From 8e2f3eb77f0687c12761305205b16c5efdfeaaaf Mon Sep 17 00:00:00 2001
From: Christian Iuga <ciuga@embl.fr>
Date: Mon, 15 Apr 2024 14:41:56 +0200
Subject: [PATCH 1/5] Permit parse reverse proxy headers

- Via created a new optional variable : keycloak_quarkus_proxy_headers
- Fix enhancement #183
- see https://www.keycloak.org/server/reverseproxy about the official documentation
---
 roles/keycloak_quarkus/README.md                     | 2 +-
 roles/keycloak_quarkus/templates/keycloak.service.j2 | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/roles/keycloak_quarkus/README.md b/roles/keycloak_quarkus/README.md
index db02574..d6fa46d 100644
--- a/roles/keycloak_quarkus/README.md
+++ b/roles/keycloak_quarkus/README.md
@@ -54,7 +54,7 @@ Role Defaults
 |`keycloak_quarkus_https_trust_store_enabled`| Enalbe confiugration of a trust store | `False` |
 |`keycloak_quarkus_trust_store_file`| The file pat to the trust store | `{{ keycloak.home }}/conf/trust_store.p12` |
 |`keycloak_quarkus_trust_store_password`| Password for the trust store | `""` |
-
+|`keycloak_quarkus_proxy_headers`| Parse reverse proxy headers (`forwarded` or `xforwardedPassword`) | `""` |
 
 * Hostname configuration
 
diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2
index 3cdfacf..77395c6 100644
--- a/roles/keycloak_quarkus/templates/keycloak.service.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.service.j2
@@ -8,10 +8,10 @@ Type=simple
 EnvironmentFile=-{{ keycloak_quarkus_sysconf_file }}
 PIDFile={{ keycloak_quarkus_service_pidfile }}
 {% if keycloak_quarkus_start_dev %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
-{% else %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
-{% endif %}
+ExecStart={{ keycloak.home }}/bin/kc.sh start-dev{% if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{ keycloak_quarkus_proxy_headers }}{% endif -%}{{ '\n' }}
+{% else -%}
+ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized{% if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{ keycloak_quarkus_proxy_headers }}{% endif -%}{{ '\n' }}
+{%- endif %}
 User={{ keycloak.service_user }}
 Group={{ keycloak.service_group }}
 {% if keycloak_quarkus_service_restart_always %}

From 4aa862101c2f3b566686b8c77ea9d95407acb80e Mon Sep 17 00:00:00 2001
From: Christian Iuga <ciuga@embl.fr>
Date: Mon, 15 Apr 2024 15:48:02 +0200
Subject: [PATCH 2/5] Add new variable keycloak_quarkus_proxy_headers into
 meta/argument_specs.yml

Fix comment https://github.com/ansible-middleware/keycloak/pull/187#discussion_r1565772058
---
 roles/keycloak_quarkus/meta/argument_specs.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/keycloak_quarkus/meta/argument_specs.yml b/roles/keycloak_quarkus/meta/argument_specs.yml
index f4b87d7..36f5adc 100644
--- a/roles/keycloak_quarkus/meta/argument_specs.yml
+++ b/roles/keycloak_quarkus/meta/argument_specs.yml
@@ -285,6 +285,10 @@ argument_specs:
                 default: 'edge'
                 type: "str"
                 description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy"
+            keycloak_quarkus_proxy_headers:
+                default: ""
+                type: "str"
+                description: "Parse reverse proxy headers (`forwarded` or `xforwardedPassword`), overrides the deprecated keycloak_quarkus_proxy_mode argument"
             keycloak_quarkus_start_dev:
                 default: false
                 type: "bool"

From 27717d7b4eef4696dba6db8d3499c02782270854 Mon Sep 17 00:00:00 2001
From: Christian Iuga <ciuga@embl.fr>
Date: Mon, 15 Apr 2024 15:50:55 +0200
Subject: [PATCH 3/5] Avoid cmd-line arguments

