ansible-collections/middleware_automation.keycloak
1
0
Fork 0
mirror of https://github.com/ansible-middleware/keycloak.git synced 2025-04-06 10:50:31 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #213 from guidograzioli/2_2_3_linter

Browse source 
Linter warnings fix pass
This commit is contained in:
Guido Grazioli 2024-05-07 10:30:16 +02:00 committed by GitHub
commit 3863508df5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 90 additions and 68 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.ansible-lint
View file

@ -28,7 +28,6 @@ warn_list:
- name[casing] - name[casing]
- fqcn[action] - fqcn[action]
- schema[meta] - schema[meta]
- var-naming[no-role-prefix]
- key-order[task] - key-order[task]
- blocked_modules - blocked_modules
@ -36,6 +35,7 @@ skip_list:
- vars_should_not_be_used - vars_should_not_be_used
- file_is_small_enough - file_is_small_enough
- name[template] - name[template]
- var-naming[no-role-prefix]
use_default_rules: true use_default_rules: true
parseable: true parseable: true

32
changelogs/config.yaml
View file

@ -11,22 +11,22 @@ notesdir: fragments
prelude_section_name: release_summary prelude_section_name: release_summary
prelude_section_title: Release Summary prelude_section_title: Release Summary
sections: sections:
- - major_changes - - major_changes
- Major Changes - Major Changes
- - minor_changes - - minor_changes
- Minor Changes - Minor Changes
- - breaking_changes - - breaking_changes
- Breaking Changes / Porting Guide - Breaking Changes / Porting Guide
- - deprecated_features - - deprecated_features
- Deprecated Features - Deprecated Features
- - removed_features - - removed_features
- Removed Features - Removed Features
- - security_fixes - - security_fixes
- Security Fixes - Security Fixes
- - bugfixes - - bugfixes
- Bugfixes - Bugfixes
- - known_issues - - known_issues
- Known Issues - Known Issues
title: middleware_automation.keycloak title: middleware_automation.keycloak
trivial_section_name: trivial trivial_section_name: trivial
use_fqcn: true use_fqcn: true

10
roles/keycloak/meta/argument_specs.yml
View file

@ -86,7 +86,9 @@ argument_specs:
type: "str" type: "str"
keycloak_features: keycloak_features:
default: "[]" default: "[]"
description: "List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]`" description: >
List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`,
example: `[ { name: 'docker', status: 'enabled' } ]`
type: "list" type: "list"
keycloak_bind_address: keycloak_bind_address:
default: "0.0.0.0" default: "0.0.0.0"
@ -310,7 +312,8 @@ argument_specs:
type: "str" type: "str"
keycloak_jgroups_subnet: keycloak_jgroups_subnet:
required: false required: false
description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration" description: >
Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration
type: "str" type: "str"
keycloak_log_target: keycloak_log_target:
default: '/var/log/keycloak' default: '/var/log/keycloak'
@ -323,7 +326,8 @@ argument_specs:
description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location" description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location"
type: "str" type: "str"
keycloak_jdbc_download_pass: keycloak_jdbc_download_pass:
description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_jdbc_download_user)" description: >
Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_jdbc_download_user)
type: "str" type: "str"
keycloak_jdbc_download_validate_certs: keycloak_jdbc_download_validate_certs:
default: true default: true

7
roles/keycloak/tasks/fastpackages.yml
View file

@ -8,7 +8,8 @@
- name: "Add missing packages to the yum install list" - name: "Add missing packages to the yum install list"
ansible.builtin.set_fact: ansible.builtin.set_fact:
packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}" packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | \
map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
when: ansible_facts.os_family == "RedHat" when: ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_to_install }}" - name: "Install packages: {{ packages_to_install }}"
@ -17,8 +18,8 @@
name: "{{ packages_to_install }}" name: "{{ packages_to_install }}"
state: present state: present
when: when:
- packages_to_install | default([]) | length > 0 - packages_to_install | default([]) | length > 0
- ansible_facts.os_family == "RedHat" - ansible_facts.os_family == "RedHat"
- name: "Install packages: {{ packages_list }}" - name: "Install packages: {{ packages_list }}"
become: true become: true

