Merge pull request #134 from guidograzioli/linter_yaml_2

Linter yaml 2

.github/workflows/ci.yml

@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - main
-  pull_request:
+  pull_request_target:
   schedule:
     - cron: '0 6 * * *'
 

README.md

@@ -66,11 +66,11 @@ For full service configuration details, refer to the [keycloak role README](http
 
 #### Install from controller node (offline)
 
-Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `True`, allows to skip
+Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `true`, allows to skip
 the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster.
 
 ```yaml
-keycloak_offline_install: True
+keycloak_offline_install: true
 ```
 
 

meta/runtime.yml

@@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.14.0"
+requires_ansible: ">=2.14.0"

playbooks/keycloak_federation.yml

@@ -55,14 +55,14 @@
               - TestClient1Admin
               - TestClient1User
             realm: "{{ keycloak_realm }}"
-            public_client: True
+            public_client: true
             web_origins:
               - http://testclient1origin/application
               - http://testclient1origin/other
             users:
-            - username: TestUser
+              - username: TestUser
-              password: password
+                password: password
-              client_roles:
+                client_roles:
-                - client: TestClient1
+                  - client: TestClient1
-                  role: TestClient1User
+                    role: TestClient1User
-                  realm: "{{ keycloak_realm }}"
+                    realm: "{{ keycloak_realm }}"

playbooks/keycloak_quarkus.yml

@@ -7,7 +7,7 @@
     keycloak_quarkus_port: 8443
     keycloak_quarkus_http_relative_path: ''
     keycloak_quarkus_log: file
-    keycloak_quarkus_https_key_file_enabled: True
+    keycloak_quarkus_https_key_file_enabled: true
     keycloak_quarkus_key_file: conf/key.pem
     keycloak_quarkus_cert_file: conf/cert.pem
   roles:

playbooks/keycloak_realm.yml

@@ -10,17 +10,17 @@
           - TestClient1Admin
           - TestClient1User
         realm: TestRealm
-        public_client: True
+        public_client: true
         web_origins:
           - http://testclient1origin/application
           - http://testclient1origin/other
         users:
-        - username: TestUser
+          - username: TestUser
-          password: password
+            password: password
-          client_roles:
+            client_roles:
-            - client: TestClient1
+              - client: TestClient1
-              role: TestClient1User
+                role: TestClient1User
-              realm: TestRealm
+                realm: TestRealm
   roles:
     - role: middleware_automation.keycloak.keycloak_realm
       keycloak_realm: TestRealm

playbooks/rhsso.yml

@@ -3,6 +3,6 @@
   hosts: sso
   vars:
     keycloak_admin_password: "remembertochangeme"
-    sso_enable: True
+    sso_enable: true
   roles:
     - middleware_automation.keycloak.keycloak

roles/keycloak/README.md

@@ -39,7 +39,7 @@ Versions
 Patching
 --------
 
-When variable `keycloak_rhsso_apply_patches` is `True` (default: `False`), the role will automatically apply the latest cumulative patch for the selected base version.
+When variable `keycloak_rhsso_apply_patches` is `true` (default: `false`), the role will automatically apply the latest cumulative patch for the selected base version.
 
 | RH-SSO VERSION | Release Date      | RH-SSO LATEST CP | Notes           |
 |:---------------|:------------------|:-----------------|:----------------|
@@ -55,7 +55,7 @@ Role Defaults
 | Variable | Description | Default |
 |:---------|:------------|:---------|
 |`keycloak_ha_enabled`| Enable auto configuration for database backend, clustering and remote caches on infinispan | `False` |
-|`keycloak_ha_discovery`| Discovery protocol for HA cluster members | `JDBC_PING` if keycloak_db_enabled else `TCPPING` |
+|`keycloak_ha_discovery`| Discovery protocol for HA cluster members | `JDBC_PING` if `keycloak_db_enabled` else `TCPPING` |
 |`keycloak_db_enabled`| Enable auto configuration for database backend | `True` if `keycloak_ha_enabled` is True, else `False` |
 |`keycloak_remote_cache_enabled`| Enable remote cache store when in clustered ha configurations | `True` if `keycloak_ha_enabled` else `False` |
 |`keycloak_admin_user`| Administration console user account | `admin` |
@@ -68,19 +68,19 @@ Role Defaults
 |`keycloak_jgroups_port`| jgroups cluster tcp port | `7600` |
 |`keycloak_management_http_port`| Management port | `9990` |
 |`keycloak_management_https_port`| TLS management port | `9993` |
-|`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `True` |
+|`keycloak_prefer_ipv4`| Prefer IPv4 stack and addresses for port binding | `true` |
 |`keycloak_config_standalone_xml`| filename for configuration | `keycloak.xml` |
 |`keycloak_service_user`| posix account username | `keycloak` |
 |`keycloak_service_group`| posix account group | `keycloak` |
-|`keycloak_service_restart_always`| systemd restart always behavior activation | `False`
+|`keycloak_service_restart_always`| systemd restart always behavior activation | `False` |
-|`keycloak_service_restart_on_failure`| systemd restart on-failure behavior activation | `False`
+|`keycloak_service_restart_on_failure`| systemd restart on-failure behavior activation | `False` |
 |`keycloak_service_startlimitintervalsec`| systemd StartLimitIntervalSec | `300` |
 |`keycloak_service_startlimitburst`| systemd StartLimitBurst | `5` |
 |`keycloak_service_restartsec`| systemd RestartSec | `10s` |
 |`keycloak_service_pidfile`| pid file path for service | `/run/keycloak/keycloak.pid` |
 |`keycloak_features` | List of `name`/`status` pairs of features (also known as profiles on RH-SSO) to `enable` or `disable`, example: `[ { name: 'docker', status: 'enabled' } ]` | `[]`
 |`keycloak_jvm_package`| RHEL java package runtime | `java-1.8.0-openjdk-headless` |
-|`keycloak_java_home`| JAVA_HOME of installed JRE, leave empty for using specified keycloak_jvm_package RPM path | `None` |
+|`keycloak_java_home`| `JAVA_HOME` of installed JRE, leave empty for using RPM path at `keycloak_jvm_package` | `None` |
 |`keycloak_java_opts`| Additional JVM options | `-Xms1024m -Xmx2048m` |
 
