From ca28dae24e39d9818dc911d5e94eb4c1569cc3e9 Mon Sep 17 00:00:00 2001 From: Max Blome Date: Mon, 14 Jul 2025 18:51:32 +0200 Subject: [PATCH 1/6] Add brute_force_strategy --- plugins/modules/keycloak_realm.py | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index c2d4dceb21..29496b7c73 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -141,6 +141,13 @@ options: aliases: - bruteForceProtected type: bool + brute_force_strategy: + description: + - The realm brute force strategy. + aliases: + - bruteForceStrategy + choices: ['LINEAR', 'MULTIPLE'] + type: str client_authentication_flow: description: - The realm client authentication flow. @@ -638,6 +645,7 @@ def main(): browser_flow=dict(type='str', aliases=['browserFlow']), browser_security_headers=dict(type='dict', aliases=['browserSecurityHeaders']), brute_force_protected=dict(type='bool', aliases=['bruteForceProtected']), + brute_force_strategy=dict(type='str', choices=['LINEAR', 'MULTIPLE'], aliases=['bruteForceStrategy']), client_authentication_flow=dict(type='str', aliases=['clientAuthenticationFlow']), client_scope_mappings=dict(type='dict', aliases=['clientScopeMappings']), default_default_client_scopes=dict(type='list', elements='str', aliases=['defaultDefaultClientScopes']), From a91f4cf8ee4f57234a839f8c3ba6b81c0bad3031 Mon Sep 17 00:00:00 2001 From: Max Blome Date: Mon, 14 Jul 2025 18:55:37 +0200 Subject: [PATCH 2/6] Add max_temporary_lockouts --- plugins/modules/keycloak_realm.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index 29496b7c73..a3332bd010 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -309,6 +309,12 @@ options: aliases: - maxFailureWaitSeconds type: int + max_temporary_lockouts: + description: + - The realm max temporary lockouts. + aliases: + - maxTemporaryLockouts + type: int minimum_quick_login_wait_seconds: description: - The realm minimum quick login wait in seconds. @@ -672,6 +678,7 @@ def main(): login_with_email_allowed=dict(type='bool', aliases=['loginWithEmailAllowed']), max_delta_time_seconds=dict(type='int', aliases=['maxDeltaTimeSeconds']), max_failure_wait_seconds=dict(type='int', aliases=['maxFailureWaitSeconds']), + max_temporary_lockouts=dict(type='int', aliases=['maxTemporaryLockouts']), minimum_quick_login_wait_seconds=dict(type='int', aliases=['minimumQuickLoginWaitSeconds']), not_before=dict(type='int', aliases=['notBefore']), offline_session_idle_timeout=dict(type='int', aliases=['offlineSessionIdleTimeout']), From b6715c84df0a6bc442f844bafe07c7b3ed7c8a04 Mon Sep 17 00:00:00 2001 From: Max Blome Date: Mon, 14 Jul 2025 19:12:58 +0200 Subject: [PATCH 3/6] Add changelog --- .../fragments/10415-keycloak-realm-brute-force-attributes.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml diff --git a/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml b/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml new file mode 100644 index 0000000000..29b3e280a9 --- /dev/null +++ b/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml @@ -0,0 +1,2 @@ +minor_changes: + - keycloak_realm - add support for ``brute_force_strategy`` and ``max_temporary_lockouts`` (https://github.com/ansible-collections/community.general/pull/10415). From 789daa94c7972fb8c5b55966f0348fe0ef214689 Mon Sep 17 00:00:00 2001 From: maxblome <53860633+maxblome@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:41:20 +0200 Subject: [PATCH 4/6] Update changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml Co-authored-by: Felix Fontein --- .../fragments/10415-keycloak-realm-brute-force-attributes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml b/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml index 29b3e280a9..22433b584e 100644 --- a/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml +++ b/changelogs/fragments/10415-keycloak-realm-brute-force-attributes.yml @@ -1,2 +1,2 @@ minor_changes: - - keycloak_realm - add support for ``brute_force_strategy`` and ``max_temporary_lockouts`` (https://github.com/ansible-collections/community.general/pull/10415). + - keycloak_realm - add support for ``brute_force_strategy`` and ``max_temporary_lockouts`` (https://github.com/ansible-collections/community.general/issues/10412, https://github.com/ansible-collections/community.general/pull/10415). From 090567eb061ec66229bfbfab354b5a04adbde9f2 Mon Sep 17 00:00:00 2001 From: maxblome <53860633+maxblome@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:42:39 +0200 Subject: [PATCH 5/6] Update plugins/modules/keycloak_realm.py Co-authored-by: Felix Fontein --- plugins/modules/keycloak_realm.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index a3332bd010..bcf8849eba 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -148,6 +148,7 @@ options: - bruteForceStrategy choices: ['LINEAR', 'MULTIPLE'] type: str + version_added: 11.2.0 client_authentication_flow: description: - The realm client authentication flow. From 3d57b9cecb233a666455f39b8d10618e60287a42 Mon Sep 17 00:00:00 2001 From: maxblome <53860633+maxblome@users.noreply.github.com> Date: Tue, 15 Jul 2025 16:42:53 +0200 Subject: [PATCH 6/6] Update plugins/modules/keycloak_realm.py Co-authored-by: Felix Fontein --- plugins/modules/keycloak_realm.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index bcf8849eba..b1a14ba0cd 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -316,6 +316,7 @@ options: aliases: - maxTemporaryLockouts type: int + version_added: 11.2.0 minimum_quick_login_wait_seconds: description: - The realm minimum quick login wait in seconds.