24
roles/keycloak/tasks/install.yml
View file

@ -41,8 +41,8 @@
ansible.builtin.user: ansible.builtin.user:
name: "{{ keycloak_service_user }}" name: "{{ keycloak_service_user }}"
home: /opt/keycloak home: /opt/keycloak
system: yes system: true
create_home: no create_home: false
- name: "Create install location for {{ keycloak.service_name }}" - name: "Create install location for {{ keycloak.service_name }}"
become: true become: true
@ -51,7 +51,7 @@
state: directory state: directory
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0750 mode: '0750'
- name: Create pidfile folder - name: Create pidfile folder
become: true become: true
@ -60,7 +60,7 @@
state: directory state: directory
owner: "{{ keycloak_service_user if keycloak_service_runas else omit }}" owner: "{{ keycloak_service_user if keycloak_service_runas else omit }}"
group: "{{ keycloak_service_group if keycloak_service_runas else omit }}" group: "{{ keycloak_service_group if keycloak_service_runas else omit }}"
mode: 0750 mode: '0750'
## check remote archive ## check remote archive
- name: Set download archive path - name: Set download archive path
@ -84,7 +84,7 @@
ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
url: "{{ keycloak_download_url }}" url: "{{ keycloak_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
mode: 0644 mode: '0644'
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
when: when:
@ -136,7 +136,7 @@
ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
url: "{{ keycloak_rhsso_download_url }}" url: "{{ keycloak_rhsso_download_url }}"
dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}" dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
mode: 0644 mode: '0644'
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
when: when:
@ -160,7 +160,7 @@
dest: "{{ archive }}" dest: "{{ archive }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
register: new_version_downloaded register: new_version_downloaded
when: when:
- not archive_path.stat.exists - not archive_path.stat.exists
@ -221,7 +221,7 @@
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
notify: notify:
- restart keycloak - restart keycloak
when: keycloak_config_override_template | length > 0 when: keycloak_config_override_template | length > 0
@ -233,7 +233,7 @@
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
notify: notify:
- restart keycloak - restart keycloak
when: when:
@ -261,7 +261,7 @@
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
notify: notify:
- restart keycloak - restart keycloak
when: when:
@ -276,7 +276,7 @@
dest: "{{ keycloak_config_path_to_standalone_xml }}" dest: "{{ keycloak_config_path_to_standalone_xml }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
notify: notify:
- restart keycloak - restart keycloak
when: when:
@ -291,7 +291,7 @@
dest: "{{ keycloak_config_path_to_properties }}" dest: "{{ keycloak_config_path_to_properties }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
notify: notify:
- restart keycloak - restart keycloak
when: keycloak_features | length > 0 when: keycloak_features | length > 0

11
roles/keycloak/tasks/jdbc_driver.yml
View file

@ -12,7 +12,7 @@
recurse: true recurse: true
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0750 mode: '0750'
become: true become: true
when: when:
- not dest_path.stat.exists - not dest_path.stat.exists
@ -20,8 +20,9 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
When JDBC driver download credentials are set, both the username and the password MUST be set When JDBC driver download credentials are set, both the username and the password MUST be set
when: when: >
- (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or (keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined) (keycloak_jdbc_download_user is undefined and keycloak_jdbc_download_pass is not undefined) or
(keycloak_jdbc_download_pass is undefined and keycloak_jdbc_download_user is not undefined)
- name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}" - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_jdbc_engine].driver_jar_url }}"
ansible.builtin.get_url: ansible.builtin.get_url:
@ -32,7 +33,7 @@
url_username: "{{ keycloak_jdbc_download_user | default(omit) }}" url_username: "{{ keycloak_jdbc_download_user | default(omit) }}"
url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}" url_password: "{{ keycloak_jdbc_download_pass | default(omit) }}"
validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}" validate_certs: "{{ keycloak_jdbc_download_validate_certs | default(omit) }}"
mode: 0640 mode: '0640'
become: true become: true
- name: "Deploy module.xml for JDBC Driver" - name: "Deploy module.xml for JDBC Driver"
@ -41,5 +42,5 @@
dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/module.xml" dest: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}/module.xml"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
mode: 0640 mode: '0640'
become: true become: true

9
roles/keycloak/tasks/prereqs.yml
View file

@ -4,13 +4,16 @@
that: that:
- keycloak_admin_password | length > 12 - keycloak_admin_password | length > 12
quiet: true quiet: true
fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string" fail_msg: >
The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string
success_msg: "{{ 'Console administrator password OK' }}" success_msg: "{{ 'Console administrator password OK' }}"
- name: Validate configuration - name: Validate configuration
ansible.builtin.assert: ansible.builtin.assert:
that: that: >
- (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled) (keycloak_ha_enabled and keycloak_db_enabled) or
(not keycloak_ha_enabled and keycloak_db_enabled) or
(not keycloak_ha_enabled and not keycloak_db_enabled)
quiet: true quiet: true
fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled" fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}" success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"

