Merge pull request #115 from gionn/114-add-more-configs

Add support for more http-related configs

.github/workflows/ci.yml

@@ -15,4 +15,4 @@ jobs:
     with:
       fqcn: 'middleware_automation/keycloak'
       molecule_tests: >-
-          [ "default", "quarkus", "overridexml", "quarkus-devmode" ]
+          [ "default", "quarkus", "overridexml", "quarkus-devmode", "https_revproxy" ]

molecule/quarkus-devmode/converge.yml

@@ -5,7 +5,6 @@
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm
-    keycloak_quarkus_http_relative_path: ''
     keycloak_quarkus_log: file
     keycloak_quarkus_frontend_url: 'http://localhost:8080/'
     keycloak_quarkus_start_dev: True

molecule/quarkus/converge.yml

@@ -6,7 +6,6 @@
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm
     keycloak_quarkus_host: instance
-    keycloak_quarkus_http_relative_path: ''
     keycloak_quarkus_log: file
     keycloak_quarkus_https_enabled: True
     keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/key.pem"

roles/keycloak_quarkus/README.md

@@ -24,6 +24,7 @@ Role Defaults
 |`keycloak_quarkus_bind_address`| Address for binding service ports | `0.0.0.0` |
 |`keycloak_quarkus_host`| Hostname for the Keycloak server | `localhost` |
 |`keycloak_quarkus_port`| The port used by the proxy when exposing the hostname | `-1` |
+|`keycloak_quarkus_path`| This should be set if proxy uses a different context-path for Keycloak | |
 |`keycloak_quarkus_http_port`| HTTP listening port | `8080` |
 |`keycloak_quarkus_https_port`| TLS HTTP listening port | `8443` |
 |`keycloak_quarkus_ajp_port`| AJP port | `8009` |
@@ -34,8 +35,9 @@ Role Defaults
 |`keycloak_quarkus_jvm_package`| RHEL java package runtime | `java-17-openjdk-headless` |
 |`keycloak_quarkus_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path | `None` |
 |`keycloak_quarkus_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
-|`keycloak_quarkus_frontend_url`| Service public URL | `http://localhost:8080/auth` |
+|`keycloak_quarkus_frontend_url`| Set the base URL for frontend URLs, including scheme, host, port and path | |
-|`keycloak_quarkus_http_relative_path` | Service context path | `auth` |
+|`keycloak_quarkus_admin_url`| Set the base URL for accessing the administration console, including scheme, host, port and path | |
+|`keycloak_quarkus_http_relative_path` | Set the path relative to / for serving resources. The path must start with a / | `/` |
 |`keycloak_quarkus_http_enabled`| Enable listener on HTTP port | `True` |
 |`keycloak_quarkus_https_enabled`| Enable listener on HTTPS port | `False` |
 |`keycloak_quarkus_key_file`| The file path to a private key in PEM format | `{{ keycloak.home }}/conf/server.key.pem` |

roles/keycloak_quarkus/defaults/main.yml

@@ -22,13 +22,14 @@ keycloak_quarkus_configure_firewalld: False
 
 ### administrator console password
 keycloak_quarkus_admin_user: admin
-keycloak_quarkus_admin_pass: ''
+keycloak_quarkus_admin_pass:
 keycloak_quarkus_master_realm: master
 
 ### Configuration settings
 keycloak_quarkus_bind_address: 0.0.0.0
 keycloak_quarkus_host: localhost
 keycloak_quarkus_port: -1
+keycloak_quarkus_path:
 keycloak_quarkus_http_enabled: True
 keycloak_quarkus_http_port: 8080
 keycloak_quarkus_https_port: 8443
@@ -47,8 +48,12 @@ keycloak_quarkus_ha_enabled: False
 keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}"
 
 ### keycloak frontend url
-keycloak_quarkus_http_relative_path: auth
+keycloak_quarkus_frontend_url:
-keycloak_quarkus_frontend_url: http://localhost:8080/auth
+keycloak_quarkus_admin_url:
+
+### Set the path relative to / for serving resources. The path must start with a /
+### (set to `/auth` for retrocompatibility with pre-quarkus releases)
+keycloak_quarkus_http_relative_path: /
 
 # proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
 keycloak_quarkus_proxy_mode: edge

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -70,13 +70,11 @@ argument_specs:
                 description: "Ensure firewalld is running and configure keycloak ports"
                 type: "bool"
             keycloak_quarkus_admin_user:
-                # line 22 of defaults/main.yml
                 default: "admin"
                 description: "Administration console user account"
                 type: "str"
             keycloak_quarkus_admin_pass:
-                # line 23 of defaults/main.yml
+                required: true
-                default: ""
                 description: "Password of console admin account"
                 type: "str"
             keycloak_quarkus_master_realm:
@@ -97,10 +95,14 @@ argument_specs:
                 default: -1
                 description: "The port used by the proxy when exposing the hostname"
                 type: "int"
+            keycloak_quarkus_path:
+                required: false
+                description: "This should be set if proxy uses a different context-path for Keycloak"
+                type: "str"
             keycloak_quarkus_http_enabled:
                 default: true
                 description: "Enable listener on HTTP port"
-                type: "bool"                
+                type: "bool"
             keycloak_quarkus_http_port:
                 # line 29 of defaults/main.yml
                 default: 8080
@@ -149,15 +151,18 @@ argument_specs:
                 description: "Enable auto configuration for database backend"
                 type: "str"
             keycloak_quarkus_http_relative_path:
-                # line 41 of defaults/main.yml
+                required: false
-                default: "auth"
+                default: /
-                description: "Service context path"
+                description: "Set the path relative to / for serving resources. The path must start with a /"
                 type: "str"
             keycloak_quarkus_frontend_url:
-                # line 41 of defaults/main.yml
+                required: false
-                default: "http://localhost:8080/auth"
                 description: "Service public URL"
                 type: "str"
+            keycloak_quarkus_admin_url:
+                required: false
+                description: "Service URL for the admin console"
+                type: "str"
             keycloak_quarkus_metrics_enabled:
                 # line 43 of defaults/main.yml
                 default: false

roles/keycloak_quarkus/templates/keycloak.conf.j2

@@ -15,6 +15,7 @@ health-enabled={{ keycloak_quarkus_health_enabled }}
 # HTTP
 http-enabled={{ keycloak_quarkus_http_enabled }}
 http-port={{ keycloak_quarkus_http_port }}
+http-relative-path={{ keycloak_quarkus_http_relative_path }}
 
 # HTTPS
 https-port={{ keycloak_quarkus_https_port }}
@@ -23,10 +24,15 @@ https-certificate-file={{ keycloak_quarkus_cert_file}}
 https-certificate-key-file={{ keycloak_quarkus_key_file }}
 {% endif %}
 
-# Hostname for the Keycloak server.
+# Client URL configuration
+{% if keycloak_quarkus_frontend_url %}
+hostname-url={{ keycloak_quarkus_frontend_url }}
+{% else %}
 hostname={{ keycloak_quarkus_host }}
 hostname-port={{ keycloak_quarkus_port }}
-hostname-path={{ keycloak_quarkus_http_relative_path }}
+hostname-path={{ keycloak_quarkus_path }}
+{% endif %}
+hostname-admin-url={{ keycloak_quarkus_admin_url }}
 
 # Cluster
 {% if keycloak_quarkus_ha_enabled %}

roles/keycloak_quarkus/vars/main.yml

@@ -4,7 +4,7 @@ keycloak:
   config_dir: "{{ keycloak_quarkus_config_dir }}"
   bundle: "{{ keycloak_quarkus_archive }}"
   service_name: "keycloak"
-  health_url: "http://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_http_port }}/realms/master/.well-known/openid-configuration"
+  health_url: "http://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_http_port }}{{ keycloak_quarkus_http_relative_path }}{{ '/' if keycloak_quarkus_http_relative_path | length > 1 else '' }}realms/master/.well-known/openid-configuration"
   cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh"
   service_user: "{{ keycloak_quarkus_service_user }}"
   service_group: "{{ keycloak_quarkus_service_group }}"