Fix https://github.com/ansible-middleware/keycloak/pull/187#discussion_r1565779164
---
 roles/keycloak_quarkus/templates/keycloak.service.j2 | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2
index 77395c6..46c7f34 100644
--- a/roles/keycloak_quarkus/templates/keycloak.service.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.service.j2
@@ -7,11 +7,15 @@ After=network.target
 Type=simple
 EnvironmentFile=-{{ keycloak_quarkus_sysconf_file }}
 PIDFile={{ keycloak_quarkus_service_pidfile }}
-{% if keycloak_quarkus_start_dev %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start-dev{% if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{ keycloak_quarkus_proxy_headers }}{% endif -%}{{ '\n' }}
+{% if keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is defined %}
+ExecStart={{ keycloak.home }}/bin/kc.sh start-dev --proxy-headers {{ keycloak_quarkus_proxy_headers }}
+{% elif keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is not defined %}
+ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
+{% elif not keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is defined %}
+ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized --proxy-headers {{ keycloak_quarkus_proxy_headers }}
 {% else -%}
-ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized{% if keycloak_quarkus_proxy_headers is defined %} --proxy-headers {{ keycloak_quarkus_proxy_headers }}{% endif -%}{{ '\n' }}
-{%- endif %}
+ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
+{% endif %}
 User={{ keycloak.service_user }}
 Group={{ keycloak.service_group }}
 {% if keycloak_quarkus_service_restart_always %}

From 3fbae4882e0d2c058cd42ee2cfd6b0b41f7a29f8 Mon Sep 17 00:00:00 2001
From: Christian Iuga <ciuga@embl.fr>
Date: Tue, 16 Apr 2024 13:39:33 +0200
Subject: [PATCH 4/5] move keycloak_quarkus_proxy_headers into keycloak.conf

---
 roles/keycloak_quarkus/templates/keycloak.conf.j2    | 7 ++++++-
 roles/keycloak_quarkus/templates/keycloak.service.j2 | 6 +-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2
index b23a250..20d3f7f 100644
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@@ -54,9 +54,14 @@ cache-config-file=cache-ispn.xml
 {% endif %}
 
 {% if keycloak_quarkus_proxy_mode is defined and keycloak_quarkus_proxy_mode != "none" %}
-# Proxy
+# Deprecated Proxy configuration
 proxy={{ keycloak_quarkus_proxy_mode }}
 {% endif %}
+{% if keycloak_quarkus_proxy_headers is defined and keycloak_quarkus_proxy_headers != "none" %}
+# Proxy
+proxy-headers={{ keycloak_quarkus_proxy_headers }}
+{% endif %}
+
 spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route | d(true) | lower }}
 
 # Transaction
diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2
index 46c7f34..30f4273 100644
--- a/roles/keycloak_quarkus/templates/keycloak.service.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.service.j2
@@ -7,12 +7,8 @@ After=network.target
 Type=simple
 EnvironmentFile=-{{ keycloak_quarkus_sysconf_file }}
 PIDFile={{ keycloak_quarkus_service_pidfile }}
-{% if keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is defined %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start-dev --proxy-headers {{ keycloak_quarkus_proxy_headers }}
-{% elif keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is not defined %}
+{% if keycloak_quarkus_start_dev %}
 ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
-{% elif not keycloak_quarkus_start_dev and keycloak_quarkus_proxy_headers is defined %}
-ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized --proxy-headers {{ keycloak_quarkus_proxy_headers }}
 {% else -%}
 ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
 {% endif %}

From ea57f8b68942a0c4f07b371bdc9f893242a55667 Mon Sep 17 00:00:00 2001
From: Christian Iuga <ciuga@embl.fr>
Date: Tue, 16 Apr 2024 13:41:09 +0200
Subject: [PATCH 5/5] remove unwanted extra code

---
 roles/keycloak_quarkus/templates/keycloak.service.j2 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/keycloak_quarkus/templates/keycloak.service.j2 b/roles/keycloak_quarkus/templates/keycloak.service.j2
index 30f4273..3cdfacf 100644
--- a/roles/keycloak_quarkus/templates/keycloak.service.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.service.j2
@@ -9,7 +9,7 @@ EnvironmentFile=-{{ keycloak_quarkus_sysconf_file }}
 PIDFile={{ keycloak_quarkus_service_pidfile }}
 {% if keycloak_quarkus_start_dev %}
 ExecStart={{ keycloak.home }}/bin/kc.sh start-dev
-{% else -%}
+{% else %}
 ExecStart={{ keycloak.home }}/bin/kc.sh start --optimized
 {% endif %}
 User={{ keycloak.service_user }}