2
roles/keycloak/tasks/restart_keycloak.yml
View file

@ -22,7 +22,7 @@
- name: "Restart and enable {{ keycloak.service_name }} service" - name: "Restart and enable {{ keycloak.service_name }} service"
ansible.builtin.systemd: ansible.builtin.systemd:
name: keycloak name: keycloak
enabled: yes enabled: true
state: restarted state: restarted
become: true become: true
when: inventory_hostname != ansible_play_hosts | first when: inventory_hostname != ansible_play_hosts | first

2
roles/keycloak/tasks/rhsso_cli.yml
View file

@ -10,4 +10,4 @@
ansible.builtin.command: > ansible.builtin.command: >
{{ keycloak.cli_path }} --connect --command='{{ query }}' --controller={{ keycloak_host }}:{{ keycloak_management_http_port }} {{ keycloak.cli_path }} --connect --command='{{ query }}' --controller={{ keycloak_host }}:{{ keycloak_management_http_port }}
changed_when: false changed_when: false
register: cli_result register: cli_result

12
roles/keycloak/tasks/rhsso_patch.yml
View file

@ -45,7 +45,7 @@
- name: Determine latest version - name: Determine latest version
ansible.builtin.set_fact: ansible.builtin.set_fact:
sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}" sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
when: sso_patch_version is not defined or sso_patch_version | length == 0 when: sso_patch_version is not defined or sso_patch_version | length == 0
delegate_to: localhost delegate_to: localhost
run_once: true run_once: true
@ -95,7 +95,7 @@
dest: "{{ patch_archive }}" dest: "{{ patch_archive }}"
owner: "{{ keycloak_service_user }}" owner: "{{ keycloak_service_user }}"
group: "{{ keycloak_service_group }}" group: "{{ keycloak_service_group }}"
mode: 0640 mode: '0640'
register: new_version_downloaded register: new_version_downloaded
when: when:
- not patch_archive_path.stat.exists - not patch_archive_path.stat.exists
@ -135,8 +135,8 @@
- cli_result.rc == 0 - cli_result.rc == 0
args: args:
apply: apply:
become: true become: true
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}" - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
ansible.builtin.uri: ansible.builtin.uri:
@ -152,8 +152,8 @@
query: "patch info" query: "patch info"
args: args:
apply: apply:
become: true become: true
become_user: "{{ keycloak_service_user }}" become_user: "{{ keycloak_service_user }}"
- name: "Verify installed patch version" - name: "Verify installed patch version"
ansible.builtin.assert: ansible.builtin.assert:

6
roles/keycloak/tasks/systemd.yml
View file

@ -6,7 +6,7 @@
dest: "{{ keycloak_dest }}/keycloak-service.sh" dest: "{{ keycloak_dest }}/keycloak-service.sh"
owner: root owner: root
group: root group: root
mode: 0755 mode: '0755'
notify: notify:
- restart keycloak - restart keycloak
@ -17,7 +17,7 @@
dest: "{{ keycloak_sysconf_file }}" dest: "{{ keycloak_sysconf_file }}"
owner: root owner: root
group: root group: root
mode: 0644 mode: '0644'
notify: notify:
- restart keycloak - restart keycloak
@ -27,7 +27,7 @@
dest: /etc/systemd/system/keycloak.service dest: /etc/systemd/system/keycloak.service
owner: root owner: root
group: root group: root
mode: 0644 mode: '0644'
become: true become: true
register: systemdunit register: systemdunit
notify: notify:

5
roles/keycloak/vars/debian.yml
View file

@ -6,6 +6,7 @@ keycloak_prereq_package_list:
- procps - procps
- apt - apt
- tzdata - tzdata
keycloak_configure_iptables: True keycloak_configure_iptables: true
keycloak_sysconf_file: /etc/default/keycloak keycloak_sysconf_file: /etc/default/keycloak
keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_varjvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}" keycloak_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_varjvm_package | \
regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"

