mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
c411e12555
* setup-docker: install and run docker inside integration test VMs * must pip install requests to satisfy community.docker requirements * add Ubuntu configuration to setup_docker * Update tests/integration/targets/mssql_script/tasks/main.yml * Update tests/integration/targets/mssql_script/tasks/main.yml * docker_pacakges variable non-existent by default * add setup_docker to keycloak_groups * add setup_docker to keycloak_groups * removed unused file tasks/nothing.yml * add README * add copyright notice to readme file * Update tests/integration/targets/setup_docker/README.md * rolled back the boilerplate disclaimer to mssql_script tasks/main.yml
527 lines
16 KiB
YAML
527 lines
16 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: Start container
|
|
community.docker.docker_container:
|
|
name: mykeycloak
|
|
image: "quay.io/keycloak/keycloak:20.0.2"
|
|
command: start-dev
|
|
env:
|
|
KC_HTTP_RELATIVE_PATH: /auth
|
|
KEYCLOAK_ADMIN: admin
|
|
KEYCLOAK_ADMIN_PASSWORD: password
|
|
ports:
|
|
- "8080:8080"
|
|
detach: true
|
|
auto_remove: true
|
|
memory: 2200M
|
|
|
|
- name: Check default ports
|
|
ansible.builtin.wait_for:
|
|
host: "localhost"
|
|
port: "8080"
|
|
state: started # Port should be open
|
|
delay: 30 # Wait before first check
|
|
timeout: 50 # Stop checking after timeout (sec)
|
|
|
|
- name: Create a keycloak group
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: test-group
|
|
state: present
|
|
register: result
|
|
retries: 3
|
|
delay: 20
|
|
until: result is not failed
|
|
|
|
- name: Assert group was created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "test-group"
|
|
- result.end_state.path == "/test-group"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- set_fact:
|
|
test_group_id: "{{ result.end_state.id }}"
|
|
|
|
- name: Group creation rerun (test for idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: test-group
|
|
state: present
|
|
register: result
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "test-group"
|
|
- result.end_state.path == "/test-group"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Update the name of a keycloak group
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ test_group_id }}"
|
|
name: new-test-group
|
|
state: present
|
|
register: result
|
|
|
|
- name: Assert that group name was updated
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "new-test-group"
|
|
- result.end_state.path == "/new-test-group"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Delete a keycloak group by id
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ test_group_id }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that group was deleted
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state == {}
|
|
|
|
- name: Redo group deletion (check for idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ test_group_id }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state == {}
|
|
|
|
- name: Create a keycloak group with some custom attributes
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: my-new_group
|
|
attributes:
|
|
attrib1: value1
|
|
attrib2: value2
|
|
attrib3:
|
|
- item1
|
|
- item2
|
|
register: result
|
|
|
|
- name: Assert that group was correctly created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "my-new_group"
|
|
- result.end_state.path == "/my-new_group"
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
- result.end_state.attributes != {}
|
|
- result.end_state.attributes.attrib1 == ["value1"]
|
|
- result.end_state.attributes.attrib2 == ["value2"]
|
|
- result.end_state.attributes.attrib3 == ["item1", "item2"]
|
|
|
|
- name: Delete a keycloak group based on name
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: my-new_group
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that group was deleted
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state == {}
|
|
|
|
## subgroup tests
|
|
## we already testet this so no asserts for this
|
|
- name: Create a new base group for subgroup testing (test setup)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: rootgrp
|
|
register: subgrp_basegrp_result
|
|
|
|
- name: Create a subgroup using parent id
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subgrp1
|
|
parents:
|
|
- id: "{{ subgrp_basegrp_result.end_state.id }}"
|
|
register: result
|
|
|
|
- name: Assert that subgroup was correctly created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subgrp1"
|
|
- result.end_state.path == "/rootgrp/subgrp1"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Recreate a subgroup using parent id (test idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subgrp1
|
|
parents:
|
|
- id: "{{ subgrp_basegrp_result.end_state.id }}"
|
|
register: result
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subgrp1"
|
|
- result.end_state.path == "/rootgrp/subgrp1"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Changing name of existing group
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ result.end_state.id }}"
|
|
name: new-subgrp1
|
|
parents:
|
|
- id: "{{ subgrp_basegrp_result.end_state.id }}"
|
|
register: result
|
|
|
|
- name: Assert that subgroup name has changed correctly
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "new-subgrp1"
|
|
