Page MenuHomeSoftware Heritage
Files F9123775

No OneTemporary
Actions

View Options

diff --git a/files/database/oracle/module.xml b/files/database/oracle/module.xml
new file mode 100644
index 0000000..0cd19b6
--- /dev/null
+++ b/files/database/oracle/module.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" ?>
+<module xmlns="urn:jboss:module:1.3" name="org.oracle">
+
+ <resources>
+ <resource-root path="ojdbc8.jar"/>
+ </resources>
+
+ <dependencies>
+ <module name="javax.api"/>
+ <module name="javax.transaction.api"/>
+ </dependencies>
+</module>
+
diff --git a/manifests/datasource/oracle.pp b/manifests/datasource/oracle.pp
new file mode 100644
index 0000000..30b0d2a
--- /dev/null
+++ b/manifests/datasource/oracle.pp
@@ -0,0 +1,39 @@
+# Private class.
+class keycloak::datasource::oracle (
+ $jar_file = $keycloak::oracle_jar_file,
+ $jar_source = $keycloak::oracle_jar_source,
+ $module_source = 'puppet:///modules/keycloak/database/oracle/module.xml',
+) {
+ assert_private()
+
+ $module_dir = "${keycloak::install_dir}/keycloak-${keycloak::version}/modules/system/layers/keycloak/org/oracle/main"
+
+ exec { "mkdir -p ${module_dir}":
+ path => '/usr/bin:/bin',
+ creates => $module_dir,
+ user => $keycloak::user,
+ group => $keycloak::group,
+ }
+ -> file { $module_dir:
+ ensure => 'directory',
+ owner => $keycloak::user,
+ group => $keycloak::group,
+ mode => '0755',
+ }
+
+ file { "${module_dir}/${jar_file}":
+ ensure => 'file',
+ source => $jar_source,
+ owner => $keycloak::user,
+ group => $keycloak::group,
+ mode => '0644',
+ }
+
+ file { "${$module_dir}/module.xml":
+ ensure => 'file',
+ source => $module_source,
+ owner => $keycloak::user,
+ group => $keycloak::group,
+ mode => '0644',
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index b690aed..350abf5 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,186 +1,207 @@
# summary Manage Keycloak
#
# @example
# include ::keycloak
#
# @param version
# Version of Keycloak to install and manage.
# Default is `3.4.1.Final`.
# @param package_url
# URL of the Keycloak download.
# Default is based on version.
# @param install_dir
# Parent directory of where to install Keycloak.
# Default is `/opt`.
# @param service_name
# Keycloak service name.
# Default is `keycloak`.
# @param service_ensure
# Keycloak service ensure property.
# Default is `running`.
# @param service_enable
# Keycloak service enable property.
# Default is `true`.
# @param service_hasstatus
# Keycloak service hasstatus parameter.
# Default is `true`.
# @param service_hasrestart
# Keycloak service hasrestart parameter.
# Default is `true`.
# @param user
# Keycloak user name.
# Default is `keycloak`.
# @param group
# Keycloak user group name.
# Default is `keycloak`.
# @param user_uid
# Keycloak user UID.
# Default is `undef`.
# @param group_gid
# Keycloak user group GID.
# Default is `undef`.
# @param admin_user
# Keycloak administrative username.
# Default is `admin`.
# @param admin_user_password
# Keycloak administrative user password.
# Default is `changeme`.
# @param manage_datasource
# Boolean that determines if configured datasource will be managed.
# Only applies when `datasource_driver` is `mysql`.
# Default is `true`.
# @param datasource_driver
# Datasource driver to use for Keycloak.
-# Valid values are `h2` and `mysql`.
+# Valid values are `h2`, `mysql` and 'oracle'
# Default is `h2`.
# @param datasource_host
# Datasource host.
-# Only used when datasource_driver is `mysql`.
+# Only used when datasource_driver is `mysql` or 'oracle'
# Default is `localhost` for MySQL.
# @param datasource_port
# Datasource port.
-# Only used when datasource_driver is `mysql`.
+# Only used when datasource_driver is `mysql` or 'oracle'
# Default is `3306` for MySQL.
+# @param datasource_url
+# Datasource url.
+# Default datasource URLs are defined in init class.
# @param datasource_dbname
# Datasource database name.
# Default is `keycloak`.
# @param datasource_username
# Datasource user name.
# Default is `sa`.
# @param datasource_password
# Datasource user password.
# Default is `sa`.
# @param proxy_https
# Boolean that sets if HTTPS proxy should be enabled.
# Set to `true` if proxying traffic through Apache.
# Default is `false`.
# @param truststore
# Boolean that sets if truststore should be used.
# Default is `false`.
# @param truststore_hosts
# Hash that is used to define `keycloak::turststore::host` resources.
# Default is `{}`.
# @param truststore_password
# Truststore password.
# Default is `keycloak`.
# @param truststore_hostname_verification_policy
# Valid values are `WILDCARD`, `STRICT`, and `ANY`.
# Default is `WILDCARD`.
# @param http_port
# HTTP port used by Keycloak.
# Default is `8080`.
# @param theme_static_max_age
# Max cache age in seconds of static content.
# Default is `2592000`.
# @param theme_cache_themes
# Boolean that sets if themes should be cached.
# Default is `true`.
# @param theme_cache_templates
# Boolean that sets if templates should be cached.
# Default is `true`.
# @param realms
# Hash that is used to define keycloak_realm resources.
# Default is `{}`.
# @param client_templates
# Hash that is used to define keycloak::client_template resources.
# Default is `{}`.
+# @param oracle_jar_file
+# Oracle JDBC driver to use. Only use if $datasource_driver is set to oracle
+# Default is not defined
+# @param oracle_jar_source
+# Source for Oracle JDBC driver - could be puppet link or local file on the node. Only use if $datasource_driver is set to oracle
+# Default is not set
