Adding molecule unit tests

roles/authentik/molecule/default/converge.yml

@@ -0,0 +1,8 @@
+---
+- name: Converge
+  hosts: localhost
+  gather_facts: false
+  vars_files:
+    - ../../../molecule/shared/vars.yml
+  roles:
+    - role: authentik

roles/authentik/molecule/default/molecule.yml

@@ -0,0 +1,23 @@
+---
+dependency:
+  name: galaxy
+  options:
+    requirements-file: requirements.yml
+driver:
+  name: delegated
+  options:
+    managed: false
+    ansible_connection_options:
+      ansible_connection: local
+platforms:
+  - name: localhost
+    groups:
+      - sovereign
+provisioner:
+  name: ansible
+  inventory:
+    host_vars:
+      localhost:
+        ansible_connection: local
+verifier:
+  name: ansible

roles/authentik/molecule/default/verify.yml

@@ -0,0 +1,160 @@
+---
+- name: Verify authentik role
+  hosts: localhost
+  gather_facts: false
+  vars:
+    authentik_data_dir: /tmp/sovereign_test/authentik
+
+  tasks:
+    - name: Check authentik data directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik
+      register: data_dir_stat
+
+    - name: Assert authentik data directory is present
+      ansible.builtin.assert:
+        that: data_dir_stat.stat.isdir
+        fail_msg: "Data directory /tmp/sovereign_test/authentik was not created"
+
+    - name: Check authentik media directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/media
+      register: media_dir_stat
+
+    - name: Assert authentik media directory is present
+      ansible.builtin.assert:
+        that: media_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/media was not created"
+
+    - name: Check authentik media/branding directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/media/branding
+      register: branding_dir_stat
+
+    - name: Assert authentik media/branding directory is present
+      ansible.builtin.assert:
+        that: branding_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/media/branding was not created"
+
+    - name: Check authentik custom-templates directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/custom-templates
+      register: custom_templates_dir_stat
+
+    - name: Assert authentik custom-templates directory is present
+      ansible.builtin.assert:
+        that: custom_templates_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/custom-templates was not created"
+
+    - name: Check authentik blueprints directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/blueprints
+      register: blueprints_dir_stat
+
+    - name: Assert authentik blueprints directory is present
+      ansible.builtin.assert:
+        that: blueprints_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/blueprints was not created"
+
+    - name: Check authentik certs directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/certs
+      register: certs_dir_stat
+
+    - name: Assert authentik certs directory is present
+      ansible.builtin.assert:
+        that: certs_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/certs was not created"
+
+    - name: Check authentik postgres directory exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/postgres
+      register: postgres_dir_stat
+
+    - name: Assert authentik postgres directory is present
+      ansible.builtin.assert:
+        that: postgres_dir_stat.stat.isdir
+        fail_msg: "Directory /tmp/sovereign_test/authentik/postgres was not created"
+
+    - name: Check sovereign-branding.yaml blueprint exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml
+      register: blueprint_stat
+
+    - name: Assert sovereign-branding.yaml is present
+      ansible.builtin.assert:
+        that: blueprint_stat.stat.exists
+        fail_msg: "Blueprint /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml was not created"
+
+    - name: Read sovereign-branding.yaml
+      ansible.builtin.slurp:
+        src: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml
+      register: blueprint_raw
+
+    - name: Set blueprint content fact
+      ansible.builtin.set_fact:
+        blueprint: "{{ blueprint_raw.content | b64decode }}"
+
+    - name: Assert branding_title in blueprint
+      ansible.builtin.assert:
+        that: "'branding_title: \"Test Corp\"' in blueprint"
+        fail_msg: "Expected branding_title 'Test Corp' not found in sovereign-branding.yaml"
+
+    - name: Assert primary color in blueprint
+      ansible.builtin.assert:
+        that: "'--ak-accent: #2563eb' in blueprint"
+        fail_msg: "Expected '--ak-accent: #2563eb' not found in sovereign-branding.yaml"
+
+    - name: Assert logo path is NOT in blueprint (tenant_logo_local_path is empty)
+      ansible.builtin.assert:
+        that: "'/media/branding/logo.png' not in blueprint"
+        fail_msg: "Logo path /media/branding/logo.png should not appear in blueprint when tenant_logo_local_path is empty"
+
+    - name: Check docker-compose.yml exists
+      ansible.builtin.stat:
+        path: /tmp/sovereign_test/authentik/docker-compose.yml
+      register: compose_stat
+
+    - name: Assert docker-compose.yml was rendered
+      ansible.builtin.assert:
+        that: compose_stat.stat.exists
+        fail_msg: "docker-compose.yml was not rendered for authentik"
+
+    - name: Read docker-compose.yml
+      ansible.builtin.slurp:
+        src: /tmp/sovereign_test/authentik/docker-compose.yml
+      register: compose_raw
+
+    - name: Set compose content fact
+      ansible.builtin.set_fact:
+        compose: "{{ compose_raw.content | b64decode }}"
+
+    - name: Assert authentik server image reference in compose
+      ansible.builtin.assert:
+        that: "'ghcr.io/goauthentik/server:2024.10.5' in compose"
+        fail_msg: "Expected image 'ghcr.io/goauthentik/server:2024.10.5' not found in docker-compose.yml"
+
+    - name: Assert authentik host rule in compose
+      ansible.builtin.assert:
+        that: "'Host(`auth.test.example.com`)' in compose"
+        fail_msg: "Expected Host rule for auth.test.example.com not found in docker-compose.yml"
+
+    - name: Assert GELF logging address in compose
+      ansible.builtin.assert:
+        that: "'udp://127.0.0.1:12201' in compose"
+        fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml"
+
+    - name: Assert sovereign network is external in compose
+      ansible.builtin.assert:
+        that: "'external: true' in compose"
+        fail_msg: "Expected 'external: true' not found in docker-compose.yml"
+
+    - name: Assert authentik db password in compose
+      ansible.builtin.assert:
+        that: "'test_authentik_db' in compose"
+        fail_msg: "Expected authentik_db_password 'test_authentik_db' not found in docker-compose.yml"
+
+    - name: Assert authentik secret key in compose
+      ansible.builtin.assert:
+        that: "'test-secret-key-exactly-50-chars-padded-here12345' in compose"
+        fail_msg: "Expected authentik_secret_key not found in docker-compose.yml"