From 316cde47596484300eaedfa09ad48b9af0f5ba3a Mon Sep 17 00:00:00 2001
From: Giovanni Toraldo <giovanni.toraldo@hyland.com>
Date: Mon, 9 Oct 2023 09:59:51 +0200
Subject: [PATCH] Add support for more http-related configs

* keycloak_quarkus_http_relative_path var now populate http-relative-path config [breaking change]
* http-relative-path defaults to / [breaking change]
* enable configuration of hostname-url and hostname-admin-url
---
 molecule/quarkus-devmode/converge.yml             |  1 -
 molecule/quarkus/converge.yml                     |  1 -
 roles/keycloak_quarkus/README.md                  |  6 ++++--
 roles/keycloak_quarkus/defaults/main.yml          |  8 ++++++--
 roles/keycloak_quarkus/meta/argument_specs.yml    | 12 +++++++++---
 roles/keycloak_quarkus/templates/keycloak.conf.j2 | 10 ++++++++--
 6 files changed, 27 insertions(+), 11 deletions(-)

diff --git a/molecule/quarkus-devmode/converge.yml b/molecule/quarkus-devmode/converge.yml
index b484120..6cbe7d8 100644
--- a/molecule/quarkus-devmode/converge.yml
+++ b/molecule/quarkus-devmode/converge.yml
@@ -5,7 +5,6 @@
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm
-    keycloak_quarkus_http_relative_path: ''
     keycloak_quarkus_log: file
     keycloak_quarkus_frontend_url: 'http://localhost:8080/'
     keycloak_quarkus_start_dev: True
diff --git a/molecule/quarkus/converge.yml b/molecule/quarkus/converge.yml
index cb35230..43e2215 100644
--- a/molecule/quarkus/converge.yml
+++ b/molecule/quarkus/converge.yml
@@ -6,7 +6,6 @@
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm
     keycloak_quarkus_host: instance
-    keycloak_quarkus_http_relative_path: ''
     keycloak_quarkus_log: file
     keycloak_quarkus_https_enabled: True
     keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/key.pem"
diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md
index 1a50a00..7108780 100644
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@@ -24,6 +24,7 @@ Role Defaults
 |`keycloak_quarkus_bind_address`| Address for binding service ports | `0.0.0.0` |
 |`keycloak_quarkus_host`| Hostname for the Keycloak server | `localhost` |
 |`keycloak_quarkus_port`| The port used by the proxy when exposing the hostname | `-1` |
+|`keycloak_quarkus_path`| This should be set if proxy uses a different context-path for Keycloak | |
 |`keycloak_quarkus_http_port`| HTTP listening port | `8080` |
 |`keycloak_quarkus_https_port`| TLS HTTP listening port | `8443` |
 |`keycloak_quarkus_ajp_port`| AJP port | `8009` |
@@ -34,8 +35,9 @@ Role Defaults
 |`keycloak_quarkus_jvm_package`| RHEL java package runtime | `java-17-openjdk-headless` |
 |`keycloak_quarkus_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_quarkus_jvm_package RPM path | `None` |
 |`keycloak_quarkus_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
-|`keycloak_quarkus_frontend_url`| Service public URL | `http://localhost:8080/auth` |
-|`keycloak_quarkus_http_relative_path` | Service context path | `auth` |
+|`keycloak_quarkus_frontend_url`| Set the base URL for frontend URLs, including scheme, host, port and path | |
+|`keycloak_quarkus_admin_url`| Set the base URL for accessing the administration console, including scheme, host, port and path | |
+|`keycloak_quarkus_http_relative_path` | Service context path | |
 |`keycloak_quarkus_http_enabled`| Enable listener on HTTP port | `True` |
 |`keycloak_quarkus_https_enabled`| Enable listener on HTTPS port | `False` |
 |`keycloak_quarkus_key_file`| The file path to a private key in PEM format | `{{ keycloak.home }}/conf/server.key.pem` |
diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml
index d769a85..62cd05e 100644
--- a/roles/keycloak_quarkus/defaults/main.yml
+++ b/roles/keycloak_quarkus/defaults/main.yml
@@ -29,6 +29,7 @@ keycloak_quarkus_master_realm: master
 keycloak_quarkus_bind_address: 0.0.0.0
 keycloak_quarkus_host: localhost
 keycloak_quarkus_port: -1
+keycloak_quarkus_path: ''
 keycloak_quarkus_http_enabled: True
 keycloak_quarkus_http_port: 8080
 keycloak_quarkus_https_port: 8443
@@ -47,8 +48,11 @@ keycloak_quarkus_ha_enabled: False
 keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}"
 
 ### keycloak frontend url
-keycloak_quarkus_http_relative_path: auth
-keycloak_quarkus_frontend_url: http://localhost:8080/auth
+keycloak_quarkus_frontend_url: ''
+keycloak_quarkus_admin_url: ''
+
+### path under the application is exposed (set to `auth` for retrocompatibility with pre-quarkus releases)
+keycloak_quarkus_http_relative_path: ''
 
 # proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
 keycloak_quarkus_proxy_mode: edge
diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
index 32e550b..2dd32bb 100644
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -97,6 +97,10 @@ argument_specs:
                 default: -1
                 description: "The port used by the proxy when exposing the hostname"
                 type: "int"
+            keycloak_quarkus_path:
+                default: ""
+                description: "This should be set if proxy uses a different context-path for Keycloak"
+                type: "str"
             keycloak_quarkus_http_enabled:
                 default: true
                 description: "Enable listener on HTTP port"
@@ -149,14 +153,16 @@ argument_specs:
                 description: "Enable auto configuration for database backend"
                 type: "str"
             keycloak_quarkus_http_relative_path:
-                # line 41 of defaults/main.yml
                 default: "auth"
                 description: "Service context path"
                 type: "str"
             keycloak_quarkus_frontend_url:
-                # line 41 of defaults/main.yml
-                default: "http://localhost:8080/auth"
                 description: "Service public URL"
+                default: ""
+                type: "str"
+            keycloak_quarkus_admin_url:
+                description: "Service URL for the admin console"
+                default: ""
                 type: "str"
             keycloak_quarkus_metrics_enabled:
                 # line 43 of defaults/main.yml
diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2
index 7285c48..e2c078a 100644
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@@ -15,6 +15,7 @@ health-enabled={{ keycloak_quarkus_health_enabled }}
 # HTTP
 http-enabled={{ keycloak_quarkus_http_enabled }}
 http-port={{ keycloak_quarkus_http_port }}
+http-relative-path={{ keycloak_quarkus_http_relative_path }}
 
 # HTTPS
 https-port={{ keycloak_quarkus_https_port }}
@@ -23,10 +24,15 @@ https-certificate-file={{ keycloak_quarkus_cert_file}}
 https-certificate-key-file={{ keycloak_quarkus_key_file }}
 {% endif %}
 
-# Hostname for the Keycloak server.
+# Client URL configuration
+{% if keycloak_quarkus_frontend_url %}
+hostname-url={{ keycloak_quarkus_frontend_url }}
+{% else %}
 hostname={{ keycloak_quarkus_host }}
 hostname-port={{ keycloak_quarkus_port }}
-hostname-path={{ keycloak_quarkus_http_relative_path }}
+hostname-path={{ keycloak_quarkus_path }}
+{% endif %}
+hostname-admin-url={{ keycloak_quarkus_admin_url }}
 
 # Cluster
 {% if keycloak_quarkus_ha_enabled %}