-
Notifications
You must be signed in to change notification settings - Fork 40
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add keycloak::partial_import resource (#301)
Fixes #229
- Loading branch information
Showing
9 changed files
with
250 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
# @summary Perform partialImport using CLI | ||
# | ||
# @example Perform partial import | ||
# keycloak::partial_import { 'mysettings': | ||
# realm => 'test', | ||
# if_resource_exists => 'SKIP', | ||
# source => 'puppet:///modules/profile/keycloak/mysettings.json', | ||
# } | ||
# | ||
# @param realm | ||
# The Keycloak Realm | ||
# @param if_resource_exists | ||
# Behavior for when resources exist | ||
# @param source | ||
# The import JSON source | ||
# @param content | ||
# The import JSON content | ||
# @param filename | ||
# The filename of the stored JSON | ||
# @param require_realm | ||
# Determines whether to require the Keycloak_realm resource | ||
# @param create_realm | ||
# Determines whether to define the Keycloak_realm resource | ||
# | ||
define keycloak::partial_import ( | ||
String[1] $realm, | ||
Enum['FAIL','SKIP','OVERWRITE'] $if_resource_exists, | ||
Optional[Variant[Stdlib::Filesource, Stdlib::HTTPSUrl]] $source = undef, | ||
Optional[String[1]] $content = undef, | ||
String[1] $filename = $name, | ||
Boolean $require_realm = true, | ||
Boolean $create_realm = false, | ||
) { | ||
include keycloak | ||
|
||
if ! $source and ! $content { | ||
fail("keycloak::partial_import[${name}] must specify either source or content") | ||
} | ||
if $source and $content { | ||
fail("keycloak::partial_import[${name}] specify either source or content, not both") | ||
} | ||
|
||
$file_path = "${keycloak::conf_dir}/${filename}.json" | ||
$command = join([ | ||
"${keycloak::wrapper_path} create partialImport", | ||
"-r ${realm} -s ifResourceExists=${if_resource_exists} -o", | ||
"-f ${file_path}", | ||
], ' ') | ||
|
||
file { $file_path: | ||
ensure => 'file', | ||
owner => $keycloak::user, | ||
group => $keycloak::group, | ||
mode => '0600', | ||
source => $source, | ||
content => $content, | ||
require => Class['keycloak::install'], | ||
notify => Exec["partial-import-${name}"], | ||
} | ||
|
||
exec { "partial-import-${name}": | ||
path => '/usr/bin:/bin:/usr/sbin:/sbin', | ||
command => "${command} || { rm -f ${file_path}; exit 1; }", | ||
logoutput => true, | ||
refreshonly => true, | ||
require => Keycloak_conn_validator['keycloak'], | ||
} | ||
|
||
if $require_realm { | ||
Keycloak_realm[$realm] -> Exec["partial-import-${name}"] | ||
} | ||
if $create_realm { | ||
keycloak_realm { $realm: | ||
ensure => 'present', | ||
before => Exec["partial-import-${name}"], | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,64 @@ | ||
# frozen_string_literal: true | ||
|
||
require 'spec_helper' | ||
|
||
describe 'keycloak::partial_import' do | ||
on_supported_os.each do |os, facts| | ||
context "on #{os}" do # rubocop:disable RSpec/MultipleMemoizedHelpers | ||
let(:facts) do | ||
facts.merge(concat_basedir: '/dne') | ||
end | ||
let(:version) { '21.0.1' } | ||
let(:title) { 'test' } | ||
let(:params) do | ||
{ | ||
realm: 'myrealm', | ||
if_resource_exists: 'OVERWRITE', | ||
source: 'puppet:///modules/profile/keycloak/test.json' | ||
} | ||
end | ||
let(:file_path) { "/opt/keycloak-#{version}/conf/#{title}.json" } | ||
let(:command) do | ||
[ | ||
"/opt/keycloak-#{version}/bin/kcadm-wrapper.sh create partialImport", | ||
"-r #{params[:realm]} -s ifResourceExists=#{params[:if_resource_exists]}", | ||
"-o -f #{file_path}" | ||
].join(' ') | ||
end | ||
let(:pre_condition) do | ||
<<-PP | ||
keycloak_realm { #{params[:realm]}: | ||
ensure => 'present', | ||
} | ||
PP | ||
end | ||
|
||
it { is_expected.to compile.with_all_deps } | ||
|
||
it 'creates partial import JSON file' do | ||
is_expected.to contain_file(file_path).with( | ||
ensure: 'file', | ||
owner: 'keycloak', | ||
group: 'keycloak', | ||
mode: '0600', | ||
source: params[:source], | ||
content: nil, | ||
require: 'Class[Keycloak::Install]', | ||
notify: "Exec[partial-import-#{title}]", | ||
) | ||
end | ||
|
||
it 'creates exec for partial import' do | ||
is_expected.to create_exec("partial-import-#{title}").with( | ||
path: '/usr/bin:/bin:/usr/sbin:/sbin', | ||
command: "#{command} || { rm -f #{file_path}; exit 1; }", | ||
logoutput: 'true', | ||
refreshonly: 'true', | ||
require: 'Keycloak_conn_validator[keycloak]', | ||
) | ||
end | ||
|
||
it { is_expected.to contain_keycloak_realm(params[:realm]).that_comes_before("Exec[partial-import-#{title}]") } | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,44 @@ | ||
{ | ||
"clients": [ | ||
{ | ||
"id": "test.example.com", | ||
"clientId": "test.example.com", | ||
"surrogateAuthRequired": false, | ||
"enabled": true, | ||
"alwaysDisplayInConsole": false, | ||
"clientAuthenticatorType": "client-secret", | ||
"secret": "foobar", | ||
"redirectUris": [ | ||
"https://test.example.com", | ||
"https://test.example.com/oidc" | ||
], | ||
"webOrigins": [], | ||
"notBefore": 0, | ||
"bearerOnly": false, | ||
"consentRequired": false, | ||
"standardFlowEnabled": true, | ||
"implicitFlowEnabled": false, | ||
"directAccessGrantsEnabled": true, | ||
"serviceAccountsEnabled": false, | ||
"publicClient": false, | ||
"frontchannelLogout": false, | ||
"protocol": "openid-connect", | ||
"attributes": { | ||
"post.logout.redirect.uris": "+" | ||
}, | ||
"authenticationFlowBindingOverrides": {}, | ||
"fullScopeAllowed": true, | ||
"nodeReRegistrationTimeout": -1, | ||
"defaultClientScopes": [ | ||
"web-origins", | ||
"roles", | ||
"profile", | ||
"groups", | ||
"email" | ||
], | ||
"optionalClientScopes": [ | ||
"microprofile-jwt" | ||
] | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters