diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2a38fa1..ac42dc2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,136 +1,136 @@ name: CI on: push: branches: - main - master pull_request: jobs: unit: runs-on: ubuntu-latest continue-on-error: ${{ matrix.allow_failure }} strategy: fail-fast: false matrix: include: - - ruby: 2.4.9 - puppet: 5 - fixtures: .fixtures.yml - allow_failure: false - ruby: 2.5.7 puppet: 6 fixtures: .fixtures.yml allow_failure: false - - ruby: 2.4.9 - puppet: 5 - fixtures: .fixtures-latest.yml - allow_failure: true + - ruby: 2.7.0 + puppet: 7 + fixtures: .fixtures.yml + allow_failure: false - ruby: 2.5.7 puppet: 6 fixtures: .fixtures-latest.yml allow_failure: true + - ruby: 2.7.0 + puppet: 7 + fixtures: .fixtures-latest.yml + allow_failure: true env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) steps: - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true bundler: '2.1.0' - name: Validate run: bundle exec rake check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint - name: Run tests run: bundle exec rake parallel_spec acceptance: runs-on: ubuntu-latest strategy: fail-fast: false matrix: set: - "centos-7" - "centos-8" - "debian-9" - "debian-10" - "ubuntu-1804" puppet: - - "puppet5" - "puppet6" + - "puppet7" keycloak_version: - "8.0.1" - "12.0.1" keycloak_full: - "no" keycloak_domain_mode_cluster: - "no" include: - set: "centos-7" - puppet: "puppet5" + puppet: "puppet6" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" - puppet: "puppet5" + puppet: "puppet6" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7" - puppet: "puppet6" + puppet: "puppet7" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" - puppet: "puppet6" + puppet: "puppet7" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7-domain-mode-cluster" - puppet: "puppet5" + puppet: "puppet6" keycloak_version: "8.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: "puppet5" + puppet: "puppet6" keycloak_version: "12.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: "puppet6" + puppet: "puppet7" keycloak_version: "8.0.1" keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: "puppet6" + puppet: "puppet7" keycloak_version: "12.0.1" keycloak_domain_mode_cluster: "yes" env: BUNDLE_WITHOUT: development:release BEAKER_debug: true name: ${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }}) steps: - name: Enable IPv6 on docker run: | echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json sudo service docker restart # https://github.com/actions/virtual-environments/issues/181#issuecomment-610874237 - name: apparmor run: | set -x sudo apt-get remove mysql-server --purge sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: '2.7' bundler-cache: true bundler: '2.1.0' - name: Run tests run: bundle exec rake beaker env: BEAKER_PUPPET_COLLECTION: ${{ matrix.puppet }} BEAKER_set: ${{ matrix.set }} BEAKER_keycloak_version: ${{ matrix.keycloak_version }} BEAKER_keycloak_full: ${{ matrix.keycloak_full }} BEAKER_keycloak_domain_mode_cluster: ${{ matrix.keycloak_domain_mode_cluster }} diff --git a/.sync.yml b/.sync.yml index 0ee2197..e6d05c6 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,83 +1,83 @@ --- .github/workflows/ci.yaml: unit_name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) unit_includes: - - ruby: '2.4.9' - puppet: '5' - fixtures: .fixtures-latest.yml - allow_failure: true - ruby: '2.5.7' puppet: '6' fixtures: .fixtures-latest.yml allow_failure: true + - ruby: '2.7.0' + puppet: '7' + fixtures: .fixtures-latest.yml + allow_failure: true acceptance_name: '${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }})' acceptance_matrix: set: - centos-7 - centos-8 - debian-9 - debian-10 - ubuntu-1804 puppet: - - puppet5 - puppet6 + - puppet7 keycloak_version: - '8.0.1' - '12.0.1' keycloak_full: ['no'] keycloak_domain_mode_cluster: ['no'] acceptance_includes: - set: centos-7 - puppet: puppet5 + puppet: puppet6 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 - puppet: puppet5 + puppet: puppet6 keycloak_version: 12.0.1 keycloak_full: 'yes' - set: centos-7 - puppet: puppet6 + puppet: puppet7 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 - puppet: puppet6 + puppet: puppet7 keycloak_version: 12.0.1 keycloak_full: 'yes' - set: centos-7-domain-mode-cluster - puppet: puppet5 + puppet: puppet6 keycloak_version: 8.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster - puppet: puppet5 + puppet: puppet6 keycloak_version: 12.