Page Menu
Home
Software Heritage
Search
Configure Global Search
Log In
Files
F9125308
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
36 KB
Subscribers
None
View Options
diff --git a/.fixtures.yml b/.fixtures.yml
index 7cb2178..dffb824 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -1,32 +1,32 @@
fixtures:
repositories:
stdlib:
repo: https://github.com/puppetlabs/puppetlabs-stdlib.git
ref: 4.25.0
mysql:
repo: https://github.com/puppetlabs/puppetlabs-mysql.git
ref: 3.10.0
postgresql:
repo: https://github.com/puppetlabs/puppetlabs-postgresql.git
- ref: 5.7.0
+ ref: v6.1.0
java:
repo: https://github.com/puppetlabs/puppetlabs-java.git
ref: 3.0.0
java_ks:
repo: https://github.com/puppetlabs/puppetlabs-java_ks.git
ref: 1.4.1
archive:
repo: https://github.com/voxpupuli/puppet-archive.git
ref: v0.5.1
systemd:
repo: https://github.com/camptocamp/puppet-systemd.git
ref: 0.4.0
yumrepo_core:
repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git
puppet_version: ">= 6.0.0"
apt:
repo: https://github.com/puppetlabs/puppetlabs-apt.git
concat:
repo: https://github.com/puppetlabs/puppetlabs-concat.git
symlinks:
keycloak: "#{source_dir}"
diff --git a/.sync.yml b/.sync.yml
index e39d38c..288e045 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -1,79 +1,91 @@
---
.travis.yml:
dist: xenial
extras:
- env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.4.5
stage: spec
- env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.5.3
stage: spec
allow_failures:
- env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.4.5
- env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.5.3
docker_defaults:
dist: xenial
docker_sets:
- set: centos-7
collection: puppet5
extra_envs:
- BEAKER_keycloak_full: yes
- set: centos-7
collection: puppet5
extra_envs:
- BEAKER_keycloak_version: 7.0.0
- BEAKER_keycloak_full: yes
- set: centos-7
collection: puppet6
extra_envs:
- BEAKER_keycloak_full: yes
- set: centos-7
collection: puppet6
extra_envs:
- BEAKER_keycloak_version: 7.0.0
- BEAKER_keycloak_full: yes
+ - set: centos-8
+ collection: puppet5
+ - set: centos-8
+ collection: puppet5
+ extra_envs:
+ - BEAKER_keycloak_version: 7.0.0
+ - set: centos-8
+ collection: puppet6
+ - set: centos-8
+ collection: puppet6
+ extra_envs:
+ - BEAKER_keycloak_version: 7.0.0
- set: debian-9
collection: puppet5
- set: debian-9
collection: puppet5
extra_envs:
- BEAKER_keycloak_version: 7.0.0
- set: debian-9
collection: puppet6
- set: debian-9
collection: puppet6
extra_envs:
- BEAKER_keycloak_version: 7.0.0
- set: ubuntu-1804
collection: puppet5
- set: ubuntu-1804
collection: puppet5
extra_envs:
- BEAKER_keycloak_version: 7.0.0
- set: ubuntu-1804
collection: puppet6
- set: ubuntu-1804
collection: puppet6
extra_envs:
- BEAKER_keycloak_version: 7.0.0
user: treydock
secure: "u4N3WOhiO4X0mmEF7I+ARGpcw4Wrmt1xA8cmG2Qlnvr+r3c7RgWfc6GoabLicGKoN/OqVPD1b6lXJ+Xrg8VAJb9NmFjXYkowbTYgyyPsx6fSIshaquThkrEUsaF1C5hWx1rADXCz8hkpvX537xye/uKQlvDjwHyHaJWu3rpCfsDApYwYZhIkKtsSk2hOlcX9jfI1LE/H6YYo44uRBxg2lyUusScJQcDe023mBYOOSet3C4w4UpPBqR0mu9XvjJHk0KJzBE2Jk6g7W+02/ZkVW9qDXh70mCE562uQN/CE8rjcM5V1M6L69YzG5rv0LSuV4rnrjNtkNz6GZPDKIpuwOLEkA0M+jBr+F2d4tPHyMVDGLQHIIl5/TxXU2A9+gDe9yZFeZ7KEOSkkYfEgKgHcPHMZQJhs7Xkj2ab+F3AFjrSbjWngX892NQXp9XK4EXBZzogdsEp+wHULc9ybb9BKUNS0FIbCOjJoqBuwe7Is8vfVQ+OXAxVnP1POEoAgmgD3gQVHtedBAYrT7Ge+uxILua+KaPYkxBh/Cg9TYYSJeO/y0LH8pV3zSOQ3oU3MGZRbZrLbNkFAq9sYu3Klw52NEgfgXNRaE5AIpC0Tjf/BHZuaGGPyZML4A14tctwzFCFmG8SXkN2fFtpS5LAfLzbizi2KecPMyEjSpHJATJ/6HuQ="
.gitlab-ci.yml:
delete: true
appveyor.yml:
delete: true
