Merge pull request #69 from guidograzioli/keycloak_realm_attrs

Pass attributes to realm clients
ansible-middleware · Apr 1, 2023 · c0b72b6 · c0b72b6
2 parents f013a99 + 1cfa229
commit c0b72b6
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 3 deletions.
diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml
@@ -45,6 +45,8 @@
             web_origins: "{{ keycloak_client_web_origins }}"
             users: "{{ keycloak_client_users }}"
             client_id: TestClient
+            attributes:
+              post.logout.redirect.uris: '/public/logout'
   pre_tasks:
     - name: "Retrieve assets server from env"
       ansible.builtin.set_fact:

diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml
@@ -4,7 +4,7 @@
   vars:
     keycloak_admin_password: "remembertochangeme"
     keycloak_jvm_package: java-11-openjdk-headless
-    keycloak_port: http://localhost:8080
+    keycloak_uri: http://localhost:8080
     keycloak_management_port: http://localhost:9990
   tasks:
     - name: Populate service facts
@@ -17,13 +17,40 @@
     - name: Verify we are running on requested jvm
       shell: |
         ps -ef | grep /usr/lib/jvm/java-11 | grep -v grep
+      changed_when: no
     - name: Verify token api call
       ansible.builtin.uri:
-        url: "{{ keycloak_port }}/auth/realms/master/protocol/openid-connect/token"
+        url: "{{ keycloak_uri }}/auth/realms/master/protocol/openid-connect/token"
         method: POST
         body: "client_id=admin-cli&username=admin&password={{ keycloak_admin_password }}&grant_type=password"
         validate_certs: no
       register: keycloak_auth_response
       until: keycloak_auth_response.status == 200
       retries: 2
-      delay: 2
+      delay: 2
+    - name: Fetch openid-connect config
+      ansible.builtin.uri:
+        url: "{{ keycloak_uri }}/auth/realms/TestRealm/.well-known/openid-configuration"
+        method: GET
+        validate_certs: no
+        status_code: 200
+      register: keycloak_openid_config
+    - name: Verify expected config
+      ansible.builtin.assert:
+        that:
+          - keycloak_openid_config.json.registration_endpoint == 'http://localhost:8080/auth/realms/TestRealm/clients-registrations/openid-connect'
+    - name: Get test realm clients
+      ansible.builtin.uri:
+        url: "{{ keycloak_uri }}/auth/admin/realms/TestRealm/clients"
+        method: GET
+        validate_certs: no
+        status_code: 200
+        headers:
+          Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
+      register: keycloak_query_clients
+    - debug:
+        msg: "{{ keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') }}"
+    - name: Verify expected config
+      ansible.builtin.assert:
+        that:
+          - (keycloak_query_clients.json | selectattr('clientId','equalto','TestClient') | first)["attributes"]["post.logout.redirect.uris"] == '/public/logout'
diff --git a/roles/keycloak_realm/tasks/main.yml b/roles/keycloak_realm/tasks/main.yml
@@ -90,6 +90,7 @@
     service_accounts_enabled: "{{ item.service_accounts_enabled | default(omit) }}"
     public_client: "{{ item.public_client | default(False) }}"
     protocol: "{{ item.protocol | default(omit) }}"
+    attributes: "{{ item.attributes | default(omit) }}"
     state: present
   no_log: "{{ keycloak_no_log | default('True') }}"
   register: create_client_result