 
@@ -88,12 +88,12 @@ Role Defaults
 
 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_offline_install` | perform an offline install | `False`|
+|`keycloak_offline_install` | perform an offline install | `false`|
 |`keycloak_download_url`| Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/<version>/<archive>`|
 |`keycloak_version`| keycloak.org package version | `18.0.2` |
 |`keycloak_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}` |
-|`keycloak_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` |
+|`keycloak_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `false` |
 
 
 * Miscellaneous configuration
@@ -110,13 +110,13 @@ Role Defaults
 |`keycloak_config_override_template` | Path to custom template for standalone.xml configuration | `''` |
 |`keycloak_auth_realm` | Name for rest authentication realm | `master` |
 |`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` |
-|`keycloak_force_install` | Remove pre-existing versions of service | `False` |
+|`keycloak_force_install` | Remove pre-existing versions of service | `false` |
 |`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port + keycloak_jboss_port_offset }}` |
 |`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port + keycloak_jboss_port_offset }}` |
-|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `False` |
+|`keycloak_frontend_url_force` | Force backend requests to use the frontend URL | `false` |
-|`keycloak_db_background_validation` | Enable background validation of database connection | `False` |
+|`keycloak_db_background_validation` | Enable background validation of database connection | `false` |
 |`keycloak_db_background_validation_millis`| How frequenly the connection pool is validated in the background | `10000` if background validation enabled |
-|`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `False` |
+|`keycloak_db_background_validate_on_match` | Enable validate on match for database connections | `false` |
 |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |
 |`keycloak_log_target`| Set the destination of the keycloak log folder link | `/var/log/keycloak` |
 
@@ -132,7 +132,7 @@ The following are a set of _required_ variables for the role:
 |`keycloak_frontend_url` | frontend URL for keycloak endpoint | `http://localhost:8080/auth/` |
 
 
-The following parameters are _required_ only when `keycloak_ha_enabled` is True:
+The following parameters are _required_ only when `keycloak_ha_enabled` is true:
 
 | Variable | Description | Default |
 |:---------|:------------|:--------|
@@ -150,7 +150,7 @@ The following parameters are _required_ only when `keycloak_ha_enabled` is True:
 |`keycloak_infinispan_trust_store_password`| Password for opening truststore | `changeit` |
 
 
-The following parameters are _required_ only when `keycloak_db_enabled` is True:
+The following parameters are _required_ only when `keycloak_db_enabled` is true:
 
