diff --git a/.fixtures-latest.yml b/.fixtures-latest.yml index aa8fb6f..0ba6ef4 100644 --- a/.fixtures-latest.yml +++ b/.fixtures-latest.yml @@ -1,29 +1,28 @@ fixtures: repositories: stdlib: repo: https://github.com/puppetlabs/puppetlabs-stdlib.git mysql: repo: https://github.com/puppetlabs/puppetlabs-mysql.git postgresql: repo: https://github.com/puppetlabs/puppetlabs-postgresql.git java: repo: https://github.com/puppetlabs/puppetlabs-java.git java_ks: repo: https://github.com/puppetlabs/puppetlabs-java_ks.git archive: repo: https://github.com/voxpupuli/puppet-archive.git systemd: repo: https://github.com/camptocamp/puppet-systemd.git - ref: "8f68b0dcf3bbbafc60c025879a28004fc9815aab" yumrepo_core: repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git puppet_version: ">= 6.0.0" augeas_core: repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git puppet_version: ">= 6.0.0" apt: repo: https://github.com/puppetlabs/puppetlabs-apt.git concat: repo: https://github.com/puppetlabs/puppetlabs-concat.git symlinks: keycloak: "#{source_dir}" diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e94b91c..2a38fa1 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,136 +1,136 @@ name: CI on: push: branches: - main - master pull_request: jobs: unit: runs-on: ubuntu-latest continue-on-error: ${{ matrix.allow_failure }} strategy: fail-fast: false matrix: include: - ruby: 2.4.9 puppet: 5 fixtures: .fixtures.yml allow_failure: false - ruby: 2.5.7 puppet: 6 fixtures: .fixtures.yml allow_failure: false - ruby: 2.4.9 puppet: 5 fixtures: .fixtures-latest.yml allow_failure: true - ruby: 2.5.7 puppet: 6 fixtures: .fixtures-latest.yml allow_failure: true env: BUNDLE_WITHOUT: system_tests:release PUPPET_GEM_VERSION: "~> ${{ matrix.puppet }}.0" FACTER_GEM_VERSION: "< 4.0" FIXTURES_YML: ${{ matrix.fixtures }} name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) steps: - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby }} bundler-cache: true bundler: '2.1.0' - name: Validate run: bundle exec rake check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint - name: Run tests run: bundle exec rake parallel_spec acceptance: runs-on: ubuntu-latest strategy: fail-fast: false matrix: set: - "centos-7" - "centos-8" - "debian-9" - "debian-10" - "ubuntu-1804" puppet: - "puppet5" - "puppet6" keycloak_version: - "8.0.1" - "12.0.1" keycloak_full: - "no" keycloak_domain_mode_cluster: - "no" include: - set: "centos-7" puppet: "puppet5" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet5" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet6" keycloak_version: "8.0.1" keycloak_full: "yes" - set: "centos-7" puppet: "puppet6" keycloak_version: "12.0.1" keycloak_full: "yes" - set: "centos-7-domain-mode-cluster" - puppet: puppet5 - keycloak_version: 8.0.1 - keycloak_domain_mode_cluster: 'yes' + puppet: "puppet5" + keycloak_version: "8.0.1" + keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: puppet5 - keycloak_version: 12.0.1 - keycloak_domain_mode_cluster: 'yes' + puppet: "puppet5" + keycloak_version: "12.0.1" + keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: puppet6 - keycloak_version: 8.0.1 - keycloak_domain_mode_cluster: 'yes' + puppet: "puppet6" + keycloak_version: "8.0.1" + keycloak_domain_mode_cluster: "yes" - set: "centos-7-domain-mode-cluster" - puppet: puppet6 - keycloak_version: 12.0.1 - keycloak_domain_mode_cluster: 'yes' + puppet: "puppet6" + keycloak_version: "12.0.1" + keycloak_domain_mode_cluster: "yes" env: BUNDLE_WITHOUT: development:release BEAKER_debug: true name: ${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }}) steps: - name: Enable IPv6 on docker run: | echo '{"ipv6":true,"fixed-cidr-v6":"2001:db8:1::/64"}' | sudo tee /etc/docker/daemon.json sudo service docker restart # https://github.com/actions/virtual-environments/issues/181#issuecomment-610874237 - name: apparmor run: | set -x sudo apt-get remove mysql-server --purge sudo apt-get install apparmor-profiles sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.mysqld - uses: actions/checkout@v2 - name: Setup ruby uses: ruby/setup-ruby@v1 with: ruby-version: '2.7' bundler-cache: true bundler: '2.1.0' - name: Run tests run: bundle exec rake beaker env: BEAKER_PUPPET_COLLECTION: ${{ matrix.puppet }} BEAKER_set: ${{ matrix.set }} BEAKER_keycloak_version: ${{ matrix.keycloak_version }} BEAKER_keycloak_full: ${{ matrix.keycloak_full }} BEAKER_keycloak_domain_mode_cluster: ${{ matrix.keycloak_domain_mode_cluster }} diff --git a/.sync.yml b/.sync.yml index bd5072b..0ee2197 100644 --- a/.sync.yml +++ b/.sync.yml @@ -1,62 +1,83 @@ --- .github/workflows/ci.yaml: unit_name: Puppet ${{ matrix.puppet }} (Ruby ${{ matrix.ruby }} fixtures=${{ matrix.fixtures }}) unit_includes: - ruby: '2.4.9' puppet: '5' fixtures: .fixtures-latest.yml allow_failure: true - ruby: '2.5.7' puppet: '6' fixtures: .fixtures-latest.yml allow_failure: true acceptance_name: '${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }})' acceptance_matrix: set: - centos-7 - centos-8 - debian-9 - debian-10 - ubuntu-1804 puppet: - puppet5 - puppet6 keycloak_version: - '8.0.1' - '12.0.1' keycloak_full: ['no'] + keycloak_domain_mode_cluster: ['no'] acceptance_includes: - set: centos-7 puppet: puppet5 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet5 keycloak_version: 12.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet6 keycloak_version: 8.0.1 keycloak_full: 'yes' - set: centos-7 puppet: puppet6 keycloak_version: 12.0.1 keycloak_full: 'yes' + - set: centos-7-domain-mode-cluster + puppet: puppet5 + keycloak_version: 8.0.1 + keycloak_domain_mode_cluster: 'yes' + - set: centos-7-domain-mode-cluster + puppet: puppet5 + keycloak_version: 12.0.1 + keycloak_domain_mode_cluster: 'yes' + - set: centos-7-domain-mode-cluster + puppet: puppet6 + keycloak_version: 8.0.1 + keycloak_domain_mode_cluster: 'yes' + - set: centos-7-domain-mode-cluster + puppet: puppet6 + keycloak_version: 12.0.1 + keycloak_domain_mode_cluster: 'yes' +.gitignore: + paths: + - /vagrant/.vagrant/ + - /vagrant/*.log .gitlab-ci.yml: delete: true appveyor.yml: delete: true spec/acceptance/nodesets/centos-6.yml: delete: true spec/acceptance/nodesets/debian-8.yml: delete: true spec/acceptance/nodesets/debian-10.yml: packages: - iproute2 spec/acceptance/nodesets/ubuntu-1404.yml: delete: true spec/acceptance/nodesets/ubuntu-1604.yml: delete: true spec/acceptance/nodesets/ubuntu-1804.yml: packages: - iproute2 diff --git a/spec/acceptance/1_domain_mode_cluster_spec.rb b/spec/acceptance/1_domain_mode_cluster_spec.rb index 60bb589..1a763ad 100644 --- a/spec/acceptance/1_domain_mode_cluster_spec.rb +++ b/spec/acceptance/1_domain_mode_cluster_spec.rb @@ -1,136 +1,132 @@ require 'spec_helper_acceptance' -# This check needs to be here or Beaker will try to run find_only_one on -# non-domain-mode tests and fail miserably. -if RSpec.configuration.keycloak_domain_mode_cluster - describe 'keycloak domain mode cluster' do - domain_master = find_only_one('domain_master') - domain_slave = find_only_one('domain_slave') - db = find_only_one('db') +describe 'keycloak domain mode cluster', if: RSpec.configuration.keycloak_domain_mode_cluster do + domain_master = hosts_with_name(hosts, 'master')[0] + domain_slave = hosts_with_name(hosts, 'slave')[0] + db = hosts_with_name(hosts, 'db')[0] - context 'new cluster' do - it 'launches' do - db_pp = <<-EOS - class { '::postgresql::globals': - manage_package_repo => true, - version => '9.6', - } + context 'new cluster' do + it 'launches' do + db_pp = <<-EOS + class { '::postgresql::globals': + manage_package_repo => true, + version => '9.6', + } - class { '::postgresql::server': - listen_addresses => '*', - require => Class['::postgresql::globals'] - } + class { '::postgresql::server': + listen_addresses => '*', + require => Class['::postgresql::globals'] + } - ::postgresql::server::role { 'keycloak': - password_hash => postgresql_password('keycloak', 'keycloak'), - connection_limit => 300, - require => Class['::postgresql::server'] - } + ::postgresql::server::role { 'keycloak': + password_hash => postgresql_password('keycloak', 'keycloak'), + connection_limit => 300, + require => Class['::postgresql::server'] + } - ::postgresql::server::database_grant { 'Grant all to keycloak': - privilege => 'ALL', - db => 'keycloak', - role => 'keycloak', - } + ::postgresql::server::database_grant { 'Grant all to keycloak': + privilege => 'ALL', + db => 'keycloak', + role => 'keycloak', + } - ::postgresql::server::db { 'keycloak': - user => 'keycloak', - password => postgresql_password('keycloak', 'keycloak'), - } + ::postgresql::server::db { 'keycloak': + user => 'keycloak', + password => postgresql_password('keycloak', 'keycloak'), + } - postgresql::server::pg_hba_rule { 'Allow Keycloak instances network access to the database': - description => 'Open up PostgreSQL for access from anywhere', - type => 'host', - database => 'keycloak', - user => 'keycloak', - address => '0.0.0.0/0', - auth_method => 'md5', - require => Class['::postgresql::server'] - } - EOS + postgresql::server::pg_hba_rule { 'Allow Keycloak instances network access to the database': + description => 'Open up PostgreSQL for access from anywhere', + type => 'host', + database => 'keycloak', + user => 'keycloak', + address => '0.0.0.0/0', + auth_method => 'md5', + require => Class['::postgresql::server'] + } + EOS - master_pp = <<-EOS - class { '::keycloak': - operating_mode => 'domain', - role => 'master', - management_bind_address => $::ipaddress, - enable_jdbc_ping => true, - wildfly_user => 'wildfly', - wildfly_user_password => 'wildfly', - manage_install => true, - manage_datasource => false, - version => '10.0.1', - datasource_driver => 'postgresql', - datasource_host => 'centos-7-db', - datasource_port => 5432, - datasource_dbname => 'keycloak', - datasource_username => 'keycloak', - datasource_password => 'keycloak', - admin_user => 'admin', - admin_user_password => 'changeme', - service_bind_address => '0.0.0.0', - proxy_https => false, - } - EOS + master_pp = <<-EOS + class { '::keycloak': + operating_mode => 'domain', + role => 'master', + management_bind_address => $::ipaddress, + enable_jdbc_ping => true, + wildfly_user => 'wildfly', + wildfly_user_password => 'wildfly', + manage_install => true, + manage_datasource => false, + version => '10.0.1', + datasource_driver => 'postgresql', + datasource_host => 'db', + datasource_port => 5432, + datasource_dbname => 'keycloak', + datasource_username => 'keycloak', + datasource_password => 'keycloak', + admin_user => 'admin', + admin_user_password => 'changeme', + service_bind_address => '0.0.0.0', + proxy_https => false, + } + EOS - slave_pp = <<-EOS - class { '::keycloak': - operating_mode => 'domain', - role => 'slave', - enable_jdbc_ping => true, - management_bind_address => $::ipaddress, - wildfly_user => 'wildfly', - wildfly_user_password => 'wildfly', - master_address => 'centos-7-master', - manage_install => true, - manage_datasource => false, - version => '10.0.1', - datasource_driver => 'postgresql', - datasource_host => 'centos-7-db', - datasource_port => 5432, - datasource_dbname => 'keycloak', - datasource_username => 'keycloak', - datasource_password => 'keycloak', - admin_user => 'admin', - admin_user_password => 'changeme', - service_bind_address => '0.0.0.0', - proxy_https => false, - } - EOS + slave_pp = <<-EOS + class { '::keycloak': + operating_mode => 'domain', + role => 'slave', + enable_jdbc_ping => true, + management_bind_address => $::ipaddress, + wildfly_user => 'wildfly', + wildfly_user_password => 'wildfly', + master_address => 'master', + manage_install => true, + manage_datasource => false, + version => '10.0.1', + datasource_driver => 'postgresql', + datasource_host => 'db', + datasource_port => 5432, + datasource_dbname => 'keycloak', + datasource_username => 'keycloak', + datasource_password => 'keycloak', + admin_user => 'admin', + admin_user_password => 'changeme', + service_bind_address => '0.0.0.0', + proxy_https => false, + } + EOS - apply_manifest_on(db, db_pp, catch_failures: true) - apply_manifest_on(domain_master, master_pp, catch_failures: true) - apply_manifest_on(domain_master, master_pp, catch_changes: true) - apply_manifest_on(domain_slave, slave_pp, catch_failures: true) - apply_manifest_on(domain_slave, slave_pp, catch_changes: true) - end + apply_manifest_on(db, db_pp, catch_failures: true) + apply_manifest_on(domain_master, master_pp, catch_failures: true) + apply_manifest_on(domain_master, master_pp, catch_changes: true) + apply_manifest_on(domain_slave, slave_pp, catch_failures: true) + apply_manifest_on(domain_slave, slave_pp, catch_changes: true) + end - describe service('keycloak'), node: domain_master do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('keycloak'), node: domain_master do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - describe service('keycloak'), node: domain_slave do - it { is_expected.to be_enabled } - it { is_expected.to be_running } - end + describe service('keycloak'), node: domain_slave do + it { is_expected.to be_enabled } + it { is_expected.to be_running } + end - it 'data replicates from master to slave' do - on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh create roles -r master -s name=testrole' - on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh get roles/testrole -r master' do - data = JSON.parse(stdout) - expect(data['name']).to eq('testrole') - end + it 'data replicates from master to slave' do + on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh create roles -r master -s name=testrole' + on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh get roles/testrole -r master' do + data = JSON.parse(stdout) + expect(data['name']).to