fix(keycloak): add no_log and disable become
diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index d1ad1ef..c4400fa 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -38,6 +38,7 @@
- name: Create Keycloak realms
no_log: true
+ become: false
run_once: true
delegate_to: localhost
changed_when: false
@@ -64,6 +65,8 @@
template: configmap-openid-metadata.yml.j2
- name: Create Keycloak clients
+ no_log: true
+ become: false
run_once: true
delegate_to: localhost
community.general.keycloak_client:
diff --git a/roles/keystone/tasks_test.go b/roles/keystone/tasks_test.go
index 687659d..68f5d5a 100644
--- a/roles/keystone/tasks_test.go
+++ b/roles/keystone/tasks_test.go
@@ -42,4 +42,13 @@
require.NotNil(t, task)
assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakClientsTask(t *testing.T) {
+ task := getTaskByName("Create Keycloak clients")
+ require.NotNil(t, task)
+
+ assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
}
diff --git a/roles/kube_prometheus_stack/tasks/main.yml b/roles/kube_prometheus_stack/tasks/main.yml
index 57fb1ad..6409a10 100644
--- a/roles/kube_prometheus_stack/tasks/main.yml
+++ b/roles/kube_prometheus_stack/tasks/main.yml
@@ -13,7 +13,8 @@
# under the License.
- name: Create Keycloak realm
- run_once: true
+ no_log: true
+ become: false
delegate_to: localhost
changed_when: false
community.general.keycloak_realm:
@@ -31,6 +32,9 @@
enabled: true
- name: Add client roles in "id_token"
+ no_log: true
+ become: false
+ delegate_to: localhost
changed_when: false
community.general.keycloak_clientscope:
# Keycloak settings
@@ -54,6 +58,8 @@
multivalued: true
- name: Create Keycloak client
+ no_log: true
+ become: false
run_once: true
delegate_to: localhost
community.general.keycloak_client:
@@ -72,6 +78,8 @@
- "https://{{ kube_prometheus_stack_grafana_host }}/login/generic_oauth"
- name: Create Keycloak roles
+ no_log: true
+ become: false
run_once: true
delegate_to: localhost
community.general.keycloak_role:
diff --git a/roles/kube_prometheus_stack/tasks_test.go b/roles/kube_prometheus_stack/tasks_test.go
new file mode 100644
index 0000000..d0b5cd0
--- /dev/null
+++ b/roles/kube_prometheus_stack/tasks_test.go
@@ -0,0 +1,70 @@
+package kube_prometheus_stack
+
+import (
+ _ "embed"
+ "os"
+ "testing"
+
+ "github.com/goccy/go-yaml"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+)
+
+// Create Keycloak realms
+
+var (
+ //go:embed tasks/main.yml
+ tasksFile []byte
+ tasks []map[string]interface{}
+)
+
+func TestMain(m *testing.M) {
+ t := &testing.T{}
+
+ err := yaml.UnmarshalWithOptions(tasksFile, &tasks, yaml.Strict())
+ require.NoError(t, err)
+
+ code := m.Run()
+ os.Exit(code)
+}
+
+func getTaskByName(name string) map[string]interface{} {
+ for _, t := range tasks {
+ if t["name"] == name {
+ return t
+ }
+ }
+ return nil
+}
+
+func TestCreateKeycloakRealmTask(t *testing.T) {
+ task := getTaskByName("Create Keycloak realm")
+ require.NotNil(t, task)
+
+ assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
+}
+
+func TestAddClientRolesInIdTokenTask(t *testing.T) {
+ task := getTaskByName("Add client roles in \"id_token\"")
+ require.NotNil(t, task)
+
+ assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakClientsTask(t *testing.T) {
+ task := getTaskByName("Create Keycloak client")
+ require.NotNil(t, task)
+
+ assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
+}
+
+func TestCreateKeycloakRolesTask(t *testing.T) {
+ task := getTaskByName("Create Keycloak roles")
+ require.NotNil(t, task)
+
+ assert.Equal(t, true, task["no_log"])
+ assert.Equal(t, false, task["become"])
+}