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster - puppet: puppet6 + puppet: puppet7 keycloak_version: 8.0.1 keycloak_domain_mode_cluster: 'yes' - set: centos-7-domain-mode-cluster - puppet: puppet6 + puppet: puppet7 keycloak_version: 12.0.1 keycloak_domain_mode_cluster: 'yes' .gitignore: paths: - /vagrant/.vagrant/ - /vagrant/*.log .gitlab-ci.yml: delete: true appveyor.yml: delete: true spec/acceptance/nodesets/centos-6.yml: delete: true spec/acceptance/nodesets/debian-8.yml: delete: true spec/acceptance/nodesets/debian-10.yml: packages: - iproute2 spec/acceptance/nodesets/ubuntu-1404.yml: delete: true spec/acceptance/nodesets/ubuntu-1604.yml: delete: true spec/acceptance/nodesets/ubuntu-1804.yml: packages: - iproute2 diff --git a/manifests/service.pp b/manifests/service.pp index c8082b3..9b1bccb 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -1,21 +1,18 @@ # Private class. class keycloak::service { assert_private() - if $::service_provider == 'systemd' { - ::systemd::unit_file { 'keycloak.service': - content => template('keycloak/keycloak.service.erb'), - notify => Service['keycloak'], - } - Exec['systemctl-daemon-reload'] -> Service['keycloak'] + systemd::unit_file { 'keycloak.service': + content => template('keycloak/keycloak.service.erb'), + notify => Service['keycloak'], } service { 'keycloak': ensure => $keycloak::service_ensure, enable => $keycloak::service_enable, name => $keycloak::service_name, hasstatus => $keycloak::service_hasstatus, hasrestart => $keycloak::service_hasrestart, } } diff --git a/metadata.json b/metadata.json index ec183b7..b2b469b 100644 --- a/metadata.json +++ b/metadata.json @@ -1,93 +1,93 @@ { "name": "treydock-keycloak", "version": "6.26.0", "author": "treydock", "summary": "Keycloak Puppet module", "license": "Apache-2.0", "source": "https://github.com/treydock/puppet-module-keycloak", "project_page": "https://github.com/treydock/puppet-module-keycloak", "issues_url": "https://github.com/treydock/puppet-module-keycloak/issues", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.25.0 <7.0.0" }, { "name": "puppetlabs/mysql", "version_requirement": ">= 10.2.0 <11.0.0" }, { "name": "puppetlabs/postgresql", "version_requirement": ">= 6.4.0 <7.0.0" }, { "name": "puppetlabs/java", "version_requirement": ">= 5.0.0 <7.0.0" }, { "name": "puppetlabs/java_ks", "version_requirement": ">= 1.0.0 <4.0.0" }, { "name": "puppetlabs/augeas_core", "version_requirement": ">= 1.0.0 <4.0.0" }, { "name": "puppetlabs/yumrepo_core", "version_requirement": ">= 1.0.0 <2.0.0" }, { "name": "puppet/archive", "version_requirement": ">= 0.5.1 <5.0.0" }, { "name": "camptocamp/systemd", "version_requirement": ">= 0.4.0 <3.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "9", "10" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "18.04" ] } ], "requirements": [ { "name": "puppet", - "version_requirement": ">= 5.0.0 < 7.0.0" + "version_requirement": ">= 6.0.0 < 8.0.0" } ], "pdk-version": "1.17.0", "template-url": "https://github.com/treydock/pdk-templates.git#master", - "template-ref": "heads/master-0-g1f52e6d" + "template-ref": "heads/master-0-gc21ae9d" } diff --git a/spec/acceptance/1_domain_mode_cluster_spec.rb b/spec/acceptance/1_domain_mode_cluster_spec.rb index 1a763ad..c43e1b7 100644 --- a/spec/acceptance/1_domain_mode_cluster_spec.rb +++ b/spec/acceptance/1_domain_mode_cluster_spec.rb @@ -1,132 +1,134 @@ require 'spec_helper_acceptance' describe 'keycloak domain mode cluster', if: RSpec.configuration.keycloak_domain_mode_cluster do domain_master = hosts_with_name(hosts, 'master')[0] domain_slave = hosts_with_name(hosts, 'slave')[0] db = hosts_with_name(hosts, 'db')[0] context 'new cluster' do it 'launches' do db_pp = <<-EOS class { '::postgresql::globals': + encoding => 'UTF-8', + locale => 'en_US.UTF-8', manage_package_repo => true, version => '9.6', } class { '::postgresql::server': listen_addresses => '*', require => Class['::postgresql::globals'] } ::postgresql::server::role { 'keycloak': password_hash => postgresql_password('keycloak', 'keycloak'), connection_limit => 300, require => Class['::postgresql::server'] } ::postgresql::server::database_grant { 'Grant all to keycloak': privilege => 'ALL', db => 'keycloak', role => 'keycloak', } ::postgresql::server::db { 'keycloak': user => 'keycloak', password => postgresql_password('keycloak', 'keycloak'), } postgresql::server::pg_hba_rule { 'Allow Keycloak instances network access to the database': description => 'Open up PostgreSQL for access from anywhere', type => 'host', database => 'keycloak', user => 'keycloak', address => '0.0.0.0/0', auth_method => 'md5', require => Class['::postgresql::server'] } EOS master_pp = <<-EOS class { '::keycloak': operating_mode => 'domain', role => 'master', management_bind_address => $::ipaddress, enable_jdbc_ping => true, wildfly_user => 'wildfly', wildfly_user_password => 'wildfly', manage_install => true, manage_datasource => false, version => '10.0.1', datasource_driver => 'postgresql', datasource_host => 'db', datasource_port => 5432, datasource_dbname => 'keycloak', datasource_username => 'keycloak', datasource_password => 'keycloak', admin_user => 'admin', admin_user_password => 'changeme', service_bind_address => '0.0.0.0', proxy_https => false, } EOS slave_pp = <<-EOS class { '::keycloak': operating_mode => 'domain', role => 'slave', enable_jdbc_ping => true, management_bind_address => $::ipaddress, wildfly_user => 'wildfly', wildfly_user_password => 'wildfly', master_address => 'master', manage_install => true, manage_datasource => false, version => '10.0.1', datasource_driver => 'postgresql', datasource_host => 'db', datasource_port => 5432, datasource_dbname => 'keycloak', datasource_username => 'keycloak', datasource_password => 'keycloak', admin_user => 'admin', admin_user_password => 'changeme', service_bind_address => '0.0.0.0', proxy_https => false, } EOS apply_manifest_on(db, db_pp, catch_failures: true) apply_manifest_on(domain_master, master_pp, catch_failures: true) apply_manifest_on(domain_master, master_pp, catch_changes: true) apply_manifest_on(domain_slave, slave_pp, catch_failures: true) apply_manifest_on(domain_slave, slave_pp, catch_changes: true) end describe service('keycloak'), node: domain_master do it { is_expected.to be_enabled } it { is_expected.to be_running } end describe service('keycloak'), node: domain_slave do it { is_expected.to be_enabled } it { is_expected.to be_running } end it 'data replicates from master to slave' do on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh create roles -r master -s name=testrole' on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh get roles/testrole -r master' do data = JSON.parse(stdout) expect(data['name']).to eq('testrole') end end it 'data replicates from slave to master' do on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh delete roles/testrole -r master' on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh get roles -r master' do data = JSON.parse(stdout) match = data.select { |role| role['name'] == 'testrole' } expect(match).to be_empty end end end end diff --git a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml b/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml index 93589f4..a816d3b 100644 --- a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml +++ b/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml @@ -1,48 +1,60 @@ HOSTS: master: roles: - agent - default - domain_master platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-master-el7' slave: roles: - agent - domain_slave platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-slave-el7' db: roles: - agent - db platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-db-el7' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/spec_helper_acceptance_setup.rb b/spec/spec_helper_acceptance_setup.rb index b96db6c..1318e66 100644 --- a/spec/spec_helper_acceptance_setup.rb +++ b/spec/spec_helper_acceptance_setup.rb @@ -1,44 +1,49 @@ RSpec.configure do |c| c.add_setting :keycloak_version keycloak_version = if ENV['BEAKER_keycloak_version'].nil? || ENV['BEAKER_keycloak_version'].empty? '8.0.1' else ENV['BEAKER_keycloak_version'] end c.keycloak_version = keycloak_version c.add_setting :keycloak_full c.keycloak_full = (ENV['BEAKER_keycloak_full'] == 'true' || ENV['BEAKER_keycloak_full'] == 'yes') c.add_setting :keycloak_domain_mode_cluster c.keycloak_domain_mode_cluster = (ENV['BEAKER_keycloak_domain_mode_cluster'] == 'true' || ENV['BEAKER_keycloak_domain_mode_cluster'] == 'yes') end proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..')) scp_to(hosts, File.join(proj_root, 'spec/fixtures/keycloak-duo-spi-jar-with-dependencies.jar'), '/tmp/keycloak-duo-spi-jar-with-dependencies.jar') hiera_yaml = <<-EOS --- version: 5 defaults: datadir: data data_hash: yaml_data hierarchy: - name: 'os family major release' path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml" - name: "Common" path: "common.yaml" EOS # Hack until released: https://github.com/puppetlabs/puppetlabs-mysql/pull/1264 debian10_yaml = <<-EOS mysql::bindings::java_package_name: libmariadb-java EOS +centos7_yaml = <<-EOS +postgresql::server::service_reload: 'systemctl reload postgresql 2>/dev/null 1>/dev/null' +EOS common_yaml = <<-EOS --- keycloak::version: '#{RSpec.configuration.keycloak_version}' -postgresql::globals::service_status: 'service postgresql status' +postgresql::server::service_status: 'service postgresql status 2>/dev/null 1>/dev/null' EOS create_remote_file(hosts, '/etc/puppetlabs/puppet/hiera.yaml', hiera_yaml) on hosts, 'mkdir -p /etc/puppetlabs/puppet/data' create_remote_file(hosts, '/etc/puppetlabs/puppet/data/common.yaml', common_yaml) on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/Debian' create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/Debian/10.yaml', debian10_yaml) +on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/RedHat' +create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/RedHat/7.yaml', centos7_yaml)