 | Variable | Description | Default |
 |:---------|:------------|:---------|
@@ -196,7 +196,7 @@ Example Playbook
             name: keycloak
           vars:
             keycloak_admin_password: "remembertochangeme"
-            keycloak_offline_install: True
+            keycloak_offline_install: true
             # This should be the filename of keycloak archive on Ansible node: keycloak-16.1.0.zip
 ```
 

roles/keycloak/defaults/main.yml

@@ -5,7 +5,7 @@ keycloak_archive: "keycloak-legacy-{{ keycloak_version }}.zip"
 keycloak_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
 keycloak_download_url_9x: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
 keycloak_installdir: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
-keycloak_offline_install: False
+keycloak_offline_install: false
 
 ### Install location and service settings
 keycloak_jvm_package: java-1.8.0-openjdk-headless
@@ -26,13 +26,13 @@ keycloak_service_name: keycloak
 keycloak_service_desc: Keycloak
 keycloak_service_start_delay: 10
 keycloak_service_start_retries: 25
-keycloak_service_restart_always: False
+keycloak_service_restart_always: false
-keycloak_service_restart_on_failure: False
+keycloak_service_restart_on_failure: false
 keycloak_service_startlimitintervalsec: "300"
 keycloak_service_startlimitburst: "5"
 keycloak_service_restartsec: "10s"
 
-keycloak_configure_firewalld: False
+keycloak_configure_firewalld: false
 
 ### administrator console password
 keycloak_admin_password: ''
@@ -49,11 +49,11 @@ keycloak_management_port_bind_address: 127.0.0.1
 keycloak_management_http_port: 9990
 keycloak_management_https_port: 9993
 keycloak_java_opts: "-Xms1024m -Xmx2048m"
-keycloak_prefer_ipv4: True
+keycloak_prefer_ipv4: true
 keycloak_features: []
 
 ### Enable configuration for database backend, clustering and remote caches on infinispan
-keycloak_ha_enabled: False
+keycloak_ha_enabled: false
 ### Enable database configuration, must be enabled when HA is configured
 keycloak_db_enabled: "{{ True if keycloak_ha_enabled else False }}"
 ### Discovery protocol for ha cluster members, valus [ 'JDBC_PING', 'TCPPING' ]
@@ -66,7 +66,7 @@ keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli
 
-keycloak_force_install: False
+keycloak_force_install: false
 
 ### mod_cluster reverse proxy list
 keycloak_modcluster_enabled: "{{ True if keycloak_ha_enabled else False }}"
@@ -78,7 +78,7 @@ keycloak_modcluster_urls:
 
 ### keycloak frontend url
 keycloak_frontend_url: http://localhost:8080/auth/
-keycloak_frontend_url_force: False
+keycloak_frontend_url_force: false
 keycloak_admin_url:
 
 ### infinispan remote caches access (hotrod)
@@ -86,7 +86,7 @@ keycloak_infinispan_user: supervisor
 keycloak_infinispan_pass: supervisor
 keycloak_infinispan_url: localhost
 keycloak_infinispan_sasl_mechanism: SCRAM-SHA-512
-keycloak_infinispan_use_ssl: False
+keycloak_infinispan_use_ssl: false
 # if ssl is enabled, import ispn server certificate here
 keycloak_infinispan_trust_store_path: /etc/pki/java/cacerts
 keycloak_infinispan_trust_store_password: changeit
@@ -97,9 +97,9 @@ keycloak_jdbc_engine: postgres
 keycloak_db_user: keycloak-user
 keycloak_db_pass: keycloak-pass
 ## connection validation
-keycloak_db_background_validation: False
+keycloak_db_background_validation: false
 keycloak_db_background_validation_millis: "{{ 10000 if keycloak_db_background_validation else 0 }}"
-keycloak_db_background_validate_on_match: False
+keycloak_db_background_validate_on_match: false
 keycloak_jdbc_url: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
 keycloak_jdbc_driver_version: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
 # override the variables above, following defaults show minimum supported versions
@@ -114,7 +114,7 @@ keycloak_default_jdbc:
     url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
     version: 12.2.0
 # role specific vars
-keycloak_no_log: True
+keycloak_no_log: true
 
 ### logging configuration
 keycloak_log_target: /var/log/keycloak

roles/keycloak/meta/argument_specs.yml

@@ -214,7 +214,7 @@ argument_specs:
                 description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
                 type: "str"
             keycloak_frontend_url_force:
-                default: False
+                default: false
                 description: "Force backend requests to use the frontend URL"
                 type: "bool"
             keycloak_infinispan_user:
@@ -337,7 +337,7 @@ argument_specs:
                 description: "Enable remote cache store when in clustered ha configurations"
                 type: "bool"
             keycloak_db_background_validation:
-                default: False
+                default: false
                 description: "Enable background validation of database connection"
                 type: "bool"
             keycloak_db_background_validation_millis:
@@ -345,19 +345,19 @@ argument_specs:
                 description: "How frequenly the connection pool is validated in the background"
                 type: 'int'
             keycloak_db_background_validate_on_match:
-                default: False
+                default: false
                 description: "Enable validate on match for database connections"
                 type: "bool"
             keycloak_db_valid_conn_sql:
-                required: False
+                required: false
                 description: "Override the default database connection validation query sql"
                 type: "str"
             keycloak_admin_url:
-                required: False
+                required: false
                 description: "Override the default administration endpoint URL"
                 type: "str"
             keycloak_jgroups_subnet:
-                required: False
+                required: false
                 description: "Override the subnet match for jgroups cluster formation; if not defined, it will be inferred from local machine route configuration"
                 type: "str"
             keycloak_log_target:
@@ -383,15 +383,15 @@ argument_specs:
                 description: "Installation path for Red Hat SSO"
                 type: "str"
             sso_apply_patches:
-                default: False
+                default: false
                 description: "Install Red Hat SSO most recent cumulative patch"
                 type: "bool"
             sso_enable:
-                default: True
+                default: true
                 description: "Enable Red Hat Single Sign-on installation"
                 type: "str"
             sso_offline_install:
-                default: False
+                default: false
                 description: "Perform an offline install"
                 type: "bool"
             sso_service_name:
@@ -403,7 +403,7 @@ argument_specs:
