diff --git a/.fixtures.yml b/.fixtures.yml
index c936d489..086e805f 100644
--- a/.fixtures.yml
+++ b/.fixtures.yml
@@ -1,35 +1,21 @@
fixtures:
- repositories:
+ forge_modules:
stdlib:
- repo: https://github.com/puppetlabs/puppetlabs-stdlib.git
- ref: 4.25.0
+ repo: puppetlabs/stdlib
mysql:
- repo: https://github.com/puppetlabs/puppetlabs-mysql.git
- ref: v10.3.0
+ repo: puppetlabs/mysql
postgresql:
- repo: https://github.com/puppetlabs/puppetlabs-postgresql.git
- ref: v7.4.0
+ repo: puppetlabs/postgresql
java:
- repo: https://github.com/puppetlabs/puppetlabs-java.git
- ref: v7.3.0
+ repo: puppetlabs/java
java_ks:
- repo: https://github.com/puppetlabs/puppetlabs-java_ks.git
- ref: 1.4.1
+ repo: puppetlabs/java_ks
+ # Dependency of other modules
+ concat:
+ repo: puppetlabs/concat
archive:
- repo: https://github.com/voxpupuli/puppet-archive.git
- ref: v0.5.1
+ repo: puppet/archive
systemd:
- repo: https://github.com/voxpupuli/puppet-systemd.git
- ref: 0.4.0
- augeas_core:
- repo: https://github.com/puppetlabs/puppetlabs-augeas_core.git
- ref: 1.1.1
- yumrepo_core:
- repo: https://github.com/puppetlabs/puppetlabs-yumrepo_core.git
- ref: 1.0.7
- apt:
- repo: https://github.com/puppetlabs/puppetlabs-apt.git
- concat:
- repo: https://github.com/puppetlabs/puppetlabs-concat.git
+ repo: puppet/systemd
symlinks:
keycloak: "#{source_dir}"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 9f963c36..0bb72b10 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -7,6 +7,7 @@ on:
- master
pull_request:
+
jobs:
unit:
runs-on: ubuntu-latest
@@ -57,7 +58,6 @@ jobs:
set:
- "centos-7"
- "rocky-8"
- - "debian-9"
- "debian-10"
- "debian-11"
- "ubuntu-1804"
@@ -66,60 +66,18 @@ jobs:
- "puppet6"
- "puppet7"
keycloak_version:
- - "12.0.4"
- - "13.0.1"
- - "14.0.0"
- - "15.0.1"
- - "16.1.1"
+ - "18.0.0"
keycloak_full:
- "no"
- keycloak_domain_mode_cluster:
- - "no"
include:
- set: "centos-7"
puppet: "puppet6"
- keycloak_version: "12.0.4"
- keycloak_full: "yes"
- - set: "centos-7"
- puppet: "puppet7"
- keycloak_version: "12.0.4"
+ keycloak_version: "18.0.0"
keycloak_full: "yes"
- set: "centos-7"
puppet: "puppet7"
- keycloak_version: "13.0.1"
+ keycloak_version: "18.0.0"
keycloak_full: "yes"
- - set: "centos-7"
- puppet: "puppet7"
- keycloak_version: "14.0.0"
- keycloak_full: "yes"
- - set: "centos-7"
- puppet: "puppet7"
- keycloak_version: "15.0.1"
- keycloak_full: "yes"
- - set: "centos-7"
- puppet: "puppet7"
- keycloak_version: "16.1.1"
- keycloak_full: "yes"
- - set: "centos-7-domain-mode-cluster"
- puppet: "puppet7"
- keycloak_version: "12.0.4"
- keycloak_domain_mode_cluster: "yes"
- - set: "centos-7-domain-mode-cluster"
- puppet: "puppet7"
- keycloak_version: "13.0.1"
- keycloak_domain_mode_cluster: "yes"
- - set: "centos-7-domain-mode-cluster"
- puppet: "puppet7"
- keycloak_version: "14.0.0"
- keycloak_domain_mode_cluster: "yes"
- - set: "centos-7-domain-mode-cluster"
- puppet: "puppet7"
- keycloak_version: "15.0.1"
- keycloak_domain_mode_cluster: "yes"
- - set: "centos-7-domain-mode-cluster"
- puppet: "puppet7"
- keycloak_version: "16.1.1"
- keycloak_domain_mode_cluster: "yes"
env:
BUNDLE_WITHOUT: development:release
BEAKER_debug: true
@@ -150,4 +108,3 @@ jobs:
BEAKER_set: ${{ matrix.set }}
BEAKER_keycloak_version: ${{ matrix.keycloak_version }}
BEAKER_keycloak_full: ${{ matrix.keycloak_full }}
- BEAKER_keycloak_domain_mode_cluster: ${{ matrix.keycloak_domain_mode_cluster }}
diff --git a/.sync.yml b/.sync.yml
index e243d9d6..a84ab485 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -18,7 +18,6 @@ Rakefile:
set:
- centos-7
- rocky-8
- - debian-9
- debian-10
- debian-11
- ubuntu-1804
@@ -27,58 +26,17 @@ Rakefile:
- puppet6
- puppet7
keycloak_version:
- - '12.0.4'
- - '13.0.1'
- - '14.0.0'
- - '15.0.1'
- - '16.1.1'
+ - '18.0.0'
keycloak_full: ['no']
- keycloak_domain_mode_cluster: ['no']
acceptance_includes:
- set: centos-7
puppet: puppet6
- keycloak_version: 12.0.4
+ keycloak_version: 18.0.0
keycloak_full: 'yes'
- set: centos-7
puppet: puppet7
- keycloak_version: 12.0.4
+ keycloak_version: 18.0.0
keycloak_full: 'yes'
- - set: centos-7
- puppet: puppet7
- keycloak_version: 13.0.1
- keycloak_full: 'yes'
- - set: centos-7
- puppet: puppet7
- keycloak_version: 14.0.0
- keycloak_full: 'yes'
- - set: centos-7
- puppet: puppet7
- keycloak_version: 15.0.1
- keycloak_full: 'yes'
- - set: centos-7
- puppet: puppet7
- keycloak_version: 16.1.1
- keycloak_full: 'yes'
- - set: centos-7-domain-mode-cluster
- puppet: puppet7
- keycloak_version: 12.0.4
- keycloak_domain_mode_cluster: 'yes'
- - set: centos-7-domain-mode-cluster
- puppet: puppet7
- keycloak_version: 13.0.1
- keycloak_domain_mode_cluster: 'yes'
- - set: centos-7-domain-mode-cluster
- puppet: puppet7
- keycloak_version: 14.0.0
- keycloak_domain_mode_cluster: 'yes'
- - set: centos-7-domain-mode-cluster
- puppet: puppet7
- keycloak_version: 15.0.1
- keycloak_domain_mode_cluster: 'yes'
- - set: centos-7-domain-mode-cluster
- puppet: puppet7
- keycloak_version: 16.1.1
- keycloak_domain_mode_cluster: 'yes'
.gitignore:
paths:
- /vagrant/.vagrant/
@@ -87,6 +45,8 @@ Rakefile:
delete: true
appveyor.yml:
delete: true
+spec/acceptance/nodesets/debian-9.yml:
+ delete: true
spec/acceptance/nodesets/debian-10.yml:
packages:
- iproute2
diff --git a/Gemfile b/Gemfile
index 114c81e5..c9844383 100644
--- a/Gemfile
+++ b/Gemfile
@@ -39,7 +39,7 @@ group :system_tests do
gem "beaker-pe", require: false
gem "beaker-hostgenerator"
gem "beaker-rspec"
- gem "beaker-docker", *location_for(ENV['BEAKER_DOCKER_VERSION'] || '~> 0.7.0')
+ gem "beaker-docker"
gem "beaker-puppet"
gem "beaker-puppet_install_helper", require: false
gem "beaker-module_install_helper", require: false
diff --git a/README.md b/README.md
index 1b9c976a..72da2846 100644
--- a/README.md
+++ b/README.md
@@ -6,6 +6,7 @@
#### Table of Contents
1. [Overview](#overview)
+ * [Upgrade to 8.x](#upgrade-to-8x)
* [Supported Versions of Keycloak](#supported-versions-of-keycloak)
2. [Usage - Configuration options](#usage)
* [Keycloak](#keycloak)
@@ -32,6 +33,70 @@
The keycloak module allows easy installation and management of Keycloak.
+### Upgrade to 8.x
+
+This module underwent major changes in the 8.0.0 release to support Keycloak that uses Quarkus.
+The initial 8.0.0 release of this module only supports Keycloak 18.x.
+
+Numerous parameters were changed or removed. Below is a list of the changes to parameters as well as some behavior changes.
+
+**Parameters removed**
+
+* `service_hasstatus`, `service_hasrestart`
+* `management_bind_address`
+* `java_opts_append`
+* `wildfly_user`, `wildfly_user_password`
+* `datasource_package`, `datasource_jar_source`, `datasource_jar_filename`, `datasource_module_source`, `datasource_xa_class`
+* `proxy_https`
+* `truststore_hostname_verification_policy`
+* `theme_static_max_age`, `theme_cache_themes`, `theme_cache_templates`
+* `operating_mode`, `enable_jdbc_ping`, `jboss_bind_public_address`, `jboss_bind_private_address`
+* `master_address`, `server_name`, `role`, `user_cache`
+* `tech_preview_features`
+* `auto_deploy_exploded`, `auto_deploy_zipped`
+* `syslog`, `syslog_app_name`, `syslog_facility`, `syslog_hostname`, `syslog_level`
+* `syslog_port`, `syslog_server_address`, `syslog_format`
+
+**Parameters renamed**
+
+* `service_bind_address` renamed to `http_host` and now defined in keycloak.conf instead of the systemd unit file
+* `manage_datasource` renamed to `manage_db`
+* `datasource_driver` renamed to `db`
+* `datasource_host` renamed to `db_url_host`
+* `datasource_port` renamed to `db_url_port`
+* `datasource_url` renamed to `db_url`
+* `datasource_dbname` renamed to `db_url_database`
+* `datasource_username` renamed to `db_username`
+* `datasource_password` renamed to `db_password`
+* `mysql_database_charset` renamed to `db_charset`
+* `auth_url_path` renamed to `validator_test_url` and default value changed
+
+**Parameters added**
+
+* `java_declare_method` to make it easier for EL platforms to deploy working Keycloak with correct Java
+* `java_package`, `java_home`, `java_alternative_path`, `java_alternative`
+* `start_command`
+* `configs`
+* `hostname`, `http_enabled`, `http_host`, `https_port`, `proxy`
+* `manage_db_server`
+* `features`
+* `features_disabled`
+* `providers_purge`
+
+**Behavior changes**
+
+The SSSD parameters are no longer tested and likely won't work. If you use the SSSD user provider and SSSD related parameters, please open an issue on this repo.
+
+This module no longer makes copies for DB driver jar files or install Java bindings, they are not necessary.
+
+When `db` is set to `mariadb`, `mysql` or `postgres` this module will by default install the database server to the Keycloak host. If you run a remote DB server for Keycloak, set `manage_db_server` and `manage_db` to `false`.
+
+There is no longer a need to define cluster or domain modes in the Quarkus deployment, all related functionality is removed.
+
+Some basic configuration options are exposed using parameters but most configuration options for Keycloak will need to be passed into the `configs` parameter.
+
+Drop Debian 9 support due to OS repos not having Java 11.
+
### Supported Versions of Keycloak
Currently this module supports Keycloak version 12.x.
@@ -44,12 +109,13 @@ This module may work on earlier versions but this is the only version tested.
| 6.x - 8.x | 4.x - 5.x |
| 8.x - 12.x | 6.x |
| 12.x - 16.x | 7.x |
+| 18.x | 8.x |
## Usage
### keycloak
-Install Keycloak using default `h2` database storage.
+Install Keycloak using default `dev-file` database.
```puppet
class { 'keycloak': }
@@ -59,33 +125,33 @@ Install a specific version of Keycloak.
```puppet
class { 'keycloak':
- version => '6.0.1',
- datasource_driver => 'mysql',
+ version => '18.0.0',
+ db => 'mariadb',
}
```
-Upgrading Keycloak version works by changing `version` parameter as long as the `datasource_driver` is not the default of `h2`. An upgrade involves installing the new version without touching the old version, updating the symlink which defaults to `/opt/keycloak`, applying all changes to new version and then restarting the `keycloak` service.
+Upgrading Keycloak version works by changing `version` parameter as long as the `db` parameter is not the default of `dev-file`. An upgrade involves installing the new version without touching the old version, updating the symlink which defaults to `/opt/keycloak`, applying all changes to new version and then restarting the `keycloak` service.
-If the previous `version` was `6.0.1` using the following will upgrade to `7.0.0`:
+If the previous `version` was `18.0.0` using the following will upgrade to `19.0.0`:
```puppet
class { 'keycloak':
- version => '7.0.0',
- datasource_driver => 'mysql',
+ version => '19.0.0',
+ db => 'mariadb',
}
```
-Install keycloak and use a local MySQL server for database storage
+Install keycloak and use a local MariaDB server for database storage
```puppet
include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
- datasource_host => 'localhost',
- datasource_port => 3306,
- datasource_dbname => 'keycloak',
- datasource_username => 'keycloak',
- datasource_password => 'foobar',
+ db => 'mariadb',
+ db_url_host => 'localhost',
+ db_url_port => 3306,
+ db_url_database => 'keycloak',
+ db_username => 'keycloak',
+ db_password => 'foobar',
}
```
@@ -94,33 +160,12 @@ The following example can be used to configure keycloak with a local PostgreSQL
```puppet
include postgresql::server
class { 'keycloak':
- datasource_driver => 'postgresql',
- datasource_host => 'localhost',
- datasource_port => 5432,
- datasource_dbname => 'keycloak',
- datasource_username => 'keycloak',
- datasource_password => 'foobar',
-}
-```
-
-Configure keycloak to use a remote Oracle database.
-
-The parameter `datasource_jar_source` is always required with Oracle database.
-The jar is downloaded to the keycloak module dir and renamed to `datasource_jar_filename` or `'ojdbc8.jar'` as default value.
-
-With a special database configuration it may be more suitable to give the complete database url `'jdbc:oracle:thin:@[...]'` using the parameter `database_url` instead of `database_host`, `database_port` and `database_dbname`.
-The default value with Oracle database for `database_host` is `'localhost'` and the default value for `database_port` is here `1521`.
-
-```puppet
-class { 'keycloak':
- datasource_driver => 'oracle',
- datasource_host => 'oracleserver.mydomain.de',
- datasource_port => 1521,
- datasource_dbname => 'keycloak',
- datasource_username => 'keycloak',
- datasource_password => 'foobar',
- datasource_jar_source => 'https://oracle.com/path/to/driver.jar',
- datasource_jar_filename => 'ojdbc8.jar',
+ db => 'postgres',
+ db_url_host => 'localhost',
+ db_url_port => 5432,
+ db_url_database => 'keycloak',
+ db_username => 'keycloak',
+ db_password => 'foobar',
}
```
@@ -128,9 +173,8 @@ Configure a SSL certificate truststore and add a LDAP server's certificate to th
```puppet
class { 'keycloak':
- truststore => true,
- truststore_password => 'supersecret',
- truststore_hostname_verification_policy => 'STRICT',
+ truststore => true,
+ truststore_password => 'supersecret',
}
keycloak::truststore::host { 'ldap1.example.com':
certificate => '/etc/openldap/certs/0a00000.0',
@@ -141,15 +185,17 @@ Setup Keycloak to proxy through Apache HTTPS.
```puppet
class { 'keycloak':
- proxy_https => true
+ http_host => '127.0.0.1',
+ proxy => 'edge',
}
apache::vhost { 'idp.example.com':
- servername => 'idp.example.com',
- port => '443',
- ssl => true,
- manage_docroot => false,
- docroot => '/var/www/html',
+ servername => 'idp.example.com',
+ port => '443',
+ ssl => true,
+ manage_docroot => false,
+ docroot => '/var/www/html',
proxy_preserve_host => true,
+ proxy_add_headers => true,
proxy_pass => [
{'path' => '/', 'url' => 'http://localhost:8080/'}
],
@@ -161,80 +207,6 @@ apache::vhost { 'idp.example.com':
ssl_key => '/etc/pki/tls/private/idp.example.com.key',
}
```
-Setup a domain master. (This needs a shared database, here '1.2.3.4').
-
-```puppet
-class { '::keycloak':
- operating_mode => 'domain',
- role => 'master',
- wildfly_user => 'wildfly,
- wildfly_user_password => 'changeme,
- manage_datasource => false,
- datasource_driver => 'postgresql',
- datasource_host => '1.2.3.4,
- datasource_dbname => 'keycloak,
- datasource_username => 'keycloak,
- datasource_password => 'changeme,
- admin_user => 'admin,
- admin_user_password => 'changeme,
-}
-```
-
-Setup a domain slave. (This needs a shared database, here '1.2.3.4').
-
-```puppet
-class { '::keycloak':
- operating_mode => 'domain',
- role => 'slave',
- wildfly_user => 'wildfly,
- wildfly_user_password => 'changeme,
- manage_datasource => false,
- datasource_driver => 'postgresql',
- datasource_host => '1.2.3.4,
- datasource_dbname => 'keycloak,
- datasource_username => 'keycloak,
- datasource_password => 'changeme,
- admin_user => 'admin,
- admin_user_password => 'changeme,
-}
-```
-**NOTE:** The wilfdly user and password need to match those in domain master. These are required for authentication in a cluster.
-
-Setup a host for theme development so that theme changes don't require a service restart, not recommended for production.
-
-```puppet
-class { 'keycloak':
- theme_static_max_age => -1,
- theme_cache_themes => false,
- theme_cache_templates => false,
-}
-```
-
-Run Keycloak using standalone clustered mode (multicast):
-
-```puppet
-class { 'keycloak':
- operating_mode => 'clustered',
-}
-```
-
-Run Keycloak using standalone clustered mode (JDBC_PING):
-
-> [JDBC_PING](http://jgroups.org/manual/#_jdbc_ping) uses port **7600** to ensure cluster members are discoverable by each other. This module **does NOT manage firewall changes**.
-
-```puppet
-class { 'keycloak':
- operating_mode => 'clustered',
- datasource_driver => 'postgresql',
- enable_jdbc_ping => true,
- jboss_bind_private_address => $facts['networking']['ip'],
- jboss_bind_public_address => $facts['networking']['ip'],
-}
-
-# your puppet code to open port 7600
-# ...
-# ...