14
roles/keycloak/vars/main.yml
View file

@ -13,7 +13,8 @@ keycloak:
service_name: "{{ keycloak_service_name }}" service_name: "{{ keycloak_service_name }}"
health_url: "{{ keycloak_management_url }}/health" health_url: "{{ keycloak_management_url }}/health"
cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh" cli_path: "{{ keycloak_jboss_home }}/bin/jboss-cli.sh"
config_template_source: "{{ keycloak_config_override_template if keycloak_config_override_template | length > 0 else 'standalone-ha.xml.j2' if keycloak_remote_cache_enabled else 'standalone.xml.j2' }}" config_template_source: "{{ keycloak_config_override_template if keycloak_config_override_template | length > 0 \
else 'standalone-ha.xml.j2' if keycloak_remote_cache_enabled else 'standalone.xml.j2' }}"
features: "{{ keycloak_features }}" features: "{{ keycloak_features }}"
# database # database
@ -26,7 +27,8 @@ keycloak_jdbc:
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main" driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/postgresql/main"
driver_version: "{{ keycloak_jdbc_driver_version }}" driver_version: "{{ keycloak_jdbc_driver_version }}"
driver_jar_filename: "postgresql-{{ keycloak_jdbc_driver_version }}.jar" driver_jar_filename: "postgresql-{{ keycloak_jdbc_driver_version }}.jar"
driver_jar_url: "https://repo.maven.apache.org/maven2/org/postgresql/postgresql/{{ keycloak_jdbc_driver_version }}/postgresql-{{ keycloak_jdbc_driver_version }}.jar" driver_jar_url: >
{{ keycloak_maven_central }}org/postgresql/postgresql/{{ keycloak_jdbc_driver_version }}/postgresql-{{ keycloak_jdbc_driver_version }}.jar
connection_url: "{{ keycloak_jdbc_url }}" connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}" db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}" db_password: "{{ keycloak_db_pass }}"
@ -46,7 +48,8 @@ keycloak_jdbc:
driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main" driver_module_dir: "{{ keycloak_jboss_home }}/modules/org/mariadb/main"
driver_version: "{{ keycloak_jdbc_driver_version }}" driver_version: "{{ keycloak_jdbc_driver_version }}"
driver_jar_filename: "mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar" driver_jar_filename: "mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar"
driver_jar_url: "https://repo1.maven.org/maven2/org/mariadb/jdbc/mariadb-java-client/{{ keycloak_jdbc_driver_version }}/mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar" driver_jar_url: >
{{ keycloak_maven_central }}org/mariadb/jdbc/mariadb-java-client/{{ keycloak_jdbc_driver_version }}/mariadb-java-client-{{ keycloak_jdbc_driver_version }}.jar
connection_url: "{{ keycloak_jdbc_url }}" connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}" db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}" db_password: "{{ keycloak_db_pass }}"
@ -67,7 +70,8 @@ keycloak_jdbc:
driver_module_dir: "{{ keycloak_jboss_home }}/modules/com/microsoft/sqlserver/main" driver_module_dir: "{{ keycloak_jboss_home }}/modules/com/microsoft/sqlserver/main"
driver_version: "{{ keycloak_jdbc_driver_version }}" driver_version: "{{ keycloak_jdbc_driver_version }}"
driver_jar_filename: "mssql-java-client-{{ keycloak_jdbc_driver_version }}.jar" driver_jar_filename: "mssql-java-client-{{ keycloak_jdbc_driver_version }}.jar"
driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/{{ keycloak_jdbc_driver_version }}.jre11/mssql-jdbc-{{ keycloak_jdbc_driver_version }}.jre11.jar" # e.g., https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar driver_jar_url: >
{{ keycloak_maven_central }}com/microsoft/sqlserver/mssql-jdbc/{{ keycloak_jdbc_driver_version }}.jre11/mssql-jdbc-{{ keycloak_jdbc_driver_version }}.jre11.jar
connection_url: "{{ keycloak_jdbc_url }}" connection_url: "{{ keycloak_jdbc_url }}"
db_user: "{{ keycloak_db_user }}" db_user: "{{ keycloak_db_user }}"
db_password: "{{ keycloak_db_pass }}" db_password: "{{ keycloak_db_pass }}"
@ -102,3 +106,5 @@ keycloak_remotecache:
use_ssl: "{{ keycloak_infinispan_use_ssl }}" use_ssl: "{{ keycloak_infinispan_use_ssl }}"
trust_store_path: "{{ keycloak_infinispan_trust_store_path }}" trust_store_path: "{{ keycloak_infinispan_trust_store_path }}"
trust_store_password: "{{ keycloak_infinispan_trust_store_password }}" trust_store_password: "{{ keycloak_infinispan_trust_store_password }}"
keycloak_maven_central: https://repo1.maven.org/maven2/

