From e7e2a3b50bf5558f9044bc921079d236c7323465 Mon Sep 17 00:00:00 2001 From: Trey Dockendorf Date: Sun, 17 Nov 2024 10:22:17 -0500 Subject: [PATCH] Move to using kcadm-wrapper config file so that script is just a script and not a template --- files/kcadm-wrapper.sh | 13 +++++++++++++ manifests/config.pp | 25 ++++++++++++++++++++----- manifests/init.pp | 3 ++- spec/classes/init_spec.rb | 3 ++- templates/kcadm-wrapper.sh.erb | 14 -------------- templates/shell_vars.epp | 8 ++++++++ 6 files changed, 45 insertions(+), 21 deletions(-) create mode 100644 files/kcadm-wrapper.sh delete mode 100644 templates/kcadm-wrapper.sh.erb create mode 100644 templates/shell_vars.epp diff --git a/files/kcadm-wrapper.sh b/files/kcadm-wrapper.sh new file mode 100644 index 00000000..24c219f0 --- /dev/null +++ b/files/kcadm-wrapper.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# shellcheck source=/dev/null +. /opt/keycloak/conf/kcadm-wrapper.conf + +EXPIRES=$(/usr/bin/sed -n -r 's|.*"refreshExpiresAt" : ([0-9]*).*|\1|p' "$CONFIG" || echo "0") +NOW=$(/usr/bin/date +%s%3N) + +if [ ! -f "$CONFIG" ] || [ "$EXPIRES" -gt "$NOW" ]; then + ${KCADM} config credentials --config "$CONFIG" --server "$SERVER" --realm "$REALM" --user "$ADMIN_USER" --password "$PASSWORD" +fi + +${KCADM} "$@" --config "$CONFIG" diff --git a/manifests/config.pp b/manifests/config.pp index 4a3d66d1..32e697f5 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -9,18 +9,33 @@ } } - # Template uses: - # - $keycloak::install_base - # - $keycloak::admin_user - # - $keycloak::admin_user_password + $wrapper_conf = { + 'KCADM' => "${keycloak::install_base}/bin/kcadm.sh", + 'CONFIG' => "${keycloak::conf_dir}/kcadm.config", + 'SERVER' => $keycloak::wrapper_server, + 'REALM' => 'master', + 'ADMIN_USER' => $keycloak::admin_user, + 'PASSWORD' => $keycloak::admin_user_password, + } + file { 'kcadm-wrapper.conf': + ensure => 'file', + path => $keycloak::wrapper_conf, + owner => $keycloak::user, + group => $keycloak::group, + mode => '0640', + content => epp('keycloak/shell_vars.epp', { 'vars' => $wrapper_conf }), + show_diff => false, + } + file { 'kcadm-wrapper.sh': ensure => 'file', path => $keycloak::wrapper_path, owner => $keycloak::user, group => $keycloak::group, mode => '0750', - content => template('keycloak/kcadm-wrapper.sh.erb'), + source => 'puppet:///modules/keycloak/kcadm-wrapper.sh', show_diff => false, + require => File['kcadm-wrapper.conf'], } file { $keycloak::conf_dir: diff --git a/manifests/init.pp b/manifests/init.pp index 39be3920..beb3481e 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -240,7 +240,7 @@ Optional[Stdlib::Absolutepath] $service_environment_file = undef, Stdlib::Filemode $conf_dir_mode = '0755', Boolean $conf_dir_purge = true, - Array $conf_dir_purge_ignore = ['cache-ispn.xml', 'README.md', 'truststore.jks'], + Array $conf_dir_purge_ignore = ['cache-ispn.xml', 'README.md', 'truststore.jks', 'kcadm.config'], Keycloak::Configs $configs = {}, Hash[String, Variant[String[1],Boolean,Array]] $extra_configs = {}, Variant[Stdlib::Host, Stdlib::HTTPUrl, Stdlib::HTTPSUrl, Enum['unset','UNSET']] $hostname = $facts['networking']['fqdn'], @@ -330,6 +330,7 @@ $tmp_dir = "${install_base}/tmp" $providers_dir = "${install_base}/providers" $wrapper_path = "${keycloak::install_base}/bin/kcadm-wrapper.sh" + $wrapper_conf = "${conf_dir}/kcadm-wrapper.conf" $default_config = { 'hostname' => $hostname, diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index ede1c65e..1f1605e9 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -121,8 +121,9 @@ owner: 'keycloak', group: 'keycloak', mode: '0750', - content: %r{.*}, + source: 'puppet:///modules/keycloak/kcadm-wrapper.sh', show_diff: 'false', + require: 'File[kcadm-wrapper.conf]', ) end diff --git a/templates/kcadm-wrapper.sh.erb b/templates/kcadm-wrapper.sh.erb deleted file mode 100644 index c0809320..00000000 --- a/templates/kcadm-wrapper.sh.erb +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -KCADM="<%= scope['keycloak::install_base'] %>/bin/kcadm.sh" -CONFIG="/root/.keycloak/kcadm.config" -EXPIRES=$(/usr/bin/sed -n -r 's|.*"refreshExpiresAt" : ([0-9]*).*|\1|p' ~/.keycloak/kcadm.config) -NOW=$(/usr/bin/date +%s%3N) - -if [ ! -f "$CONFIG" ]; then - ${KCADM} config credentials --server '<%= scope['keycloak::wrapper_server'] %>' --realm master --user '<%= scope['keycloak::admin_user'] %>' --password '<%= scope['keycloak::admin_user_password'] %>' -elif [ "$EXPIRES" -gt "$NOW" ]; then - ${KCADM} config credentials --server '<%= scope['keycloak::wrapper_server'] %>' --realm master --user '<%= scope['keycloak::admin_user'] %>' --password '<%= scope['keycloak::admin_user_password'] %>' -fi - -${KCADM} "$@" --server '<%= scope['keycloak::wrapper_server'] %>' --realm master --user '<%= scope['keycloak::admin_user'] %>' --password '<%= scope['keycloak::admin_user_password'] %>' diff --git a/templates/shell_vars.epp b/templates/shell_vars.epp new file mode 100644 index 00000000..662c896a --- /dev/null +++ b/templates/shell_vars.epp @@ -0,0 +1,8 @@ +<%- | + Hash[String, String] $vars +| -%> +# This file is managed by Puppet, DO NOT EDIT + +<% $vars.each |$key, $value| { -%> +<%= $key %>='<%= $value %>' +<% } -%>