-```
### Deploy SPI
@@ -562,8 +534,7 @@ keycloak_required_action { 'webauthn-register on master':
This module has been tested on:
* RedHat/CentOS 7 x86_64
-* RedHat/CentOS 8 x86_64
-* Debian 9 x86_64
+* RedHat/Rocky 8 x86_64
* Debian 10 x86_64
* Debian 11 x86_64
* Ubuntu 18.04 x86_64
diff --git a/Vagrantfile b/Vagrantfile
index 8a5952f1..296823eb 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -4,30 +4,32 @@
Vagrant.configure(2) do |config|
config.vm.synced_folder ".", "/vagrant", type: "virtualbox"
- config.vm.define "keycloak", primary: true, autostart: true do |ood|
- ood.vm.box = "centos/7"
- ood.vbguest.installer_options = { allow_kernel_upgrade: true }
- ood.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct: true
- ood.vm.provision "shell", inline: <<-SHELL
- rpm -Uvh https://yum.puppet.com/puppet5/puppet5-release-el-7.noarch.rpm
+ config.vm.define "keycloak", primary: true, autostart: true do |k|
+ k.vm.box = "centos/7"
+ k.vbguest.installer_options = { allow_kernel_upgrade: true }
+ k.vm.network "forwarded_port", guest: 8080, host: 8080, auto_correct: true
+ k.vm.network "forwarded_port", guest: 9090, host: 9090, auto_correct: true
+ k.vm.provision "shell", inline: <<-SHELL
+ rpm -Uvh https://yum.puppet.com/puppet6-release-el-7.noarch.rpm
yum -y install puppet-agent
source /etc/profile.d/puppet-agent.sh
+ setenforce 0
SHELL
- ood.vm.provision "shell", path: "vagrant-common.sh"
+ k.vm.provision "shell", path: "vagrant-common.sh"
end
- config.vm.define "keycloak-ubuntu-1804", primary: false, autostart: false do |ood|
- ood.vm.box = "ubuntu/bionic64"
- ood.vm.box_version = "20190903.0.0"
- ood.vm.network "forwarded_port", guest: 8080, host: 8081, auto_correct: true
- ood.vm.provision "shell", inline: <<-SHELL
- wget https://apt.puppetlabs.com/puppet5-release-bionic.deb
- dpkg -i puppet5-release-bionic.deb
+ config.vm.define "keycloak-ubuntu-1804", primary: false, autostart: false do |k|
+ k.vm.box = "ubuntu/bionic64"
+ k.vm.box_version = "20190903.0.0"
+ k.vm.network "forwarded_port", guest: 8080, host: 8081, auto_correct: true
+ k.vm.provision "shell", inline: <<-SHELL
+ wget https://apt.puppetlabs.com/puppet6-release-bionic.deb
+ dpkg -i puppet6-release-bionic.deb
apt-get update
apt-get install puppet-agent
echo "export PATH=/opt/puppetlabs/bin:/opt/puppetlabs/puppet/bin:/usr/share/puppetmaster-installer/bin:$PATH" > /etc/profile.d/puppetlabs.sh
SHELL
- ood.vm.provision "shell", path: "vagrant-common.sh"
+ k.vm.provision "shell", path: "vagrant-common.sh"
end
end
diff --git a/data/common.yaml b/data/common.yaml
index 42e16c9e..45567299 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -1,5 +1,3 @@
---
keycloak::libunix_dbus_java_source: 'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz'
keycloak::service_name: 'keycloak'
-keycloak::service_hasstatus: true
-keycloak::service_hasrestart: true
\ No newline at end of file
diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml
index 4c8bbcc0..71a7b2da 100644
--- a/data/os/Debian.yaml
+++ b/data/os/Debian.yaml
@@ -1,4 +1,9 @@
---
+keycloak::java_declare_method: include
+keycloak::java_package: openjdk-11-jdk
+keycloak::java_home: /usr/lib/jvm/java-1.11.0-openjdk-amd64/
+keycloak::java_alternative_path: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java
+keycloak::java_alternative: java-1.11.0-openjdk-amd64
keycloak::user_shell: '/usr/sbin/nologin'
keycloak::libunix_dbus_java_build_dependencies:
- 'zlib1g-dev'
diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml
index fbd8dbbf..38a99bc7 100644
--- a/data/os/RedHat.yaml
+++ b/data/os/RedHat.yaml
@@ -1,4 +1,8 @@
---
+keycloak::java_package: java-11-openjdk-devel
+keycloak::java_home: /usr/lib/jvm/java-11-openjdk/
+keycloak::java_alternative_path: /usr/lib/jvm/java-11-openjdk/bin/java
+keycloak::java_alternative: /usr/lib/jvm/java-11-openjdk/bin/java
keycloak::user_shell: '/sbin/nologin'
keycloak::libunix_dbus_java_build_dependencies:
- 'which'
diff --git a/data/os/RedHat/8.yaml b/data/os/RedHat/8.yaml
deleted file mode 100644
index d93ec72e..00000000
--- a/data/os/RedHat/8.yaml
+++ /dev/null
@@ -1,2 +0,0 @@
----
-keycloak::datasource_package: mariadb-java-client
diff --git a/data/os/Ubuntu/20.04.yaml b/data/os/Ubuntu/20.04.yaml
index 97f95038..57322bc9 100644
--- a/data/os/Ubuntu/20.04.yaml
+++ b/data/os/Ubuntu/20.04.yaml
@@ -1,2 +1,4 @@
---
-keycloak::mysql_database_charset: utf8mb3
+# TODO: Use until this released to force mariadb:
+# https://github.com/puppetlabs/puppetlabs-mysql/commit/8c8c01739f593b2bcd1943297761a09dde994197
+keycloak::db_charset: utf8mb3
diff --git a/files/database/mysql/module.xml b/files/database/mysql/module.xml
deleted file mode 100644
index c97bcc6d..00000000
--- a/files/database/mysql/module.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/files/database/postgresql/module.xml b/files/database/postgresql/module.xml
deleted file mode 100644
index 574e0ca9..00000000
--- a/files/database/postgresql/module.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/lib/puppet/provider/keycloak_api.rb b/lib/puppet/provider/keycloak_api.rb
index 11ad2d34..93e8f216 100644
--- a/lib/puppet/provider/keycloak_api.rb
+++ b/lib/puppet/provider/keycloak_api.rb
@@ -177,6 +177,7 @@ def name_uuid(*args)
end
def check_theme_exists(theme, res)
+ return true if theme == 'keycloak'
install_dir = self.class.install_dir || '/opt/keycloak'
path = File.join(install_dir, 'themes', theme)
return if File.exist?(path)
diff --git a/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb b/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb
index 562589aa..ce1af4e9 100644
--- a/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb
+++ b/lib/puppet/provider/keycloak_conn_validator/puppet_https.rb
@@ -38,8 +38,8 @@ def exists?
# especially on the first install. Therefore, our first connection attempt
# may fail. Here we have somewhat arbitrarily chosen to retry every 2
# seconds until the configurable timeout has expired.
- Puppet.notice('Failed to connect to keycloak; sleeping 2 seconds before retry')
- sleep 2
+ Puppet.notice('Failed to connect to keycloak; sleeping 5 seconds before retry')
+ sleep 5
success = validator.attempt_connection
end
diff --git a/lib/puppet/type/keycloak_api.rb b/lib/puppet/type/keycloak_api.rb
index b8760227..ee836ce5 100644
--- a/lib/puppet/type/keycloak_api.rb
+++ b/lib/puppet/type/keycloak_api.rb
@@ -10,7 +10,7 @@
@example Define API access
keycloak_api { 'keycloak'
install_dir => '/opt/keycloak',
- server => 'http://localhost:8080/auth',
+ server => 'http://localhost:8080',
realm => 'master',
user => 'admin',
password => 'changeme',
@@ -27,7 +27,7 @@
newparam(:server) do
desc 'Auth URL for Keycloak server'
- defaultto('http://localhost:8080/auth')
+ defaultto('http://localhost:8080')
end
newparam(:realm) do
diff --git a/manifests/config.pp b/manifests/config.pp
index 16772c77..1343add0 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -23,388 +23,52 @@
show_diff => false,
}
- file { "${keycloak::install_base}/tmp":
- ensure => 'directory',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0755',
- }
-
- $_add_user_keycloak_cmd = "${keycloak::install_base}/bin/add-user-keycloak.sh"
- $_add_user_keycloak_state = "${keycloak::install_base}/.create-keycloak-admin-${keycloak::datasource_driver}"
-
- if $::keycloak::operating_mode != 'domain' {
- $_server_conf_dir = "${keycloak::install_base}/standalone/configuration"
- $_add_user_keycloak_args = "--user ${keycloak::admin_user} --password ${keycloak::admin_user_password} --realm master"
- $_java_opts_path = "${keycloak::install_base}/bin/standalone.conf"
-
- } else {
- $_server_conf_dir = "${keycloak::install_base}/domain/servers/${keycloak::server_name}/configuration"
- $_add_user_keycloak_args = "--user ${keycloak::admin_user} --password ${keycloak::admin_user_password} --realm master --sc ${_server_conf_dir}/" # lint:ignore:140chars
- $_java_opts_path = "${keycloak::install_base}/bin/domain.conf"
-
- $_dirs = [
- dirname(dirname($_server_conf_dir)),
- dirname($_server_conf_dir)
- ]
-
- file { $_dirs:
- ensure => 'directory',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0755',
- }
- }
-
- exec { 'create-keycloak-admin':
- command => "${_add_user_keycloak_cmd} ${_add_user_keycloak_args} && touch ${_add_user_keycloak_state}",
- creates => $_add_user_keycloak_state,
- notify => Class['keycloak::service'],
- user => $keycloak::user,
- require => File[$_server_conf_dir],
+ file { $keycloak::admin_env:
+ ensure => 'file',
+ owner => $keycloak::user,
+ group => $keycloak::group,
+ mode => '0600',
+ content => join([
+ '# File managed by Puppet',
+ "KEYCLOAK_ADMIN=${keycloak::admin_user}",
+ "KEYCLOAK_ADMIN_PASSWORD=${keycloak::admin_user_password}",
+ '',
+ ], "\n"),
+ show_diff => false,
}
- if $keycloak::operating_mode == 'domain' {
- $config_cli_prefix = '/profile=auth-server-clustered'
+ if $keycloak::custom_config_content {
+ $config_content = $keycloak::custom_config_content
} else {
- $config_cli_prefix = ''
+ $config_content = template('keycloak/keycloak.conf.erb')
}
-
- concat { "${keycloak::install_base}/config.cli":
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0600',
- notify => Exec['jboss-cli.sh --file=config.cli'],
- show_diff => false,
- ensure_newline => true,
- }
-
- concat::fragment { 'keycloak-config.cli-header':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/00-header.epp', {'operating_mode' => $keycloak::operating_mode}),
- order => '00',
- }
-
- if $keycloak::proxy_https {
- concat::fragment { 'keycloak-config.cli-https-proxy':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/01-https-proxy.epp', {
- 'prefix' => $config_cli_prefix,
- 'operating_mode' => $keycloak::operating_mode,
- }),
- order => '01',
- }
- }
-
- concat::fragment { 'keycloak-config.cli-datasource':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/02-datasource.epp', {
- 'datasource_driver' => $keycloak::datasource_driver,
- 'datasource_connection_url' => $keycloak::datasource_connection_url,
- 'datasource_username' => $keycloak::datasource_username,
- 'datasource_password' => $keycloak::datasource_password,
- 'mysql_datasource_class' => $keycloak::mysql_datasource_class,
- 'prefix' => $config_cli_prefix,
- }),
- order => '02',
- }
-
- concat::fragment { 'keycloak-config.cli-truststore':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/03-truststore.epp', {
- 'truststore' => $keycloak::truststore,
- 'operating_mode' => $keycloak::operating_mode,
- 'install_base' => $keycloak::install_base,
- 'truststore_password' => $keycloak::truststore_password,
- 'truststore_hostname_verification_policy' => $keycloak::truststore_hostname_verification_policy,
- 'prefix' => $config_cli_prefix,
- }),
- order => '03',
- }
-
- concat::fragment { 'keycloak-config.cli-theming':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/04-theming.epp', {
- 'theme_static_max_age' => $keycloak::theme_static_max_age,
- 'theme_cache_themes' => $keycloak::theme_cache_themes,
- 'theme_cache_templates' => $keycloak::theme_cache_templates,
- 'prefix' => $config_cli_prefix,
- }),
- order => '04',
- }
-
- # deployment scanner is not compatible with domain mode
- if $keycloak::operating_mode != 'domain' {
- concat::fragment { 'keycloak-config.cli-deployment-scanner':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/05-deployment-scanner.epp', {
- 'auto_deploy_exploded' => $keycloak::auto_deploy_exploded,
- 'auto_deploy_zipped' => $keycloak::auto_deploy_zipped,
- 'prefix' => $config_cli_prefix,
- }),
- order => '05',
- }
- }
-
- concat::fragment { 'keycloak-config.cli-user-cache':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/06-user-cache.epp', {
- 'user_cache' => $keycloak::user_cache,
- 'prefix' => $config_cli_prefix,
- }),
- order => '06',
- }
-
- concat::fragment { 'keycloak-config.cli-cluster':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/10-cluster.epp', {
- 'operating_mode' => $keycloak::operating_mode,
- 'enable_jdbc_ping' => $keycloak::enable_jdbc_ping,
- 'datasource_driver' => $keycloak::datasource_driver,
- 'jboss_bind_private_address' => $keycloak::jboss_bind_private_address,
- 'jboss_bind_public_address' => $keycloak::jboss_bind_public_address,
- 'prefix' => $config_cli_prefix,
- }),
- order => '10',
- }
-
- if $keycloak::operating_mode == 'domain' {
- concat::fragment { 'keycloak-config.cli-domain':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/11-domain.epp', {
- 'prefix' => $config_cli_prefix,
- }),
- order => '11',
- }
- }
-
- concat::fragment { 'keycloak-config.cli-syslog':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/12-syslog.epp', {
- 'prefix' => $config_cli_prefix,
- 'syslog' => $keycloak::syslog,
- 'syslog_app_name' => $keycloak::syslog_app_name,
- 'syslog_facility' => $keycloak::syslog_facility,
- 'syslog_hostname' => $keycloak::syslog_hostname,
- 'syslog_level' => $keycloak::syslog_level,
- 'syslog_port' => $keycloak::syslog_port,
- 'syslog_server_address' => $keycloak::syslog_server_address,
- 'syslog_format' => $keycloak::syslog_format,
- }),
- order => '12',
- }
-
- if $keycloak::custom_config_content or $keycloak::custom_config_source {
- concat::fragment { 'keycloak-config.cli-custom':
- target => "${keycloak::install_base}/config.cli",
- content => $keycloak::custom_config_content,
- source => $keycloak::custom_config_source,
- order => '50',
- }
- }
-
- concat::fragment { 'keycloak-config.cli-footer':
- target => "${keycloak::install_base}/config.cli",
- content => epp('keycloak/config.cli/99-footer.epp', {'operating_mode' => $keycloak::operating_mode}),
- order => '99',
- }
-
- exec { 'jboss-cli.sh --file=config.cli':
- command => "${keycloak::install_base}/bin/jboss-cli.sh --file=config.cli",
- cwd => $keycloak::install_base,
- user => $keycloak::user,
- group => $keycloak::group,
- refreshonly => true,
- logoutput => true,
- notify => Class['keycloak::service'],
+ file { "${keycloak::install_base}/conf/keycloak.conf":
+ owner => $keycloak::user,
+ group => $keycloak::group,
+ mode => '0600',
+ show_diff => false,
+ content => $config_content,
+ source => $keycloak::custom_config_source,
+ notify => Class['keycloak::service'],
}
create_resources('keycloak::truststore::host', $keycloak::truststore_hosts)
- if $keycloak::java_opts {
- $java_opts_ensure = 'present'
- } else {
- $java_opts_ensure = 'absent'
- }
-
- if $keycloak::java_opts =~ Array {
- $java_opts = join($keycloak::java_opts, ' ')
- } else {
- $java_opts = $keycloak::java_opts
- }
- if $keycloak::java_opts_append {
- $_java_opts = "\$JAVA_OPTS ${java_opts}"
- } else {
- $_java_opts = $java_opts
- }
- file_line { 'keycloak-JAVA_OPTS':
- ensure => $java_opts_ensure,
- path => $_java_opts_path,
- line => "JAVA_OPTS=\"${_java_opts}\"",
- match => '^JAVA_OPTS=',
- notify => Class['keycloak::service'],
- }
-
- file { $_server_conf_dir:
+ file { $keycloak::tmp_dir:
ensure => 'directory',
owner => $keycloak::user,
group => $keycloak::group,
- mode => '0750',
+ mode => '0755',
}
- file { "${_server_conf_dir}/profile.properties":
- ensure => 'file',
+ file { $keycloak::providers_dir:
+ ensure => 'directory',
owner => $keycloak::user,
group => $keycloak::group,
- content => template('keycloak/profile.properties.erb'),
- mode => '0644',
+ mode => '0755',
+ purge => $keycloak::providers_purge,
+ force => $keycloak::providers_purge,
+ recurse => $keycloak::providers_purge,
notify => Class['keycloak::service'],
}
-
- if $::keycloak::operating_mode == 'domain' {
- $_add_user_wildfly_cmd = "${keycloak::install_base}/bin/add-user.sh"
- $_add_user_wildfly_args = "--user ${keycloak::wildfly_user} --password ${keycloak::wildfly_user_password} -e -s"
- $_add_user_wildfly_state = "${::keycloak::install_base}/.create-wildfly-user"
-
- exec { 'create-wildfly-user':
- command => "${_add_user_wildfly_cmd} ${_add_user_wildfly_args} && touch ${_add_user_wildfly_state}",
- creates => $_add_user_wildfly_state,
- notify => Class['keycloak::service'],
- }
-
- if $keycloak::role == 'master' {
- # Remove load balancer group
- # Rename the server
- # Set port offset to zero to run server on port 8080
- augeas { 'ensure-servername':
- incl => "${keycloak::install_base}/domain/configuration/host-master.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-master.xml/host/servers",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- 'rm server[1]',
- 'rm server',
- "set server/#attribute/name ${keycloak::server_name}",
- 'set server/#attribute/group auth-server-group',
- 'set server/#attribute/auto-start true',
- 'set server/socket-bindings/#attribute/port-offset 0',
- ],
- notify => Class['keycloak::service'],
- }
-
- # Set up interface names and defaults in host-master.xml
- augeas { 'ensure-interface-names-defaults-master':
- incl => "${keycloak::install_base}/domain/configuration/host-master.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-master.xml/host/interfaces",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- # lint:ignore:single_quote_string_with_variables
- 'set interface[1]/#attribute/name management',
- 'set interface[1]/inet-address/#attribute/value ${jboss.bind.address.management:127.0.0.1}',
- 'set interface[2]/#attribute/name private',
- 'set interface[2]/inet-address/#attribute/value ${jboss.bind.address.private:127.0.0.1}',
- 'set interface[3]/#attribute/name public',
- 'set interface[3]/inet-address/#attribute/value ${jboss.bind.address:127.0.0.1}',
- # lint:endignore
- ],
- notify => Class['keycloak::service'],
- }
-
- # Assing management interfaces to logical interfaces
- augeas { 'assign-management-interfaces-master':
- incl => "${keycloak::install_base}/domain/configuration/host-master.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-master.xml/host/management/management-interfaces",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- # lint:ignore:single_quote_string_with_variables
- 'set native-interface/#attribute/security-realm ManagementRealm',
- 'set native-interface/socket/#attribute/interface management',
- 'set native-interface/socket/#attribute/port ${jboss.management.native.port:9999}',
- 'set http-interface/#attribute/security-realm ManagementRealm',
- 'set http-interface/socket/#attribute/interface management',
- 'set http-interface/socket/#attribute/port ${jboss.management.http.port:9990}',
- # lint:endignore
- ],
- notify => Class['keycloak::service'],
- }
- } else {
- # Rename the server
- # Set port offset to zero, to run server in port 8080
- augeas { 'ensure-servername':
- incl => "${keycloak::install_base}/domain/configuration/host-slave.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-slave.xml/host/servers",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- "set server/#attribute/name ${keycloak::server_name}",
- 'set server/socket-bindings/#attribute/port-offset 0'
- ],
- notify => Class['keycloak::service'],
- }
-
- # Set username for authentication to master
- augeas { 'ensure-username':
- incl => "${keycloak::install_base}/domain/configuration/host-slave.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-slave.xml/host/domain-controller/remote",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- "set #attribute/username ${keycloak::wildfly_user}"
- ],
- notify => Class['keycloak::service'],
- }
-
- # Set secret for authentication to master
- augeas { 'ensure-secret':
- incl => "${keycloak::install_base}/domain/configuration/host-slave.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-slave.xml/host/management/security-realms/security-realm[1]/server-identities/secret", # lint:ignore:140chars
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- "set #attribute/value ${keycloak::wildfly_user_password_base64}"
- ],
- notify => Class['keycloak::service'],
- }
-
- # Set up interface names and default in host-slave.xml
- augeas { 'ensure-interface-names-defaults-slave':
- incl => "${keycloak::install_base}/domain/configuration/host-slave.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-slave.xml/host/interfaces",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- # lint:ignore:single_quote_string_with_variables
- 'set interface[1]/#attribute/name management',
- 'set interface[1]/inet-address/#attribute/value ${jboss.bind.address.management:127.0.0.1}',
- 'set interface[2]/#attribute/name private',
- 'set interface[2]/inet-address/#attribute/value ${jboss.bind.address.private:127.0.0.1}',
- 'set interface[3]/#attribute/name public',
- 'set interface[3]/inet-address/#attribute/value ${jboss.bind.address:127.0.0.1}',
- # lint:endignore
- ],
- notify => Class['keycloak::service'],
- }
-
- # Assing management interfaces to logical interfaces
- augeas { 'assign-management-interaces-slave':
- incl => "${keycloak::install_base}/domain/configuration/host-slave.xml",
- context => "/files${keycloak::install_base}/domain/configuration/host-slave.xml/host/management/management-interfaces",
- load_path => '/opt/puppetlabs/puppet/share/augeas/lenses/dist',
- lens => 'Xml.lns',
- changes => [
- # lint:ignore:single_quote_string_with_variables
- 'set native-interface/#attribute/security-realm ManagementRealm',
- 'set native-interface/socket/#attribute/interface management',
- 'set native-interface/socket/#attribute/port ${jboss.management.native.port:9999}',
- 'set http-interface/#attribute/security-realm ManagementRealm',
- 'set http-interface/socket/#attribute/interface management',
- 'set http-interface/socket/#attribute/port ${jboss.management.http.port:9990}',
- # lint:endignore
- ],
- notify => Class['keycloak::service'],
- }
- }
- }
}
diff --git a/manifests/datasource/h2.pp b/manifests/datasource/h2.pp
deleted file mode 100644
index f79045ec..00000000
--- a/manifests/datasource/h2.pp
+++ /dev/null
@@ -1,5 +0,0 @@
-# Private class.
