RHBK v26: Migrate to keycloak_quarkus_bootstrap_admin_user[_password] (Process for creation of admin account changed #248)

2025-07-30 16:41:30 -07:00 · 2024-12-09 15:47:06 +01:00 · 2024-12-09 15:47:06 +01:00 · 277e1336ee
commit 277e1336ee
parent 58233549a7
18 changed files with 132 additions and 35 deletions
--- a/roles/keycloak_quarkus/tasks/deprecations.yml
+++ b/roles/keycloak_quarkus/tasks/deprecations.yml
@ -49,5 +49,101 @@
  notify:
    - print deprecation warning

+# https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#new_hostname_options
+- name: Check deprecation of keycloak_quarkus_frontend_url -> keycloak_quarkus_hostname
+  when:
+    - keycloak_quarkus_hostname is not defined
+    - keycloak_quarkus_frontend_url is defined
+    - keycloak_quarkus_frontend_url != ''
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_hostname: "{{ keycloak_quarkus_frontend_url }}"
+    deprecated_variable: "keycloak_quarkus_frontend_url" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+# https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#new_hostname_options
+- name: Check deprecation of keycloak_quarkus_hostname_strict_https + keycloak_quarkus_host + keycloak_quarkus_port + keycloak_quarkus_path -> keycloak_quarkus_hostname
+  when:
+    - keycloak_quarkus_hostname is not defined
+    - keycloak_quarkus_hostname_strict_https is defined or keycloak_quarkus_frontend_url is defined or keycloak_quarkus_port is defined or keycloak_quarkus_path is defined
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_hostname: >-
+      {% set protocol = '' %}
+      {% if keycloak_quarkus_hostname_strict_https %}
+        {% set protocol = 'https://' %}
+      {% elif keycloak_quarkus_hostname_strict_https is defined and keycloak_quarkus_hostname_strict_https is False %}
+        {% set protocol = 'http://' %}
+      {% endif %}
+      {{ protocol }}{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_port }}/{{ keycloak_quarkus_path }}
+    deprecated_variable: "keycloak_quarkus_hostname_strict_https or keycloak_quarkus_frontend_url or keycloak_quarkus_frontend_url or keycloak_quarkus_hostname" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+# https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#new_hostname_options
+- name: Check deprecation of keycloak_quarkus_admin_url -> keycloak_quarkus_admin
+  when:
+    - keycloak_quarkus_admin is not defined
+    - keycloak_quarkus_admin_url is defined
+    - keycloak_quarkus_admin_url != ''
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_admin: "{{ keycloak_quarkus_admin_url }}"
+    deprecated_variable: "keycloak_quarkus_admin_url" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+# https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html-single/upgrading_guide/index#new_hostname_options
+- name: Check deprecation of keycloak_quarkus_hostname_strict_backchannel -> keycloak_quarkus_hostname_backchannel_dynamic
+  when:
+    - keycloak_quarkus_hostname_backchannel_dynamic is not defined
+    - keycloak_quarkus_hostname_strict_backchannel is defined
+    - keycloak_quarkus_hostname_strict_backchannel != ''
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_hostname_backchannel_dynamic: "{{ keycloak_quarkus_hostname_strict_backchannel == False }}"
+    deprecated_variable: "keycloak_quarkus_hostname_backchannel_dynamic" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+# https://github.com/keycloak/keycloak/issues/30009
+- name: Check deprecation of keycloak_quarkus_admin_user -> keycloak_quarkus_bootstrap_admin_user
+  when:
+    - keycloak_quarkus_bootstrap_admin_user is not defined
+    - keycloak_quarkus_admin_user is defined
+    - keycloak_quarkus_admin_user != ''
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_bootstrap_admin_user: "{{ keycloak_quarkus_admin_user }}"
+    deprecated_variable: "keycloak_quarkus_admin_user" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+# https://github.com/keycloak/keycloak/issues/30009
+- name: Check deprecation of keycloak_quarkus_admin_pass -> keycloak_quarkus_bootstrap_admin_password
+  when:
+    - keycloak_quarkus_bootstrap_admin_password is not defined
+    - keycloak_quarkus_admin_pass is defined
+    - keycloak_quarkus_admin_pass != ''
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    keycloak_quarkus_bootstrap_admin_user: "{{ keycloak_quarkus_admin_pass }}"
+    deprecated_variable: "keycloak_quarkus_admin_pass" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
 - name: Flush handlers
  ansible.builtin.meta: flush_handlers
--- a/roles/keycloak_quarkus/tasks/main.yml
+++ b/roles/keycloak_quarkus/tasks/main.yml
@ -91,7 +91,7 @@
  register: keycloak_service_status
  changed_when: false

- name: "Notify to remove `keycloak_quarkus_admin_user[_pass]` env vars"
+- name: "Notify to remove `keycloak_quarkus_bootstrap_admin_user[_password]` env vars"
  when:
    - not ansible_local.keycloak.general.bootstrapped | default(false) | bool # it was not bootstrapped prior to the current role's execution
    - keycloak_service_status.status.ActiveState == "active"                  # but it is now
--- a/roles/keycloak_quarkus/tasks/prereqs.yml
+++ b/roles/keycloak_quarkus/tasks/prereqs.yml
@ -2,9 +2,9 @@
 - name: Validate admin console password
  ansible.builtin.assert:
    that:
-      - keycloak_quarkus_admin_pass | length > 12
+      - keycloak_quarkus_bootstrap_admin_password | length > 12
    quiet: true
-    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_bootstrap_admin_password to a 12+ char long string"
    success_msg: "{{ 'Console administrator password OK' }}"

 - name: Validate relative path