diff --git a/.travis.yml b/.travis.yml index 322d1fb..cbe9cdf 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,249 +1,248 @@ --- dist: xenial language: ruby cache: bundler before_install: - bundle -v - rm -f Gemfile.lock - - gem update --system $RUBYGEMS_VERSION - gem --version - bundle -v script: - 'bundle exec rake $CHECK' bundler_args: --without system_tests rvm: - 2.5.3 stages: - static - spec - acceptance - if: tag =~ ^v\d name: deploy matrix: fast_finish: true include: - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_full=true rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 BEAKER_keycloak_full=true rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_full=true rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 BEAKER_keycloak_full=true rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-8 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-8 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-8 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-8 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-9 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-9 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-9 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-9 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-10 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-10 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-10 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-10 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - bundler_args: --with system_tests dist: xenial env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply BEAKER_keycloak_version=8.0.1 rvm: 2.5.3 script: bundle exec rake beaker services: docker stage: acceptance sudo: required - env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint" stage: static - env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec rvm: 2.4.5 stage: spec - env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec rvm: 2.5.3 stage: spec - env: DEPLOY_TO_FORGE=yes stage: deploy - env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml" rvm: 2.4.5 stage: spec - env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml" rvm: 2.5.3 stage: spec allow_failures: - env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml" rvm: 2.4.5 - env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml" rvm: 2.5.3 branches: only: - master - /^v\d/ notifications: email: treydock@gmail.com deploy: provider: puppetforge user: treydock password: secure: "u4N3WOhiO4X0mmEF7I+ARGpcw4Wrmt1xA8cmG2Qlnvr+r3c7RgWfc6GoabLicGKoN/OqVPD1b6lXJ+Xrg8VAJb9NmFjXYkowbTYgyyPsx6fSIshaquThkrEUsaF1C5hWx1rADXCz8hkpvX537xye/uKQlvDjwHyHaJWu3rpCfsDApYwYZhIkKtsSk2hOlcX9jfI1LE/H6YYo44uRBxg2lyUusScJQcDe023mBYOOSet3C4w4UpPBqR0mu9XvjJHk0KJzBE2Jk6g7W+02/ZkVW9qDXh70mCE562uQN/CE8rjcM5V1M6L69YzG5rv0LSuV4rnrjNtkNz6GZPDKIpuwOLEkA0M+jBr+F2d4tPHyMVDGLQHIIl5/TxXU2A9+gDe9yZFeZ7KEOSkkYfEgKgHcPHMZQJhs7Xkj2ab+F3AFjrSbjWngX892NQXp9XK4EXBZzogdsEp+wHULc9ybb9BKUNS0FIbCOjJoqBuwe7Is8vfVQ+OXAxVnP1POEoAgmgD3gQVHtedBAYrT7Ge+uxILua+KaPYkxBh/Cg9TYYSJeO/y0LH8pV3zSOQ3oU3MGZRbZrLbNkFAq9sYu3Klw52NEgfgXNRaE5AIpC0Tjf/BHZuaGGPyZML4A14tctwzFCFmG8SXkN2fFtpS5LAfLzbizi2KecPMyEjSpHJATJ/6HuQ=" on: tags: true all_branches: true condition: "$DEPLOY_TO_FORGE = yes" diff --git a/manifests/config.pp b/manifests/config.pp index 063108b..b2735bc 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -1,71 +1,94 @@ # Private class. class keycloak::config { assert_private() file { '/opt/keycloak': ensure => 'link', target => $keycloak::install_base } # Template uses: # - $keycloak::install_base # - $keycloak::admin_user # - $keycloak::admin_user_password file { 'kcadm-wrapper.sh': ensure => 'file', path => "${keycloak::install_base}/bin/kcadm-wrapper.sh", owner => $keycloak::user, group => $keycloak::group, mode => '0750', content => template('keycloak/kcadm-wrapper.sh.erb'), show_diff => false, } $_add_user_keycloak_cmd = "${keycloak::install_base}/bin/add-user-keycloak.sh" $_add_user_keycloak_args = "--user ${keycloak::admin_user} --password ${keycloak::admin_user_password} --realm master" $_add_user_keycloak_state = "${keycloak::install_base}/.create-keycloak-admin-${keycloak::datasource_driver}" exec { 'create-keycloak-admin': command => "${_add_user_keycloak_cmd} ${_add_user_keycloak_args} && touch ${_add_user_keycloak_state}", creates => $_add_user_keycloak_state, notify => Class['keycloak::service'], } file { "${keycloak::install_base}/standalone/configuration": ensure => 'directory', owner => $keycloak::user, group => $keycloak::group, mode => '0750', } file { "${keycloak::install_base}/standalone/configuration/profile.properties": ensure => 'file', owner => $keycloak::user, group => $keycloak::group, content => template('keycloak/profile.properties.erb'), mode => '0644', notify => Class['keycloak::service'], } file { "${keycloak::install_base}/config.cli": ensure => 'file', owner => $keycloak::user, group => $keycloak::group, mode => '0600', content => template('keycloak/config.cli.erb'), notify => Exec['jboss-cli.sh --file=config.cli'], show_diff => false, } exec { 'jboss-cli.sh --file=config.cli': command => "${keycloak::install_base}/bin/jboss-cli.sh --file=config.cli", cwd => $keycloak::install_base, user => $keycloak::user, group => $keycloak::group, refreshonly => true, logoutput => true, notify => Class['keycloak::service'], } create_resources('keycloak::truststore::host', $keycloak::truststore_hosts) + if $keycloak::java_opts { + $java_opts_ensure = 'present' + } else { + $java_opts_ensure = 'absent' + } + + if $keycloak::java_opts =~ Array { + $java_opts = join($keycloak::java_opts, ' ') + } else { + $java_opts = $keycloak::java_opts + } + if $keycloak::java_opts_append { + $_java_opts = "\$JAVA_OPTS ${java_opts}" + } else { + $_java_opts = $java_opts + } + file_line { 'standalone.conf-JAVA_OPTS': + ensure => $java_opts_ensure, + path => "${keycloak::install_base}/bin/standalone.conf", + line => "JAVA_OPTS=\"${_java_opts}\"", + match => '^JAVA_OPTS=', + notify => Class['keycloak::service'], + } } diff --git a/manifests/init.pp b/manifests/init.pp index 3de0957..d0d92fe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -1,348 +1,350 @@ # @summary Manage Keycloak # # @example # include ::keycloak # # @param manage_install # Install Keycloak from upstream Keycloak tarball. # Set to false to manage installation of Keycloak outside # this module and set $install_dir and $version to match. # Defaults to true. # @param version # Version of Keycloak to install and manage. # @param package_url # URL of the Keycloak download. # Default is based on version. # @param install_dir # Parent directory of where to install Keycloak. # Default is `/opt`. # @param service_name # Keycloak service name. # Default is `keycloak`. # @param service_ensure # Keycloak service ensure property. # Default is `running`. # @param service_enable # Keycloak service enable property. # Default is `true`. # @param service_hasstatus # Keycloak service hasstatus parameter. # Default is `true`. # @param service_hasrestart # Keycloak service hasrestart parameter. # Default is `true`. # @param service_bind_address # Bind address for Keycloak service. # Default is '0.0.0.0'. -# @param service_java_opts +# @param java_opts # Sets additional options to Java virtual machine environment variable. +# @param java_opts_append +# Determine if $JAVA_OPTS should be appended to when setting `java_opts` parameter # @param service_extra_opts # Additional options added to the end of the service command-line. # @param manage_user # Defines if the module should manage the Linux user for Keycloak installation # @param user # Keycloak user name. # Default is `keycloak`. # @param user_shell # Keycloak user shell. # @param group # Keycloak user group name. # Default is `keycloak`. # @param user_uid # Keycloak user UID. # Default is `undef`. # @param group_gid # Keycloak user group GID. # Default is `undef`. # @param admin_user # Keycloak administrative username. # Default is `admin`. # @param