#
class keycloak (
String $version = '3.4.1.Final',
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]
$package_url = undef,
Stdlib::Absolutepath $install_dir = '/opt',
String $service_name = $keycloak::params::service_name,
String $service_ensure = 'running',
Boolean $service_enable = true,
Boolean $service_hasstatus = $keycloak::params::service_hasstatus,
Boolean $service_hasrestart = $keycloak::params::service_hasrestart,
Variant[String, Array] $service_java_opts = $keycloak::params::service_java_opts,
String $user = 'keycloak',
String $group = 'keycloak',
Optional[Integer] $user_uid = undef,
Optional[Integer] $group_gid = undef,
String $admin_user = 'admin',
String $admin_user_password = 'changeme',
Boolean $manage_datasource = true,
- Enum['h2', 'mysql'] $datasource_driver = 'h2',
+ Enum['h2', 'mysql','oracle'] $datasource_driver = 'h2',
Optional[String] $datasource_host = undef,
Optional[Integer] $datasource_port = undef,
+ Optional[String] $datasource_url = undef,
String $datasource_dbname = 'keycloak',
String $datasource_username = 'sa',
String $datasource_password = 'sa',
Boolean $proxy_https = false,
Boolean $truststore = false,
Hash $truststore_hosts = {},
String $truststore_password = 'keycloak',
Enum['WILDCARD', 'STRICT', 'ANY'] $truststore_hostname_verification_policy = 'WILDCARD',
Integer $http_port = 8080,
Integer $theme_static_max_age = 2592000,
Boolean $theme_cache_themes = true,
Boolean $theme_cache_templates = true,
Hash $realms = {},
Hash $client_templates = {},
+ Optional[String] $oracle_jar_file = undef,
+ Optional[String] $oracle_jar_source = undef,
) inherits keycloak::params {
$download_url = pick($package_url, "https://downloads.jboss.org/keycloak/${version}/keycloak-${version}.tar.gz")
case $datasource_driver {
'h2': {
- $datasource_connection_url = "jdbc:h2:\${jboss.server.data.dir}/${datasource_dbname};AUTO_SERVER=TRUE"
- }
+ $datasource_connection_url = pick($datasource_url, "jdbc:h2:\${jboss.server.data.dir}/${datasource_dbname};AUTO_SERVER=TRUE")
+ }
'mysql': {
$db_host = pick($datasource_host, 'localhost')
$db_port = pick($datasource_port, 3306)
- $datasource_connection_url = "jdbc:mysql://${db_host}:${db_port}/${datasource_dbname}"
- }
+ $datasource_connection_url = pick($datasource_url, "jdbc:mysql://${db_host}:${db_port}/${datasource_dbname}")
+ }
+ 'oracle': {
+ $db_host = pick($datasource_host, 'localhost')
+ $db_port = pick($datasource_port, 1521)
+ $datasource_connection_url = pick($datasource_url, "jdbc:oracle:thin:@${db_host}:${db_port}:${datasource_dbname}")
+ }
default: {}
}
+ if ($datasource_driver == 'oracle') and (($oracle_jar_file == undef) or ($oracle_jar_source == undef)) {
+ fail('Using Oracle RDBMS requires definition of jar_file and jar_source for Oracle JDBC driver. Refer to module documentation')
+ }
+
$install_base = "${keycloak::install_dir}/keycloak-${keycloak::version}"
include ::java
contain 'keycloak::install'
contain "keycloak::datasource::${datasource_driver}"
contain 'keycloak::config'
contain 'keycloak::service'
Class['::java']
-> Class['keycloak::install']
-> Class["keycloak::datasource::${datasource_driver}"]
-> Class['keycloak::config']
-> Class['keycloak::service']
Class["keycloak::datasource::${datasource_driver}"]~>Class['keycloak::service']
keycloak_conn_validator { 'keycloak':
keycloak_server => 'localhost',
keycloak_port => $http_port,
use_ssl => false,
timeout => 60,
test_url => '/auth/realms/master/.well-known/openid-configuration',
require => Class['keycloak::service'],
}
create_resources('keycloak_realm', $realms)
create_resources('keycloak::client_template', $client_templates)
}
diff --git a/templates/config.cli.erb b/templates/config.cli.erb
index a556155..27d291e 100644
--- a/templates/config.cli.erb
+++ b/templates/config.cli.erb
@@ -1,48 +1,56 @@
embed-server
<%- if scope['keycloak::proxy_https'] -%>
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
<%- end -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>)
<%- if scope['keycloak::datasource_driver'] == 'mysql' -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
if (outcome != success) of /subsystem=datasources/jdbc-driver=mysql:read-resource
/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
end-if
<%- elsif scope['keycloak::datasource_driver'] == 'h2' -%>
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=check-valid-connection-sql)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation-millis)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=flush-strategy)
+<%- elsif scope['keycloak::datasource_driver'] == 'oracle' -%>
+/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
+/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL")
+/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
+/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
+if (outcome != success) of /subsystem=datasources/jdbc-driver=oracle:read-resource
+/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
+end-if
<%- end -%>
<%- if scope['keycloak::truststore'] -%>
if (outcome != success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:add
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true)
end-if
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false)
<%- else -%>
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
<%- end -%>
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>)

File Metadata

Mime Type
text/x-diff
Expires
Sat, Jun 21, 6:06 PM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3270661

Event Timeline

About · Developer information · Legal