                 description: "systemd description for Red Hat Single Sign-On"
                 type: "str"
             sso_patch_version:
-                required: False
+                required: false
                 description: "Red Hat Single Sign-On latest cumulative patch version to apply; defaults to latest version when sso_apply_patches is True"
                 type: "str"
             sso_patch_bundle:

roles/keycloak/meta/main.yml

@@ -15,9 +15,9 @@ galaxy_info:
   min_ansible_version: "2.14"
 
   platforms:
-   - name: EL
+    - name: EL
-     versions:
+      versions:
-     - "8"
+        - "8"
 
   galaxy_tags:
     - keycloak

roles/keycloak/tasks/fastpackages.yml

@@ -2,15 +2,15 @@
 - name: "Check if packages are already installed" # noqa command-instead-of-module this runs faster
   ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}"
   register: rpm_info
-  changed_when: False
+  changed_when: false
-  failed_when: False
+  failed_when: false
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
     packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
 
 - name: "Install packages: {{ packages_to_install }}"
-  become: True
+  become: true
   ansible.builtin.yum:
     name: "{{ packages_to_install }}"
     state: present

roles/keycloak/tasks/firewalld.yml

@@ -6,19 +6,19 @@
       - firewalld
 
 - name: Enable and start the firewalld service
-  become: yes
+  become: true
   ansible.builtin.systemd:
     name: firewalld
-    enabled: yes
+    enabled: true
     state: started
 
-- name: "Configure firewall for {{ keycloak.service_name }} ports"
+- name: "Configure firewall ports for {{ keycloak.service_name }}"
-  become: yes
+  become: true
   ansible.posix.firewalld:
     port: "{{ item }}"
     permanent: true
     state: enabled
-    immediate: yes
+    immediate: true
   loop:
     - "{{ keycloak_http_port }}/tcp"
     - "{{ keycloak_https_port }}/tcp"

roles/keycloak/tasks/install.yml

@@ -11,7 +11,7 @@
     quiet: true
 
 - name: Check for an existing deployment
-  become: yes
+  become: true
   ansible.builtin.stat:
     path: "{{ keycloak_jboss_home }}"
   register: existing_deploy
@@ -20,32 +20,32 @@
   when: existing_deploy.stat.exists and keycloak_force_install | bool
   block:
     - name: "Stop the old {{ keycloak.service_name }} service"
-      become: yes
+      become: true
-      ignore_errors: yes
+      failed_when: false
       ansible.builtin.systemd:
         name: keycloak
         state: stopped
     - name: "Remove the old {{ keycloak.service_name }} deployment"
-      become: yes
+      become: true
       ansible.builtin.file:
         path: "{{ keycloak_jboss_home }}"
         state: absent
 
 - name: Check for an existing deployment after possible forced removal
-  become: yes
+  become: true
   ansible.builtin.stat:
     path: "{{ keycloak_jboss_home }}"
 
-- name: "Create {{ keycloak.service_name }} service user/group"
+- name: "Create service user/group for {{ keycloak.service_name }}"
-  become: yes
+  become: true
   ansible.builtin.user:
     name: "{{ keycloak_service_user }}"
     home: /opt/keycloak
     system: yes
     create_home: no
 
-- name: "Create {{ keycloak.service_name }} install location"
+- name: "Create install location for {{ keycloak.service_name }}"
-  become: yes
+  become: true
   ansible.builtin.file:
     dest: "{{ keycloak_dest }}"
     state: directory
@@ -54,7 +54,7 @@
     mode: 0750
 
 - name: Create pidfile folder
-  become: yes
+  become: true
   ansible.builtin.file:
     dest: "{{ keycloak_service_pidfile | dirname }}"
     state: directory
@@ -68,7 +68,7 @@
     archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
 
 - name: Check download archive path
-  become: yes
+  become: true
   ansible.builtin.stat:
     path: "{{ archive }}"
   register: archive_path
@@ -86,7 +86,7 @@
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
     mode: 0644
   delegate_to: localhost
-  run_once: yes
+  run_once: true
   when:
     - archive_path is defined
     - archive_path.stat is defined
@@ -96,7 +96,7 @@
 
 - name: Perform download from RHN using JBoss Network API
   delegate_to: localhost
-  run_once: yes
+  run_once: true
   when:
     - archive_path is defined
     - archive_path.stat is defined
@@ -114,13 +114,13 @@
       register: rhn_products
       no_log: "{{ omit_rhn_output | default(true) }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Determine install zipfile from search results
       ansible.builtin.set_fact:
         rhn_filtered_products: "{{ rhn_products.results | selectattr('file_path', 'match', '[^/]*/' + sso_archive + '$') }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Download Red Hat Single Sign-On
       middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user
@@ -130,7 +130,7 @@
         dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
       no_log: "{{ omit_rhn_output | default(true) }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
 - name: Download rhsso archive from alternate location
   ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
@@ -138,7 +138,7 @@
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
     mode: 0644
   delegate_to: localhost
-  run_once: yes
+  run_once: true
   when:
     - archive_path is defined
     - archive_path.stat is defined
@@ -166,23 +166,23 @@
     - not archive_path.stat.exists
     - local_archive_path.stat is defined
     - local_archive_path.stat.exists
-  become: yes
+  become: true
 
 - name: "Check target directory: {{ keycloak.home }}"
   ansible.builtin.stat:
     path: "{{ keycloak.home }}"
   register: path_to_workdir
-  become: yes
+  become: true
 
 - name: "Extract {{ keycloak_service_desc }} archive on target"
   ansible.builtin.unarchive:
-    remote_src: yes
+    remote_src: true
     src: "{{ archive }}"
     dest: "{{ keycloak_dest }}"
     creates: "{{ keycloak.home }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
-  become: yes
+  become: true
   when:
     - new_version_downloaded.changed or not path_to_workdir.stat.exists
   notify:
@@ -200,13 +200,13 @@
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
     recurse: true
-  become: yes
+  become: true
   changed_when: false
 
 - name: Ensure permissions are correct on existing deploy
   ansible.builtin.command: chown -R "{{ keycloak_service_user }}:{{ keycloak_service_group }}" "{{ keycloak.home }}"
   when: keycloak_service_runas
-  become: yes
+  become: true
   changed_when: false
 
 # driver and configuration
@@ -215,7 +215,7 @@
   when: keycloak_jdbc[keycloak_jdbc_engine].enabled
 
 - name: "Deploy custom {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }} from {{ keycloak_config_override_template }}"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: "templates/{{ keycloak_config_override_template }}"
