Use http_relative_path with keycloak_conn_validator (#278)

Fixes #277
treydock · Mar 9, 2023 · 12eb71f · 12eb71f
1 parent 02bf402
commit 12eb71f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 4 deletions.
diff --git a/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb b/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb
@@ -67,6 +67,6 @@ def create
   #
   # @api private
   def validator
-    @validator ||= Puppet::Util::KeycloakValidator.new(resource[:keycloak_server], resource[:keycloak_port], resource[:use_ssl], resource[:test_url])
+    @validator ||= Puppet::Util::KeycloakValidator.new(resource[:keycloak_server], resource[:keycloak_port], resource[:use_ssl], resource[:test_url], resource[:relative_path])
   end
 end
diff --git a/lib/puppet/type/keycloak_conn_validator.rb b/lib/puppet/type/keycloak_conn_validator.rb
@@ -32,7 +32,12 @@
 
   newparam(:test_url) do
     desc 'URL to use for testing if the Keycloak database is up'
-    defaultto '/auth/admin/serverinfo'
+    defaultto '/realms/master/.well-known/openid-configuration'
+  end
+
+  newparam(:relative_path) do
+    desc 'URL relative path that is used by Keycloak'
+    defaultto '/'
   end
 
   newparam(:timeout) do

diff --git a/lib/puppet/util/keycloak_validator.rb b/lib/puppet/util/keycloak_validator.rb
@@ -6,11 +6,12 @@
 class Puppet::Util::KeycloakValidator
   attr_reader :keycloak_server, :keycloak_port, :use_ssl, :test_path
 
-  def initialize(keycloak_server, keycloak_port, use_ssl = false, test_path = '/auth/admin/serverinfo')
+  def initialize(keycloak_server, keycloak_port, use_ssl = false, test_path = '/realms/master/.well-known/openid-configuration', relative_path = '/')
     @keycloak_server = keycloak_server
     @keycloak_port   = keycloak_port
     @use_ssl         = use_ssl
     @test_path       = test_path
+    @relative_path   = relative_path
   end
 
   # Utility method; attempts to make an http/https connection to the keycloak server.
@@ -22,10 +23,11 @@ def attempt_connection
     # All that we care about is that we are able to connect successfully via
     # http(s), so here we're simpling hitting a somewhat arbitrary low-impact URL
     # on the keycloak server.
+    path = "#{@relative_path}#{@test_path.sub(%r{^/}, '')}"
     http = Net::HTTP.new(@keycloak_server, @keycloak_port)
     http.use_ssl = @use_ssl
     http.verify_mode = OpenSSL::SSL::VERIFY_NONE
-    request = Net::HTTP::Get.new(@test_path)
+    request = Net::HTTP::Get.new(path)
     request.add_field('Accept', 'application/json')
     response = http.request(request)
 

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -408,6 +408,7 @@
     use_ssl         => $validator_ssl,
     timeout         => 60,
     test_url        => $validator_test_url,
+    relative_path   => $http_relative_path,
     require         => Class['keycloak::service'],
   }