2
roles/keycloak_quarkus/handlers/main.yml
View file

@ -12,6 +12,6 @@
- name: "Print deprecation warning" - name: "Print deprecation warning"
ansible.builtin.fail: ansible.builtin.fail:
msg: "Deprecation warning: you are using the deprecated variable '{{ deprecated_variable | d('NotSet') }}', check docs on how to upgrade." msg: "Deprecation warning: you are using the deprecated variable '{{ deprecated_variable | d('NotSet') }}', check docs on how to upgrade."
ignore_errors: true
failed_when: false failed_when: false
changed_when: true
listen: "print deprecation warning" listen: "print deprecation warning"

8
roles/keycloak_quarkus/meta/argument_specs.yml
View file

@ -170,7 +170,9 @@ argument_specs:
type: "str" type: "str"
keycloak_quarkus_config_key_store_password: keycloak_quarkus_config_key_store_password:
default: "" default: ""
description: "Password of the configuration key store; if non-empty, `keycloak_quarkus_db_pass` will be saved to the key store at `keycloak_quarkus_config_key_store_file` (instead of being written to the configuration file in clear text" description: >
Password of the configuration key store; if non-empty, `keycloak_quarkus_db_pass` will be saved to the key store
at `keycloak_quarkus_config_key_store_file` (instead of being written to the configuration file in clear text)
type: "str" type: "str"
keycloak_quarkus_https_port: keycloak_quarkus_https_port:
default: 8443 default: 8443
@ -399,7 +401,9 @@ argument_specs:
description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location" description: "Set a username with which to authenticate when downloading JDBC drivers from an alternative location"
type: "str" type: "str"
keycloak_quarkus_jdbc_download_pass: keycloak_quarkus_jdbc_download_pass:
description: "Set a password with which to authenticate when downloading JDBC drivers from an alternative location (requires keycloak_quarkus_jdbc_download_user)" description: >
Set a password with which to authenticate when downloading JDBC drivers from an alternative location
(requires `keycloak_quarkus_jdbc_download_user``)
type: "str" type: "str"
keycloak_quarkus_jdbc_download_validate_certs: keycloak_quarkus_jdbc_download_validate_certs:
default: true default: true

4
roles/keycloak_quarkus/tasks/install.yml
View file

@ -170,7 +170,7 @@
dest: "{{ keycloak_quarkus_key_file }}" dest: "{{ keycloak_quarkus_key_file }}"
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: 0640 mode: '0640'
become: true become: true
when: when:
- keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled
@ -183,7 +183,7 @@
dest: "{{ keycloak_quarkus_cert_file }}" dest: "{{ keycloak_quarkus_cert_file }}"
owner: "{{ keycloak.service_user }}" owner: "{{ keycloak.service_user }}"
group: "{{ keycloak.service_group }}" group: "{{ keycloak.service_group }}"
mode: 0644 mode: '0644'
become: true become: true
when: when:
- keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled - keycloak_quarkus_https_key_file_enabled is defined and keycloak_quarkus_https_key_file_enabled

8
roles/keycloak_quarkus/tasks/jdbc_driver.yml
View file

@ -3,9 +3,11 @@
ansible.builtin.fail: ansible.builtin.fail:
msg: >- msg: >-
When JDBC driver download credentials are set, both the username and the password MUST be set When JDBC driver download credentials are set, both the username and the password MUST be set
when: when: >
- (keycloak_quarkus_jdbc_download_user is undefined and keycloak_quarkus_jdbc_download_pass is not undefined) or (keycloak_quarkus_jdbc_download_pass is undefined and keycloak_quarkus_jdbc_download_user is not undefined) (keycloak_quarkus_jdbc_download_user is undefined and keycloak_quarkus_jdbc_download_pass is not undefined) or
- name: "Retrieve JDBC Driver from {{ keycloak_jdbc_download_user | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}" (keycloak_quarkus_jdbc_download_pass is undefined and keycloak_quarkus_jdbc_download_user is not undefined)
- name: "Retrieve JDBC Driver from {{ keycloak_jdbc_download_url | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}"
ansible.builtin.get_url: ansible.builtin.get_url:
url: "{{ keycloak_quarkus_jdbc_download_url | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}" url: "{{ keycloak_quarkus_jdbc_download_url | default(keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url) }}"
dest: "{{ keycloak.home }}/providers" dest: "{{ keycloak.home }}/providers"