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -227,7 +227,7 @@
   when: keycloak_config_override_template | length > 0
 
 - name: "Deploy standalone {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: templates/standalone.xml.j2
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -255,7 +255,7 @@
   when: keycloak_ha_enabled and keycloak_ha_discovery == 'TCPPING'
 
 - name: "Deploy HA {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: templates/standalone-ha.xml.j2
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -270,7 +270,7 @@
     - keycloak_config_override_template | length == 0
 
 - name: "Deploy HA {{ keycloak.service_name }} config with infinispan remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: templates/standalone-infinispan.xml.j2
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
@@ -285,7 +285,7 @@
     - keycloak_config_override_template | length == 0
 
 - name: "Deploy profile.properties file to {{ keycloak_config_path_to_properties }}"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: keycloak-profile.properties.j2
     dest: "{{ keycloak_config_path_to_properties }}"

roles/keycloak/tasks/jdbc_driver.yml

@@ -3,17 +3,17 @@
   ansible.builtin.stat:
     path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
   register: dest_path
-  become: yes
+  become: true
 
 - name: "Set up module dir for JDBC Driver {{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_name }}"
   ansible.builtin.file:
     path: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
     state: directory
-    recurse: yes
+    recurse: true
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
     mode: 0750
-  become: yes
+  become: true
   when:
     - not dest_path.stat.exists
 
@@ -24,7 +24,7 @@
     group: "{{ keycloak_service_group }}"
     owner: "{{ keycloak_service_user }}"
     mode: 0640
-  become: yes
+  become: true
 
 - name: "Deploy module.xml for JDBC Driver"
   ansible.builtin.template:
@@ -33,4 +33,4 @@
     group: "{{ keycloak_service_group }}"
     owner: "{{ keycloak_service_user }}"
     mode: 0640
-  become: yes
+  become: true

roles/keycloak/tasks/main.yml

@@ -35,7 +35,7 @@
     state: link
     src: "{{ keycloak_jboss_home }}/standalone/log"
     dest: "{{ keycloak_log_target }}"
-  become: yes
+  become: true
 
 - name: Set admin credentials and restart if not already created
   block:
@@ -44,7 +44,7 @@
         url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
         method: POST
         body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
-        validate_certs: no
+        validate_certs: false
       register: keycloak_auth_response
       until: keycloak_auth_response.status == 200
       retries: 2
@@ -58,8 +58,8 @@
           - "-rmaster"
           - "-u{{ keycloak_admin_user }}"
           - "-p{{ keycloak_admin_password }}"
-      changed_when: yes
+      changed_when: true
-      become: yes
+      become: true
     - name: "Restart {{ keycloak.service_name }}"
       ansible.builtin.include_tasks: tasks/restart_keycloak.yml
     - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"

roles/keycloak/tasks/prereqs.yml

@@ -3,7 +3,7 @@
   ansible.builtin.assert:
     that:
       - keycloak_admin_password | length > 12
-    quiet: True
+    quiet: true
     fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_admin_password variable to a 12+ char long string"
     success_msg: "{{ 'Console administrator password OK' }}"
 
@@ -11,7 +11,7 @@
   ansible.builtin.assert:
     that:
       - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
-    quiet: True
+    quiet: true
     fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_ha_enabled and keycloak_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
 
@@ -20,7 +20,7 @@
     that:
       - (rhn_username is defined and sso_enable is defined and sso_enable) or not sso_enable is defined or not sso_enable or keycloak_offline_install
       - (rhn_password is defined and sso_enable is defined and sso_enable) or not sso_enable is defined or not sso_enable or keycloak_offline_install
-    quiet: True
+    quiet: true
     fail_msg: "Cannot install Red Hat SSO without RHN credentials. Check rhn_username and rhn_password are defined"
     success_msg: "Installing {{ keycloak_service_desc }}"
 
@@ -31,7 +31,7 @@
       - keycloak_jdbc_url | length > 0
       - keycloak_db_user | length > 0
       - keycloak_db_pass | length > 0
-    quiet: True
+    quiet: true
     fail_msg: "Configuration for the JDBC persistence is invalid or incomplete"
     success_msg: "Configuring JDBC persistence using {{ keycloak_jdbc_engine }} database"
   when: keycloak_db_enabled

roles/keycloak/tasks/restart_keycloak.yml

@@ -2,11 +2,12 @@
 - name: "Restart and enable {{ keycloak.service_name }} service"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: restarted
-  become: yes
+    daemon_reload: true
+  become: true
   delegate_to: "{{ ansible_play_hosts | first }}"
-  run_once: True
+  run_once: true
 
 - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
   ansible.builtin.uri:
@@ -14,7 +15,7 @@
   register: keycloak_status
   until: keycloak_status.status == 200
   delegate_to: "{{ ansible_play_hosts | first }}"
-  run_once: True
+  run_once: true
   retries: "{{ keycloak_service_start_retries }}"
   delay: "{{ keycloak_service_start_delay }}"
 
@@ -23,5 +24,5 @@
     name: keycloak
     enabled: yes
     state: restarted
-  become: yes
+  become: true
   when: inventory_hostname != ansible_play_hosts | first

roles/keycloak/tasks/rhsso_patch.yml

@@ -12,11 +12,11 @@
     path: "{{ patch_archive }}"
   register: patch_archive_path
   when: sso_patch_version is defined
-  become: yes
+  become: true
 
 - name: Perform patch download from RHN via JBossNetwork API
   delegate_to: localhost
-  run_once: yes
+  run_once: true
   when:
     - sso_enable is defined and sso_enable
     - not keycloak_offline_install
@@ -32,21 +32,21 @@
       register: rhn_products
       no_log: "{{ omit_rhn_output | default(true) }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Determine patch versions list
       ansible.builtin.set_fact:
-        filtered_versions: "{{ rhn_products.results | map(attribute='file_path') | select('match', '^[^/]*/rh-sso-.*[0-9]*[.][0-9]*[.][0-9]*.*$') | map('regex_replace','[^/]*/rh-sso-([0-9]*[.][0-9]*[.][0-9]*)-.*','\\1' ) | list | unique }}"
+        filtered_versions: "{{ rhn_products.results | map(attribute='file_path') | select('match', '^[^/]*/rh-sso-.*[0-9]*[.][0-9]*[.][0-9]*.*$') | map('regex_replace', '[^/]*/rh-sso-([0-9]*[.][0-9]*[.][0-9]*)-.*', '\\1') | list | unique }}"
       when: sso_patch_version is not defined or sso_patch_version | length == 0
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Determine latest version
       ansible.builtin.set_fact:
          sso_latest_version: "{{ filtered_versions | middleware_automation.common.version_sort | last }}"
       when: sso_patch_version is not defined or sso_patch_version | length == 0
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Determine install zipfile from search results
       ansible.builtin.set_fact:
@@ -55,7 +55,7 @@
         patch_version: "{{ sso_latest_version }}"
       when: sso_patch_version is not defined or sso_patch_version | length == 0
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: "Determine selected patch from supplied version: {{ sso_patch_version }}"
       ansible.builtin.set_fact:
@@ -64,7 +64,7 @@
         patch_version: "{{ sso_patch_version }}"
       when: sso_patch_version is defined
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
     - name: Download Red Hat Single Sign-On patch
       middleware_automation.common.product_download: # noqa risky-file-permissions delegated, uses controller host user
@@ -74,7 +74,7 @@
         dest: "{{ local_path.stat.path }}/{{ patch_bundle }}"
       no_log: "{{ omit_rhn_output | default(true) }}"
       delegate_to: localhost
-      run_once: yes
+      run_once: true
 
 - name: Set download patch archive path
   ansible.builtin.set_fact:
@@ -84,7 +84,7 @@
   ansible.builtin.stat:
     path: "{{ patch_archive }}"
   register: patch_archive_path
-  become: yes
+  become: true
 
 ## copy and unpack
 - name: Copy patch archive to target nodes
@@ -99,7 +99,7 @@
     - not patch_archive_path.stat.exists
     - local_archive_path.stat is defined
     - local_archive_path.stat.exists
-  become: yes
+  become: true
 
 - name: "Check installed patches"
   ansible.builtin.include_tasks: rhsso_cli.yml
@@ -107,7 +107,7 @@
     query: "patch info"
   args:
     apply:
-      become: yes
+      become: true
       become_user: "{{ keycloak_service_user }}"
 
 - name: "Perform patching"
@@ -122,7 +122,7 @@
         query: "patch apply {{ patch_archive }}"
       args:
         apply:
-          become: yes
+          become: true
           become_user: "{{ keycloak_service_user }}"
 
     - name: "Restart server to ensure patch content is running"
@@ -133,7 +133,7 @@
         - cli_result.rc == 0
       args:
         apply:
-            become: yes
+            become: true
             become_user: "{{ keycloak_service_user }}"
 
     - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
@@ -150,7 +150,7 @@
         query: "patch info"
       args:
         apply:
-            become: yes
+            become: true
             become_user: "{{ keycloak_service_user }}"
 
     - name: "Verify installed patch version"

roles/keycloak/tasks/start_keycloak.yml

@@ -2,9 +2,10 @@
 - name: "Start {{ keycloak.service_name }} service"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: started
-  become: yes
+    daemon_reload: true
+  become: true
 
 - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
   ansible.builtin.uri:

roles/keycloak/tasks/stop_keycloak.yml

@@ -2,6 +2,6 @@
 - name: "Stop {{ keycloak.service_name }}"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: stopped
-  become: yes
+  become: true

roles/keycloak/tasks/systemd.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Configure {{ keycloak.service_name }} service script wrapper"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: keycloak-service.sh.j2
     dest: "{{ keycloak_dest }}/keycloak-service.sh"
@@ -15,7 +15,7 @@
     rpm_java_home: "/etc/alternatives/jre_{{ keycloak_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
 
 - name: "Configure sysconfig file for {{ keycloak.service_name }} service"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: keycloak-sysconfig.j2
     dest: /etc/sysconfig/keycloak
@@ -34,20 +34,14 @@
     owner: root
     group: root
     mode: 0644
-  become: yes
+  become: true
   register: systemdunit
   notify:
     - restart keycloak
 
-- name: Reload systemd
-  become: yes
-  ansible.builtin.systemd:
-    daemon_reload: yes
-  when: systemdunit.changed
-
 - name: "Start and wait for {{ keycloak.service_name }} service (first node db)"
   ansible.builtin.include_tasks: start_keycloak.yml
-  run_once: yes
+  run_once: true
   when: keycloak_db_enabled
 
 - name: "Start and wait for {{ keycloak.service_name }} service (remaining nodes)"
@@ -56,7 +50,7 @@
 - name: Check service status
   ansible.builtin.command: "systemctl status keycloak"
   register: keycloak_service_status
-  changed_when: False
+  changed_when: false
 
 - name: Verify service status
   ansible.builtin.assert:

roles/keycloak_quarkus/defaults/main.yml

@@ -6,7 +6,7 @@ keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/do
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
 
 # whether to install from local archive
-keycloak_quarkus_offline_install: False
+keycloak_quarkus_offline_install: false
 
 ### Install location and service settings
 keycloak_quarkus_jvm_package: java-17-openjdk-headless
@@ -14,11 +14,11 @@ keycloak_quarkus_java_home:
 keycloak_quarkus_dest: /opt/keycloak
 keycloak_quarkus_home: "{{ keycloak_quarkus_installdir }}"
 keycloak_quarkus_config_dir: "{{ keycloak_quarkus_home }}/conf"
-keycloak_quarkus_start_dev: False
+keycloak_quarkus_start_dev: false
 keycloak_quarkus_service_user: keycloak
 keycloak_quarkus_service_group: keycloak
 keycloak_quarkus_service_pidfile: "/run/keycloak/keycloak.pid"
-keycloak_quarkus_configure_firewalld: False
+keycloak_quarkus_configure_firewalld: false
 
 ### administrator console password
 keycloak_quarkus_admin_user: admin
@@ -30,7 +30,7 @@ keycloak_quarkus_bind_address: 0.0.0.0
 keycloak_quarkus_host: localhost
 keycloak_quarkus_port: -1
 keycloak_quarkus_path:
-keycloak_quarkus_http_enabled: True
+keycloak_quarkus_http_enabled: true
 keycloak_quarkus_http_port: 8080
 keycloak_quarkus_https_port: 8443
 keycloak_quarkus_ajp_port: 8009
@@ -38,20 +38,20 @@ keycloak_quarkus_jgroups_port: 7600
 keycloak_quarkus_java_opts: "-Xms1024m -Xmx2048m"
 
 ### TLS/HTTPS configuration
-keycloak_quarkus_https_key_file_enabled: False
+keycloak_quarkus_https_key_file_enabled: false
 keycloak_quarkus_key_file: "{{ keycloak.home }}/conf/server.key.pem"
 keycloak_quarkus_cert_file: "{{ keycloak.home }}/conf/server.crt.pem"
 #### key store configuration
-keycloak_quarkus_https_key_store_enabled: False
+keycloak_quarkus_https_key_store_enabled: false
 keycloak_quarkus_key_store_file: "{{ keycloak.home }}/conf/key_store.p12"
 keycloak_quarkus_key_store_password: ''
 ##### trust store configuration
-keycloak_quarkus_https_trust_store_enabled: False
+keycloak_quarkus_https_trust_store_enabled: false
 keycloak_quarkus_trust_store_file: "{{ keycloak.home }}/conf/trust_store.p12"
 keycloak_quarkus_trust_store_password: ''
 
 ### Enable configuration for database backend, clustering and remote caches on infinispan
-keycloak_quarkus_ha_enabled: False