eq('testrole') end + end - it 'data replicates from slave to master' do - on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh delete roles/testrole -r master' - on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh get roles -r master' do - data = JSON.parse(stdout) - match = data.select { |role| role['name'] == 'testrole' } - expect(match).to be_empty - end + it 'data replicates from slave to master' do + on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh delete roles/testrole -r master' + on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh get roles -r master' do + data = JSON.parse(stdout) + match = data.select { |role| role['name'] == 'testrole' } + expect(match).to be_empty end end end end diff --git a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml b/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml index 2ec51e5..93589f4 100644 --- a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml +++ b/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml @@ -1,48 +1,48 @@ HOSTS: - centos-7-master: + master: roles: - agent - default - domain_master platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' docker_container_name: 'keycloak-master-el7' - centos-7-slave: + slave: roles: - agent - domain_slave platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' docker_container_name: 'keycloak-slave-el7' - centos-7-db: + db: roles: - agent - db platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' docker_container_name: 'keycloak-db-el7' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/centos-7.yml b/spec/acceptance/nodesets/centos-7.yml index a071fd9..7e38350 100644 --- a/spec/acceptance/nodesets/centos-7.yml +++ b/spec/acceptance/nodesets/centos-7.yml @@ -1,20 +1,24 @@ HOSTS: centos-7: roles: - agent platform: el-7-x86_64 hypervisor: docker image: centos:7 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y wget which cronie iproute initscripts' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-el7' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/centos-8.yml b/spec/acceptance/nodesets/centos-8.yml index 7fb073b..6ab6445 100644 --- a/spec/acceptance/nodesets/centos-8.yml +++ b/spec/acceptance/nodesets/centos-8.yml @@ -1,22 +1,26 @@ HOSTS: centos-8: roles: - agent platform: el-8-x86_64 hypervisor: docker image: centos:8 docker_preserve_image: true docker_cmd: - '/usr/sbin/init' docker_image_commands: - 'yum install -y dnf-utils' - 'dnf config-manager --set-enabled powertools' - 'yum install -y wget which cronie iproute initscripts langpacks-en glibc-all-langpacks' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-el8' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/debian-10.yml b/spec/acceptance/nodesets/debian-10.yml index 91b3b84..6f96bad 100644 --- a/spec/acceptance/nodesets/debian-10.yml +++ b/spec/acceptance/nodesets/debian-10.yml @@ -1,24 +1,28 @@ HOSTS: debian10: roles: - agent platform: debian-10-amd64 hypervisor: docker image: debian:10 docker_preserve_image: true docker_cmd: - '/sbin/init' docker_image_commands: - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates iproute2' - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-debian10' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/debian-9.yml b/spec/acceptance/nodesets/debian-9.yml index 7987c69..0a843a2 100644 --- a/spec/acceptance/nodesets/debian-9.yml +++ b/spec/acceptance/nodesets/debian-9.yml @@ -1,24 +1,28 @@ HOSTS: debian9: roles: - agent platform: debian-9-amd64 hypervisor: docker image: debian:9 docker_preserve_image: true docker_cmd: - '/sbin/init' docker_image_commands: - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates' - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-debian9' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"] diff --git a/spec/acceptance/nodesets/ubuntu-1804.yml b/spec/acceptance/nodesets/ubuntu-1804.yml index c90273e..7e42ee9 100644 --- a/spec/acceptance/nodesets/ubuntu-1804.yml +++ b/spec/acceptance/nodesets/ubuntu-1804.yml @@ -1,21 +1,25 @@ HOSTS: ubuntu1804: roles: - agent platform: ubuntu-18.04-amd64 hypervisor : docker image: ubuntu:18.04 docker_preserve_image: true docker_cmd: '["/sbin/init"]' docker_image_commands: - "rm -f /etc/dpkg/dpkg.cfg.d/excludes" - 'apt-get install -y wget net-tools locales apt-transport-https ca-certificates iproute2' - 'locale-gen en_US.UTF-8' + docker_env: + - LANG=en_US.UTF-8 + - LANGUAGE=en_US.UTF-8 + - LC_ALL=en_US.UTF-8 docker_container_name: 'keycloak-ubuntu1804' CONFIG: log_level: debug type: foss ssh: password: root auth_methods: ["password"]