1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/keycloak_realm_key/tasks/main.yml

374 lines
12 KiB
YAML
Raw Permalink Normal View History

Add keycloak_realm_key module (#7127) * Add keycloak_realm_key module * keycloak_realm_key: make "ansible-test sanity" happy Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> * keycloak_realm_key: support check_mode * keycloak_realm_key: add integration tests * keycloak_realm_key: remove FIXME comment * keycloak_realm_key: fix EOL in integration test variables * keycloak_realm_key: remove unused import * keycloak_realm_key: remove integration test realm at the end of test suite * keycloak_realm_key: add version_added metadata * keycloak_realm_key: add documentation for end_state * keycloak_realm_key: support the "certificate" parameter As with "private_key" changing the certificate after creation is not possible because we can't compare the current value to the desired value. * keycloak_realm_key: document default for certificate parameter Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> * keycloak_realm_key: implement diff mode * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_realm_key: remove note about literal linefeeds * keycloak_realm_key: remove defaults from priority and certificate * keycloak_realm_key: mark diff and check modes as partially supported * keycloak_realm_key: implement "force" parameter This ensures that the desired state is always enforced on keys that should be, and are, present. * keycloak_realm_key: fix yaml parsing error in documentation * keycloak_realm_key: document why check_mode support is partial * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_realm_key: documentation and metadata fixes * keycloak_realm_key: small documentation fix * keycloak_realm_key: change version_added to 7.5.0 * Update plugins/modules/keycloak_realm_key.py Co-authored-by: Felix Fontein <felix@fontein.de> --------- Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net> Co-authored-by: Felix Fontein <felix@fontein.de>
2023-09-19 18:08:10 +02:00
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Remove Keycloak test realm to avoid failures from previous failed runs
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
id: "{{ realm }}"
state: absent
- name: Create Keycloak test realm
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
id: "{{ realm }}"
state: present
- name: Create custom realm key (check mode)
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 150
check_mode: true
register: result
- name: Assert that nothing has changed
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["150"]
- result.msg == "Realm key testkey would be created"
- name: Create custom realm key
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 150
diff: true
register: result
- name: Assert that realm key was created
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["150"]
- result.msg == "Realm key testkey created"
- name: Create custom realm key (test for idempotency)
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 150
register: result
- name: Assert that nothing has changed
assert:
that:
- result is not changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["150"]
- result.msg == "Realm key testkey was in sync"
- name: Update custom realm key (check mode)
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 140
check_mode: true
register: result
- name: Assert that nothing has changed
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["140"]
- result.msg == "Realm key testkey would be changed: config.priority ['150'] -> ['140']"
- name: Update custom realm key
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 140
diff: true
register: result
- name: Assert that realm key was updated
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["140"]
- result.msg == "Realm key testkey changed: config.priority ['150'] -> ['140']"
- name: Update custom realm key (test for idempotency)
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
enabled: true
active: true
priority: 140
register: result
- name: Assert that nothing has changed
assert:
that:
- result is not changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["140"]
- result.msg == "Realm key testkey was in sync"
- name: Force update custom realm key
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
force: true
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key_2 }}"
certificate: ""
enabled: true
active: true
priority: 140
register: result
- name: Assert that forced update ran correctly
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["140"]
- result.msg == "Realm key testkey was forcibly updated"
- name: Remove custom realm key
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: absent
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
priority: 140
diff: true
register: result
- name: Assert that realm key was deleted
assert:
that:
- result is changed
- result.end_state == {}
- result.msg == "Realm key testkey deleted"
- name: Remove custom realm key (test for idempotency)
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey
state: absent
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: ""
priority: 140
register: result
- name: Assert that nothing has changed
assert:
that:
- result is not changed
- result.end_state == {}
- result.msg == "Realm key testkey not present"
- name: Create custom realm key with a custom certificate
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey_with_certificate
state: present
parent_id: "{{ realm }}"
config:
private_key: "{{ realm_private_key }}"
certificate: "{{ realm_certificate }}"
enabled: true
active: true
priority: 150
diff: true
register: result
- name: Assert that realm key with custom certificate was created
assert:
that:
- result is changed
- result.end_state != {}
- result.end_state.name == "testkey_with_certificate"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["150"]
- result.msg == "Realm key testkey_with_certificate created"
- name: Attempt to change the private key and the certificate
community.general.keycloak_realm_key:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: testkey_with_certificate
state: present
parent_id: "{{ realm }}"
config:
private_key: "a different private key string"
certificate: "a different certificate string"
enabled: true
active: true
priority: 150
diff: true
register: result
- name: Assert that nothing has changed
assert:
that:
- result is not changed
- result.end_state != {}
- result.end_state.name == "testkey_with_certificate"
- result.end_state.parentId == "realm_key_test"
- result.end_state.providerId == "rsa"
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
- result.end_state.config.active == ["true"]
- result.end_state.config.enabled == ["true"]
- result.end_state.config.algorithm == ["RS256"]
- result.end_state.config.priority == ["150"]
- result.msg == "Realm key testkey_with_certificate was in sync"
- name: Remove Keycloak test realm
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
id: "{{ realm }}"
state: absent