-class keycloak::datasource::h2 {
- assert_private()
- # Do nothing
-}
diff --git a/manifests/datasource/mysql.pp b/manifests/datasource/mysql.pp
deleted file mode 100644
index 43b4f8df..00000000
--- a/manifests/datasource/mysql.pp
+++ /dev/null
@@ -1,58 +0,0 @@
-# @summary Manage MySQL datasource
-#
-# @api private
-class keycloak::datasource::mysql {
- assert_private()
-
- $jar_source = pick($keycloak::datasource_jar_source, $keycloak::mysql_jar_source)
- $module_source = pick($keycloak::datasource_module_source, 'puppet:///modules/keycloak/database/mysql/module.xml')
- $module_dir = "${keycloak::install_base}/modules/system/layers/keycloak/com/mysql/jdbc/main"
-
- if $keycloak::datasource_package {
- ensure_packages([$keycloak::datasource_package])
- $jar_require = Package[$keycloak::datasource_package]
- } else {
- include ::mysql::bindings
- include ::mysql::bindings::java
- $jar_require = Class['::mysql::bindings::java']
- }
-
- exec { "mkdir -p ${module_dir}":
- path => '/usr/bin:/bin',
- creates => $module_dir,
- user => $keycloak::user,
- group => $keycloak::group,
- }
- -> file { $module_dir:
- ensure => 'directory',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0755',
- }
- file { "${$module_dir}/mysql-connector-java.jar":
- ensure => 'link',
- target => $jar_source,
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- require => $jar_require,
- }
- file { "${$module_dir}/module.xml":
- ensure => 'file',
- source => $module_source,
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- }
-
- if $keycloak::manage_datasource {
- mysql::db { $keycloak::datasource_dbname:
- user => $keycloak::datasource_username,
- password => $keycloak::datasource_password,
- host => $keycloak::db_host,
- grant => 'ALL',
- charset => $keycloak::mysql_database_charset,
- }
- }
-
-}
diff --git a/manifests/datasource/oracle.pp b/manifests/datasource/oracle.pp
deleted file mode 100644
index 7a0e0b02..00000000
--- a/manifests/datasource/oracle.pp
+++ /dev/null
@@ -1,50 +0,0 @@
-# @summary Manage Oracle datasource
-#
-# @api private
-#
-class keycloak::datasource::oracle {
- assert_private()
-
- $jar_filename = pick($keycloak::datasource_jar_filename, 'ojdbc8.jar')
- $module_dir = "${keycloak::install_base}/modules/system/layers/keycloak/org/oracle/main"
-
- exec { "mkdir -p ${module_dir}":
- path => '/usr/bin:/bin',
- creates => $module_dir,
- user => $keycloak::user,
- group => $keycloak::group,
- }
- -> file { $module_dir:
- ensure => 'directory',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0755',
- }
-
- file { "${module_dir}/${jar_filename}":
- ensure => 'file',
- source => $keycloak::datasource_jar_source,
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- }
-
- $module_xml_defaults = {
- ensure => 'file',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- }
- if $keycloak::datasource_module_source {
- $module_xml_options = {
- source => $keycloak::datasource_module_source,
- }
- } else {
- $module_xml_options = {
- content => template('keycloak/database/oracle/module.xml.erb'),
- }
- }
- file { "${$module_dir}/module.xml":
- * => $module_xml_defaults + $module_xml_options,
- }
-}
diff --git a/manifests/datasource/postgresql.pp b/manifests/datasource/postgresql.pp
deleted file mode 100644
index ae19fbc4..00000000
--- a/manifests/datasource/postgresql.pp
+++ /dev/null
@@ -1,50 +0,0 @@
-# @summary Manage postgresql datasource
-#
-# @api private
-class keycloak::datasource::postgresql {
- assert_private()
-
- $jar_source = pick($keycloak::datasource_jar_source, $keycloak::postgresql_jar_source)
- $module_source = pick($keycloak::datasource_module_source, 'puppet:///modules/keycloak/database/postgresql/module.xml')
- $module_dir = "${keycloak::install_base}/modules/system/layers/keycloak/org/postgresql/main"
-
- include ::postgresql::lib::java
-
- exec { "mkdir -p ${module_dir}":
- path => '/usr/bin:/bin',
- creates => $module_dir,
- user => $keycloak::user,
- group => $keycloak::group,
- }
- -> file { $module_dir:
- ensure => 'directory',
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0755',
- }
-
- file { "${module_dir}/postgresql-jdbc.jar":
- ensure => 'file',
- source => $jar_source,
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- require => Class['postgresql::lib::java'],
- }
-
- file { "${$module_dir}/module.xml":
- ensure => 'file',
- source => $module_source,
- owner => $keycloak::user,
- group => $keycloak::group,
- mode => '0644',
- }
-
- if $keycloak::manage_datasource {
- include ::postgresql::server
- postgresql::server::db { $keycloak::datasource_dbname:
- user => $keycloak::datasource_username,
- password => postgresql::postgresql_password($keycloak::datasource_username, $keycloak::datasource_password),
- }
- }
-}
diff --git a/manifests/db/mariadb.pp b/manifests/db/mariadb.pp
new file mode 100644
index 00000000..9b6dd0e7
--- /dev/null
+++ b/manifests/db/mariadb.pp
@@ -0,0 +1,8 @@
+# @summary Manage MySQL DB
+#
+# @api private
+class keycloak::db::mariadb {
+ assert_private()
+
+ contain 'keycloak::db::mysql'
+}
diff --git a/manifests/db/mysql.pp b/manifests/db/mysql.pp
new file mode 100644
index 00000000..b5043c6b
--- /dev/null
+++ b/manifests/db/mysql.pp
@@ -0,0 +1,21 @@
+# @summary Manage MySQL DB
+#
+# @api private
+class keycloak::db::mysql {
+ assert_private()
+
+ if $keycloak::manage_db_server {
+ contain mysql::server
+ }
+
+ if $keycloak::manage_db {
+ mysql::db { $keycloak::db_url_database:
+ user => $keycloak::db_username,
+ password => $keycloak::db_password,
+ host => $keycloak::db_url_host,
+ grant => 'ALL',
+ charset => $keycloak::db_charset,
+ }
+ }
+
+}
diff --git a/manifests/db/postgres.pp b/manifests/db/postgres.pp
new file mode 100644
index 00000000..5f3fd800
--- /dev/null
+++ b/manifests/db/postgres.pp
@@ -0,0 +1,18 @@
+# @summary Manage postgres DB
+#
+# @api private
+class keycloak::db::postgres {
+ assert_private()
+
+ if $keycloak::manage_db_server {
+ contain postgresql::server
+ }
+
+ if $keycloak::manage_db {
+ postgresql::server::db { $keycloak::db_url_database:
+ user => $keycloak::db_username,
+ password => postgresql::postgresql_password($keycloak::db_username, $keycloak::db_password),
+ encoding => 'UTF8',
+ }
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index 0f1d644d..f7425cad 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -16,6 +16,19 @@
# @param install_dir
# The directory of where to install Keycloak.
# Default is `/opt/keycloak-${version}`.
+# @param java_declare_method
+# How to declare the Java class within this module
+# The `include` value only includes the java class
+# The `class` method defines the Java class and passes necessary parameters
+# For RedHat base systems this defaults to `class`, other OSes default to `include`
+# @param java_package
+# Java package name, only used when `java_declare_method` is `class`
+# @param java_home
+# Java home path, only used when `java_declare_method` is `class`
+# @param java_alternative_path
+# Java alternative path, only used when `java_declare_method` is `class`
+# @param java_alternative
+# Java alternative, only used when `java_declare_method` is `class`
# @param service_name
# Keycloak service name.
# Default is `keycloak`.
@@ -25,24 +38,26 @@
# @param service_enable
# Keycloak service enable property.
# Default is `true`.
-# @param service_hasstatus
-# Keycloak service hasstatus parameter.
-# Default is `true`.
-# @param service_hasrestart
-# Keycloak service hasrestart parameter.
-# Default is `true`.
-# @param service_bind_address
-# Bind address for Keycloak service.
-# Default is '0.0.0.0'.
-# @param management_bind_address
-# Bind address for Keycloak management.
-# Default is '0.0.0.0'.
# @param java_opts
# Sets additional options to Java virtual machine environment variable.
-# @param java_opts_append
-# Determine if $JAVA_OPTS should be appended to when setting `java_opts` parameter
+# @param start_command
+# The start command to use to run Keycloak
# @param service_extra_opts
# Additional options added to the end of the service command-line.
+# @param service_environment_file
+# Path to the file with environment variables for the systemd service
+# @param configs
+# Define additional configs for keycloak.conf
+# @param hostname
+# hostname to set in keycloak.conf
+# @param http_enabled
+# Whether to enable HTTP
+# @param http_host
+# HTTP host
+# @param http_port
+# HTTP port
+# @param https_port
+# HTTPS port
# @param manage_user
# Defines if the module should manage the Linux user for Keycloak installation
# @param user
@@ -68,56 +83,30 @@
# @param admin_user_password
# Keycloak administrative user password.
# Default is `changeme`.
-# @param wildfly_user
-# Wildfly user. Required for domain mode.
-# @param wildfly_user_password
-# Wildfly user password. Required for domain mode.
-# @param manage_datasource
-# Boolean that determines if configured datasource will be managed.
-# Default is `true`.
-# @param datasource_driver
-# Datasource driver to use for Keycloak.
-# Valid values are `h2`, `mysql`, 'oracle' and 'postgresql'
-# Default is `h2`.
-# @param datasource_host
-# Datasource host.
-# Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
-# Default is `localhost` for MySQL.
-# @param datasource_port
-# Datasource port.
-# Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
-# Default is `3306` for MySQL.
-# @param datasource_url
-# Datasource url.
-# Default datasource URLs are defined in init class.
-# @param datasource_dbname
-# Datasource database name.
-# Default is `keycloak`.
-# @param datasource_username
-# Datasource user name.
-# Default is `sa`.
-# @param datasource_password
-# Datasource user password.
-# Default is `sa`.
-# @param datasource_package
-# Package to add specified datasource support
-# @param datasource_jar_source
-# Source for datasource JDBC driver - could be puppet link or local file on the node.
-# Default is dependent on value for `datasource_driver`.
-# This parameter is required if `datasource_driver` is `oracle`.
-# @param datasource_jar_filename
-# Specify the filename of the destination datasource jar in the module dir of keycloak.
-# This parameter is only working at the moment if `datasource_driver` is `oracle`.
-# @param datasource_module_source
-# Source for datasource module.xml. Default depends on `datasource_driver`.
-# @param datasource_xa_class
-# MySQL Connector/J JDBC driver xa-datasource class name
-# @param mysql_database_charset
-# MySQL database charset
-# @param proxy_https
-# Boolean that sets if HTTPS proxy should be enabled.
-# Set to `true` if proxying traffic through Apache.
-# Default is `false`.
+# @param manage_db
+# Boolean that determines if configured database will be managed.
+# @param manage_db_server
+# Include the DB server class for postgres, mariadb or mysql
+# @param db
+# Database driver to use for Keycloak.
+# @param db_url_host
+# Database host.
+# @param db_url_port
+# Database port.
+# @param db_url
+# Database url.
+# @param db_url_database
+# Database name.
+# @param db_username
+# Database user name.
+# @param db_password
+# Database user password.
+# @param db_charset
+# MySQL and MariaDB database charset
+# @param features
+# Keycloak features to enable
+# @param features_disabled
+# Keycloak features to disable
# @param truststore
# Boolean that sets if truststore should be used.
# Default is `false`.
@@ -127,21 +116,8 @@
# @param truststore_password
# Truststore password.
# Default is `keycloak`.
-# @param truststore_hostname_verification_policy
-# Valid values are `WILDCARD`, `STRICT`, and `ANY`.
-# Default is `WILDCARD`.
-# @param http_port
-# HTTP port used by Keycloak.
-# Default is `8080`.
-# @param theme_static_max_age
-# Max cache age in seconds of static content.
-# Default is `2592000`.
-# @param theme_cache_themes
-# Boolean that sets if themes should be cached.
-# Default is `true`.
-# @param theme_cache_templates
-# Boolean that sets if templates should be cached.
-# Default is `true`.
+# @param proxy
+# Type of proxy to use for Keycloak
# @param realms
# Hash that is used to define keycloak_realm resources.
# Default is `{}`.
@@ -213,74 +189,41 @@
# user_attributes to define for SSSD ifp service
# @param restart_sssd
# Boolean that determines if SSSD should be restarted
-# @param service_environment_file
-# Path to the file with environment variables for the systemd service
-# @param operating_mode
-# Keycloak operating mode deployment
-# @param enable_jdbc_ping
-# Use JDBC_PING to discover the nodes and manage the replication of data
-# More info: http://jgroups.org/manual/#_jdbc_ping
-# Only applies when `operating_mode` is either `clustered` or `domain`
-# JDBC_PING uses port 7600 to ensure cluster members are discoverable by each other
-# This module does not manage firewall changes
-# @param jboss_bind_public_address
-# JBoss bind public IP address
-# @param jboss_bind_private_address
-# JBoss bind private IP address
-# @param role
-# Role when operating mode is domain.
-# @param user_cache
-# Boolean that determines if userCache is enabled
-# @param tech_preview_features
-# List of technology Preview features to enable
-# @param auto_deploy_exploded
-# Set if exploded deployements will be auto deployed
-# @param auto_deploy_zipped
-# Set if zipped deployments will be auto deployed
# @param spi_deployments
# Hash used to define keycloak::spi_deployment resources
+# @param providers_purge
+# Purge the providers directory of unmanaged SPIs
# @param custom_config_content
-# Custom configuration content to be added to config.cli
+# Custom configuration content to be added to keycloak.conf
# @param custom_config_source
-# Custom configuration source file to be added to config.cli
-# @param master_address
-# IP address of the master in domain mode
-# @param server_name
-# Server name in domain mode. Defaults to hostname.
-# @param syslog
-# Enable syslog. Default false.
-# @param syslog_app_name
-# Syslog app name. Default 'keycloak'.
-# @param syslog_facility
-# Syslog facility. Default 'user-level'. See https://docs.jboss.org/author/display/AS72/Logging%20Configuration.html
-# @param syslog_hostname
-# Syslog hostname of the server. Default $facts['fqdn'].
-# @param syslog_level
-# Syslog level. Default 'INFO'. See https://docs.jboss.org/author/display/AS72/Logging%20Configuration.html
-# @param syslog_port
-# The port the syslog server is listening on. Default '514'.
-# @param syslog_server_address
-# The address of the syslog server. Default 'localhost'.
-# @param syslog_format
-# Syslog format. Either 'RFC3164' or 'RFC5424' Default 'RFC3164'.
