From 7141e1c9b2d53469ddfebb5cf24ef6a740bca64c Mon Sep 17 00:00:00 2001
From: Footur <3769085+Footur@users.noreply.github.com>
Date: Sun, 5 May 2024 12:08:14 +0200
Subject: [PATCH] Test: Installation of key material via Ansible role

---
 molecule/quarkus/converge.yml |  8 +++++---
 molecule/quarkus/prepare.yml  | 12 ++++--------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml
index 0480f9a..5971a93 100644
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@@ -9,11 +9,13 @@
     keycloak_quarkus_log: file
     keycloak_quarkus_log_level: debug
     keycloak_quarkus_https_key_file_enabled: true
-    keycloak_quarkus_key_file: "/opt/keycloak/certs/key.pem"
-    keycloak_quarkus_cert_file: "/opt/keycloak/certs/cert.pem"
+    keycloak_quarkus_key_file_copy_enabled: true
+    keycloak_quarkus_key_file_src: key.pem
+    keycloak_quarkus_cert_file_copy_enabled: true
+    keycloak_quarkus_cert_file_src: cert.pem
     keycloak_quarkus_log_target: /tmp/keycloak
     keycloak_quarkus_ks_vault_enabled: true
-    keycloak_quarkus_ks_vault_file: "/opt/keycloak/certs/keystore.p12"
+    keycloak_quarkus_ks_vault_file: "/opt/keycloak/vault/keystore.p12"
     keycloak_quarkus_ks_vault_pass: keystorepassword
     keycloak_quarkus_systemd_wait_for_port: true
     keycloak_quarkus_systemd_wait_for_timeout: 20
diff --git a/molecule/quarkus/prepare.yml b/molecule/quarkus/prepare.yml
index 1efdb15..459bafa 100644
--- a/molecule/quarkus/prepare.yml
+++ b/molecule/quarkus/prepare.yml
@@ -14,11 +14,11 @@
       delegate_to: localhost
       changed_when: False
 
-    - name: Create conf directory # risky-file-permissions in test user account does not exist yet
+    - name: Create vault directory
       become: true
       ansible.builtin.file:
         state: directory
-        path: "/opt/keycloak/certs/"
+        path: "/opt/keycloak/vault"
         mode: 0755
 
     - name: Make sure a jre is available (for keytool to prepare keystore)
@@ -39,10 +39,6 @@
     - name: Copy certificates and vault
       become: true
       ansible.builtin.copy:
-        src: "{{ item }}"
-        dest: "/opt/keycloak/certs/{{ item }}"
+        src: keystore.p12
+        dest: /opt/keycloak/vault/keystore.p12
         mode: 0444
-      loop:
-        - cert.pem
-        - key.pem
-        - keystore.p12