- result.end_state.path == "/rootgrp/new-subgrp1"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Create a subgroup using parent name
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subgrp2
|
|
parents:
|
|
- name: rootgrp
|
|
register: result
|
|
|
|
- name: Assert that subgroup was correctly created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subgrp2"
|
|
- result.end_state.path == "/rootgrp/subgrp2"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: Recreate a subgroup using parent name (test idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subgrp2
|
|
parents:
|
|
- name: rootgrp
|
|
register: result
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subgrp2"
|
|
- result.end_state.path == "/rootgrp/subgrp2"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
## subgroup of subgroup tests
|
|
- name: Create a subgroup of a subgroup using parent names (complete parent chain)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subsubgrp
|
|
parents:
|
|
- name: rootgrp
|
|
- name: subgrp2
|
|
register: result
|
|
|
|
- name: Assert subgroup of subgroup was created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subsubgrp"
|
|
- result.end_state.path == "/rootgrp/subgrp2/subsubgrp"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: ReCreate a subgroup of a subgroup using parent names (test idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subsubgrp
|
|
parents:
|
|
- name: rootgrp
|
|
- name: subgrp2
|
|
register: result_subsubgrp
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result_subsubgrp is not changed
|
|
- result_subsubgrp.end_state != {}
|
|
- result_subsubgrp.end_state.name == "subsubgrp"
|
|
- result_subsubgrp.end_state.path == "/rootgrp/subgrp2/subsubgrp"
|
|
- result_subsubgrp.end_state.attributes == {}
|
|
- result_subsubgrp.end_state.clientRoles == {}
|
|
- result_subsubgrp.end_state.realmRoles == []
|
|
- result_subsubgrp.end_state.subGroups == []
|
|
|
|
- name: Create a subgroup of a subgroup using direct parent id (incomplete parent chain)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subsubsubgrp
|
|
parents:
|
|
- id: "{{ result_subsubgrp.end_state.id }}"
|
|
register: result
|
|
|
|
- name: Assert subgroup of subgroup was created
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state != {}
|
|
- result.end_state.name == "subsubsubgrp"
|
|
- result.end_state.path == "/rootgrp/subgrp2/subsubgrp/subsubsubgrp"
|
|
- result.end_state.attributes == {}
|
|
- result.end_state.clientRoles == {}
|
|
- result.end_state.realmRoles == []
|
|
- result.end_state.subGroups == []
|
|
|
|
- name: ReCreate a subgroup of a subgroup using direct parent id (test idempotency)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: subsubsubgrp
|
|
parents:
|
|
- id: "{{ result_subsubgrp.end_state.id }}"
|
|
register: result_subsubsubgrp
|
|
|
|
- name: Assert that nothing changed
|
|
assert:
|
|
that:
|
|
- result_subsubsubgrp is not changed
|
|
- result_subsubsubgrp.end_state != {}
|
|
- result_subsubsubgrp.end_state.name == "subsubsubgrp"
|
|
- result_subsubsubgrp.end_state.path == "/rootgrp/subgrp2/subsubgrp/subsubsubgrp"
|
|
- result_subsubsubgrp.end_state.attributes == {}
|
|
- result_subsubsubgrp.end_state.clientRoles == {}
|
|
- result_subsubsubgrp.end_state.realmRoles == []
|
|
- result_subsubsubgrp.end_state.subGroups == []
|
|
|
|
## subgroup deletion tests
|
|
## note: in principle we already have tested group deletion in general
|
|
## enough already, but what makes it interesting here again is to
|
|
## see it works also properly for subgroups and groups with subgroups
|
|
- name: Deleting a subgroup by id (no parents needed)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ result_subsubsubgrp.end_state.id }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that subgroup was deleted
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state == {}
|
|
|
|
- name: Redo subgroup deletion (idempotency test)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
id: "{{ result_subsubsubgrp.end_state.id }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that nothing changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state == {}
|
|
|
|
- name: Deleting a subgroup by name
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: new-subgrp1
|
|
parents:
|
|
- name: rootgrp
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that subgroup was deleted
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state == {}
|
|
|
|
- name: Redo deleting a subgroup by name (idempotency test)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: new-subgrp1
|
|
parents:
|
|
- name: rootgrp
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that nothing has changed
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state == {}
|
|
|
|
- name: Delete keycloak group which has subgroups
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: rootgrp
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that group was deleted
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state == {}
|
|
|
|
- name: Redo delete keycloak group which has subgroups (idempotency test)
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: rootgrp
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert that group was deleted
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state == {}
|