Move to using kcadm-wrapper config file so that script is just a scri…

…pt and not a template
treydock · Nov 17, 2024 · d56cacd · d56cacd
1 parent 2cd3e8c
commit d56cacd
Show file tree

Hide file tree

Showing 5 changed files with 38 additions and 20 deletions.
diff --git a/files/kcadm-wrapper.sh b/files/kcadm-wrapper.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# shellcheck source=/dev/null
+. /etc/sysconfig/kcadm-wrapper
+
+EXPIRES=$(/usr/bin/sed  -n -r 's|.*"refreshExpiresAt" : ([0-9]*).*|\1|p' "$CONFIG" || echo "0")
+NOW=$(/usr/bin/date +%s%3N)
+
+if [ ! -f "$CONFIG" ] || [ "$EXPIRES" -gt "$NOW" ]; then
+    ${KCADM} config credentials --config "$CONFIG" --server "$SERVER" --realm "$REALM" --user "$ADMIN_USER" --password "$PASSWORD"
+fi
+
+${KCADM} "$@" --config "$CONFIG"
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -9,17 +9,29 @@
     }
   }
 
-  # Template uses:
-  # - $keycloak::install_base
-  # - $keycloak::admin_user
-  # - $keycloak::admin_user_password
+  $wrapper_conf = {
+    'KCADM'      => "${keycloak::install_base}/bin/kcadm.sh",
+    'CONFIG'     => "${keycloak::conf_dir}/kcadm.config",
+    'SERVER'     => $keycloak::wrapper_server,
+    'REALM'      => 'master',
+    'ADMIN_USER' => $keycloak::admin_user,
+    'PASSWORD'   => $keycloak::admin_user_password,
+  }
+  file { '/etc/sysconfig/kcadm-wrapper':
+    ensure  => 'file',
+    owner   => $keycloak::user,
+    group   => $keycloak::group,
+    mode    => '0640',
+    content => epp('keycloak/shell_vars.epp', { 'vars' => $wrapper_conf }),
+  }
+
   file { 'kcadm-wrapper.sh':
     ensure    => 'file',
     path      => $keycloak::wrapper_path,
     owner     => $keycloak::user,
     group     => $keycloak::group,
     mode      => '0750',
-    content   => template('keycloak/kcadm-wrapper.sh.erb'),
+    source    => 'puppet:///modules/keycloak/kcadm-wrapper.sh',
     show_diff => false,
   }
 

diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb
@@ -121,7 +121,6 @@
             owner: 'keycloak',
             group: 'keycloak',
             mode: '0750',
-            content: %r{.*},
             show_diff: 'false',
           )
         end

diff --git a/templates/kcadm-wrapper.sh.erb b/templates/kcadm-wrapper.sh.erb
diff --git a/templates/shell_vars.epp b/templates/shell_vars.epp
@@ -0,0 +1,8 @@
+<%- |
+  Hash[String, String] $vars
+| -%>
+# This file is managed by Puppet, DO NOT EDIT
+
+<% $vars.each |$key, $value| { -%>
+<%= $key %>='<%= $value %>'
+<% } -%>