  - name: Check if the Keycloak client json output contains our client
    set_fact:
      find: true
    with_items: "{{ keycloak_userlist.json }}"
    when: item.name == keycloak_client_settings[0].name

  - name: Fail if our client isn't installed correctly
    assert:
      that:
        - find is defined

  - name: "Get existing LDAP configuration"
    uri:
      url: "{{ keycloak_admin_api }}/components?type=org.keycloak.storage.UserStorageProvider"
      method: GET
      headers:
        Accept: "application/json"
        Authorization: "Bearer {{ keycloak_token.json.access_token }}"
    register: keycloak_components_list

  - name: Check if the Keycloak already has the LDAP configuration
    set_fact:
      ldap_id: "{{ item.id }}"
    with_items: "{{ keycloak_components_list.json }}"
    when: item.name == "ldap"

  - name: Generate a local json file for LDAP configuration
    become: false
    delegate_to: localhost
    template:
      src: "{{ item }}.j2"
      dest: "/tmp/{{ item }}"
      mode: "0600"
    with_items:
      - ldap.testconnection
      - ldap.testuser

  - name: Test LDAP Authentication
    uri:
      url: "{{ keycloak_admin_api }}/testLDAPConnection"
      method: POST
      src: /tmp/ldap.testconnection
      status_code: [204]
      headers:
        Content-Type: application/json
        Authorization: "Bearer {{ keycloak_token.json.access_token }}"

  - name: Create user via Keycloak
    uri:
      url: "{{ keycloak_admin_api }}/users"
      method: POST
      src: /tmp/ldap.testuser
      status_code: [201]
      headers:
        Content-Type: application/json
        Authorization: "Bearer {{ keycloak_token.json.access_token }}"
    register: keycloak_create_user_response

  - name: Get User ID from previous response
    set_fact:
      user_id: "{{ keycloak_create_user_response.location | basename }}"

  - name: Verify created user via LDAP
    community.general.ldap_entry:
      dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
      objectClass: "{{ keyclaok_ldap_user_object }}"
      server_uri: "{{ keycloak_ldap_server }}"
      bind_dn: "{{ keycloak_ldap_admin_dn }}"
      bind_pw: "{{ keycloak_ldap_admin_password }}"
    register: result

  - name: Delete user via Keycloak
    uri:
      url: "{{ keycloak_admin_api }}/users/{{ user_id }}"
      method: DELETE
      status_code: [204]
      headers:
        Content-Type: application/json
        Authorization: "Bearer {{ keycloak_token.json.access_token }}"

  - name: Verify removed user via LDAP
    community.general.ldap_entry:
      dn: "uid={{ keycloak_ldap_testing_user }},{{ keycloak_ldap_userdn }}"
      objectClass: "{{ keyclaok_ldap_user_object }}"
      server_uri: "{{ keycloak_ldap_server }}"
      bind_dn: "{{ keycloak_ldap_admin_dn }}"
      bind_pw: "{{ keycloak_ldap_admin_password }}"
    register: result
    failed_when:
      - '"missing attribute" not in result.details'

  - name: Remove local LDAP json file
    delegate_to: localhost
    file:
      path: "/tmp/{{ item }}"
      state: absent
    with_items:
      - ldap.testconnection
      - ldap.testuser