Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OPSEXP-2304 Configure SSO in repository #673

Merged
merged 33 commits into from
Oct 2, 2023
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
a84e9c1
Configure SSO in repository
gionn Sep 22, 2023
d8cbc23
support latest rockylinux minor
gionn Sep 22, 2023
ffab672
fixup identity arguments
gionn Sep 22, 2023
fd77e92
fixup client vars
gionn Sep 22, 2023
cbf07e7
handle http port
gionn Sep 25, 2023
3ffc4f7
do not fail playbook if transformers is empty
gionn Sep 25, 2023
77a5c64
fixup properties injection
gionn Sep 25, 2023
4b208c6
configure nginx in front of keycloak
gionn Sep 25, 2023
be6df8e
hook realm in playbook
gionn Sep 26, 2023
4b6a0c8
use variable for port
gionn Sep 26, 2023
e9b48c8
identity url as role argument for repository
gionn Sep 26, 2023
1496470
Add identity integration test
gionn Sep 26, 2023
234a021
revert 8.8
gionn Sep 26, 2023
d658d05
fixup
gionn Sep 26, 2023
24ca8a8
add verify for identity
gionn Sep 26, 2023
65d1b7e
known urls as identity argument
gionn Sep 26, 2023
e58c9a7
really run identity in the enterprise workflow
gionn Sep 26, 2023
d4bff87
default prepare playbook is a requirement
gionn Sep 26, 2023
be207d8
more tests
gionn Sep 26, 2023
7498df0
pipeline for ent search int
gionn Sep 27, 2023
17cac5c
fixup conditional
gionn Sep 27, 2023
d9d0535
cleanup
gionn Sep 27, 2023
95027c0
fallback to empty identity url
gionn Sep 27, 2023
35bbeb0
cleanup molecule ports
gionn Sep 28, 2023
803b563
fixup string default
gionn Sep 28, 2023
e5b0927
fixup secrets
gionn Sep 29, 2023
5900fd9
support remaining arguments for identity role
gionn Oct 2, 2023
7e0c4c8
workaround keycloak redirecting to http
gionn Oct 2, 2023
8126210
configure keycloak host
gionn Oct 2, 2023
19ddce6
simplify because other variables are not available under identity group
gionn Oct 2, 2023
f90c337
revert localhost on identity because seems not good
gionn Oct 2, 2023
4d29f52
revert workaround
gionn Oct 2, 2023
c84317a
apply review suggestions
gionn Oct 2, 2023
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add verify for identity
  • Loading branch information
gionn committed Sep 29, 2023
commit 24ca8a876829093c4632aa264269aefdc40fb80d
3 changes: 0 additions & 3 deletions molecule/identity/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,5 @@ provisioner:
links:
group_vars: ../../group_vars
host_vars: host_vars
playbooks:
prepare: ../default/prepare.yml
verify: ../default/verify.yml
verifier:
name: ansible
34 changes: 34 additions & 0 deletions molecule/identity/verify.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
- name: Verify Identity
hosts: identity
gather_facts: true
tasks:
- name: Populate services facts
ansible.builtin.service_facts:

- name: Check services up
ansible.builtin.assert:
that:
- ansible_facts.services['alfresco-content.service'].state == "running"
- ansible_facts.services['keycloak.service'].state == "running"

- name: Retrieve contents of alfresco-global.properties
become: true
ansible.builtin.slurp:
src: /etc/opt/alfresco/content-services/classpath/alfresco-global.properties
register: slurp_global_properties

- name: Check reindex service contains the expected ExecStart line
gionn marked this conversation as resolved.
Show resolved Hide resolved
vars:
global_properties_content: "{{ slurp_global_properties['content'] | b64decode }}"
expected_auth_chain: "authentication.chain=identity-service1:identity-service,alfrescoNtlm1:alfrescoNtlm"
expected_service_resource: "identity-service.resource=alfresco"
expected_service_credentials: "identity-service.credentials.secret="
expected_auth_url: "identity-service.auth-server-url=http://172.17.0.2:8082/"
gionn marked this conversation as resolved.
Show resolved Hide resolved
ansible.builtin.assert:
that:
- "expected_auth_chain in global_properties_content"
- "expected_service_resource in global_properties_content"
- "expected_service_credentials in global_properties_content"
- "expected_auth_url in global_properties_content"
msg: "{{ global_properties_content }}"