spec/acceptance/nodesets/centos-6.yml:
delete: true
spec/acceptance/nodesets/debian-8.yml:
delete: true
spec/acceptance/nodesets/debian-10.yml:
delete: true
spec/acceptance/nodesets/ubuntu-1404.yml:
delete: true
spec/acceptance/nodesets/ubuntu-1604.yml:
delete: true
spec/acceptance/nodesets/ubuntu-1804.yml:
packages:
- iproute2
diff --git a/.travis.yml b/.travis.yml
index e496bf1..35af60e 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,177 +1,213 @@
---
dist: xenial
language: ruby
cache: bundler
before_install:
- bundle -v
- rm -f Gemfile.lock
- gem update --system $RUBYGEMS_VERSION
- gem --version
- bundle -v
script:
- 'bundle exec rake $CHECK'
bundler_args: --without system_tests
rvm:
- 2.5.3
stages:
- static
- spec
- acceptance
-
if: tag =~ ^v\d
name: deploy
matrix:
fast_finish: true
include:
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_full=true
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0 BEAKER_keycloak_full=true
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_full=true
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-7 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0 BEAKER_keycloak_full=true
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
+ -
+ bundler_args: --with system_tests
+ dist: xenial
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-8 BEAKER_TESTMODE=apply
+ rvm: 2.5.3
+ script: bundle exec rake beaker
+ services: docker
+ stage: acceptance
+ sudo: required
+ -
+ bundler_args: --with system_tests
+ dist: xenial
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=centos-8 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
+ rvm: 2.5.3
+ script: bundle exec rake beaker
+ services: docker
+ stage: acceptance
+ sudo: required
+ -
+ bundler_args: --with system_tests
+ dist: xenial
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-8 BEAKER_TESTMODE=apply
+ rvm: 2.5.3
+ script: bundle exec rake beaker
+ services: docker
+ stage: acceptance
+ sudo: required
+ -
+ bundler_args: --with system_tests
+ dist: xenial
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=centos-8 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
+ rvm: 2.5.3
+ script: bundle exec rake beaker
+ services: docker
+ stage: acceptance
+ sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-9 BEAKER_TESTMODE=apply
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=debian-9 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-9 BEAKER_TESTMODE=apply
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=debian-9 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
bundler_args: --with system_tests
dist: xenial
env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_set=ubuntu-1804 BEAKER_TESTMODE=apply BEAKER_keycloak_version=7.0.0
rvm: 2.5.3
script: bundle exec rake beaker
services: docker
stage: acceptance
sudo: required
-
env: CHECK="check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop syntax lint metadata_lint"
stage: static
-
env: PUPPET_GEM_VERSION="~> 5.0" CHECK=parallel_spec
rvm: 2.4.5
stage: spec
-
env: PUPPET_GEM_VERSION="~> 6.0" CHECK=parallel_spec
rvm: 2.5.3
stage: spec
-
env: DEPLOY_TO_FORGE=yes
stage: deploy
-
env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.4.5
stage: spec
-
env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.5.3
stage: spec
allow_failures:
-
env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 5" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.4.5
-
env: CHECK="parallel_spec" PUPPET_GEM_VERSION="~> 6" FIXTURES_YML=".fixtures-latest.yml"
rvm: 2.5.3
branches:
only:
- master
- /^v\d/