-# @param auth_url_path
-# The URL path for /auth
+# Custom configuration source file to be added to keycloak.conf
+# @param validator_test_url
+# The URL path for validator testing
+# Only necessary to set if the URL path to Keycloak is modified
class keycloak (
Boolean $manage_install = true,
- String $version = '12.0.4',
+ String $version = '18.0.0',
Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]
$package_url = undef,
Optional[Stdlib::Absolutepath] $install_dir = undef,
+ Enum['include','class'] $java_declare_method = 'class',
+ String[1] $java_package = 'java-11-openjdk-devel',
+ Stdlib::Absolutepath $java_home = '/usr/lib/jvm/java-11-openjdk',
+ Stdlib::Absolutepath $java_alternative_path = '/usr/lib/jvm/java-11-openjdk/bin/java',
+ String[1] $java_alternative = '/usr/lib/jvm/java-11-openjdk/bin/java',
String $service_name = 'keycloak',
String $service_ensure = 'running',
Boolean $service_enable = true,
- Boolean $service_hasstatus = true,
- Boolean $service_hasrestart = true,
- Stdlib::IP::Address $service_bind_address = '0.0.0.0',
- Stdlib::IP::Address $management_bind_address = '0.0.0.0',
Optional[Variant[String, Array]] $java_opts = undef,
- Boolean $java_opts_append = true,
+ Enum['start','start-dev'] $start_command = 'start',
Optional[String] $service_extra_opts = undef,
+ Optional[Stdlib::Absolutepath] $service_environment_file = undef,
+ Keycloak::Configs $configs = {},
+ Stdlib::Host $hostname = $facts['networking']['fqdn'],
+ Boolean $http_enabled = true,
+ Stdlib::IP::Address $http_host = '0.0.0.0',
+ Stdlib::Port $http_port = 8080,
+ Stdlib::Port $https_port = 8443,
Boolean $manage_user = true,
String $user = 'keycloak',
Stdlib::Absolutepath $user_shell = '/sbin/nologin',
@@ -290,31 +233,22 @@
Optional[Integer] $group_gid = undef,
String $admin_user = 'admin',
String $admin_user_password = 'changeme',
- Optional[String] $wildfly_user = undef,
- Optional[String] $wildfly_user_password = undef,
- Boolean $manage_datasource = true,
- Enum['h2', 'mysql', 'oracle', 'postgresql'] $datasource_driver = 'h2',
- Optional[String] $datasource_host = undef,
- Optional[Integer] $datasource_port = undef,
- Optional[String] $datasource_url = undef,
- Optional[String] $datasource_xa_class = undef,
- String $datasource_dbname = 'keycloak',
- String $datasource_username = 'sa',
- String $datasource_password = 'sa',
- Optional[String] $datasource_package = undef,
- Optional[String] $datasource_jar_source = undef,
- Optional[String] $datasource_jar_filename = undef,
- Optional[String] $datasource_module_source = undef,
- String $mysql_database_charset = 'utf8',
- Boolean $proxy_https = false,
+ Boolean $manage_db = true,
+ Boolean $manage_db_server = true,
+ Enum['dev-file', 'dev-mem', 'mariadb', 'mysql', 'oracle', 'postgres'] $db = 'dev-file',
+ Optional[Stdlib::Host] $db_url_host = undef,
+ Optional[Stdlib::Port] $db_url_port = undef,
+ Optional[String[1]] $db_url = undef,
+ String[1] $db_url_database = 'keycloak',
+ String[1] $db_username = 'keycloak',
+ String[1] $db_password = 'changeme',
+ String $db_charset = 'utf8',
+ Optional[Array[String[1]]] $features = undef,
+ Optional[Array[String[1]]] $features_disabled = undef,
Boolean $truststore = false,
Hash $truststore_hosts = {},
String $truststore_password = 'keycloak',
- Enum['WILDCARD', 'STRICT', 'ANY'] $truststore_hostname_verification_policy = 'WILDCARD',
- Integer $http_port = 8080,
- Integer $theme_static_max_age = 2592000,
- Boolean $theme_cache_themes = true,
- Boolean $theme_cache_templates = true,
+ Enum['edge','reencrypt','passthrough','none'] $proxy = 'none',
Hash $realms = {},
Boolean $realms_merge = false,
Hash $oidc_client_scopes = {},
@@ -350,154 +284,110 @@
Boolean $manage_sssd_config = true,
Array $sssd_ifp_user_attributes = [],
Boolean $restart_sssd = true,
- Optional[Stdlib::Absolutepath] $service_environment_file = undef,
- Enum['standalone', 'clustered', 'domain'] $operating_mode = 'standalone',
- Boolean $enable_jdbc_ping = false,
- Stdlib::IP::Address $jboss_bind_public_address = $facts['networking']['ip'],
- Stdlib::IP::Address $jboss_bind_private_address = $facts['networking']['ip'],
- Optional[Enum['master', 'slave']] $role = undef,
- Boolean $user_cache = true,
- Array $tech_preview_features = [],
- Boolean $auto_deploy_exploded = false,
- Boolean $auto_deploy_zipped = true,
Hash $spi_deployments = {},
+ Boolean $providers_purge = true,
Optional[String] $custom_config_content = undef,
Optional[Variant[String, Array]] $custom_config_source = undef,
- Optional[Stdlib::Host] $master_address = undef,
- String $server_name = $facts['hostname'],
- Boolean $syslog = false,
- String $syslog_app_name = 'keycloak',
- String $syslog_facility = 'user-level',
- Stdlib::Host $syslog_hostname = $facts['fqdn'],
- String $syslog_level = 'INFO',
- Stdlib::Port $syslog_port = 514,
- Stdlib::Host $syslog_server_address = 'localhost',
- Enum['RFC3164', 'RFC5424'] $syslog_format = 'RFC3164',
- String $auth_url_path = '/auth',
+ String $validator_test_url = '/realms/master/.well-known/openid-configuration',
) {
if ! ($facts['os']['family'] in ['RedHat','Debian']) {
fail("Unsupported osfamily: ${facts['os']['family']}, module ${module_name} only support osfamilies Debian and Redhat")
}
- if $role and ! ($operating_mode == 'domain') {
- fail('Role can only be specified in domain operating mode')
- }
-
- if $operating_mode == 'domain' {
- unless $role {
- fail("Role not specified: in domain mode role needs to be specified. This needs to be either 'master' or 'slave'.")
- }
- unless $wildfly_user {
- fail('Wildfly user not specified: in domain mode Wildfly user needs to be specified.')
- }
- unless $wildfly_user_password {
- fail('Wildfly user password not specified: in domain, mode Wildfly user password needs to be specified.')
- }
-
- if $role == 'slave' and ! $master_address {
- fail('Master address not specified: in domain mode, master address needs to be specified for a slave.')
- }
+ $download_url = pick($package_url, "https://github.com/keycloak/keycloak/releases/download/${version}/keycloak-${version}.tar.gz")
- if $datasource_driver == 'h2' {
- fail("Invalid datasource driver for domain mode: ${datasource_driver}")
- }
+ $install_base = pick($install_dir, "/opt/keycloak-${keycloak::version}")
+ $admin_env = "${install_base}/conf/admin.env"
+ $truststore_file = "${install_base}/conf/truststore.jks"
+ $tmp_dir = "${install_base}/tmp"
+ $providers_dir = "${install_base}/providers"
- $wildfly_user_password_base64 = strip(base64('encode', $wildfly_user_password))
+ $default_config = {
+ 'hostname' => $hostname,
+ 'http-enabled' => $http_enabled,
+ 'http-host' => $http_host,
+ 'http-port' => $http_port,
+ 'https-port' => $https_port,
+ 'db' => $db,
+ 'db-url-host' => $db_url_host,
+ 'db-url-port' => $db_url_port,
+ 'db-url' => $db_url,
+ 'db-url-database' => $db_url_database,
+ 'db-username' => $db_username,
+ 'db-password' => $db_password,
+ 'features' => $features,
+ 'features-disabled' => $features_disabled,
+ 'proxy' => $proxy,
}
-
- if versioncmp($version, '12.0.0') >= 0 {
- $download_url = pick($package_url, "https://github.com/keycloak/keycloak/releases/download/${version}/keycloak-${version}.tar.gz")
+ if $truststore {
+ $truststore_configs = {
+ 'https-trust-store-file' => $truststore_file,
+ 'https-trust-store-password' => $truststore_password,
+ }
} else {
- $download_url = pick($package_url, "https://downloads.jboss.org/keycloak/${version}/keycloak-${version}.tar.gz")
- }
- case $datasource_driver {
- 'h2': {
- $datasource_connection_url = pick($datasource_url, "jdbc:h2:\${jboss.server.data.dir}/${datasource_dbname};AUTO_SERVER=TRUE")
- }
- 'mysql': {
- $db_host = pick($datasource_host, 'localhost')
- $db_port = pick($datasource_port, 3306)
- $datasource_connection_url = pick($datasource_url, "jdbc:mysql://${db_host}:${db_port}/${datasource_dbname}")
- }
- 'oracle': {
- $db_host = pick($datasource_host, 'localhost')
- $db_port = pick($datasource_port, 1521)
- $datasource_connection_url = pick($datasource_url, "jdbc:oracle:thin:@${db_host}:${db_port}:${datasource_dbname}")
- }
- 'postgresql': {
- $db_host = pick($datasource_host, 'localhost')
- $db_port = pick($datasource_port, 5432)
- $datasource_connection_url = pick($datasource_url, "jdbc:postgresql://${db_host}:${db_port}/${datasource_dbname}")
- }
- default: {}
+ $truststore_configs = {}
}
+ $config = $default_config + $truststore_configs + $configs
- if ($datasource_driver == 'oracle') and ($datasource_jar_source == undef) {
- fail('Using Oracle RDBMS requires definition datasource_jar_source for Oracle JDBC driver. Refer to module documentation')
+ if $config['http-enabled'] {
+ $wrapper_protocol = 'http'
+ $wrapper_port = $config['http-port']
+ $validator_port = $config['http-port']
+ $validator_ssl = false
+ if $config['http-host'] in ['0.0.0.0', '127.0.0.1'] {
+ $wrapper_address = 'localhost'
+ $validator_server = 'localhost'
+ } else {
+ $wrapper_address = $config['http-host']
+ $validator_server = $config['http-host']
+ }
+ } else {
+ $wrapper_protocol = 'https'
+ $wrapper_port = $config['https-port']
+ $wrapper_address = $config['hostname']
+ $validator_port = $config['https-port']
+ $validator_server = $config['hostname']
+ $validator_ssl = true
}
+ $wrapper_server = "${wrapper_protocol}://${wrapper_address}:${wrapper_port}"
- case $facts['os']['family'] {
- 'RedHat': {
- if versioncmp($facts['os']['release']['major'], '8') >= 0 {
- $mysql_datasource_class = pick($datasource_xa_class, 'org.mariadb.jdbc.MariaDbDataSource')
- $mysql_jar_source = '/usr/lib/java/mariadb-java-client.jar'
- $postgresql_jar_source = '/usr/share/java/postgresql-jdbc/postgresql.jar'
- } else {
- $mysql_datasource_class = pick($datasource_xa_class, 'com.mysql.jdbc.jdbc2.optional.MysqlXADataSource')
- $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar'
- $postgresql_jar_source = '/usr/share/java/postgresql-jdbc.jar'
- }
- }
- 'Debian': {
- if ($facts['os']['name'] == 'Debian' and versioncmp($facts['os']['release']['major'], '10') >= 0) or
- ($facts['os']['name'] == 'Ubuntu' and versioncmp($facts['os']['release']['major'], '20.04') >= 0) {
- $mysql_datasource_class = pick($datasource_xa_class, 'org.mariadb.jdbc.MariaDbDataSource')
- $mysql_jar_source = '/usr/share/java/mariadb-java-client.jar'
- } else {
- $mysql_datasource_class = pick($datasource_xa_class, 'com.mysql.jdbc.jdbc2.optional.MysqlXADataSource')
- $mysql_jar_source = '/usr/share/java/mysql-connector-java.jar'
- }
- $postgresql_jar_source = '/usr/share/java/postgresql.jar'
- }
- default: {
- # do nothing
+ if $java_declare_method == 'include' {
+ contain java
+ } else {
+ class { 'java':
+ package => $java_package,
+ java_home => $java_home,
+ java_alternative_path => $java_alternative_path,
+ java_alternative => $java_alternative,
}
}
- $install_base = pick($install_dir, "/opt/keycloak-${keycloak::version}")
-
- include ::java
contain 'keycloak::install'
- contain "keycloak::datasource::${datasource_driver}"
contain 'keycloak::config'
contain 'keycloak::service'
- Class['::java']
+ Class['java']
-> Class['keycloak::install']
- -> Class["keycloak::datasource::${datasource_driver}"]
-> Class['keycloak::config']
-> Class['keycloak::service']
- Class["keycloak::datasource::${datasource_driver}"]~>Class['keycloak::service']
+ if $db in ['mysql','mariadb','postgres'] {
+ contain "keycloak::db::${db}"
+ Class["keycloak::db::${db}"]~>Class['keycloak::service']
+ }
if $with_sssd_support {
contain 'keycloak::sssd'
Class['keycloak::sssd'] ~> Class['keycloak::service']
}
- if $service_bind_address == '0.0.0.0' {
- $validator_keycloak_server = '127.0.0.1'
- } else {
- $validator_keycloak_server = $service_bind_address
- }
-
keycloak_conn_validator { 'keycloak':
- keycloak_server => $validator_keycloak_server,
- keycloak_port => $http_port,
- use_ssl => false,
+ keycloak_server => $validator_server,
+ keycloak_port => $validator_port,
+ use_ssl => $validator_ssl,
timeout => 60,
- test_url => "${auth_url_path}/realms/master/.well-known/openid-configuration",
+ test_url => $validator_test_url,
require => Class['keycloak::service'],
}
diff --git a/manifests/service.pp b/manifests/service.pp
index 9b1bccbb..d8074944 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -11,8 +11,8 @@
ensure => $keycloak::service_ensure,
enable => $keycloak::service_enable,
name => $keycloak::service_name,
- hasstatus => $keycloak::service_hasstatus,
- hasrestart => $keycloak::service_hasrestart,
+ hasstatus => true,
+ hasrestart => true,
}
}
diff --git a/manifests/spi_deployment.pp b/manifests/spi_deployment.pp
index 7e5a7b99..897d3bbc 100644
--- a/manifests/spi_deployment.pp
+++ b/manifests/spi_deployment.pp
@@ -47,12 +47,9 @@
) {
include keycloak
- $dir = "${keycloak::install_base}/standalone/deployments"
$basename = basename($source)
- $dest = "${dir}/${deployed_name}"
- $tmp = "${keycloak::install_base}/tmp/${basename}"
- $dodeploy = "${dest}.dodeploy"
- $deployed = "${dest}.deployed"
+ $dest = "${keycloak::providers_dir}/${deployed_name}"
+ $tmp = "${keycloak::tmp_dir}/${basename}"
if $ensure == 'present' {
if $source =~ Stdlib::HTTPUrl or $source =~ Stdlib::HTTPSUrl {
@@ -66,7 +63,7 @@
cleanup => false,
user => $keycloak::user,
group => $keycloak::group,
- require => File["${keycloak::install_base}/tmp"],
+ require => File[$keycloak::tmp_dir],
before => File[$dest],
}
} else {
@@ -79,14 +76,7 @@
group => $keycloak::group,
mode => '0644',
require => Class['keycloak::install'],
- notify => Exec["${name}-dodeploy"],
- }
- exec { "${name}-dodeploy":
- path => '/usr/bin:/bin:/usr/sbin:/sbin',
- command => "touch ${dodeploy}",
- refreshonly => true,
- user => $keycloak::user,
- group => $keycloak::group,
+ notify => Class['keycloak::service'],
}
if $test_url and $test_key and $test_value {
@@ -96,13 +86,13 @@
test_value => $test_value,
realm => $test_realm,
dependent_resources => $test_before,
- require => Exec["${name}-dodeploy"],
+ require => Class['keycloak::service'],
}
}
}
if $ensure == 'absent' {
- file { $deployed:
+ file { $dest:
ensure => 'absent',
}
}
diff --git a/manifests/truststore/host.pp b/manifests/truststore/host.pp
index a5e20e3a..6f838220 100644
--- a/manifests/truststore/host.pp
+++ b/manifests/truststore/host.pp
@@ -17,18 +17,13 @@
include keycloak
- if $keycloak::operating_mode == 'domain' {
- $_path = "${keycloak::install_base}/domain/configuration/truststore.jks"
- } else {
- $_path = "${keycloak::install_base}/standalone/configuration/truststore.jks"
- }
-
java_ks { $name:
ensure => $ensure,
certificate => $certificate,
- target => $_path,
+ target => $keycloak::truststore_file,
password => $keycloak::truststore_password,
trustcacerts => true,
+ require => Class['keycloak::install'],
notify => Class['keycloak::service'],
}
diff --git a/metadata.json b/metadata.json
index 2990274f..c4914292 100644
--- a/metadata.json
+++ b/metadata.json
@@ -14,28 +14,20 @@
},
{
"name": "puppetlabs/mysql",
- "version_requirement": ">= 10.3.0 <13.0.0"
+ "version_requirement": ">= 11.1.0 <13.0.0"
},
{
"name": "puppetlabs/postgresql",
- "version_requirement": ">= 6.6.0 <9.0.0"
+ "version_requirement": ">= 7.4.0 <9.0.0"
},
{
"name": "puppetlabs/java",
- "version_requirement": ">= 7.3.0 <8.0.0"
+ "version_requirement": ">= 7.3.0 <9.0.0"
},
{
"name": "puppetlabs/java_ks",
"version_requirement": ">= 1.0.0 <5.0.0"
},
- {
- "name": "puppetlabs/augeas_core",
- "version_requirement": ">= 1.0.0 <2.0.0"
- },
- {
- "name": "puppetlabs/yumrepo_core",
- "version_requirement": ">= 1.0.0 <2.0.0"
- },
{
"name": "puppet/archive",
"version_requirement": ">= 0.5.1 <7.0.0"
@@ -68,7 +60,6 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
- "9",
"10",
"11"
]
@@ -89,5 +80,5 @@
],
"pdk-version": "2.1.0",
"template-url": "https://github.com/treydock/pdk-templates.git#master",
- "template-ref": "heads/master-0-g6c46c75"
+ "template-ref": "heads/master-0-g3ff6177"
}
diff --git a/spec/acceptance/10_required_action_spec.rb b/spec/acceptance/10_required_action_spec.rb
index 2d1642e4..b03a8f13 100644
--- a/spec/acceptance/10_required_action_spec.rb
+++ b/spec/acceptance/10_required_action_spec.rb
@@ -4,10 +4,7 @@
context 'creates required action' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
-> keycloak_realm { 'test': ensure => 'present' }
@@ -46,10 +43,7 @@ class { 'keycloak':
context 'updates required action' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
-> keycloak_realm { 'test': ensure => 'present' }
@@ -79,10 +73,7 @@ class { 'keycloak':
context 'ensure => absent' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