admin_user_password # Keycloak administrative user password. # Default is `changeme`. # @param manage_datasource # Boolean that determines if configured datasource will be managed. # Only applies when `datasource_driver` is `mysql`. # Default is `true`. # @param datasource_driver # Datasource driver to use for Keycloak. # Valid values are `h2`, `mysql`, 'oracle' and 'postgresql' # Default is `h2`. # @param datasource_host # Datasource host. # Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql' # Default is `localhost` for MySQL. # @param datasource_port # Datasource port. # Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql' # Default is `3306` for MySQL. # @param datasource_url # Datasource url. # Default datasource URLs are defined in init class. # @param datasource_dbname # Datasource database name. # Default is `keycloak`. # @param datasource_username # Datasource user name. # Default is `sa`. # @param datasource_password # Datasource user password. # Default is `sa`. # @param datasource_package # Package to add specified datasource support # @param datasource_jar_source # Source for datasource JDBC driver - could be puppet link or local file on the node. # Default is dependent on value for `datasource_driver`. # This parameter is required if `datasource_driver` is `oracle`. # @param datasource_module_source # Source for datasource module.xml. Default depends on `datasource_driver`. # @param datasource_xa_class # MySQL Connector/J JDBC driver xa-datasource class name # @param proxy_https # Boolean that sets if HTTPS proxy should be enabled. # Set to `true` if proxying traffic through Apache. # Default is `false`. # @param truststore # Boolean that sets if truststore should be used. # Default is `false`. # @param truststore_hosts # Hash that is used to define `keycloak::turststore::host` resources. # Default is `{}`. # @param truststore_password # Truststore password. # Default is `keycloak`. # @param truststore_hostname_verification_policy # Valid values are `WILDCARD`, `STRICT`, and `ANY`. # Default is `WILDCARD`. # @param http_port # HTTP port used by Keycloak. # Default is `8080`. # @param theme_static_max_age # Max cache age in seconds of static content. # Default is `2592000`. # @param theme_cache_themes # Boolean that sets if themes should be cached. # Default is `true`. # @param theme_cache_templates # Boolean that sets if templates should be cached. # Default is `true`. # @param realms # Hash that is used to define keycloak_realm resources. # Default is `{}`. # @param realms_merge # Boolean that sets if `realms` should be merged from Hiera. # @param oidc_client_scopes # Hash that is used to define keycloak::client_scope::oidc resources. # Default is `{}`. # @param oidc_client_scopes_merge # Boolean that sets if `oidc_client_scopes` should be merged from Hiera. # @param saml_client_scopes # Hash that is used to define keycloak::client_scope::saml resources. # Default is `{}`. # @param saml_client_scopes_merge # Boolean that sets if `saml_client_scopes` should be merged from Hiera. # @param identity_providers # Hash that is used to define keycloak_identity_provider resources. # @param identity_providers_merge # Boolean that sets if `identity_providers` should be merged from Hiera. # @param client_scopes # Hash that is used to define keycloak_client_scope resources. # @param client_scopes_merge # Boolean that sets if `client_scopes` should be merged from Hiera. # @param protocol_mappers # Hash that is used to define keycloak_protocol_mapper resources. # @param protocol_mappers_merge # Boolean that sets if `protocol_mappers` should be merged from Hiera. # @param clients # Hash that is used to define keycloak_client resources. # @param clients_merge # Boolean that sets if `clients` should be merged from Hiera. # @param with_sssd_support # Boolean that determines if SSSD user provider support should be available # @param libunix_dbus_java_source # Source URL of libunix-dbus-java # @param install_libunix_dbus_java_build_dependencies # Boolean that determines of libunix-dbus-java build dependencies are managed by this module # @param libunix_dbus_java_build_dependencies # Packages needed to build libunix-dbus-java # @param libunix_dbus_java_libdir # Path to directory to install libunix-dbus-java libraries # @param jna_package_name # Package name for jna # @param manage_sssd_config # Boolean that determines if SSSD ifp config for Keycloak is managed # @param sssd_ifp_user_attributes # user_attributes to define for SSSD ifp service # @param restart_sssd # Boolean that determines if SSSD should be restarted # @param service_environment_file # Path to the file with environment variables for the systemd service # @param operating_mode # Keycloak operating mode deployment # @param tech_preview_features # List of technology Preview features to enable # class keycloak ( Boolean $manage_install = true, String $version = '6.0.1', Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $package_url = undef, Stdlib::Absolutepath $install_dir = '/opt', String $service_name = 'keycloak', String $service_ensure = 'running', Boolean $service_enable = true, Boolean $service_hasstatus = true, Boolean $service_hasrestart = true, Stdlib::IP::Address $service_bind_address = '0.0.0.0', - Optional[Variant[String, Array]] - $service_java_opts = undef, + Optional[Variant[String, Array]] $java_opts = undef, + Boolean $java_opts_append = true, Optional[String] $service_extra_opts = undef, Boolean $manage_user = true, String $user = 'keycloak', Stdlib::Absolutepath $user_shell = '/sbin/nologin', String $group = 'keycloak', Optional[Integer] $user_uid = undef, Optional[Integer] $group_gid = undef, String $admin_user = 'admin', String $admin_user_password = 'changeme', Boolean $manage_datasource = true, Enum['h2', 'mysql', 'oracle', 'postgresql'] $datasource_driver = 'h2', Optional[String] $datasource_host = undef, Optional[Integer] $datasource_port = undef, Optional[String] $datasource_url = undef, Optional[String] $datasource_xa_class = undef, String $datasource_dbname = 'keycloak', String $datasource_username = 'sa', String $datasource_password = 'sa', Optional[String] $datasource_package = undef, Optional[String] $datasource_jar_source = undef, Optional[String] $datasource_module_source = undef, Boolean $proxy_https = false, Boolean $truststore = false, Hash $truststore_hosts = {}, String $truststore_password = 'keycloak', Enum['WILDCARD', 'STRICT', 'ANY'] $truststore_hostname_verification_policy = 'WILDCARD', Integer $http_port = 8080, Integer $theme_static_max_age = 2592000, Boolean $theme_cache_themes = true, Boolean $theme_cache_templates = true, Hash $realms = {}, Boolean $realms_merge = false, Hash $oidc_client_scopes = {}, Boolean $oidc_client_scopes_merge = false, Hash $saml_client_scopes = {}, Boolean $saml_client_scopes_merge = false, Hash $client_scopes = {}, Boolean $client_scopes_merge = false, Hash $protocol_mappers = {}, Boolean $protocol_mappers_merge = false, Hash $identity_providers = {}, Boolean $identity_providers_merge = false, Hash $clients = {}, Boolean $clients_merge = false, Boolean $with_sssd_support = false, Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl] $libunix_dbus_java_source = 'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz', Boolean $install_libunix_dbus_java_build_dependencies = true, Array $libunix_dbus_java_build_dependencies = [], Stdlib::Absolutepath $libunix_dbus_java_libdir = '/usr/lib64', String $jna_package_name = 'jna', Boolean $manage_sssd_config = true, Array $sssd_ifp_user_attributes = [], Boolean $restart_sssd = true, Optional[Stdlib::Absolutepath] $service_environment_file = undef, Enum['standalone', 'clustered'] $operating_mode = 'standalone', Array $tech_preview_features = [], ) { if ! ($facts['os']['family'] in ['RedHat','Debian']) { fail("Unsupported osfamily: ${facts['os']['family']}, module ${module_name} only support osfamilies Debian and Redhat") } $download_url = pick($package_url, "https://downloads.jboss.org/keycloak/${version}/keycloak-${version}.tar.gz") case $datasource_driver { 'h2': { $datasource_connection_url = pick($datasource_url, "jdbc:h2:\${jboss.server.data.dir}/${datasource_dbname};AUTO_SERVER=TRUE") } 'mysql': { $db_host = pick($datasource_host, 'localhost') $db_port = pick($datasource_port, 3306) $datasource_connection_url = pick($datasource_url, "jdbc:mysql://${db_host}:${db_port}/${datasource_dbname}") } 'oracle': { $db_host = pick($datasource_host, 'localhost') $db_port = pick($datasource_port, 1521) $datasource_connection_url = pick($datasource_url, "jdbc:oracle:thin:@${db_host}:${db_port}:${datasource_dbname}") } 'postgresql': { $db_host = pick($datasource_host, 'localhost') $db_port = pick($datasource_port, 5432) $datasource_connection_url = pick($datasource_url, "jdbc:postgresql://${db_host}:${db_port}/${datasource_dbname}") } default: {} } if ($datasource_driver == 'oracle') and ($datasource_jar_source == undef) { fail('Using Oracle RDBMS requires definition datasource_jar_source for Oracle JDBC driver. Refer to module documentation') } case $facts['os']['family'] { 'RedHat': { if versioncmp($facts['os']['release']['major'], '8') >= 0 { $mysql_datasource_class = pick($datasource_xa_class, 'org.mariadb.jdbc.MariaDbDataSource') $mysql_jar_source = '/usr/lib/java/mariadb-java-client.jar' $postgresql_jar_source = '/usr/share/java/postgresql-jdbc/postgresql.jar' } else { $mysql_datasource_class = pick($datasource_xa_class, 'com.mysql.jdbc.jdbc2.optional.MysqlXADataSource') $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar' $postgresql_jar_source = '/usr/share/java/postgresql-jdbc.jar' } } 'Debian': { if $facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '10') >= 0 { $mysql_datasource_class = pick($datasource_xa_class, 'org.mariadb.jdbc.MariaDbDataSource') $mysql_jar_source = '/usr/share/java/mariadb-java-client.jar' } else { $mysql_datasource_class = pick($datasource_xa_class, 'com.mysql.jdbc.jdbc2.optional.MysqlXADataSource') $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar' } $postgresql_jar_source = '/usr/share/java/postgresql.jar' } default: { # do nothing } } $install_base = "${keycloak::install_dir}/keycloak-${keycloak::version}" include ::java contain 'keycloak::install' contain "keycloak::datasource::${datasource_driver}" contain 'keycloak::config' contain 'keycloak::service' Class['::java'] -> Class['keycloak::install'] -> Class["keycloak::datasource::${datasource_driver}"] -> Class['keycloak::config'] -> Class['keycloak::service'] Class["keycloak::datasource::${datasource_driver}"]~>Class['keycloak::service'] if $with_sssd_support { contain 'keycloak::sssd' Class['keycloak::sssd'] ~> Class['keycloak::service'] } keycloak_conn_validator { 'keycloak': keycloak_server => 'localhost', keycloak_port => $http_port, use_ssl => false, timeout => 60, test_url => '/auth/realms/master/.well-known/openid-configuration', require => Class['keycloak::service'], } include keycloak::resources } diff --git a/spec/acceptance/1_class_spec.rb b/spec/acceptance/1_class_spec.rb index 605d12c..1021935 100644 --- a/spec/acceptance/1_class_spec.rb +++ b/spec/acceptance/1_class_spec.rb @@ -1,123 +1,124 @@ require 'spec_helper_acceptance' describe 'keycloak class:' do context 'default parameters' do it 'runs successfully' do pp = <<-EOS class { 'keycloak': } EOS apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end describe file("/opt/keycloak-#{RSpec.configuration.keycloak_version}") do it { is_expected.to be_directory } end describe service('keycloak') do it { is_expected.to be_enabled } it { is_expected.to be_running } end end context 'default with clustered mode enable' do it 'runs successfully' do pp = <<-EOS class { 'keycloak': operating_mode => 'clustered', } EOS apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end describe service('keycloak') do it { is_expected.to be_enabled } it { is_expected.to be_running } end end context 'default with mysql datasource' do it 'runs successfully' do pp = <<-EOS include mysql::server class { 'keycloak': datasource_driver => 'mysql', } EOS apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end describe service('keycloak') do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe port(8080) do it { is_expected.to be_listening.on('0.0.0.0').with('tcp') } end describe port(9990) do it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end end context 'default with postgresql datasource' do it 'runs successfully' do pp = <<-EOS include postgresql::server class { 'keycloak': datasource_driver => 'postgresql', } EOS apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end describe service('keycloak') do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe port(8080) do it { is_expected.to be_listening.on('0.0.0.0').with('tcp') } end describe port(9990) do it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end end - context 'default with proxy_https' do + context 'changes to defaults' do it 'runs successfully' do pp = <<-EOS include mysql::server class { 'keycloak': datasource_driver => 'mysql', proxy_https => true, + java_opts => '-Xmx512m -Xms64m', } EOS apply_manifest(pp, catch_failures: true) apply_manifest(pp, catch_changes: true) end describe service('keycloak') do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe port(8080) do it { is_expected.to be_listening.on('0.0.0.0').with('tcp') } end describe port(9990) do it { is_expected.to be_listening.on('127.0.0.1').with('tcp') } end end end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 463ca00..daebe16 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -1,152 +1,190 @@ require 'spec_helper' describe 'keycloak' do on_supported_os.each do |os, facts| context "on #{os}" do let(:facts) do facts.merge(concat_basedir: '/dne') end case facts[:osfamily] when %r{RedHat} shell = '/sbin/nologin' when %r{Debian} shell = '/usr/sbin/nologin' end it { is_expected.to compile.with_all_deps } it { is_expected.to create_class('keycloak') } it { is_expected.to contain_class('keycloak::install').that_comes_before('Class[keycloak::config]') } it { is_expected.to contain_class('keycloak::config').that_comes_before('Class[keycloak::service]') } it { is_expected.to contain_class('keycloak::service') } context 'keycloak::install' do it do is_expected.to contain_user('keycloak').only_with(ensure: 'present', name: 'keycloak', forcelocal: 'true', shell: shell, gid: 'keycloak', home: '/var/lib/keycloak', managehome: 'true') end end context 'keycloak::datasource::mysql' do let(:pre_condition) { 'include ::mysql::server' } let(:params) { { datasource_driver: 'mysql' } } it { is_expected.to contain_class('keycloak::install').that_comes_before('Class[keycloak::datasource::mysql]') } it { is_expected.to contain_class('keycloak::datasource::mysql').that_comes_before('Class[keycloak::config]') } it do is_expected.to contain_mysql__db('keycloak').with(user: 'sa', password: 'sa', host: 'localhost', grant: 'ALL') end context 'manage_datasource => false' do let(:params) { { datasource_driver: 'mysql', manage_datasource: false } } it { is_expected.not_to contain_mysql__db('keycloak') } end end context 'keycloak::datasource::postgresql' do let(:params) { { datasource_driver: 'postgresql' } } it { is_expected.to contain_class('keycloak::install').that_comes_before('Class[keycloak::datasource::postgresql]') } it { is_expected.to contain_class('keycloak::datasource::postgresql').that_comes_before('Class[keycloak::config]') } it do is_expected.to contain_postgresql__server__db('keycloak').with(user: 'sa', password: %r{.*}) end context 'manage_datasource => false' do let(:params) { { datasource_driver: 'postgresql', manage_datasource: false } } it { is_expected.not_to contain_postgresql__server__db('keycloak') } end end context 'keycloak::config' do it do is_expected.to contain_file('kcadm-wrapper.sh').only_with( ensure: 'file', path: '/opt/keycloak-6.0.1/bin/kcadm-wrapper.sh', owner: 'keycloak', group: 'keycloak', mode: '0750', content: %r{.