--- - name: Verify authentik role hosts: localhost gather_facts: false vars: authentik_data_dir: /tmp/sovereign_test/authentik tasks: - name: Check authentik data directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik register: data_dir_stat - name: Assert authentik data directory is present ansible.builtin.assert: that: data_dir_stat.stat.isdir fail_msg: "Data directory /tmp/sovereign_test/authentik was not created" - name: Check authentik media directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/media register: media_dir_stat - name: Assert authentik media directory is present ansible.builtin.assert: that: media_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/media was not created" - name: Check authentik media/branding directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/media/branding register: branding_dir_stat - name: Assert authentik media/branding directory is present ansible.builtin.assert: that: branding_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/media/branding was not created" - name: Check authentik custom-templates directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/custom-templates register: custom_templates_dir_stat - name: Assert authentik custom-templates directory is present ansible.builtin.assert: that: custom_templates_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/custom-templates was not created" - name: Check authentik blueprints directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/blueprints register: blueprints_dir_stat - name: Assert authentik blueprints directory is present ansible.builtin.assert: that: blueprints_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/blueprints was not created" - name: Check authentik certs directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/certs register: certs_dir_stat - name: Assert authentik certs directory is present ansible.builtin.assert: that: certs_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/certs was not created" - name: Check authentik postgres directory exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/postgres register: postgres_dir_stat - name: Assert authentik postgres directory is present ansible.builtin.assert: that: postgres_dir_stat.stat.isdir fail_msg: "Directory /tmp/sovereign_test/authentik/postgres was not created" - name: Check sovereign-branding.yaml blueprint exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml register: blueprint_stat - name: Assert sovereign-branding.yaml is present ansible.builtin.assert: that: blueprint_stat.stat.exists fail_msg: "Blueprint /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml was not created" - name: Read sovereign-branding.yaml ansible.builtin.slurp: src: /tmp/sovereign_test/authentik/blueprints/sovereign-branding.yaml register: blueprint_raw - name: Set blueprint content fact ansible.builtin.set_fact: blueprint: "{{ blueprint_raw.content | b64decode }}" - name: Assert branding_title in blueprint ansible.builtin.assert: that: "'branding_title: \"Test Corp\"' in blueprint" fail_msg: "Expected branding_title 'Test Corp' not found in sovereign-branding.yaml" - name: Assert primary color in blueprint ansible.builtin.assert: that: "'--ak-accent: #2563eb' in blueprint" fail_msg: "Expected '--ak-accent: #2563eb' not found in sovereign-branding.yaml" - name: Assert logo path is NOT in blueprint (tenant_logo_local_path is empty) ansible.builtin.assert: that: "'/media/branding/logo.png' not in blueprint" fail_msg: "Logo path /media/branding/logo.png should not appear in blueprint when tenant_logo_local_path is empty" - name: Check docker-compose.yml exists ansible.builtin.stat: path: /tmp/sovereign_test/authentik/docker-compose.yml register: compose_stat - name: Assert docker-compose.yml was rendered ansible.builtin.assert: that: compose_stat.stat.exists fail_msg: "docker-compose.yml was not rendered for authentik" - name: Read docker-compose.yml ansible.builtin.slurp: src: /tmp/sovereign_test/authentik/docker-compose.yml register: compose_raw - name: Set compose content fact ansible.builtin.set_fact: compose: "{{ compose_raw.content | b64decode }}" - name: Assert authentik server image reference in compose ansible.builtin.assert: that: "'ghcr.io/goauthentik/server:2024.10.5' in compose" fail_msg: "Expected image 'ghcr.io/goauthentik/server:2024.10.5' not found in docker-compose.yml" - name: Assert authentik host rule in compose ansible.builtin.assert: that: "'Host(`auth.test.example.com`)' in compose" fail_msg: "Expected Host rule for auth.test.example.com not found in docker-compose.yml" - name: Assert GELF logging address in compose ansible.builtin.assert: that: "'udp://127.0.0.1:12201' in compose" fail_msg: "Expected GELF address udp://127.0.0.1:12201 not found in docker-compose.yml" - name: Assert sovereign network is external in compose ansible.builtin.assert: that: "'external: true' in compose" fail_msg: "Expected 'external: true' not found in docker-compose.yml" - name: Assert authentik db password in compose ansible.builtin.assert: that: "'test_authentik_db' in compose" fail_msg: "Expected authentik_db_password 'test_authentik_db' not found in docker-compose.yml" - name: Assert authentik secret key in compose ansible.builtin.assert: that: "'test-secret-key-exactly-50-chars-padded-here12345' in compose" fail_msg: "Expected authentik_secret_key not found in docker-compose.yml"