-> keycloak_required_action { 'custom-alias on test':
ensure => 'absent'
}
diff --git a/spec/acceptance/11_role_mapping_spec.rb b/spec/acceptance/11_role_mapping_spec.rb
index 1ed9c1f6..ac1130ba 100644
--- a/spec/acceptance/11_role_mapping_spec.rb
+++ b/spec/acceptance/11_role_mapping_spec.rb
@@ -4,10 +4,7 @@
context 'removes role mappings for admin' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_role_mapping { 'admin':
realm => 'master',
name => 'admin',
@@ -33,10 +30,7 @@ class { 'keycloak':
context 'adds role mappings for admin' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_role_mapping { 'admin':
realm => 'master',
name => 'admin',
@@ -66,10 +60,7 @@ class { 'keycloak':
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_role_mapping { 'testgroup':
realm => 'master',
name => 'testgroup',
diff --git a/spec/acceptance/1_class_spec.rb b/spec/acceptance/1_class_spec.rb
index 19f00c6f..495afe0d 100644
--- a/spec/acceptance/1_class_spec.rb
+++ b/spec/acceptance/1_class_spec.rb
@@ -1,10 +1,10 @@
require 'spec_helper_acceptance'
-describe 'keycloak class:', unless: RSpec.configuration.keycloak_domain_mode_cluster do
+describe 'keycloak class:', unless: RSpec.configuration.keycloak_full do
context 'default parameters' do
it 'runs successfully' do
pp = <<-EOS
- class { 'keycloak': }
+ class { 'keycloak': db => 'dev-file' }
EOS
apply_manifest(pp, catch_failures: true)
@@ -21,58 +21,10 @@ class { 'keycloak': }
end
end
- context 'default with clustered mode enable' do
- it 'runs successfully' do
- pp = <<-EOS
- class { 'keycloak':
- operating_mode => 'clustered',
- }
- EOS
-
- apply_manifest(pp, catch_failures: true)
- apply_manifest(pp, catch_changes: true)
- end
-
- describe service('keycloak') do
- it { is_expected.to be_enabled }
- it { is_expected.to be_running }
- end
- end
-
- context 'default with mysql datasource' do
+ context 'default with mysql/mariadb db' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
- EOS
-
- apply_manifest(pp, catch_failures: true)
- apply_manifest(pp, catch_changes: true)
- end
-
- describe service('keycloak') do
- it { is_expected.to be_enabled }
- it { is_expected.to be_running }
- end
-
- describe port(8080) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
-
- describe port(9990) do
- it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
- end
- end
-
- context 'default with postgresql datasource' do
- it 'runs successfully' do
- pp = <<-EOS
- include postgresql::server
- class { 'keycloak':
- datasource_driver => 'postgresql',
- }
+ class { 'keycloak': }
EOS
apply_manifest(pp, catch_failures: true)
@@ -85,24 +37,15 @@ class { 'keycloak':
end
describe port(8080) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
-
- describe port(9990) do
it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
end
end
- context 'default with JDBC_PING, clustered mode and postgresql datasource' do
+ context 'default with postgresql db' do
it 'runs successfully' do
pp = <<-EOS
- include postgresql::server
class { 'keycloak':
- datasource_driver => 'postgresql',
- operating_mode => 'clustered',
- enable_jdbc_ping => true,
- jboss_bind_private_address => '0.0.0.0',
- jboss_bind_public_address => '0.0.0.0',
+ db => 'postgres',
}
EOS
@@ -116,27 +59,18 @@ class { 'keycloak':
end
describe port(8080) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
-
- describe port(9990) do
it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
end
-
- describe port(7600) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
end
context 'changes to defaults' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
- proxy_https => true,
- java_opts => '-Xmx512m -Xms64m',
- syslog => true,
+ java_opts => '-Xmx512m -Xms64m',
+ configs => {
+ 'metrics-enabled' => true,
+ },
}
EOS
@@ -150,10 +84,6 @@ class { 'keycloak':
end
describe port(8080) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
-
- describe port(9990) do
it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
end
end
@@ -161,10 +91,7 @@ class { 'keycloak':
context 'reset to defaults' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
EOS
apply_manifest(pp, catch_failures: true)
@@ -177,10 +104,6 @@ class { 'keycloak':
end
describe port(8080) do
- it { is_expected.to be_listening.on('0.0.0.0').with('tcp') }
- end
-
- describe port(9990) do
it { is_expected.to be_listening.on('127.0.0.1').with('tcp') }
end
end
diff --git a/spec/acceptance/1_domain_mode_cluster_spec.rb b/spec/acceptance/1_domain_mode_cluster_spec.rb
deleted file mode 100644
index c43e1b7c..00000000
--- a/spec/acceptance/1_domain_mode_cluster_spec.rb
+++ /dev/null
@@ -1,134 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'keycloak domain mode cluster', if: RSpec.configuration.keycloak_domain_mode_cluster do
- domain_master = hosts_with_name(hosts, 'master')[0]
- domain_slave = hosts_with_name(hosts, 'slave')[0]
- db = hosts_with_name(hosts, 'db')[0]
-
- context 'new cluster' do
- it 'launches' do
- db_pp = <<-EOS
- class { '::postgresql::globals':
- encoding => 'UTF-8',
- locale => 'en_US.UTF-8',
- manage_package_repo => true,
- version => '9.6',
- }
-
- class { '::postgresql::server':
- listen_addresses => '*',
- require => Class['::postgresql::globals']
- }
-
- ::postgresql::server::role { 'keycloak':
- password_hash => postgresql_password('keycloak', 'keycloak'),
- connection_limit => 300,
- require => Class['::postgresql::server']
- }
-
- ::postgresql::server::database_grant { 'Grant all to keycloak':
- privilege => 'ALL',
- db => 'keycloak',
- role => 'keycloak',
- }
-
- ::postgresql::server::db { 'keycloak':
- user => 'keycloak',
- password => postgresql_password('keycloak', 'keycloak'),
- }
-
- postgresql::server::pg_hba_rule { 'Allow Keycloak instances network access to the database':
- description => 'Open up PostgreSQL for access from anywhere',
- type => 'host',
- database => 'keycloak',
- user => 'keycloak',
- address => '0.0.0.0/0',
- auth_method => 'md5',
- require => Class['::postgresql::server']
- }
- EOS
-
- master_pp = <<-EOS
- class { '::keycloak':
- operating_mode => 'domain',
- role => 'master',
- management_bind_address => $::ipaddress,
- enable_jdbc_ping => true,
- wildfly_user => 'wildfly',
- wildfly_user_password => 'wildfly',
- manage_install => true,
- manage_datasource => false,
- version => '10.0.1',
- datasource_driver => 'postgresql',
- datasource_host => 'db',
- datasource_port => 5432,
- datasource_dbname => 'keycloak',
- datasource_username => 'keycloak',
- datasource_password => 'keycloak',
- admin_user => 'admin',
- admin_user_password => 'changeme',
- service_bind_address => '0.0.0.0',
- proxy_https => false,
- }
- EOS
-
- slave_pp = <<-EOS
- class { '::keycloak':
- operating_mode => 'domain',
- role => 'slave',
- enable_jdbc_ping => true,
- management_bind_address => $::ipaddress,
- wildfly_user => 'wildfly',
- wildfly_user_password => 'wildfly',
- master_address => 'master',
- manage_install => true,
- manage_datasource => false,
- version => '10.0.1',
- datasource_driver => 'postgresql',
- datasource_host => 'db',
- datasource_port => 5432,
- datasource_dbname => 'keycloak',
- datasource_username => 'keycloak',
- datasource_password => 'keycloak',
- admin_user => 'admin',
- admin_user_password => 'changeme',
- service_bind_address => '0.0.0.0',
- proxy_https => false,
- }
- EOS
-
- apply_manifest_on(db, db_pp, catch_failures: true)
- apply_manifest_on(domain_master, master_pp, catch_failures: true)
- apply_manifest_on(domain_master, master_pp, catch_changes: true)
- apply_manifest_on(domain_slave, slave_pp, catch_failures: true)
- apply_manifest_on(domain_slave, slave_pp, catch_changes: true)
- end
-
- describe service('keycloak'), node: domain_master do
- it { is_expected.to be_enabled }
- it { is_expected.to be_running }
- end
-
- describe service('keycloak'), node: domain_slave do
- it { is_expected.to be_enabled }
- it { is_expected.to be_running }
- end
-
- it 'data replicates from master to slave' do
- on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh create roles -r master -s name=testrole'
- on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh get roles/testrole -r master' do
- data = JSON.parse(stdout)
- expect(data['name']).to eq('testrole')
- end
- end
-
- it 'data replicates from slave to master' do
- on domain_slave, '/opt/keycloak/bin/kcadm-wrapper.sh delete roles/testrole -r master'
- on domain_master, '/opt/keycloak/bin/kcadm-wrapper.sh get roles -r master' do
- data = JSON.parse(stdout)
- match = data.select { |role| role['name'] == 'testrole' }
- expect(match).to be_empty
- end
- end
- end
-end
diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb
index a72cfc55..53dcd9bf 100644
--- a/spec/acceptance/2_realm_spec.rb
+++ b/spec/acceptance/2_realm_spec.rb
@@ -4,10 +4,7 @@
context 'creates realm' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test':
ensure => 'present',
smtp_server_host => 'smtp.example.org',
@@ -142,10 +139,7 @@ class { 'keycloak':
context 'updates realm' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test':
ensure => 'present',
remember_me => true,
@@ -269,10 +263,7 @@ class { 'keycloak':
context 'creates realm with invalid browser flow' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test2':
ensure => 'present',
browser_flow => 'Copy of browser',
diff --git a/spec/acceptance/3_ldap_spec.rb b/spec/acceptance/3_ldap_spec.rb
index b6400d61..dfc459a8 100644
--- a/spec/acceptance/3_ldap_spec.rb
+++ b/spec/acceptance/3_ldap_spec.rb
@@ -4,10 +4,7 @@
context 'creates ldap' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_ldap_user_provider { 'LDAP':
realm => 'test',
@@ -98,10 +95,7 @@ class { 'keycloak':
context 'updates ldap' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_ldap_user_provider { 'LDAP':
realm => 'test',
@@ -180,10 +174,7 @@ class { 'keycloak':
context 'creates ldap with simple auth' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_ldap_user_provider { 'LDAP2':
realm => 'test',
@@ -219,10 +210,7 @@ class { 'keycloak':
context 'updates ldap auth' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_ldap_user_provider { 'LDAP':
realm => 'test',
@@ -258,10 +246,7 @@ class { 'keycloak':
context 'ensure => absent' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_ldap_mapper { 'full-name':
ensure => 'absent',
realm => 'test',
@@ -285,10 +270,7 @@ class { 'keycloak':
context 'creates freeipa user provider' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak::freeipa_user_provider { 'ipa.example.org':
ensure => 'present',
@@ -309,10 +291,7 @@ class { 'keycloak':
context 'creates freeipa ldap mappers' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak::freeipa_user_provider { 'ipa.example.org':
ensure => 'present',
diff --git a/spec/acceptance/3_sssd_spec.rb b/spec/acceptance/3_sssd_spec.rb
index 6a0f5c20..3f788505 100644
--- a/spec/acceptance/3_sssd_spec.rb
+++ b/spec/acceptance/3_sssd_spec.rb
@@ -1,6 +1,7 @@
require 'spec_helper_acceptance'
-describe 'keycloak_sssd_user_provider:', if: RSpec.configuration.keycloak_full do
+# TODO: Figure out how to support SSSD user provider on latest Keycloak and Java 11
+describe 'keycloak_sssd_user_provider:', if: false do
context 'bootstrap sssd' do
it 'is successful' do
on hosts, 'puppet resource package sssd-dbus ensure=installed'
@@ -29,9 +30,7 @@
it 'runs successfully' do
pp = <<-EOS
service { 'sssd': ensure => 'running' }
- include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
with_sssd_support => true,
}
keycloak_realm { 'test': ensure => 'present' }
@@ -59,9 +58,7 @@ class { 'keycloak':
it 'runs successfully' do
pp = <<-EOS
service { 'sssd': ensure => 'running' }
- include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
with_sssd_support => true,
}
keycloak_realm { 'test': ensure => 'present' }
@@ -90,9 +87,7 @@ class { 'keycloak':
it 'runs successfully' do
pp = <<-EOS
service { 'sssd': ensure => 'running' }
- include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
with_sssd_support => true,
}
keycloak_realm { 'test': ensure => 'present' }
diff --git a/spec/acceptance/4_client_scopes_spec.rb b/spec/acceptance/4_client_scopes_spec.rb
index 7ac8fe94..c178fe36 100644
--- a/spec/acceptance/4_client_scopes_spec.rb
+++ b/spec/acceptance/4_client_scopes_spec.rb
@@ -4,10 +4,7 @@
context 'creates client scopes' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak::client_scope::oidc { 'openid-connect-clients':
realm => 'test',
@@ -75,10 +72,7 @@ class { 'keycloak':
context 'creates saml client scope' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak::client_scope::saml { 'saml-clients':
realm => 'test',
diff --git a/spec/acceptance/5_client_spec.rb b/spec/acceptance/5_client_spec.rb
index 60166aa0..8d8eda7e 100644
--- a/spec/acceptance/5_client_spec.rb
+++ b/spec/acceptance/5_client_spec.rb
@@ -4,10 +4,7 @@
context 'creates client' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_flow { 'foo on test': ensure => 'present' }
keycloak_client { 'test.foo.bar':
@@ -172,10 +169,7 @@ class { 'keycloak':
context 'updates client' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client { 'test.foo.bar':
realm => 'test',
@@ -274,10 +268,7 @@ class { 'keycloak':
it 'manages authorization services properly' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client { 'test.foo.bar':
realm => 'test',
diff --git a/spec/acceptance/6_protocol_mapper_spec.rb b/spec/acceptance/6_protocol_mapper_spec.rb
index 3e691625..0f22c25b 100644
--- a/spec/acceptance/6_protocol_mapper_spec.rb
+++ b/spec/acceptance/6_protocol_mapper_spec.rb
@@ -4,10 +4,7 @@
context 'creates protocol_mapper' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client_scope { 'oidc on test':
ensure => 'present',
@@ -89,10 +86,7 @@ class { 'keycloak':
context 'updates protocol_mapper' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client_scope { 'oidc on test':
ensure => 'present',
@@ -169,10 +163,7 @@ class { 'keycloak':
context 'creates saml protocol_mapper' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client_scope { 'saml on test':
ensure => 'present',
diff --git a/spec/acceptance/7_client_protocol_mapper_spec.rb b/spec/acceptance/7_client_protocol_mapper_spec.rb
index f428067e..e8f844fd 100644
--- a/spec/acceptance/7_client_protocol_mapper_spec.rb
+++ b/spec/acceptance/7_client_protocol_mapper_spec.rb
@@ -4,10 +4,7 @@
context 'creates protocol_mapper' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client { 'test.foo.bar':
realm => 'test',
@@ -83,10 +80,7 @@ class { 'keycloak':
context 'updates protocol_mapper' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_client { 'test.foo.bar':
realm => 'test',
diff --git a/spec/acceptance/8_identity_provider_spec.rb b/spec/acceptance/8_identity_provider_spec.rb
index 2d9fffd2..41507b9f 100644
--- a/spec/acceptance/8_identity_provider_spec.rb
+++ b/spec/acceptance/8_identity_provider_spec.rb
@@ -4,10 +4,7 @@
context 'creates identity provider' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_identity_provider { 'cilogon on test':
ensure => 'present',
@@ -69,10 +66,7 @@ class { 'keycloak':
context 'updates identity provider' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_realm { 'test': ensure => 'present' }
keycloak_identity_provider { 'cilogon on test':
ensure => 'present',
@@ -136,10 +130,7 @@ class { 'keycloak':
context 'ensure => absent' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_identity_provider { 'cilogon on test':
ensure => 'absent',
}
diff --git a/spec/acceptance/9_flow_spec.rb b/spec/acceptance/9_flow_spec.rb
index 0ff204d6..8e71400f 100644
--- a/spec/acceptance/9_flow_spec.rb
+++ b/spec/acceptance/9_flow_spec.rb
@@ -4,10 +4,7 @@
context 'creates flow' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak::spi_deployment { 'duo-spi':
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///tmp/keycloak-duo-spi-jar-with-dependencies.jar',
@@ -120,10 +117,7 @@ class { 'keycloak':
context 'updates flow' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak::spi_deployment { 'duo-spi':
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///tmp/keycloak-duo-spi-jar-with-dependencies.jar',
@@ -239,10 +233,7 @@ class { 'keycloak':
context 'ensure => absent' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
keycloak_flow { 'browser-with-duo on test':
ensure => 'absent',
}
diff --git a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml b/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml
deleted file mode 100644
index a816d3b9..00000000
--- a/spec/acceptance/nodesets/centos-7-domain-mode-cluster.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-HOSTS:
- master:
- roles:
- - agent
- - default
- - domain_master
