Oleksandr Kozachenko | b009349 | 2023-09-06 21:43:47 +0200 | [diff] [blame] | 1 | # Copyright (c) 2023 VEXXHOST, Inc. |
| 2 | # |
| 3 | # Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 4 | # not use this file except in compliance with the License. You may obtain |
| 5 | # a copy of the License at |
| 6 | # |
| 7 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 8 | # |
| 9 | # Unless required by applicable law or agreed to in writing, software |
| 10 | # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 11 | # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the |
| 12 | # License for the specific language governing permissions and limitations |
| 13 | # under the License. |
| 14 | |
| 15 | - name: Create user and assert it exists inside Keystone |
| 16 | hosts: all |
| 17 | tasks: |
| 18 | - name: Create Keycloak user |
| 19 | run_once: true |
| 20 | delegate_to: localhost |
| 21 | community.general.keycloak_user: |
| 22 | # Keycloak settings |
| 23 | auth_keycloak_url: "https://{{ keycloak_host }}" |
| 24 | auth_realm: master |
| 25 | auth_client_id: admin-cli |
| 26 | auth_username: admin |
| 27 | auth_password: "{{ keycloak_admin_password }}" |
| 28 | validate_certs: "{{ cluster_issuer_type != 'self-signed' }}" |
| 29 | # User settings |
| 30 | realm: atmosphere |
| 31 | username: test-user |
| 32 | register: keycloak_user_result |
| 33 | |
| 34 | - name: Set a fact with user information using "end_state" or "existing" |
| 35 | run_once: true |
| 36 | ansible.builtin.set_fact: |
| 37 | keycloak_user_info: "{{ keycloak_user_result.existing | ternary(keycloak_user_result.existing, keycloak_user_result.end_state) }}" |
| 38 | |
| 39 | - name: Get list of all users in "atmosphere" domain |
| 40 | run_once: true |
| 41 | delegate_to: localhost |
| 42 | vexxhost.atmosphere.identity_user_info: |
| 43 | domain: atmosphere |
| 44 | name: "{{ keycloak_user_info.username }}" |
| 45 | register: identity_user_info_result |
| 46 | # XXX(mnaser): GHA seems to be slow so the user doesn't show up right |
| 47 | # away, it could also be a Keystone caching issue, for now |
| 48 | # we try a few more times. |
| 49 | retries: 30 |
| 50 | delay: 1 |
Mohammed Naser | 8ccabb6 | 2025-02-05 13:20:09 -0500 | [diff] [blame] | 51 | until: identity_user_info_result.users | length > 0 |
Oleksandr Kozachenko | b009349 | 2023-09-06 21:43:47 +0200 | [diff] [blame] | 52 | |
| 53 | - name: Assert that the user exists |
| 54 | run_once: true |
| 55 | ansible.builtin.assert: |
| 56 | that: |
Mohammed Naser | 8ccabb6 | 2025-02-05 13:20:09 -0500 | [diff] [blame] | 57 | - identity_user_info_result.users | length > 0 |
| 58 | - identity_user_info_result.users[0].id == keycloak_user_info.id | regex_replace('-', '') |
| 59 | - identity_user_info_result.users[0].name == keycloak_user_info.username |
Oleksandr Kozachenko | b009349 | 2023-09-06 21:43:47 +0200 | [diff] [blame] | 60 | |
| 61 | # TODO: Simulate Keystone authentication |
| 62 | # TODO: Simulate Horizon login |