notifications:
email: treydock@gmail.com
deploy:
provider: puppetforge
user: treydock
password:
secure: "u4N3WOhiO4X0mmEF7I+ARGpcw4Wrmt1xA8cmG2Qlnvr+r3c7RgWfc6GoabLicGKoN/OqVPD1b6lXJ+Xrg8VAJb9NmFjXYkowbTYgyyPsx6fSIshaquThkrEUsaF1C5hWx1rADXCz8hkpvX537xye/uKQlvDjwHyHaJWu3rpCfsDApYwYZhIkKtsSk2hOlcX9jfI1LE/H6YYo44uRBxg2lyUusScJQcDe023mBYOOSet3C4w4UpPBqR0mu9XvjJHk0KJzBE2Jk6g7W+02/ZkVW9qDXh70mCE562uQN/CE8rjcM5V1M6L69YzG5rv0LSuV4rnrjNtkNz6GZPDKIpuwOLEkA0M+jBr+F2d4tPHyMVDGLQHIIl5/TxXU2A9+gDe9yZFeZ7KEOSkkYfEgKgHcPHMZQJhs7Xkj2ab+F3AFjrSbjWngX892NQXp9XK4EXBZzogdsEp+wHULc9ybb9BKUNS0FIbCOjJoqBuwe7Is8vfVQ+OXAxVnP1POEoAgmgD3gQVHtedBAYrT7Ge+uxILua+KaPYkxBh/Cg9TYYSJeO/y0LH8pV3zSOQ3oU3MGZRbZrLbNkFAq9sYu3Klw52NEgfgXNRaE5AIpC0Tjf/BHZuaGGPyZML4A14tctwzFCFmG8SXkN2fFtpS5LAfLzbizi2KecPMyEjSpHJATJ/6HuQ="
on:
tags: true
all_branches: true
condition: "$DEPLOY_TO_FORGE = yes"
diff --git a/data/os/RedHat/8.yaml b/data/os/RedHat/8.yaml
new file mode 100644
index 0000000..d93ec72
--- /dev/null
+++ b/data/os/RedHat/8.yaml
@@ -0,0 +1,2 @@
+---
+keycloak::datasource_package: mariadb-java-client
diff --git a/hiera.yaml b/hiera.yaml
index 7713c65..3ad022d 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -1,12 +1,14 @@
---
version: 5
defaults: # Used for any hierarchy level that omits these keys.
datadir: data # This path is relative to hiera.yaml's directory.
data_hash: yaml_data # Use the built-in YAML backend.
hierarchy:
+ - name: 'os family major release'
+ path: "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
- name: 'os family'
path: "os/%{facts.os.family}.yaml"
- name: 'common'
path: 'common.yaml'
diff --git a/manifests/datasource/mysql.pp b/manifests/datasource/mysql.pp
index 175eb0e..726d0bf 100644
--- a/manifests/datasource/mysql.pp
+++ b/manifests/datasource/mysql.pp
@@ -1,51 +1,57 @@
# @summary Manage MySQL datasource
#
# @api private
class keycloak::datasource::mysql {
assert_private()
$jar_source = pick($keycloak::datasource_jar_source, $keycloak::mysql_jar_source)
$module_source = pick($keycloak::datasource_module_source, 'puppet:///modules/keycloak/database/mysql/module.xml')
$module_dir = "${keycloak::install_dir}/keycloak-${keycloak::version}/modules/system/layers/keycloak/com/mysql/jdbc/main"
- include ::mysql::bindings
- include ::mysql::bindings::java
+ if $keycloak::datasource_package {
+ ensure_packages([$keycloak::datasource_package])
+ $jar_require = Package[$keycloak::datasource_package]
+ } else {
+ include ::mysql::bindings
+ include ::mysql::bindings::java
+ $jar_require = Class['::mysql::bindings::java']
+ }
exec { "mkdir -p ${module_dir}":
path => '/usr/bin:/bin',
creates => $module_dir,
user => $keycloak::user,
group => $keycloak::group,
}
-> file { $module_dir:
ensure => 'directory',
owner => $keycloak::user,
group => $keycloak::group,
mode => '0755',
}
file { "${$module_dir}/mysql-connector-java.jar":
ensure => 'link',
target => $jar_source,
owner => $keycloak::user,
group => $keycloak::group,
mode => '0644',
- require => Class['::mysql::bindings::java'],
+ require => $jar_require,
}
file { "${$module_dir}/module.xml":
ensure => 'file',
source => $module_source,
owner => $keycloak::user,
group => $keycloak::group,
mode => '0644',
}
if $keycloak::manage_datasource {
mysql::db { $keycloak::datasource_dbname:
user => $keycloak::datasource_username,
password => $keycloak::datasource_password,
host => $keycloak::db_host,
grant => 'ALL',
}
}
}
diff --git a/manifests/init.pp b/manifests/init.pp
index 3cf17d8..ace93e7 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,326 +1,336 @@