- platform: el-7-x86_64
- hypervisor: docker
- image: centos:7
- docker_preserve_image: true
- docker_cmd:
- - '/usr/sbin/init'
- docker_image_commands:
- - 'yum install -y wget which cronie iproute initscripts'
- docker_env:
- - LANG=en_US.UTF-8
- - LANGUAGE=en_US.UTF-8
- - LC_ALL=en_US.UTF-8
- docker_container_name: 'keycloak-master-el7'
- slave:
- roles:
- - agent
- - domain_slave
- platform: el-7-x86_64
- hypervisor: docker
- image: centos:7
- docker_preserve_image: true
- docker_cmd:
- - '/usr/sbin/init'
- docker_image_commands:
- - 'yum install -y wget which cronie iproute initscripts'
- docker_env:
- - LANG=en_US.UTF-8
- - LANGUAGE=en_US.UTF-8
- - LC_ALL=en_US.UTF-8
- docker_container_name: 'keycloak-slave-el7'
- db:
- roles:
- - agent
- - db
- platform: el-7-x86_64
- hypervisor: docker
- image: centos:7
- docker_preserve_image: true
- docker_cmd:
- - '/usr/sbin/init'
- docker_image_commands:
- - 'yum install -y wget which cronie iproute initscripts'
- docker_env:
- - LANG=en_US.UTF-8
- - LANGUAGE=en_US.UTF-8
- - LC_ALL=en_US.UTF-8
- docker_container_name: 'keycloak-db-el7'
-CONFIG:
- log_level: debug
- type: foss
-ssh:
- password: root
- auth_methods: ["password"]
-
diff --git a/spec/acceptance/nodesets/debian-9.yml b/spec/acceptance/nodesets/debian-9.yml
deleted file mode 100644
index 0a843a23..00000000
--- a/spec/acceptance/nodesets/debian-9.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-HOSTS:
- debian9:
- roles:
- - agent
- platform: debian-9-amd64
- hypervisor: docker
- image: debian:9
- docker_preserve_image: true
- docker_cmd:
- - '/sbin/init'
- docker_image_commands:
- - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates'
- - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment'
- - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen'
- - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf'
- - 'locale-gen en_US.UTF-8'
- docker_env:
- - LANG=en_US.UTF-8
- - LANGUAGE=en_US.UTF-8
- - LC_ALL=en_US.UTF-8
- docker_container_name: 'keycloak-debian9'
-CONFIG:
- log_level: debug
- type: foss
-ssh:
- password: root
- auth_methods: ["password"]
-
diff --git a/spec/acceptance/z_keycloak_api_spec.rb b/spec/acceptance/z_keycloak_api_spec.rb
index 561530db..3b275624 100644
--- a/spec/acceptance/z_keycloak_api_spec.rb
+++ b/spec/acceptance/z_keycloak_api_spec.rb
@@ -4,10 +4,7 @@
context 'bootstraps' do
it 'runs successfully' do
pp = <<-EOS
- include mysql::server
- class { 'keycloak':
- datasource_driver => 'mysql',
- }
+ class { 'keycloak': }
EOS
apply_manifest(pp, catch_failures: true)
@@ -29,7 +26,7 @@ class { 'keycloak':
end
it 'has created a realm' do
- on hosts, '/opt/keycloak/bin/kcadm.sh get realms/test2 --no-config --server http://localhost:8080/auth --realm master --user admin --password changeme' do
+ on hosts, '/opt/keycloak/bin/kcadm.sh get realms/test2 --no-config --server http://127.0.0.1:8080 --realm master --user admin --password changeme' do
data = JSON.parse(stdout)
expect(data['id']).to eq('test2')
end
@@ -54,7 +51,7 @@ class { 'keycloak':
end
it 'has updated a realm' do
- on hosts, '/opt/keycloak/bin/kcadm.sh get realms/test2 --no-config --server http://localhost:8080/auth --realm master --user admin --password changeme' do
+ on hosts, '/opt/keycloak/bin/kcadm.sh get realms/test2 --no-config --server http://127.0.0.1:8080 --realm master --user admin --password changeme' do
data = JSON.parse(stdout)
expect(data['rememberMe']).to eq(true)
end
diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
index 19a8c15f..37f503d1 100644
--- a/spec/classes/init_spec.rb
+++ b/spec/classes/init_spec.rb
@@ -6,7 +6,7 @@
let(:facts) do
facts.merge(concat_basedir: '/dne')
end
- let(:version) { '12.0.4' }
+ let(:version) { '18.0.0' }
case facts[:osfamily]
when %r{RedHat}
@@ -23,95 +23,6 @@
it { is_expected.to contain_class('keycloak::config').that_comes_before('Class[keycloak::service]') }
it { is_expected.to contain_class('keycloak::service') }
- context 'domain master' do
- let(:params) do
- {
- operating_mode: 'domain',
- install_dir: '/opt/keycloak-x',
- role: 'master',
- datasource_driver: 'postgresql',
- wildfly_user: 'wildfly',
- wildfly_user_password: 'changeme',
- }
- end
-
- it { is_expected.to compile.with_all_deps }
- it do
- is_expected.to contain_augeas('ensure-servername').with(incl: '/opt/keycloak-x/domain/configuration/host-master.xml')
- is_expected.to contain_exec('create-wildfly-user').with(command: '/opt/keycloak-x/bin/add-user.sh --user wildfly --password changeme -e -s && touch /opt/keycloak-x/.create-wildfly-user')
- end
- end
-
- context 'domain slave' do
- let(:params) do
- {
- operating_mode: 'domain',
- install_dir: '/opt/keycloak-x',
- role: 'slave',
- master_address: '10.0.5.10',
- datasource_driver: 'postgresql',
- wildfly_user: 'wildfly',
- wildfly_user_password: 'changeme',
- }
- end
-
- it { is_expected.to compile.with_all_deps }
-
- it do
- is_expected.to contain_augeas('ensure-servername').with(incl: '/opt/keycloak-x/domain/configuration/host-slave.xml',
- context: '/files/opt/keycloak-x/domain/configuration/host-slave.xml/host/servers')
- is_expected.to contain_exec('create-wildfly-user').with(command: '/opt/keycloak-x/bin/add-user.sh --user wildfly --password changeme -e -s && touch /opt/keycloak-x/.create-wildfly-user')
- end
- end
-
- context 'standalone with domain role defined' do
- let(:params) do
- {
- operating_mode: 'standalone',
- role: 'master',
- }
- end
-
- it { is_expected.not_to compile }
- end
-
- context 'domain slave without master_address' do
- let(:params) do
- {
- operating_mode: 'domain',
- wildfly_user: 'wildfly',
- wildfly_user_password: 'wildfly',
- role: 'slave',
- }
- end
-
- it { is_expected.not_to compile }
- end
-
- context 'domain master without wildfly user' do
- let(:params) do
- {
- operating_mode: 'domain',
- role: 'master',
- wildfly_user_password: 'wildfly',
- }
- end
-
- it { is_expected.not_to compile }
- end
-
- context 'domain master without wildfly user password' do
- let(:params) do
- {
- operating_mode: 'domain',
- role: 'master',
- wildfly_user: 'wildfly',
- }
- end
-
- it { is_expected.not_to compile }
- end
-
context 'keycloak::install' do
it do
is_expected.to contain_user('keycloak').only_with(ensure: 'present',
@@ -125,143 +36,111 @@
end
end
- context 'keycloak::datasource::mysql' do
+ context 'keycloak db=mysql' do
let(:pre_condition) { 'include ::mysql::server' }
- let(:params) { { datasource_driver: 'mysql' } }
-
- it { is_expected.to contain_class('keycloak::install').that_comes_before('Class[keycloak::datasource::mysql]') }
- it { is_expected.to contain_class('keycloak::datasource::mysql').that_comes_before('Class[keycloak::config]') }
+ let(:params) { { db: 'mysql' } }
+ it { is_expected.to contain_class('keycloak::db::mysql').that_notifies('Class[keycloak::service]') }
it do
- is_expected.to contain_mysql__db('keycloak').with(user: 'sa',
- password: 'sa',
+ is_expected.to contain_mysql__db('keycloak').with(user: 'keycloak',
+ password: 'changeme',
host: 'localhost',
grant: 'ALL')
end
- context 'manage_datasource => false' do
- let(:params) { { datasource_driver: 'mysql', manage_datasource: false } }
+ it do
+ verify_contents(catalogue, "/opt/keycloak-#{version}/conf/keycloak.conf", [
+ 'db=mysql',
+ ])
+ end
+
+ context 'manage_db => false' do
+ let(:params) { { db: 'mysql', manage_db: false } }
it { is_expected.not_to contain_mysql__db('keycloak') }
end
end
- context 'keycloak::datasource::postgresql' do
- let(:params) { { datasource_driver: 'postgresql' } }
+ context 'keycloak db=mariadb' do
+ let(:pre_condition) { 'include ::mysql::server' }
+ let(:params) { { db: 'mariadb' } }
- it { is_expected.to contain_class('keycloak::install').that_comes_before('Class[keycloak::datasource::postgresql]') }
- it { is_expected.to contain_class('keycloak::datasource::postgresql').that_comes_before('Class[keycloak::config]') }
+ it { is_expected.to contain_class('keycloak::db::mariadb').that_notifies('Class[keycloak::service]') }
+ it do
+ is_expected.to contain_mysql__db('keycloak').with(user: 'keycloak',
+ password: 'changeme',
+ host: 'localhost',
+ grant: 'ALL')
+ end
it do
- is_expected.to contain_postgresql__server__db('keycloak').with(user: 'sa',
- password: %r{.*})
+ verify_contents(catalogue, "/opt/keycloak-#{version}/conf/keycloak.conf", [
+ 'db=mariadb',
+ ])
end
- context 'manage_datasource => false' do
- let(:params) { { datasource_driver: 'postgresql', manage_datasource: false } }
+ context 'manage_db => false' do
+ let(:params) { { db: 'mariadb', manage_db: false } }
- it { is_expected.not_to contain_postgresql__server__db('keycloak') }
+ it { is_expected.not_to contain_mysql__db('keycloak') }
end
end
- context 'keycloak::config' do
- it do
- is_expected.to contain_file('kcadm-wrapper.sh').only_with(
- ensure: 'file',
- path: "/opt/keycloak-#{version}/bin/kcadm-wrapper.sh",
- owner: 'keycloak',
- group: 'keycloak',
- mode: '0750',
- content: %r{.*},
- show_diff: 'false',
- )
- end
+ context 'keycloak db=postgres' do
+ let(:params) { { db: 'postgres' } }
+ it { is_expected.to contain_class('keycloak::db::postgres').that_notifies('Class[keycloak::service]') }
it do
- is_expected.to contain_exec('create-keycloak-admin')
- .with(command: "/opt/keycloak-#{version}/bin/add-user-keycloak.sh --user admin --password changeme --realm master && touch /opt/keycloak-#{version}/.create-keycloak-admin-h2",
- creates: "/opt/keycloak-#{version}/.create-keycloak-admin-h2",
- notify: 'Class[Keycloak::Service]')
+ is_expected.to contain_postgresql__server__db('keycloak').with(user: 'keycloak',
+ password: %r{.*})
end
it do
- is_expected.to contain_file("/opt/keycloak-#{version}/standalone/configuration").only_with(
- ensure: 'directory',
- owner: 'keycloak',
- group: 'keycloak',
- mode: '0750',
- )
+ verify_contents(catalogue, "/opt/keycloak-#{version}/conf/keycloak.conf", [
+ 'db=postgres',
+ ])
end
- it do
- is_expected.to contain_file("/opt/keycloak-#{version}/standalone/configuration/profile.properties").only_with(
- ensure: 'file',
- owner: 'keycloak',
- group: 'keycloak',
- mode: '0644',
- content: %r{.*},
- notify: 'Class[Keycloak::Service]',
- )
- end
+ context 'manage_db => false' do
+ let(:params) { { db: 'postgres', manage_db: false } }
- it do
- verify_exact_file_contents(catalogue, "/opt/keycloak-#{version}/standalone/configuration/profile.properties", [])
+ it { is_expected.not_to contain_postgresql__server__db('keycloak') }
end
+ end
+ context 'keycloak::config' do
it do
- is_expected.to contain_concat("/opt/keycloak-#{version}/config.cli").with(
- ensure: 'present',
+ is_expected.to contain_file('kcadm-wrapper.sh').only_with(
+ ensure: 'file',
+ path: "/opt/keycloak-#{version}/bin/kcadm-wrapper.sh",
owner: 'keycloak',
group: 'keycloak',
- mode: '0600',
- notify: 'Exec[jboss-cli.sh --file=config.cli]',
+ mode: '0750',
+ content: %r{.*},
show_diff: 'false',
)
end
it do
- is_expected.to contain_file_line('keycloak-JAVA_OPTS').with(
- ensure: 'absent',
- path: "/opt/keycloak-#{version}/bin/standalone.conf",
- line: 'JAVA_OPTS="$JAVA_OPTS "',
- match: '^JAVA_OPTS=',
- notify: 'Class[Keycloak::Service]',
- )
- end
-
- context 'when tech_preview_features defined' do
- let(:params) { { tech_preview_features: ['account_api'] } }
+ verify_exact_file_contents(catalogue, "/opt/keycloak-#{version}/conf/keycloak.conf", [
+ "hostname=#{facts[:fqdn]}",
+ 'http-enabled=true',
+ 'http-host=0.0.0.0',
+ 'http-port=8080',
+ 'https-port=8443',
+ 'db=dev-file',
+ 'db-url-database=keycloak',
+ 'db-username=keycloak',
+ 'db-password=changeme',
+ 'proxy=none',
+ ])
+ end
+
+ context 'when features defined' do
+ let(:params) { { features: ['authorization','impersonation'] } }
it do
- verify_exact_file_contents(catalogue, "/opt/keycloak-#{version}/standalone/configuration/profile.properties", ['feature.account_api=enabled'])
- end
- end
-
- context 'when java_opts defined' do
- let(:params) { { java_opts: '-Xmx512m -Xms64m' } }
-
- it do
- is_expected.to contain_file_line('keycloak-JAVA_OPTS').with(
- ensure: 'present',
- path: "/opt/keycloak-#{version}/bin/standalone.conf",
- line: 'JAVA_OPTS="$JAVA_OPTS -Xmx512m -Xms64m"',
- match: '^JAVA_OPTS=',
- notify: 'Class[Keycloak::Service]',
- )
- end
-
- context 'when java_opts_append is false' do
- let(:params) { { java_opts: '-Xmx512m -Xms64m', java_opts_append: false } }
-
- it do
- is_expected.to contain_file_line('keycloak-JAVA_OPTS').with(
- ensure: 'present',
- path: "/opt/keycloak-#{version}/bin/standalone.conf",
- line: 'JAVA_OPTS="-Xmx512m -Xms64m"',
- match: '^JAVA_OPTS=',
- notify: 'Class[Keycloak::Service]',
- )
- end
+ verify_contents(catalogue, "/opt/keycloak-#{version}/conf/keycloak.conf", ['features=authorization,impersonation'])
end
end
end
@@ -274,13 +153,15 @@
hasstatus: 'true',
hasrestart: 'true')
end
- end
- context 'syslog support' do
- let(:params) { { syslog: true, install_dir: '/opt/keycloak-x' } }
+ context 'when java_opts defined' do
+ let(:params) { { java_opts: '-Xmx512m -Xms64m' } }
- it do
- is_expected.to contain_concat_fragment('keycloak-config.cli-syslog').with(target: '/opt/keycloak-x/config.cli', order: '12')
+ it do
+ is_expected.to contain_systemd__unit_file('keycloak.service').with(
+ content: %r{Environment='JAVA_OPTS_APPEND=-Xmx512m -Xms64m'}
+ )
+ end
end
end
end # end context
diff --git a/spec/defines/spi_deployment_spec.rb b/spec/defines/spi_deployment_spec.rb
index 896b9685..f46ab636 100644
--- a/spec/defines/spi_deployment_spec.rb
+++ b/spec/defines/spi_deployment_spec.rb
@@ -6,7 +6,7 @@
let(:facts) do
facts.merge(concat_basedir: '/dne')
end
- let(:version) { '12.0.4' }
+ let(:version) { '18.0.0' }
let(:title) { 'duo-spi' }
let(:params) { { deployed_name: 'keycloak-duo-spi-jar-with-dependencies.jar', source: 'https://example.com/files/keycloak-duo-spi-jar-with-dependencies.jar' } }
@@ -20,29 +20,19 @@
user: 'keycloak',
group: 'keycloak',
require: "File[/opt/keycloak-#{version}/tmp]",
- before: "File[/opt/keycloak-#{version}/standalone/deployments/keycloak-duo-spi-jar-with-dependencies.jar]",
+ before: "File[/opt/keycloak-#{version}/providers/keycloak-duo-spi-jar-with-dependencies.jar]",
)
end
it do
- is_expected.to contain_file("/opt/keycloak-#{version}/standalone/deployments/keycloak-duo-spi-jar-with-dependencies.jar").with(
+ is_expected.to contain_file("/opt/keycloak-#{version}/providers/keycloak-duo-spi-jar-with-dependencies.jar").with(
ensure: 'file',
source: "/opt/keycloak-#{version}/tmp/keycloak-duo-spi-jar-with-dependencies.jar",
owner: 'keycloak',
group: 'keycloak',
mode: '0644',
require: 'Class[Keycloak::Install]',
- notify: 'Exec[duo-spi-dodeploy]',
- )
- end
-
- it do
- is_expected.to contain_exec('duo-spi-dodeploy').with(
- path: '/usr/bin:/bin:/usr/sbin:/sbin',
- command: "touch /opt/keycloak-#{version}/standalone/deployments/keycloak-duo-spi-jar-with-dependencies.jar.dodeploy",
- refreshonly: 'true',
- user: 'keycloak',
- group: 'keycloak',
+ notify: 'Class[Keycloak::Service]',
)
end
end
diff --git a/spec/fixtures/keycloak-duo-spi-jar-with-dependencies.jar b/spec/fixtures/keycloak-duo-spi-jar-with-dependencies.jar
index 115fa049..d45b5366 100644
Binary files a/spec/fixtures/keycloak-duo-spi-jar-with-dependencies.jar and b/spec/fixtures/keycloak-duo-spi-jar-with-dependencies.jar differ
diff --git a/spec/fixtures/test.pp b/spec/fixtures/test.pp
index a0ec305a..16d83933 100644
--- a/spec/fixtures/test.pp
+++ b/spec/fixtures/test.pp
@@ -1,4 +1,34 @@
include mysql::server
class { 'keycloak':
- datasource_driver => 'mysql',
+ db => 'mariadb',
+ hostname => 'localhost',
+ proxy => 'edge',
+ http_host => '127.0.0.1',
+ http_port => 9090,
+ configs => {
+ 'hostname-port' => 8080,
+ 'hostname-strict-https' => false,
+ },
}
+class { 'apache':
+ default_vhost => false,
+}
+apache::vhost { 'localhost':
+ servername => 'localhost',
+ port => '8080',
+ ssl => false,
+ manage_docroot => false,
+ docroot => '/var/www/html',
+ proxy_preserve_host => true,
+ proxy_add_headers => true,
+ proxy_pass => [
+ {'path' => '/', 'url' => 'http://localhost:9090/'}
+ ],
+ request_headers => [
+ 'set X-Forwarded-Proto "http"',
+ 'set X-Forwarded-Port "8080"'
+ ],
+ #headers => [
+ # 'always unset X-Frame-Options',
+ #],
+}
\ No newline at end of file
diff --git a/spec/spec_helper_acceptance_setup.rb b/spec/spec_helper_acceptance_setup.rb
index c0081316..61341889 100644
--- a/spec/spec_helper_acceptance_setup.rb
+++ b/spec/spec_helper_acceptance_setup.rb
@@ -1,15 +1,13 @@
RSpec.configure do |c|
c.add_setting :keycloak_version
keycloak_version = if ENV['BEAKER_keycloak_version'].nil? || ENV['BEAKER_keycloak_version'].empty?
- '12.0.4'
+ '18.0.0'
else
ENV['BEAKER_keycloak_version']
end
c.keycloak_version = keycloak_version
c.add_setting :keycloak_full
c.keycloak_full = (ENV['BEAKER_keycloak_full'] == 'true' || ENV['BEAKER_keycloak_full'] == 'yes')
- c.add_setting :keycloak_domain_mode_cluster
- c.keycloak_domain_mode_cluster = (ENV['BEAKER_keycloak_domain_mode_cluster'] == 'true' || ENV['BEAKER_keycloak_domain_mode_cluster'] == 'yes')
end
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
@@ -27,23 +25,31 @@
- name: "Common"
path: "common.yaml"
EOS
-# TODO: Use until released https://github.com/puppetlabs/puppetlabs-mysql/pull/1373
-ubuntu2004_yaml = <<-EOS
-mysql::bindings::java_package_name: libmariadb-java
-EOS
centos7_yaml = <<-EOS
postgresql::server::service_reload: 'systemctl reload postgresql 2>/dev/null 1>/dev/null'
EOS
+ubuntu1804_yaml = <<-EOS
+keycloak::db: mysql
+EOS
+# TODO: Use until this released to force mariadb:
+# https://github.com/puppetlabs/puppetlabs-mysql/commit/8c8c01739f593b2bcd1943297761a09dde994197
+ubuntu2004_yaml = <<-EOS
+keycloak::db: mysql
+EOS
common_yaml = <<-EOS
---
keycloak::version: '#{RSpec.configuration.keycloak_version}'
+keycloak::http_host: '127.0.0.1'
+keycloak::db: mariadb
+keycloak::proxy: edge
postgresql::server::service_status: 'service postgresql status 2>/dev/null 1>/dev/null'
EOS
create_remote_file(hosts, '/etc/puppetlabs/puppet/hiera.yaml', hiera_yaml)
on hosts, 'mkdir -p /etc/puppetlabs/puppet/data'
create_remote_file(hosts, '/etc/puppetlabs/puppet/data/common.yaml', common_yaml)
-on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/Ubuntu'
-create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/Ubuntu/20.04.yaml', ubuntu2004_yaml)
on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/CentOS'
create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/CentOS/7.yaml', centos7_yaml)
+on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/Ubuntu'
+create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/Ubuntu/18.04.yaml', ubuntu1804_yaml)
+create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/Ubuntu/20.04.yaml', ubuntu2004_yaml)
diff --git a/templates/config.cli/00-header.epp b/templates/config.cli/00-header.epp
deleted file mode 100644
index ab4664db..00000000
--- a/templates/config.cli/00-header.epp
+++ /dev/null
@@ -1,10 +0,0 @@
-<%- |
-String $operating_mode
-| -%>
-<% if $operating_mode == 'standalone' { -%>
-embed-server
-<% } elsif $operating_mode == 'clustered' { -%>
-embed-server --server-config=standalone-ha.xml
-<% } else { -%>
-embed-host-controller
-<% } -%>
diff --git a/templates/config.cli/01-https-proxy.epp b/templates/config.cli/01-https-proxy.epp
deleted file mode 100644
index 05966898..00000000
--- a/templates/config.cli/01-https-proxy.epp
+++ /dev/null
@@ -1,23 +0,0 @@
-<%- |
-String $prefix,
-String $operating_mode
-| -%>
-if (result.proxy-address-forwarding != true) of <%= $prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource
-<%= $prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=proxy-address-forwarding,value=true)
-end-if
-if (result.proxy-address-forwarding != true) of <%= $prefix -%>/subsystem=undertow/server=default-server/https-listener=https:read-resource
-<%= $prefix -%>/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=proxy-address-forwarding,value=true)
-end-if
-<%# use ha sockets in domain mode -%>
-<% if $operating_mode != 'domain' { -%>
-if (outcome != success) of /socket-binding-group=standard-sockets/socket-binding=proxy-https:read-resource
-/socket-binding-group=standard-sockets/socket-binding=proxy-https:add(port=443)
-end-if
-<% } else { -%>
-if (outcome != success) of /socket-binding-group=ha-sockets/socket-binding=proxy-https:read-resource
-/socket-binding-group=ha-sockets/socket-binding=proxy-https:add(port=443)
-end-if
-<% end } -%>
-if (result.redirect-socket != proxy-https) of <%= $prefix -%>/subsystem=undertow/server=default-server/http-listener=default:read-resource
-<%= $prefix -%>/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=redirect-socket,value=proxy-https)
-end-if
diff --git a/templates/config.cli/02-datasource.epp b/templates/config.cli/02-datasource.epp
deleted file mode 100644
index 9e136a4a..00000000
--- a/templates/config.cli/02-datasource.epp
+++ /dev/null
@@ -1,52 +0,0 @@
-<%- |
-String $datasource_driver,
-String $datasource_connection_url,
-String $datasource_username,
-String $datasource_password,
-String $mysql_datasource_class,
-String $prefix
-| -%>
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=driver-name, value=<%= $datasource_driver %>)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=connection-url, value="<%= $datasource_connection_url %>")
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=jndi-name, value=java:jboss/datasources/KeycloakDS)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=user-name, value="<%= $datasource_username %>")
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=password, value="<%= $datasource_password %>")
-<%- if $datasource_driver == 'mysql' { -%>
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
-try
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= $mysql_datasource_class %>)
-catch
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=mysql:remove
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=mysql:add(driver-module-name=com.mysql.jdbc,driver-name=mysql,driver-xa-datasource-class-name=<%= $mysql_datasource_class %>)
-end-try
-<%- } elsif $datasource_driver == 'h2' { -%>
-/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation)
-/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=check-valid-connection-sql)
-/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=background-validation-millis)
-/subsystem=datasources/data-source=KeycloakDS:undefine-attribute(name=flush-strategy)
-<%- } elsif $datasource_driver == 'oracle' { -%>
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1 FROM DUAL")
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
-try
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
-catch
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=oracle:remove
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=oracle:add(driver-module-name=org.oracle,driver-name=oracle,driver-xa-datasource-class-name=oracle.jdbc.xa.client.OracleXADataSource)
-end-try
-<%- } elsif $datasource_driver == 'postgresql' { -%>
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation, value=true)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=check-valid-connection-sql, value="SELECT 1")
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=background-validation-millis, value=60000)
-<%= $prefix -%>/subsystem=datasources/data-source=KeycloakDS:write-attribute(name=flush-strategy, value=IdleConnections)
-try
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
-catch
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=postgresql:remove
-<%= $prefix -%>/subsystem=datasources/jdbc-driver=postgresql:add(driver-module-name=org.postgresql,driver-name=postgresql,driver-xa-datasource-class-name=org.postgresql.xa.PGXADataSource)
-end-try
-<%- } -%>
diff --git a/templates/config.cli/03-truststore.epp b/templates/config.cli/03-truststore.epp
deleted file mode 100644
index 3f78fcec..00000000
--- a/templates/config.cli/03-truststore.epp
+++ /dev/null
@@ -1,26 +0,0 @@
-<%- |
-Boolean $truststore,
-String $operating_mode,
-String $install_base,
-String $truststore_password,
-String $truststore_hostname_verification_policy,
-String $prefix
-| -%>
-<% if $truststore { -%>
-if (outcome != success) of <%= $prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/:add
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:add(enabled=true)
-end-if
-<% if $operating_mode == 'domain' { -%>
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= $install_base %>/domain/configuration/truststore.jks)
-<% } else { -%>
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=file,value=<%= $install_base %>/standalone/configuration/truststore.jks)
-<% } -%>
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=password,value=<%= $truststore_password %>)
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=hostname-verification-policy,value=<%= $truststore_hostname_verification_policy %>)
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/provider=file/:map-put(name=properties,key=disabled,value=false)
-<% } else { -%>
-if (outcome == success) of <%= $prefix -%>/subsystem=keycloak-server/spi=truststore:read-resource
-<%= $prefix -%>/subsystem=keycloak-server/spi=truststore/:remove
-end-if
-<% } -%>
diff --git a/templates/config.cli/04-theming.epp b/templates/config.cli/04-theming.epp
deleted file mode 100644
index 0f1b0292..00000000
--- a/templates/config.cli/04-theming.epp
+++ /dev/null
@@ -1,9 +0,0 @@
-<%- |
-Integer $theme_static_max_age,
-Boolean $theme_cache_themes,
-Boolean $theme_cache_templates,
-String $prefix
-| -%>
-<%= $prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=staticMaxAge, value=<%= $theme_static_max_age %>)
-<%= $prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheThemes, value=<%= $theme_cache_themes %>)
-<%= $prefix -%>/subsystem=keycloak-server/theme=defaults/:write-attribute(name=cacheTemplates, value=<%= $theme_cache_templates %>)
diff --git a/templates/config.cli/05-deployment-scanner.epp b/templates/config.cli/05-deployment-scanner.epp
deleted file mode 100644
index 4e30bba5..00000000
--- a/templates/config.cli/05-deployment-scanner.epp
+++ /dev/null
@@ -1,7 +0,0 @@
-<%- |
-Boolean $auto_deploy_exploded,
-Boolean $auto_deploy_zipped,
-String $prefix
-| -%>
-<%= $prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-exploded",value=<%= $auto_deploy_exploded %>)
-<%= $prefix -%>/subsystem=deployment-scanner/scanner=default:write-attribute(name="auto-deploy-zipped",value=<%= $auto_deploy_zipped %>)
diff --git a/templates/config.cli/06-user-cache.epp b/templates/config.cli/06-user-cache.epp
deleted file mode 100644
index 77b83a37..00000000
--- a/templates/config.cli/06-user-cache.epp
+++ /dev/null
@@ -1,10 +0,0 @@
-<%- |
-Boolean $user_cache,
-String $prefix
-| -%>
-try
-<%= $prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= $user_cache %>)
-catch
-<%= $prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:remove
-<%= $prefix -%>/subsystem=keycloak-server/spi=userCache/provider=default/:add(enabled=<%= $user_cache %>)
-end-try
diff --git a/templates/config.cli/10-cluster.epp b/templates/config.cli/10-cluster.epp
deleted file mode 100644
index 0c94de53..00000000
--- a/templates/config.cli/10-cluster.epp
+++ /dev/null
@@ -1,41 +0,0 @@
-<%- |
-String $operating_mode,
-Boolean $enable_jdbc_ping,
-String $datasource_driver,
-String $jboss_bind_private_address,
-String $jboss_bind_public_address,
-String $prefix
-| -%>
-<%- if $operating_mode != 'standalone' and $enable_jdbc_ping { -%>
-if (outcome != success) of <%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource
-<%- if $datasource_driver == 'postgresql' { -%>
-<%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING ( own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, created TIMESTAMP DEFAULT CURRENT_TIMESTAMP, ping_data BYTEA, constraint PK_JGROUPSPING PRIMARY KEY (own_addr, cluster_name))"])
-<%- } -%>
-<%- if $datasource_driver == 'mysql' { -%>
-<%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING: add(add-index=0, data-source="KeycloakDS", properties=[initialize_sql="CREATE TABLE IF NOT EXISTS JGROUPSPING (own_addr varchar(200) NOT NULL, cluster_name varchar(200) NOT NULL, updated TIMESTAMP DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP, ping_data varbinary(5000) DEFAULT NULL, PRIMARY KEY (own_addr, cluster_name)) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin"])
-<%- } -%>
-end-if
-if (outcome == success) of <%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING:read-resource
-<%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=MPING: remove()
-end-if
-if (outcome == success) of <%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS:read-resource
-<%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: remove()
-<%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=pbcast.GMS: add(properties=[join_timeout=30000, print_local_addr=true, print_physical_addrs=true])
-end-if
-if (outcome != success) of <%= $prefix -%>/subsystem=jgroups/stack=tcp/protocol=JDBC_PING:read-resource
-end-if
-<%= $prefix -%>/subsystem=jgroups/channel=ee:write-attribute(name=stack, value="tcp")
-if (outcome == success) of <%= $prefix -%>/subsystem=jgroups/stack=udp:read-resource
-<%= $prefix -%>/subsystem=jgroups/stack=udp: remove()
-end-if
-if (outcome == success) of <%= $prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:read-resource
-<%= $prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-udp:remove()
-end-if
-if (outcome == success) of <%= $prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:read-resource
-<%= $prefix -%>/socket-binding-group=standard-sockets/socket-binding=jgroups-mping:remove()
-end-if
-<%- if $operating_mode != 'domain' { -%>
-/interface=private:write-attribute(name=inet-address, value=${jboss.bind.address.private:<%= $jboss_bind_private_address %>})
-/interface=public:write-attribute(name=inet-address, value=${jboss.bind.address:<%= $jboss_bind_public_address %>})
-<%- } -%>
-<%- } -%>
diff --git a/templates/config.cli/11-domain.epp b/templates/config.cli/11-domain.epp
deleted file mode 100644
index 6f99d117..00000000
--- a/templates/config.cli/11-domain.epp
+++ /dev/null
@@ -1,65 +0,0 @@
-<%- |
-String $prefix
-| -%>
-<%# remove load balancer -%>
-if (outcome == success) of /host=master/server-config=load-balancer:read-resource
-/host=master/server-config=load-balancer:remove
-end-if
-if (outcome == success) of /server-group=load-balancer-group:read-resource
-/server-group=load-balancer-group:remove
-end-if
-if (outcome == success) of /profile=load-balancer:read-resource
-/profile=load-balancer:remove
-end-if
-if (outcome == success) of /socket-binding-group=load-balancer-sockets:read-resource
-/socket-binding-group=load-balancer-sockets:remove
-end-if
-
-<%# caches -%>
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=authenticationSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=clientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineClientSessions:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-<%= $prefix -%>/subsystem=infinispan/cache-container=keycloak/distributed-cache=actionTokens:write-attribute(name=owners, value=${env.CACHE_OWNERS:2})
-
-<%# take control of the interfaces -%>
-if (outcome != success) of /interface=management:read-resource()
-/interface=management:add()
-end-if
-if (result != undefined) of /interface=management:read-attribute(name=inet-address)
-/interface=management:write-attribute(name=inet-address, value=undefined)
-end-if
-if (outcome != success) of /interface=private:read-resource()
-/interface=private:add()
-end-if
-if (result != undefined) of /interface=private:read-attribute(name=inet-address)
-/interface=private:write-attribute(name=inet-address, value=undefined)
-end-if
-if (outcome != success) of /interface=public:read-resource()
-/interface=public:add()
-end-if
-if (result != undefined) of /interface=public:read-attribute(name=inet-address)
-/interface=public:write-attribute(name=inet-address, value=undefined)
-end-if
-if (result != public) of /socket-binding-group=ha-sockets:read-attribute(name=default-interface)
-/socket-binding-group=ha-sockets:write-attribute(name=default-interface, value=public)
-end-if
-if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=ajp:read-attribute(name=interface)
-/socket-binding-group=ha-sockets/socket-binding=ajp:write-attribute(name=interface, value=undefined)
-end-if
-if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=http:read-attribute(name=interface)
-/socket-binding-group=ha-sockets/socket-binding=http:write-attribute(name=interface, value=undefined)
-end-if
-if (result != defined) of /socket-binding-group=ha-sockets/socket-binding=https:read-attribute(name=interface)
-/socket-binding-group=ha-sockets/socket-binding=https:write-attribute(name=interface, value=undefined)
-end-if
-if (result != management) of /socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:read-attribute(name=interface)
-/socket-binding-group=ha-sockets/socket-binding=jgroups-tcp:write-attribute(name=interface,value=management)
-end-if
-
-<%# ensure datasource for ee default bindings is correct -%>
-if (result != java:jboss/datasources/KeycloakDS) of <%= $prefix -%>/subsystem=ee/service=default-bindings:read-attribute(name=datasource)
-<%= $prefix -%>/subsystem=ee/service=default-bindings:write-attribute(name=datasource,value=java:jboss/datasources/KeycloakDS)
-end-if
diff --git a/templates/config.cli/12-syslog.epp b/templates/config.cli/12-syslog.epp
deleted file mode 100644
index 03916096..00000000
--- a/templates/config.cli/12-syslog.epp
+++ /dev/null
@@ -1,27 +0,0 @@
-<%- |
-String $prefix,
-Boolean $syslog,
-String $syslog_app_name,
-String $syslog_facility,
-Stdlib::Host $syslog_hostname,
-String $syslog_level,
-Stdlib::Port $syslog_port,
-Stdlib::Host $syslog_server_address,
-Enum['RFC3164', 'RFC5424'] $syslog_format = 'RFC3164'
-| -%>
-<%- if $syslog { -%>
-if (outcome != success) of <%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG:read-resource
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG:add
-end-if
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=app-name, value=<%= $syslog_app_name %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=facility, value=<%= $syslog_facility %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=hostname, value=<%= $syslog_hostname %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=level, value=<%= $syslog_level %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=port, value=<%= $syslog_port %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=server-address, value=<%= $syslog_server_address %>)
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG/:write-attribute(name=syslog-format, value=<%= $syslog_format %>)
-<%- } else { -%>
-if (outcome == success) of <%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG:read-resource
-<%= $prefix -%>/subsystem=logging/syslog-handler=SYSLOG:remove
-end-if
-<%- } -%>
\ No newline at end of file
diff --git a/templates/config.cli/99-footer.epp b/templates/config.cli/99-footer.epp
deleted file mode 100644
index e71114e5..00000000
--- a/templates/config.cli/99-footer.epp
+++ /dev/null
@@ -1,6 +0,0 @@
-<%- |
-String $operating_mode
-| -%>
-<% if $operating_mode == 'domain' { -%>
-stop-embedded-host-controller
-<% } -%>
diff --git a/templates/database/oracle/module.xml.erb b/templates/database/oracle/module.xml.erb
deleted file mode 100644
index 69bd79a8..00000000
--- a/templates/database/oracle/module.xml.erb
+++ /dev/null
@@ -1,13 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/templates/kcadm-wrapper.sh.erb b/templates/kcadm-wrapper.sh.erb
index 0c9c86ee..030109a3 100644
--- a/templates/kcadm-wrapper.sh.erb
+++ b/templates/kcadm-wrapper.sh.erb
@@ -2,4 +2,4 @@
KCADM="<%= scope['keycloak::install_base'] %>/bin/kcadm.sh"
-${KCADM} "$@" --no-config --server http://localhost:<%= scope['keycloak::http_port'] %><%= scope['keycloak::auth_url_path'] %> --realm master --user <%= scope['keycloak::admin_user'] %> --password <%= scope['keycloak::admin_user_password'] %>
+${KCADM} "$@" --no-config --server <%= scope['keycloak::wrapper_server'] %> --realm master --user <%= scope['keycloak::admin_user'] %> --password <%= scope['keycloak::admin_user_password'] %>
diff --git a/templates/keycloak.conf.erb b/templates/keycloak.conf.erb
new file mode 100644
index 00000000..a9c586a1
--- /dev/null
+++ b/templates/keycloak.conf.erb
@@ -0,0 +1,12 @@
+# File managed by Puppet, do not edit
+<% scope['keycloak::config'].each_pair do |k,v| -%>
+ <%- next if [:undef, nil].include?(v) -%>
+ <%-
+ if v.is_a?(Array)
+ value = v.join(',')
+ else
+ value = v
+ end
+ -%>
+<%= k %>=<%= value %>
+<% end -%>
diff --git a/templates/keycloak.service.erb b/templates/keycloak.service.erb
index 0392f2cf..8094e90f 100644
--- a/templates/keycloak.service.erb
+++ b/templates/keycloak.service.erb
@@ -1,6 +1,7 @@
[Unit]
-Description=Jboss Application Server
-After=network.target
+Description=Keycloak service
+After=network-online.target
+Wants=network-online.target
[Service]
Type=idle
@@ -8,21 +9,20 @@ SyslogIdentifier=keycloak
<% if scope['keycloak::service_environment_file'] -%>