+keycloak_quarkus_ha_enabled: false
 ### Enable database configuration, must be enabled when HA is configured
 keycloak_quarkus_db_enabled: "{{ True if keycloak_quarkus_ha_enabled else False }}"
 
@@ -67,17 +67,17 @@ keycloak_quarkus_http_relative_path: /
 keycloak_quarkus_proxy_mode: edge
 
 # disable xa transactions
-keycloak_quarkus_transaction_xa_enabled: True
+keycloak_quarkus_transaction_xa_enabled: true
 
-keycloak_quarkus_metrics_enabled: False
+keycloak_quarkus_metrics_enabled: false
-keycloak_quarkus_health_enabled: True
+keycloak_quarkus_health_enabled: true
 
 ### infinispan remote caches access (hotrod)
 keycloak_quarkus_ispn_user: supervisor
 keycloak_quarkus_ispn_pass: supervisor
 keycloak_quarkus_ispn_url: localhost
 keycloak_quarkus_ispn_sasl_mechanism: SCRAM-SHA-512
-keycloak_quarkus_ispn_use_ssl: False
+keycloak_quarkus_ispn_use_ssl: false
 # if ssl is enabled, import ispn server certificate here
 keycloak_quarkus_ispn_trust_store_path: /etc/pki/java/cacerts
 keycloak_quarkus_ispn_trust_store_password: changeit

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -138,12 +138,12 @@ argument_specs:
                 type: "bool"
             keycloak_quarkus_trust_store_file:
                 default: "{{ keycloak.home }}/conf/trust_store.p12"
-                description: "The file pat to the trust store"
+                description: "The file path to the trust store"
                 type: "str"
             keycloak_quarkus_trust_store_password:
-                 default: ""
+                default: ""
-                 description: "Password for the trust store"
+                description: "Password for the trust store"
-                 type: "str"
+                type: "str"
             keycloak_quarkus_https_port:
                 # line 30 of defaults/main.yml
                 default: 8443
@@ -281,10 +281,10 @@ argument_specs:
                 type: "str"
                 description: "The proxy address forwarding mode if the server is behind a reverse proxy. Set to 'none' if not using a proxy"
             keycloak_quarkus_start_dev:
-                default: False
+                default: false
                 type: "bool"
                 description: "Whether to start the service in development mode (start-dev)"
             keycloak_quarkus_transaction_xa_enabled:
-                default: True
+                default: true
                 type: "bool"
                 description: "Enable or disable XA transactions which may not be supported by some DBMS"

roles/keycloak_quarkus/meta/main.yml

@@ -11,9 +11,9 @@ galaxy_info:
   min_ansible_version: "2.14"
 
   platforms:
-   - name: EL
+    - name: EL
-     versions:
+      versions:
-     - "8"
+        - "8"
 
   galaxy_tags:
     - keycloak

roles/keycloak_quarkus/tasks/fastpackages.yml

@@ -2,15 +2,15 @@
 - name: "Check if packages are already installed" # noqa command-instead-of-module this runs faster
   ansible.builtin.command: "rpm -q {{ packages_list | join(' ') }}"
   register: rpm_info
-  changed_when: False
+  changed_when: false
-  failed_when: False
+  failed_when: false
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
     packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
 
 - name: "Install packages: {{ packages_to_install }}"
-  become: True
+  become: true
   ansible.builtin.yum:
     name: "{{ packages_to_install }}"
     state: present

roles/keycloak_quarkus/tasks/firewalld.yml

@@ -6,19 +6,19 @@
       - firewalld
 
 - name: Enable and start the firewalld service
-  become: yes
+  become: true
   ansible.builtin.systemd:
     name: firewalld
-    enabled: yes
+    enabled: true
     state: started
 
 - name: "Configure firewall for {{ keycloak.service_name }} ports"
-  become: yes
+  become: true
   ansible.posix.firewalld:
     port: "{{ item }}"
     permanent: true
     state: enabled
-    immediate: yes
+    immediate: true
   loop:
     - "{{ keycloak_quarkus_http_port }}/tcp"
     - "{{ keycloak_quarkus_https_port }}/tcp"

roles/keycloak_quarkus/tasks/install.yml

@@ -11,21 +11,21 @@
     quiet: true
 
 - name: Check for an existing deployment
-  become: yes
+  become: true
   ansible.builtin.stat:
     path: "{{ keycloak.home }}"
   register: existing_deploy
 
 - name: "Create {{ keycloak.service_name }} service user/group"
-  become: yes
+  become: true
   ansible.builtin.user:
     name: "{{ keycloak.service_user }}"
     home: /opt/keycloak
-    system: yes
+    system: true
     create_home: no
 
 - name: "Create {{ keycloak.service_name }} install location"
-  become: yes
+  become: true
   ansible.builtin.file:
     dest: "{{ keycloak_quarkus_dest }}"
     state: directory
@@ -39,7 +39,7 @@
     archive: "{{ keycloak_quarkus_dest }}/{{ keycloak.bundle }}"
 
 - name: Check download archive path
-  become: yes
+  become: true
   ansible.builtin.stat:
     path: "{{ archive }}"
   register: archive_path
@@ -82,23 +82,23 @@
     - not archive_path.stat.exists
     - local_archive_path.stat is defined
     - local_archive_path.stat.exists
-  become: yes
+  become: true
 
 - name: "Check target directory: {{ keycloak.home }}/bin/"
   ansible.builtin.stat:
     path: "{{ keycloak.home }}/bin/"
   register: path_to_workdir
-  become: yes
+  become: true
 
 - name: "Extract Keycloak archive on target"
   ansible.builtin.unarchive:
-    remote_src: yes
+    remote_src: true
     src: "{{ archive }}"
     dest: "{{ keycloak_quarkus_dest }}"
     creates: "{{ keycloak.home }}/bin/"
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
-  become: yes
+  become: true
   when:
     - (not path_to_workdir.stat.exists) or new_version_downloaded.changed
   notify:

roles/keycloak_quarkus/tasks/main.yml

@@ -28,7 +28,7 @@
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
     mode: 0644
-  become: yes
+  become: true
   notify:
     - restart keycloak
 
@@ -39,7 +39,7 @@
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
     mode: 0644
-  become: yes
+  become: true
   notify:
     - restart keycloak    
 
@@ -50,7 +50,7 @@
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
     mode: 0775
-  become: yes
+  become: true
 
 - name: Flush pending handlers
   ansible.builtin.meta: flush_handlers
@@ -61,12 +61,12 @@
 - name: Check service status
   ansible.builtin.command: "systemctl status keycloak"
   register: keycloak_service_status
-  changed_when: False
+  changed_when: false
 
 - name: Link default logs directory
   ansible.builtin.file:
     state: link
     src: "{{ keycloak.log.file | dirname }}"
     dest: "{{ keycloak_quarkus_log_target }}"
-    force: yes
+    force: true
-  become: yes
+  become: true

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -3,7 +3,7 @@
   ansible.builtin.assert:
     that:
       - keycloak_quarkus_admin_pass | length > 12
-    quiet: True
+    quiet: true
     fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string"
     success_msg: "{{ 'Console administrator password OK' }}"
     
@@ -11,7 +11,7 @@
   ansible.builtin.assert:
     that:
       - keycloak_quarkus_http_relative_path is regex('^/.*')
-    quiet: True
+    quiet: true
     fail_msg: "the relative path must begin with /"
     success_msg: "{{ 'relative path OK' }}"
 
@@ -19,7 +19,7 @@
   ansible.builtin.assert:
     that:
       - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
-    quiet: True
+    quiet: true
     fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
 

roles/keycloak_quarkus/tasks/restart.yml

@@ -2,6 +2,7 @@
 - name: "Restart and enable {{ keycloak.service_name }} service"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: restarted
-  become: yes
+    daemon_reload: true
+  become: true

roles/keycloak_quarkus/tasks/start.yml

@@ -2,9 +2,10 @@
 - name: "Start {{ keycloak.service_name }} service"
   ansible.builtin.systemd:
     name: keycloak
-    enabled: yes
+    enabled: true
     state: started
-  become: yes
+    daemon_reload: true
+  become: true
 
 - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
   ansible.builtin.uri:

roles/keycloak_quarkus/tasks/systemd.yml

@@ -4,7 +4,7 @@
     rpm_java_home: "/etc/alternatives/jre_{{ keycloak_quarkus_jvm_package | regex_search('(?<=java-)[0-9.]+') }}"
 
 - name: "Configure sysconfig file for keycloak service"
-  become: yes
+  become: true
   ansible.builtin.template:
     src: keycloak-sysconfig.j2
     dest: /etc/sysconfig/keycloak
@@ -23,13 +23,7 @@
     owner: root
     group: root
     mode: 0644
-  become: yes
+  become: true
   register: systemdunit
   notify:
     - restart keycloak
-
-- name: Reload systemd
-  become: yes
-  ansible.builtin.systemd:
-    daemon_reload: yes
-  when: systemdunit.changed

roles/keycloak_realm/defaults/main.yml

@@ -40,7 +40,7 @@ keycloak_clients: []
 keycloak_client_default_roles: []
 
 # if True, create a public client; otherwise, a confidetial client
-keycloak_client_public: True
+keycloak_client_public: true
 
 # allowed web origins for the client
 keycloak_client_web_origins: '+'

roles/keycloak_realm/meta/argument_specs.yml

@@ -94,7 +94,7 @@ argument_specs:
     downstream:
         options:
             sso_version:
-                default: "7.5.0"
+                default: "7.6.0"
                 description: "Red Hat Single Sign-On version"
                 type: "str"
             sso_dest:
@@ -106,10 +106,10 @@ argument_specs:
                 description: "Installation path for Red Hat SSO"
                 type: "str"
             sso_apply_patches:
-                default: False
+                default: false
                 description: "Install Red Hat SSO most recent cumulative patch"
                 type: "bool"
             sso_enable:
-                default: True
+                default: true
                 description: "Enable Red Hat Single Sign-on installation"
                 type: "str"

roles/keycloak_realm/meta/main.yml

@@ -11,9 +11,9 @@ galaxy_info:
   min_ansible_version: "2.14"
 
   platforms:
-   - name: EL
+    - name: EL
-     versions:
+      versions:
-     - "8"
+        - "8"
 
   galaxy_tags:
     - keycloak

roles/keycloak_realm/tasks/main.yml

@@ -4,7 +4,7 @@
     url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
-    validate_certs: no
+    validate_certs: false
   no_log: "{{ keycloak_no_log | default('True') }}"
   register: keycloak_auth_response
   until: keycloak_auth_response.status == 200
@@ -28,7 +28,7 @@
     url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms"
     method: POST
     body: "{{ lookup('template', 'realm.json.j2') }}"
-    validate_certs: no
+    validate_certs: false
     body_format: json
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@@ -59,7 +59,7 @@
       - item.name is defined and item.name | length > 0
       - (item.client_id is defined and item.client_id | length > 0) or (item.id is defined and item.id | length > 0)
     fail_msg: "For each keycloak client, attributes `name` and either `id` or `client_id` is required"
-    quiet: True
+    quiet: true
   loop: "{{ keycloak_clients | flatten }}"
   loop_control:
     label: "{{ item.name | default('unnamed client') }}"

roles/keycloak_realm/tasks/manage_user.yml

@@ -2,7 +2,7 @@
 - name: "Check if User Already Exists"
   ansible.builtin.uri:
     url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
-    validate_certs: no
+    validate_certs: false
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
   register: keycloak_user_search_result
@@ -18,7 +18,7 @@
       email: "{{ user.email | default(omit) }}"
       firstName: "{{ user.firstName | default(omit) }}"
       lastName: "{{ user.lastName | default(omit) }}"
-    validate_certs: no
+    validate_certs: false
     body_format: json
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
@@ -28,7 +28,7 @@
 - name: "Get User"
   ansible.builtin.uri:
     url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
-    validate_certs: no
+    validate_certs: false
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
   register: keycloak_user
@@ -41,7 +41,7 @@
       type: password
       temporary: false
       value: "{{ user.password }}"
-    validate_certs: no
+    validate_certs: false
     body_format: json
     status_code:
       - 200

roles/keycloak_realm/tasks/manage_user_client_roles.yml

@@ -31,7 +31,7 @@
         containerId: "{{ item.containerId }}"
         name: "{{ item.name }}"
         composite: "{{ item.composite }}"
-    validate_certs: False
+    validate_certs: false
     body_format: json
     headers:
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"

roles/keycloak_realm/tasks/manage_user_roles.yml

@@ -3,7 +3,7 @@
   ansible.builtin.uri:
     url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     headers:
-      validate_certs: no
+      validate_certs: false
       Authorization: "Bearer {{ keycloak_auth_response.json.access_token }}"
   register: keycloak_user
 
@@ -12,7 +12,7 @@
     url: "{{ keycloak_url }}{{ keycloak_context }}/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
-    validate_certs: no
+    validate_certs: false
   register: keycloak_auth_response
   no_log: "{{ keycloak_no_log | default('True') }}"
   until: keycloak_auth_response.status == 200

roles/keycloak_realm/vars/main.yml

@@ -5,5 +5,5 @@
 keycloak_realm:
 
 # other settings
-keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"
+keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port + (keycloak_jboss_port_offset | default(0)) }}"
-keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + ( keycloak_jboss_port_offset | default(0) ) }}"
+keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port + (keycloak_jboss_port_offset | default(0)) }}"