# @summary Manage Keycloak
#
# @example
# include ::keycloak
#
# @param manage_install
# Install Keycloak from upstream Keycloak tarball.
# Set to false to manage installation of Keycloak outside
# this module and set $install_dir and $version to match.
# Defaults to true.
# @param version
# Version of Keycloak to install and manage.
# @param package_url
# URL of the Keycloak download.
# Default is based on version.
# @param install_dir
# Parent directory of where to install Keycloak.
# Default is `/opt`.
# @param service_name
# Keycloak service name.
# Default is `keycloak`.
# @param service_ensure
# Keycloak service ensure property.
# Default is `running`.
# @param service_enable
# Keycloak service enable property.
# Default is `true`.
# @param service_hasstatus
# Keycloak service hasstatus parameter.
# Default is `true`.
# @param service_hasrestart
# Keycloak service hasrestart parameter.
# Default is `true`.
# @param service_bind_address
# Bind address for Keycloak service.
# Default is '0.0.0.0'.
# @param service_java_opts
# Sets additional options to Java virtual machine environment variable.
# @param service_extra_opts
# Additional options added to the end of the service command-line.
# @param manage_user
# Defines if the module should manage the Linux user for Keycloak installation
# @param user
# Keycloak user name.
# Default is `keycloak`.
# @param user_shell
# Keycloak user shell.
# @param group
# Keycloak user group name.
# Default is `keycloak`.
# @param user_uid
# Keycloak user UID.
# Default is `undef`.
# @param group_gid
# Keycloak user group GID.
# Default is `undef`.
# @param admin_user
# Keycloak administrative username.
# Default is `admin`.
# @param admin_user_password
# Keycloak administrative user password.
# Default is `changeme`.
# @param manage_datasource
# Boolean that determines if configured datasource will be managed.
# Only applies when `datasource_driver` is `mysql`.
# Default is `true`.
# @param datasource_driver
# Datasource driver to use for Keycloak.
# Valid values are `h2`, `mysql`, 'oracle' and 'postgresql'
# Default is `h2`.
# @param datasource_host
# Datasource host.
# Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
# Default is `localhost` for MySQL.
# @param datasource_port
# Datasource port.
# Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
# Default is `3306` for MySQL.
# @param datasource_url
# Datasource url.
# Default datasource URLs are defined in init class.
# @param datasource_dbname
# Datasource database name.
# Default is `keycloak`.
# @param datasource_username
# Datasource user name.
# Default is `sa`.
# @param datasource_password
# Datasource user password.
# Default is `sa`.
+# @param datasource_package
+# Package to add specified datasource support
# @param datasource_jar_source
# Source for datasource JDBC driver - could be puppet link or local file on the node.
# Default is dependent on value for `datasource_driver`.
# This parameter is required if `datasource_driver` is `oracle`.
# @param datasource_module_source
# Source for datasource module.xml. Default depends on `datasource_driver`.
# @param proxy_https
# Boolean that sets if HTTPS proxy should be enabled.
# Set to `true` if proxying traffic through Apache.
# Default is `false`.
# @param truststore
# Boolean that sets if truststore should be used.
# Default is `false`.
# @param truststore_hosts
# Hash that is used to define `keycloak::turststore::host` resources.
# Default is `{}`.
# @param truststore_password
# Truststore password.
# Default is `keycloak`.
# @param truststore_hostname_verification_policy
# Valid values are `WILDCARD`, `STRICT`, and `ANY`.
# Default is `WILDCARD`.
# @param http_port
# HTTP port used by Keycloak.
# Default is `8080`.
# @param theme_static_max_age
# Max cache age in seconds of static content.
# Default is `2592000`.
# @param theme_cache_themes
# Boolean that sets if themes should be cached.
# Default is `true`.
# @param theme_cache_templates
# Boolean that sets if templates should be cached.
# Default is `true`.
# @param realms
# Hash that is used to define keycloak_realm resources.
# Default is `{}`.
# @param realms_merge
# Boolean that sets if `realms` should be merged from Hiera.
# @param oidc_client_scopes
# Hash that is used to define keycloak::client_scope::oidc resources.
# Default is `{}`.