EnvironmentFile=<%= scope['keycloak::service_environment_file'] %>
<% end -%>
+EnvironmentFile=<%= scope['keycloak::admin_env'] %>
+<% if scope['keycloak::java_opts'] -%>
+ <%- if scope['keycloak::java_opts'].is_a?(Array) -%>
+Environment='JAVA_OPTS_APPEND=<%= scope['keycloak::java_opts'].join(' ') %>'
+ <%- else -%>
+Environment='JAVA_OPTS_APPEND=<%= scope['keycloak::java_opts'] %>'
+ <%- end -%>
+<% end -%>
User=<%= scope['keycloak::user'] %>
Group=<%= scope['keycloak::group'] %>
-<% if scope['keycloak::operating_mode'] == 'standalone'-%>
-ExecStart=<%= scope['keycloak::install_base'] %>/bin/standalone.sh -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %><% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %>
-<% elsif scope['keycloak::operating_mode'] == 'clustered'-%>
-ExecStart=<%= scope['keycloak::install_base'] %>/bin/standalone.sh --server-config=standalone-ha.xml -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %><% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %>
-<% elsif scope['keycloak::operating_mode'] == 'domain'-%>
-<% if scope['keycloak::role'] == 'master' -%>
-ExecStart=<%= scope['keycloak::install_base'] %>/bin/domain.sh --host-config=host-master.xml -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %> -Djboss.bind.address.management=<%= scope['keycloak::management_bind_address'] %> <% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %>
-<% else -%>
-ExecStart=<%= scope['keycloak::install_base'] %>/bin/domain.sh --host-config=host-slave.xml -b <%= scope['keycloak::service_bind_address'] %> -Djboss.http.port=<%= scope['keycloak::http_port'] %> -Djboss.domain.master.address=<%= scope['keycloak::master_address'] %> -Djboss.bind.address.management=<%= scope['keycloak::management_bind_address'] %> <% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %>
-<% end -%>
-<% end -%>
+ExecStart=<%= scope['keycloak::install_base'] %>/bin/kc.sh <%= scope['keycloak::start_command']%> --auto-build<% if scope['keycloak::service_extra_opts'] -%> <%= scope['keycloak::service_extra_opts'] -%><% end %>
TimeoutStartSec=600
TimeoutStopSec=600
+SuccessExitStatus=0 143
[Install]
WantedBy=multi-user.target
diff --git a/templates/profile.properties.erb b/templates/profile.properties.erb
deleted file mode 100644
index 3d2acb01..00000000
--- a/templates/profile.properties.erb
+++ /dev/null
@@ -1,4 +0,0 @@
-# File managed by Puppet - DO NOT EDIT
-<%- scope['keycloak::tech_preview_features'].each do |feature_name| -%>
-feature.<%= feature_name %>=enabled
-<%- end -%>
diff --git a/types/configs.pp b/types/configs.pp
new file mode 100644
index 00000000..24c6beb8
--- /dev/null
+++ b/types/configs.pp
@@ -0,0 +1,56 @@
+# https://www.keycloak.org/server/all-config
+type Keycloak::Configs = Struct[
+ {
+ Optional['cache'] => Enum['local', 'ispn'],
+ Optional['cache-config-file'] => Stdlib::Absolutepath,
+ Optional['cache-stack'] => Enum['tcp','udp','kubernetes','ec2','azure','google'],
+ Optional['db'] => Enum['dev-file','dev-mem','mariadb','mysql','oracle','postgres'],
+ Optional['db-password'] => String[1],
+ Optional['db-pool-initial-size'] => Integer,
+ Optional['db-pool-max-size'] => Integer,
+ Optional['db-pool-min-size'] => Integer,
+ Optional['db-schema'] => String[1],
+ Optional['db-url'] => String[1],
+ Optional['db-url-database'] => String[1],
+ Optional['db-url-host'] => Stdlib::Host,
+ Optional['db-url-port'] => Stdlib::Port,
+ Optional['db-url-properties'] => String[1],
+ Optional['db-username'] => String[1],
+ Optional['transaction-xa-enabled'] => Boolean,
+ Optional['features'] => Array[String[1]],
+ Optional['features-disabled'] => Array[String[1]],
+ Optional['hostname'] => Stdlib::Host,
+ Optional['hostname-path'] => String[1],
+ Optional['hostname-port'] => Stdlib::Port,
+ Optional['hostname-strict'] => Boolean,
+ Optional['hostname-strict-backchannel'] => Boolean,
+ Optional['hostname-strict-https'] => Boolean,
+ Optional['http-enabled'] => Boolean,
+ Optional['http-host'] => Stdlib::Host,
+ Optional['http-port'] => Stdlib::Port,
+ Optional['http-relative-path'] => String[1],
+ Optional['https-certificate-file'] => Stdlib::Absolutepath,
+ Optional['https-certificate-key-file'] => Stdlib::Absolutepath,
+ Optional['https-cipher-suites'] => Array[String[1]],
+ Optional['https-client-auth'] => Enum['none','request','required'],
+ Optional['https-key-store-file'] => Stdlib::Absolutepath,
+ Optional['https-key-store-password'] => String[1],
+ Optional['https-key-store-type'] => String[1],
+ Optional['https-port'] => Stdlib::Port,
+ Optional['https-protocols'] => Array[String[1]],
+ Optional['https-trust-store-file'] => Stdlib::Absolutepath,
+ Optional['https-trust-store-password'] => String[1],
+ Optional['https-trust-store-type'] => String[1],
+ Optional['health-enabled'] => Boolean,
+ Optional['metrics-enabled'] => Boolean,
+ Optional['proxy'] => Enum['edge','reencrypt','passthrough','none'],
+ Optional['vault'] => Enum['vault','vault-dir'],
+ Optional['log'] => Array[Enum['console','file']],
+ Optional['log-console-color'] => Boolean,
+ Optional['log-console-format'] => String[1],
+ Optional['log-console-output'] => Enum['default','json'],
+ Optional['log-file'] => Stdlib::Absolutepath,
+ Optional['log-file-format'] => String[1],
+ Optional['log-level'] => String[1],
+ }
+]
\ No newline at end of file
diff --git a/vagrant-common.sh b/vagrant-common.sh
index 72163930..d9e16508 100755
--- a/vagrant-common.sh
+++ b/vagrant-common.sh
@@ -6,9 +6,9 @@ ln -s /vagrant /etc/puppetlabs/code/environments/production/modules/keycloak
puppet module install puppetlabs-stdlib
puppet module install puppetlabs-mysql
puppet module install puppetlabs-postgresql
+puppet module install puppetlabs-apache
puppet module install puppetlabs-java
puppet module install puppetlabs-java_ks
-puppet module install puppetlabs-concat
puppet module install puppet-archive
puppet module install camptocamp-systemd
puppet apply /vagrant/spec/fixtures/test.pp
diff --git a/vagrant/Puppetfile b/vagrant/Puppetfile
deleted file mode 100644
index d09d55ba..00000000
--- a/vagrant/Puppetfile
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env ruby
-#^syntax detection
-
-forge "https://forgeapi.puppetlabs.com"
-
-mod 'puppetlabs-stdlib'
-mod 'puppetfinland-easy_ipa',
- :git => 'https://github.com/Puppet-Finland/puppet-ipa.git',
- :commit => '67874ab7f40e4643b77adfd4155f9eb494776bc8'
-mod 'puppetlabs-mysql'
-mod 'puppetlabs-java'
-mod 'puppetlabs-java_ks'
-mod 'puppet-archive'
-mod 'camptocamp-systemd'
-mod 'puppetlabs-concat'
-mod 'puppetlabs-apt'
-mod 'puppetlabs-postgresql'
-mod 'puppetlabs-cron_core'
-mod 'puppetlabs-inifile'
-mod 'puppetlabs-k5login_core'
-mod 'puppetlabs-resource_api'
-mod 'puppetlabs-translate'
-mod 'puppetlabs-puppetserver_gem'
-mod 'puppetlabs-haproxy'
diff --git a/vagrant/Vagrantfile b/vagrant/Vagrantfile
deleted file mode 100644
index b34252ba..00000000
--- a/vagrant/Vagrantfile
+++ /dev/null
@@ -1,107 +0,0 @@
-# -*- mode: ruby -*-
-# vi: set ft=ruby :
-
-Vagrant.configure(2) do |config|
- config.hostmanager.enabled = true
- config.hostmanager.manage_host = true
- config.hostmanager.manage_guest = true
- config.hostmanager.ignore_private_ip = false
- config.hostmanager.include_offline = false
-
- config.vm.define "db" do |box|
- box.vm.box = "centos/7"
- box.vm.hostname = 'db.local'
- box.vm.synced_folder "..", "/vagrant", type: "virtualbox"
- box.hostmanager.manage_guest = true
- box.hostmanager.aliases = %w(db)
- box.vm.network "private_network", ip: "192.168.168.254"
- box.vm.provider 'virtualbox' do |vb|
- vb.linked_clone = true
- vb.gui = false
- vb.memory = 1024
- vb.customize ["modifyvm", :id, "--ioapic", "on"]
- vb.customize ["modifyvm", :id, "--hpet", "on"]
- vb.customize ["modifyvm", :id, "--audio", "none"]
- end
- box.vm.provision "shell" do |s|
- s.path = "install_agent.sh"
- end
- box.vm.provision "shell" do |s|
- s.path = "run_puppet.sh"
- s.args = ["-b", "/vagrant", "-m", "prepare.pp db.pp" ]
- end
- end
-
- config.vm.define "master" do |box|
- box.vm.box = "centos/7"
- box.vm.hostname = 'master.local'
- box.vm.synced_folder "..", "/vagrant", type: "virtualbox"
- box.hostmanager.manage_guest = true
- box.hostmanager.aliases = %w(master)
- box.vm.network "private_network", ip: "192.168.168.253"
- box.vm.provider 'virtualbox' do |vb|
- vb.linked_clone = true
- vb.gui = false
- vb.memory = 1024
- vb.customize ["modifyvm", :id, "--ioapic", "on"]
- vb.customize ["modifyvm", :id, "--hpet", "on"]
- vb.customize ["modifyvm", :id, "--audio", "none"]
- end
- box.vm.provision "shell" do |s|
- s.path = "install_agent.sh"
- end
- box.vm.provision "shell" do |s|
- s.path = "run_puppet.sh"
- s.args = ["-b", "/vagrant", "-m", "prepare.pp master.pp"]
- end
- end
-
- config.vm.define "slave" do |box|
- box.vm.box = "centos/7"
- box.vm.hostname = 'slave.local'
- box.vm.synced_folder "..", "/vagrant", type: "virtualbox"
- box.hostmanager.manage_guest = true
- box.hostmanager.aliases = %w(slave)
- box.vm.network "private_network", ip: "192.168.168.252"
- box.vm.provider 'virtualbox' do |vb|
- vb.linked_clone = true
- vb.gui = false
- vb.memory = 1024
- vb.customize ["modifyvm", :id, "--ioapic", "on"]
- vb.customize ["modifyvm", :id, "--hpet", "on"]
- vb.customize ["modifyvm", :id, "--audio", "none"]
- end
- box.vm.provision "shell" do |s|
- s.path = "install_agent.sh"
- end
- box.vm.provision "shell" do |s|
- s.path = "run_puppet.sh"
- s.args = ["-b", "/vagrant", "-m", "prepare.pp slave.pp"]
- end
- end
-
- config.vm.define "lb" do |box|
- box.vm.box = "centos/7"
- box.vm.hostname = 'lb.local'
- box.vm.synced_folder "..", "/vagrant", type: "virtualbox"
- box.hostmanager.manage_guest = true
- box.hostmanager.aliases = %w(lb)
- box.vm.network "private_network", ip: "192.168.168.251"
- box.vm.provider 'virtualbox' do |vb|
- vb.linked_clone = true
- vb.gui = false
- vb.memory = 1024
- vb.customize ["modifyvm", :id, "--ioapic", "on"]
- vb.customize ["modifyvm", :id, "--hpet", "on"]
- vb.customize ["modifyvm", :id, "--audio", "none"]
- end
- box.vm.provision "shell" do |s|
- s.path = "install_agent.sh"
- end
- box.vm.provision "shell" do |s|
- s.path = "run_puppet.sh"
- s.args = ["-b", "/vagrant", "-m", "prepare.pp lb.pp"]
- end
- end
-end
-
diff --git a/vagrant/db.pp b/vagrant/db.pp
deleted file mode 100644
index b9fb0faa..00000000
--- a/vagrant/db.pp
+++ /dev/null
@@ -1,36 +0,0 @@
-class { '::postgresql::globals':
- manage_package_repo => $manage_package_repo,
- version => $postgresql_version,
-}
-
-class { '::postgresql::server':
- listen_addresses => $postgresql_listen_address,
- require => Class['::postgresql::globals']
-}
-
-::postgresql::server::role { $db_username:
- password_hash => postgresql_password($db_username, $db_password),
- connection_limit => $db_connection_limit,
- require => Class['::postgresql::server']
-}
-
-::postgresql::server::database_grant { "Grant all to ${db_username}":
- privilege => 'ALL',
- db => $db_database,
- role => $db_username,
-}
-
-::postgresql::server::db { $db_database:
- user => $db_username,
- password => postgresql_password($db_username, $db_password),
-}
-
-postgresql::server::pg_hba_rule { 'Allow Keycloak instances network access to the database':
- description => 'Open up PostgreSQL for access from 192.168.168.0/24',
- type => 'host',
- database => $db_username,
- user => $db_password,
- address => '192.168.168.0/24',
- auth_method => 'md5',
- require => Class['::postgresql::server']
-}
diff --git a/vagrant/install_agent.sh b/vagrant/install_agent.sh
deleted file mode 100755
index 19b70e92..00000000
--- a/vagrant/install_agent.sh
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/sh
-
-# Exit on any error
-set -e
-
-CWD=`pwd`
-
-detect_osfamily() {
- if [ -f /etc/redhat-release ]; then
- OSFAMILY='redhat'
- RELEASE=$(cat /etc/redhat-release)
- if [ "`echo $RELEASE | grep -E 7\.[0-9]+`" ]; then
- RHEL_VERSION="7"
- else
- echo "Unsupported Redhat/Centos version. Supported versions are 7.x"
- exit 1
- fi
- elif [ "`lsb_release -d | grep -E '(Ubuntu|Debian)'`" ]; then
- OSFAMILY='debian'
- DESCR="$(lsb_release -d | awk '{ print $2}')"
- if [ `echo $DESCR|grep Ubuntu` ]; then
- UBUNTU_VERSION="$(lsb_release -c | awk '{ print $2}')"
- elif [ `echo $DESCR|grep Debian` ]; then
- DEBIAN_VERSION="$(lsb_release -c | awk '{ print $2}')"
- else
- echo "Unsupported Debian family operating system. Supported are Debian and Ubuntu"
- exit 1
- fi
- else
- echo "ERROR: unsupported osfamily. Supported are Debian and RedHat"
- exit 1
- fi
-}
-
-setup_puppet() {
- if [ -x /opt/puppetlabs/bin/puppet ]; then
- true
- else
- if [ $RHEL_VERSION ]; then
- RELEASE_URL="https://yum.puppetlabs.com/puppet6/puppet6-release-el-${RHEL_VERSION}.noarch.rpm"
- rpm -hiv "${RELEASE_URL}" || (c=$?; echo "Failed to install ${RELEASE_URL}"; (exit $c))
- yum -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
- if systemctl list-unit-files --type=service | grep firewalld; then
- systemctl stop firewalld
- systemctl disable firewalld
- systemctl mask firewalld
- fi
- else
- if [ $UBUNTU_VERSION ]; then
- APT_URL="https://apt.puppetlabs.com/puppet6-release-${UBUNTU_VERSION}.deb"
- fi
- if [ $DEBIAN_VERSION ]; then
- APT_URL="https://apt.puppetlabs.com/puppet6-release-${DEBIAN_VERSION}.deb"
- fi
- # https://serverfault.com/questions/500764/dpkg-reconfigure-unable-to-re-open-stdin-no-file-or-directory
- export DEBIAN_FRONTEND=noninteractive
- FILE="$(mktemp -d)/puppet-release.db"
- wget "${APT_URL}" -qO $FILE || (c=$?; echo "Failed to retrieve ${APT_URL}"; (exit $c))
- dpkg --install $FILE; rm $FILE; apt-get update || (c=$?; echo "Failed to install from ${FILE}"; (exit $c))
- apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install puppet-agent || (c=$?; echo "Failed to install puppet agent"; (exit $c))
- fi
- fi
-}
-
-# Main program
-detect_osfamily
-setup_puppet
-
-cd $CWD
diff --git a/vagrant/lb.pp b/vagrant/lb.pp
deleted file mode 100644
index 3be769c7..00000000
--- a/vagrant/lb.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-notify { 'Installing Load Balancer': }
-
-include ::haproxy
-
-haproxy::listen { 'kc':
- collect_exported => false,
- ipaddress => $facts['networking']['interfaces']['eth1']['ip'],
- mode => 'http',
- ports => '80',
- options => {
- 'option' => [
- 'tcplog',
- 'forwardfor',
- 'http-keep-alive'
- ],
- 'balance' => 'roundrobin',
- 'cookie' => 'SRVNAME insert',
- 'http-request' => 'set-header X-Forwarded-Port %[dst_port]',
- },
-}
-
-haproxy::balancermember { 'master':
- listening_service => 'kc',
- server_names => 'master.local',
- ipaddresses => '192.168.168.253',
- ports => '8080',
- options => 'cookie DC check',
-}
-
-haproxy::balancermember { 'slave':
- listening_service => 'kc',
- server_names => 'slave.local',
- ipaddresses => '192.168.168.252',
- ports => '8080',
- options => 'cookie HC check',
-}
-
-
diff --git a/vagrant/master.pp b/vagrant/master.pp
deleted file mode 100644
index 1ddd1732..00000000
--- a/vagrant/master.pp
+++ /dev/null
@@ -1,51 +0,0 @@
-notify { 'Installing Master': }
-
-class { '::keycloak':
- operating_mode => 'domain',
- role => 'master',
- management_bind_address => '192.168.168.253',
- enable_jdbc_ping => true,
- wildfly_user => $keycloak_wildfly_user,
- wildfly_user_password => $keycloak_wildfly_user_password,
- manage_install => true,
- manage_datasource => false,
- version => $keycloak_version,
- datasource_driver => 'postgresql',
- datasource_host => $keycloak_datasource_host,
- datasource_port => 5432,
- datasource_dbname => $keycloak_datasource_dbname,
- datasource_username => $keycloak_datasource_username,
- datasource_password => $keycloak_datasource_password,
- admin_user => $keycloak_admin_user,
- admin_user_password => $keycloak_admin_user_password,
- service_bind_address => '0.0.0.0',
- proxy_https => false,
- syslog => true,
-}
-
-keycloak_realm { 'TEST.NET':
- ensure => 'present',
- display_name => 'TEST.NET',
- display_name_html => 'TEST.NET',
- login_with_email_allowed => false,
- remember_me => false,
- events_enabled => true,
- admin_events_enabled => true,
- admin_events_details_enabled => true,
-}
-
-keycloak_client { 'example.com':
- ensure => 'present',
- realm => 'TEST.NET',
- standard_flow_enabled => true,
- protocol => 'saml',
- full_scope_allowed => true,
- service_accounts_enabled => false,
- base_url => 'https://example.com/',
- redirect_uris => [
- 'https://example.com/',
- 'https://example.com/*',
- ],
- require => Keycloak_realm['TEST.NET'],
-}
-
diff --git a/vagrant/prepare.pp b/vagrant/prepare.pp
deleted file mode 100644
index 2c6d655b..00000000
--- a/vagrant/prepare.pp
+++ /dev/null
@@ -1,28 +0,0 @@
-notify { 'Preparing for setup': }
-
-$tools = [ 'tcpdump', 'strace', 'nmap', 'screen', 'net-tools' ]
-
-package { $tools:
- ensure => 'installed',
-}
-
-package { 'r10k':
- ensure => 'present',
- provider => 'puppet_gem',
-}
-
-package { 'git':
- ensure => 'latest',
-}
-
-exec { 'Update modules':
- logoutput => true,
- command => "r10k puppetfile install --puppetfile ${::basedir}/vagrant/Puppetfile --verbose --moduledir /etc/puppetlabs/code/environments/production/modules", # lint:ignore:140chars
- timeout => 600,
- path => ['/bin','/usr/bin','/opt/puppetlabs/bin','/opt/puppetlabs/puppet/bin'],
-}
-
-file { '/etc/puppetlabs/code/environments/production/modules/keycloak':
- ensure => 'link',
- target => $::basedir,
-}
diff --git a/vagrant/run_puppet.sh b/vagrant/run_puppet.sh
deleted file mode 100755
index 0c1f2f47..00000000
--- a/vagrant/run_puppet.sh
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/sh
-
-# Exit on any error
-set -e
-
-# Preparations required prior to "puppet apply".
-
-usage() {
- echo
- echo "Usage: run_puppet.sh -b basedir"
- echo
- echo "Options:"
- echo " -b Base directory for dependency Puppet modules installed by"
- echo " librarian-puppet."
- echo " -m Puppet manifests to run. Put them in the provision folder"
- echo " -d Turn on debugging"
- exit 1
-}
-
-# Parse the options
-
-# We are run without parameters -> usage
-if [ "$1" = "" ]; then
- usage
-fi
-
-while getopts "b:m:h:d:" options; do
- case $options in
- b ) BASEDIR=$OPTARG;;
- m ) MANIFESTS=$OPTARG;;
- d ) DEBUG=$OPTARG;;
- h ) usage;;
- \? ) usage;;
- * ) usage;;
- esac
-done
-
-CWD=`pwd`
-
-# Configure with "puppet apply"
-if [ "$DEBUG" == "true" ]; then
- PUPPET_APPLY="/opt/puppetlabs/bin/puppet apply --verbose --debug --trace --summarize"
-else
- PUPPET_APPLY="/opt/puppetlabs/bin/puppet apply"
-fi
-
-# Pass variables to Puppet manifests via environment variables
-export FACTER_profile='/etc/profile.d/myprofile.sh'
-export FACTER_basedir="$BASEDIR"
-export FACTER_keycloak_version='12.0.2'
-export FACTER_keycloak_datasource_host='db.local'
-export FACTER_keycloak_datasource_dbname='keycloak'
-export FACTER_keycloak_datasource_username='keycloak'
-export FACTER_keycloak_datasource_password='keycloak'
-export FACTER_keycloak_admin_user='admin'
-export FACTER_keycloak_admin_user_password='changeme'
-export FACTER_keycloak_wildfly_user='wildfly'
-export FACTER_keycloak_wildfly_user_password='wildfly'
-export FACTER_manage_package_repo='false'
-export FACTER_postgresql_version='9.6'
-export FACTER_postgresql_manage_package_repo='true'
-export FACTER_postgresql_listen_address='*'
-export FACTER_db_username='keycloak'
-export FACTER_db_password='keycloak'
-export FACTER_db_database='keycloak'
-export FACTER_db_connection_limit='300'
-
-for manifest in $MANIFESTS; do
- $PUPPET_APPLY /vagrant/vagrant/$manifest
-done
-
-cd $CWD
diff --git a/vagrant/slave.pp b/vagrant/slave.pp
deleted file mode 100644
index bb35f87e..00000000
--- a/vagrant/slave.pp
+++ /dev/null
@@ -1,26 +0,0 @@
-notify { 'Installing Slave': }
-
-class { '::keycloak':
- operating_mode => 'domain',
- role => 'slave',
- enable_jdbc_ping => true,
- management_bind_address => '192.168.168.252',
- wildfly_user => $keycloak_wildfly_user,
- wildfly_user_password => $keycloak_wildfly_user_password,
- master_address => '192.168.168.253',
- manage_install => true,
- manage_datasource => false,
- version => $keycloak_version,
- datasource_driver => 'postgresql',
- datasource_host => $keycloak_datasource_host,
- datasource_port => 5432,
- datasource_dbname => $keycloak_datasource_dbname,
- datasource_username => $keycloak_datasource_username,
- datasource_password => $keycloak_datasource_password,
- admin_user => $keycloak_admin_user,
- admin_user_password => $keycloak_admin_user_password,
- service_bind_address => '0.0.0.0',
- proxy_https => false,
- syslog => true,
-}
-