From 4baf6c73ea640a06ad03dffb14b48a643e6767cb Mon Sep 17 00:00:00 2001 From: Andreas Wagner Date: Wed, 16 Jul 2025 09:26:15 +0200 Subject: [PATCH 1/2] Updated quarkus and realm readme, declared proxy_mode as deprecated --- roles/keycloak_quarkus/README.md | 6 +++--- roles/keycloak_quarkus/defaults/main.yml | 2 +- roles/keycloak_realm/README.md | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md index cf89b89..330174e 100644 --- a/roles/keycloak_quarkus/README.md +++ b/roles/keycloak_quarkus/README.md @@ -60,7 +60,7 @@ Role Defaults |`keycloak_quarkus_java_heap_opts`| Heap memory JVM setting | `-Xms1024m -Xmx2048m` | |`keycloak_quarkus_java_jvm_opts`| Other JVM settings | same as keycloak | |`keycloak_quarkus_java_opts`| JVM arguments; if overridden, it takes precedence over `keycloak_quarkus_java_*` | `{{ keycloak_quarkus_java_heap_opts + ' ' + keycloak_quarkus_java_jvm_opts }}` | -|`keycloak_quarkus_additional_env_vars` | List of additional env variables of { key: str, value: str} to be put in sysconfig file | `[]` | +|`keycloak_quarkus_additional_env_vars` | List of additional env variables of { key: str, value: str} to be put in sysconfig file, see https://www.keycloak.org/server/all-config | `[]` | |`keycloak_quarkus_frontend_url`| Deprecated, use `keycloak_quarkus_hostname` instead. | | |`keycloak_quarkus_admin_url`| Deprecated, use `keycloak_quarkus_hostname_admin` instead. | | |`keycloak_quarkus_health_check_url`| Full URL (including scheme, host, path, fragment etc.) used for health check endpoint; keycloak_quarkus_hostname will NOT be prepended; helpful when health checks should happen against http port, but keycloak_quarkus_hostname uses https scheme per default | `` | @@ -166,7 +166,7 @@ Role Defaults |`keycloak_quarkus_log_format`| Set a format specific to file log entries | `%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n` | |`keycloak_quarkus_log_target`| Set the destination of the keycloak log folder link | `/var/log/keycloak` | |`keycloak_quarkus_log_max_file_size`| Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): `[0-9]+[KkMmGgTtPpEeZzYy]?`. If no suffix is given, assume bytes. | `10M` | -|`keycloak_quarkus_log_max_backup_index`| Set the maximum number of archived log files to keep" | `10` | +|`keycloak_quarkus_log_max_backup_index`| Set the maximum number of archived log files to keep | `10` | |`keycloak_quarkus_log_file_suffix`| Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with `.zip` or `.gz`, the rotation file will also be compressed. | `.yyyy-MM-dd.zip` | @@ -183,7 +183,7 @@ Role Defaults |`keycloak_quarkus_master_realm` | Name for rest authentication realm | `master` | |`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` | |`keycloak_quarkus_force_install` | Remove pre-existing versions of service | `False` | -|`keycloak_quarkus_proxy_mode`| The proxy address forwarding mode if the server is behind a reverse proxy | `edge` | +|`keycloak_quarkus_proxy_mode`| The proxy address forwarding mode if the server is behind a reverse proxy (deprecated) | `none` | |`keycloak_quarkus_start_dev`| Whether to start the service in development mode (start-dev) | `False` | |`keycloak_quarkus_transaction_xa_enabled`| Whether to use XA transactions | `True` | |`keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route`| If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy | `True` | diff --git a/roles/keycloak_quarkus/defaults/main.yml b/roles/keycloak_quarkus/defaults/main.yml index 2d1326e..043f069 100644 --- a/roles/keycloak_quarkus/defaults/main.yml +++ b/roles/keycloak_quarkus/defaults/main.yml @@ -105,7 +105,7 @@ keycloak_quarkus_hostname_backchannel_dynamic: false keycloak_quarkus_proxy_headers: "" # deprecated: proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough] -keycloak_quarkus_proxy_mode: edge +keycloak_quarkus_proxy_mode: none # disable xa transactions keycloak_quarkus_transaction_xa_enabled: true diff --git a/roles/keycloak_realm/README.md b/roles/keycloak_realm/README.md index 2fb8942..e01c72f 100644 --- a/roles/keycloak_realm/README.md +++ b/roles/keycloak_realm/README.md @@ -44,7 +44,7 @@ The following variables are available for creating clients: |`keycloak_client_users` | List of user/role mappings for a client | `[]` | -The following variable are available for creating user federation: +The following variables are available for creating user federation: | Variable | Description | Default | |:---------|:------------|:---------| From 8e5388b21b80974483df234fc8255ce6c5e3b440 Mon Sep 17 00:00:00 2001 From: Andreas Wagner Date: Thu, 17 Jul 2025 09:21:44 +0200 Subject: [PATCH 2/2] Updated argument_specs and declared keycloak_quarkus_proxy_mode as deprecated --- roles/keycloak_quarkus/meta/argument_specs.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml index 7525c50..269de3b 100644 --- a/roles/keycloak_quarkus/meta/argument_specs.yml +++ b/roles/keycloak_quarkus/meta/argument_specs.yml @@ -344,9 +344,9 @@ argument_specs: Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix. Note: If the suffix ends with .zip or .gz, the rotation file will also be compressed. keycloak_quarkus_proxy_mode: - default: 'edge' + default: 'none' type: "str" - description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy" + description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' as it is deprecated according to Keycloak documentation" keycloak_quarkus_proxy_headers: default: "" type: "str"