# @param oidc_client_scopes_merge
# Boolean that sets if `oidc_client_scopes` should be merged from Hiera.
# @param saml_client_scopes
# Hash that is used to define keycloak::client_scope::saml resources.
# Default is `{}`.
# @param saml_client_scopes_merge
# Boolean that sets if `saml_client_scopes` should be merged from Hiera.
# @param identity_providers
# Hash that is used to define keycloak_identity_provider resources.
# @param identity_providers_merge
# Boolean that sets if `identity_providers` should be merged from Hiera.
# @param client_scopes
# Hash that is used to define keycloak_client_scope resources.
# @param client_scopes_merge
# Boolean that sets if `client_scopes` should be merged from Hiera.
# @param protocol_mappers
# Hash that is used to define keycloak_protocol_mapper resources.
# @param protocol_mappers_merge
# Boolean that sets if `protocol_mappers` should be merged from Hiera.
# @param clients
# Hash that is used to define keycloak_client resources.
# @param clients_merge
# Boolean that sets if `clients` should be merged from Hiera.
# @param with_sssd_support
# Boolean that determines if SSSD user provider support should be available
# @param libunix_dbus_java_source
# Source URL of libunix-dbus-java
# @param install_libunix_dbus_java_build_dependencies
# Boolean that determines of libunix-dbus-java build dependencies are managed by this module
# @param libunix_dbus_java_build_dependencies
# Packages needed to build libunix-dbus-java
# @param libunix_dbus_java_libdir
# Path to directory to install libunix-dbus-java libraries
# @param jna_package_name
# Package name for jna
# @param manage_sssd_config
# Boolean that determines if SSSD ifp config for Keycloak is managed
# @param sssd_ifp_user_attributes
# user_attributes to define for SSSD ifp service
# @param restart_sssd
# Boolean that determines if SSSD should be restarted
# @param service_environment_file
# Path to the file with environment variables for the systemd service
# @param operating_mode
# Keycloak operating mode deployment
#
class keycloak (
Boolean $manage_install = true,
String $version = '6.0.1',
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]
$package_url = undef,
Stdlib::Absolutepath $install_dir = '/opt',
String $service_name = 'keycloak',
String $service_ensure = 'running',
Boolean $service_enable = true,
Boolean $service_hasstatus = true,
Boolean $service_hasrestart = true,
Stdlib::IP::Address $service_bind_address = '0.0.0.0',
Optional[Variant[String, Array]]
$service_java_opts = undef,
Optional[String] $service_extra_opts = undef,
Boolean $manage_user = true,
String $user = 'keycloak',
Stdlib::Absolutepath $user_shell = '/sbin/nologin',
String $group = 'keycloak',
Optional[Integer] $user_uid = undef,
Optional[Integer] $group_gid = undef,
String $admin_user = 'admin',
String $admin_user_password = 'changeme',
Boolean $manage_datasource = true,
Enum['h2', 'mysql', 'oracle', 'postgresql'] $datasource_driver = 'h2',
Optional[String] $datasource_host = undef,
Optional[Integer] $datasource_port = undef,
Optional[String] $datasource_url = undef,
String $datasource_dbname = 'keycloak',
String $datasource_username = 'sa',
String $datasource_password = 'sa',
+ Optional[String] $datasource_package = undef,
Optional[String] $datasource_jar_source = undef,
Optional[String] $datasource_module_source = undef,
Boolean $proxy_https = false,
Boolean $truststore = false,
Hash $truststore_hosts = {},
String $truststore_password = 'keycloak',
Enum['WILDCARD', 'STRICT', 'ANY'] $truststore_hostname_verification_policy = 'WILDCARD',
Integer $http_port = 8080,
Integer $theme_static_max_age = 2592000,
Boolean $theme_cache_themes = true,
Boolean $theme_cache_templates = true,
Hash $realms = {},
Boolean $realms_merge = false,
Hash $oidc_client_scopes = {},
Boolean $oidc_client_scopes_merge = false,
Hash $saml_client_scopes = {},
Boolean $saml_client_scopes_merge = false,
Hash $client_scopes = {},
Boolean $client_scopes_merge = false,
Hash $protocol_mappers = {},
Boolean $protocol_mappers_merge = false,
Hash $identity_providers = {},
Boolean $identity_providers_merge = false,
Hash $clients = {},
Boolean $clients_merge = false,
Boolean $with_sssd_support = false,
Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]
$libunix_dbus_java_source = 'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz',