*}, show_diff: 'false', ) end it do is_expected.to contain_exec('create-keycloak-admin') .with(command: '/opt/keycloak-6.0.1/bin/add-user-keycloak.sh --user admin --password changeme --realm master && touch /opt/keycloak-6.0.1/.create-keycloak-admin-h2', creates: '/opt/keycloak-6.0.1/.create-keycloak-admin-h2', notify: 'Class[Keycloak::Service]') end it do is_expected.to contain_file('/opt/keycloak-6.0.1/standalone/configuration').only_with( ensure: 'directory', owner: 'keycloak', group: 'keycloak', mode: '0750', ) end it do is_expected.to contain_file('/opt/keycloak-6.0.1/standalone/configuration/profile.properties').only_with( ensure: 'file', owner: 'keycloak', group: 'keycloak', mode: '0644', content: %r{.*}, notify: 'Class[Keycloak::Service]', ) end it do verify_exact_file_contents(catalogue, '/opt/keycloak-6.0.1/standalone/configuration/profile.properties', []) end it do is_expected.to contain_file('/opt/keycloak-6.0.1/config.cli').only_with( ensure: 'file', owner: 'keycloak', group: 'keycloak', mode: '0600', content: %r{.*}, notify: 'Exec[jboss-cli.sh --file=config.cli]', show_diff: 'false', ) end + it do + is_expected.to contain_file_line('standalone.conf-JAVA_OPTS').with( + ensure: 'absent', + path: '/opt/keycloak-6.0.1/bin/standalone.conf', + line: 'JAVA_OPTS="$JAVA_OPTS "', + match: '^JAVA_OPTS=', + notify: 'Class[Keycloak::Service]', + ) + end + context 'when tech_preview_features defined' do let(:params) { { tech_preview_features: ['account_api'] } } it do verify_exact_file_contents(catalogue, '/opt/keycloak-6.0.1/standalone/configuration/profile.properties', ['feature.account_api=enabled']) end end + + context 'when java_opts defined' do + let(:params) { { java_opts: '-Xmx512m -Xms64m' } } + + it do + is_expected.to contain_file_line('standalone.conf-JAVA_OPTS').with( + ensure: 'present', + path: '/opt/keycloak-6.0.1/bin/standalone.conf', + line: 'JAVA_OPTS="$JAVA_OPTS -Xmx512m -Xms64m"', + match: '^JAVA_OPTS=', + notify: 'Class[Keycloak::Service]', + ) + end + + context 'when java_opts_append is false' do + let(:params) { { java_opts: '-Xmx512m -Xms64m', java_opts_append: false } } + + it do + is_expected.to contain_file_line('standalone.conf-JAVA_OPTS').with( + ensure: 'present', + path: '/opt/keycloak-6.0.1/bin/standalone.conf', + line: 'JAVA_OPTS="-Xmx512m -Xms64m"', + match: '^JAVA_OPTS=', + notify: 'Class[Keycloak::Service]', + ) + end + end + end end context 'keycloak::service' do it do is_expected.to contain_service('keycloak').only_with(ensure: 'running', enable: 'true', name: 'keycloak', hasstatus: 'true', hasrestart: 'true') end end end # end context end # end on_supported_os loop end # end describe diff --git a/templates/keycloak.service.erb b/templates/keycloak.service.erb index 29424a0..6a9243f 100644 --- a/templates/keycloak.service.erb +++ b/templates/keycloak.service.erb @@ -1,28 +1,21 @@ [Unit] Description=Jboss Application Server After=network.target [Service] Type=idle <% if scope['keycloak::service_environment_file'] -%> EnvironmentFile=<%= scope['keycloak::service_environment_file'] %> <% end -%> -<% if scope['keycloak::service_java_opts'] -%> -<% if scope['keycloak::server_java_opts'].is_a?(Array) -%> -Environment="JAVA_OPTS=$JAVA_OPTS <%= scope['keycloak::service_java_opts'].join(' ') %>" -<% else %> -Environment="JAVA_OPTS=$JAVA_OPTS <%= scope['keycloak::service_java_opts'] %>" -<% end -%> -<% end -%> User=<%= scope['keycloak::user'] %> Group=<%= scope['keycloak::group'] %> <% if scope['keycloak::operating_mode'] == 'standalone'-%> ExecStart=<%= scope['keycloak::install_base'] %>/bin/standalone.sh -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %><% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %> <% elsif scope['keycloak::operating_mode'] == 'clustered'-%> ExecStart=<%= scope['keycloak::install_base'] %>/bin/standalone.sh --server-config=standalone-ha.xml -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %><% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %> <% end -%> TimeoutStartSec=600 TimeoutStopSec=600 [Install] WantedBy=multi-user.target