Boolean $install_libunix_dbus_java_build_dependencies = true,
Array $libunix_dbus_java_build_dependencies = [],
Stdlib::Absolutepath $libunix_dbus_java_libdir = '/usr/lib64',
String $jna_package_name = 'jna',
Boolean $manage_sssd_config = true,
Array $sssd_ifp_user_attributes = [],
Boolean $restart_sssd = true,
Optional[Stdlib::Absolutepath] $service_environment_file = undef,
Enum['standalone', 'clustered'] $operating_mode = 'standalone',
) {
if ! $facts['os']['family'] in ['RedHat','Debian'] {
fail("Unsupported osfamily: ${facts['os']['family']}, module ${module_name} only support osfamilies Debian and Redhat")
}
$download_url = pick($package_url, "https://downloads.jboss.org/keycloak/${version}/keycloak-${version}.tar.gz")
case $datasource_driver {
'h2': {
$datasource_connection_url = pick($datasource_url, "jdbc:h2:\${jboss.server.data.dir}/${datasource_dbname};AUTO_SERVER=TRUE")
}
'mysql': {
$db_host = pick($datasource_host, 'localhost')
$db_port = pick($datasource_port, 3306)
$datasource_connection_url = pick($datasource_url, "jdbc:mysql://${db_host}:${db_port}/${datasource_dbname}")
}
'oracle': {
$db_host = pick($datasource_host, 'localhost')
$db_port = pick($datasource_port, 1521)
$datasource_connection_url = pick($datasource_url, "jdbc:oracle:thin:@${db_host}:${db_port}:${datasource_dbname}")
}
'postgresql': {
$db_host = pick($datasource_host, 'localhost')
$db_port = pick($datasource_port, 5432)
$datasource_connection_url = pick($datasource_url, "jdbc:postgresql://${db_host}:${db_port}/${datasource_dbname}")
}
default: {}
}
if ($datasource_driver == 'oracle') and ($datasource_jar_source == undef) {
fail('Using Oracle RDBMS requires definition datasource_jar_source for Oracle JDBC driver. Refer to module documentation')
}
case $facts['os']['family'] {
'RedHat': {
- $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar'
- $postgresql_jar_source = '/usr/share/java/postgresql-jdbc.jar'
+ if versioncmp($facts['os']['release']['major'], '8') >= 0 {
+ $mysql_jar_source = '/usr/lib/java/mariadb-java-client.jar'
+ $mysql_datasource_class = 'org.mariadb.jdbc.MariaDbDataSource'
+ $postgresql_jar_source = '/usr/share/java/postgresql-jdbc/postgresql.jar'
+ } else {
+ $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar'
+ $mysql_datasource_class = 'com.mysql.jdbc.jdbc2.optional.MysqlXADataSource'
+ $postgresql_jar_source = '/usr/share/java/postgresql-jdbc.jar'
+ }
}
'Debian': {
$mysql_jar_source = '/usr/share/java/mysql-connector-java.jar'
$postgresql_jar_source = '/usr/share/java/postgresql.jar'
}
default: {
# do nothing
}
}
$install_base = "${keycloak::install_dir}/keycloak-${keycloak::version}"
include ::java
contain 'keycloak::install'
contain "keycloak::datasource::${datasource_driver}"
contain 'keycloak::config'
contain 'keycloak::service'
Class['::java']
-> Class['keycloak::install']
-> Class["keycloak::datasource::${datasource_driver}"]
-> Class['keycloak::config']
-> Class['keycloak::service']
Class["keycloak::datasource::${datasource_driver}"]~>Class['keycloak::service']
if $with_sssd_support {
contain 'keycloak::sssd'
Class['keycloak::sssd'] ~> Class['keycloak::service']
}
keycloak_conn_validator { 'keycloak':
keycloak_server => 'localhost',
keycloak_port => $http_port,
use_ssl => false,
timeout => 60,
test_url => '/auth/realms/master/.well-known/openid-configuration',
require => Class['keycloak::service'],
}
include keycloak::resources
}
diff --git a/metadata.json b/metadata.json
index ac2864b..35d7ef6 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,81 +1,84 @@
{
"name": "treydock-keycloak",
"version": "5.5.0",
"author": "treydock",
"summary": "Keycloak Puppet module",
"license": "Apache-2.0",
"source": "https://github.com/treydock/puppet-module-keycloak",
"project_page": "https://github.com/treydock/puppet-module-keycloak",
"issues_url": "https://github.com/treydock/puppet-module-keycloak/issues",
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">= 4.25.0 <7.0.0"
},
{
"name": "puppetlabs/mysql",
"version_requirement": ">= 3.0.0 <11.0.0"
},
{
"name": "puppetlabs/postgresql",
- "version_requirement": ">= 5.7.0 <7.0.0"
+ "version_requirement": ">= 6.1.0 <7.0.0"
},
{
"name": "puppetlabs/java",
"version_requirement": ">= 3.0.0 <6.0.0"
},
{
"name": "puppetlabs/java_ks",
"version_requirement": ">= 1.0.0 <4.0.0"
},
{
"name": "puppet/archive",
"version_requirement": ">= 0.5.1 <5.0.0"
},
{
"name": "camptocamp/systemd",
"version_requirement": ">= 0.4.0 <3.0.0"
}
],
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
- "7"
+ "7",
+ "8"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
- "7"
+ "7",
+ "8"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
- "7"
+ "7",
+ "8"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"9"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"18.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 5.0.0 < 7.0.0"
}
],
"pdk-version": "1.13.0",
"template-url": "https://github.com/treydock/pdk-templates.git#master",
"template-ref": "heads/master-0-g854a33f"
}
diff --git a/templates/config.cli.erb b/templates/config.cli.erb
index 003a6a8..7c05845 100644
--- a/templates/config.cli.erb
+++ b/templates/config.cli.erb
@@ -1,68 +1,68 @@
<% if scope['keycloak::operating_mode'] == 'standalone'-%>
embed-server
<% elsif scope['keycloak::operating_mode'] == 'clustered'-%>
embed-server --server-config=standalone-ha.xml
<% end -%>
<%- if scope['keycloak::proxy_https'] -%>
if (result.proxy-address-forwarding != true) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
end-if
if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
end-if
if (result.redirect-socket != proxy-https) of /subsystem=undertow/server=default-server/http-listener=default:read-resource
/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
end-if
<%- end -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= scope['keycloak::datasource_driver'] %>)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= scope['keycloak::datasource_connection_url'] %>")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value=<%= scope['keycloak::datasource_username'] %>)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value=<%= scope['keycloak::datasource_password'] %>)
<%- if scope['keycloak::datasource_driver'] == 'mysql' -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
if (outcome != success) of /subsystem=datasources/jdbc-driver=mysql:read-resource
-/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=com.mysql.jdbc.jdbc2.optional.MysqlXADataSource)
+/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= scope['keycloak::mysql_datasource_class'] %>)
end-if
<%- elsif scope['keycloak::datasource_driver'] == 'h2' -%>
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=check-valid-connection-sql)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation-millis)
/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=flush-strategy)
<%- elsif scope['keycloak::datasource_driver'] == 'oracle' -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
if (outcome != success) of /subsystem=datasources/jdbc-driver=oracle:read-resource
/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
end-if
<%- elsif scope['keycloak::datasource_driver'] == 'postgresql' -%>
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
if (outcome != success) of /subsystem=datasources/jdbc-driver=postgresql:read-resource
/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
end-if
<%- end -%>
<%- if scope['keycloak::truststore'] -%>
if (outcome != success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:add
/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true)
end-if
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= scope['keycloak::install_base'] %>/standalone/configuration/truststore.jks)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= scope['keycloak::truststore_password'] %>)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= scope['keycloak::truststore_hostname_verification_policy'] %>)
/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false)
<%- else -%>
if (outcome == success) of /subsystem=keycloak-server/spi=truststore:read-resource
/subsystem=keycloak-server/spi=truststore/:remove
end-if
<%- end -%>
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= scope['keycloak::theme_static_max_age'] %>)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= scope['keycloak::theme_cache_themes'] %>)
/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= scope['keycloak::theme_cache_templates'] %>)
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Sat, Jun 21, 8:28 PM (3 w, 4 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3270721
Attached To
R212 puppet-treydock-keycloak
Event Timeline
Log In to Comment