diff --git a/.ansible-lint b/.ansible-lint
index eef1f63..8e4b5ca 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -5,6 +5,8 @@ exclude_paths:
- molecule/
- .ansible-lint
- .yamllint
+ - meta/
+ - playbooks/roles/
rulesdir:
- ../../ansible-lint-custom-rules/rules/
@@ -16,12 +18,26 @@ enable_list:
warn_list:
- role_vars_start_with_role_name
- vars_in_vars_files_have_valid_names
- - vars_should_not_be_used
- experimental
- ignore-errors
- no-handler
- - fqcn-builtins
- no-log-password
+ - jinja[spacing]
+ - jinja[invalid]
+ - meta-no-tags
+ - name[casing]
+ - fqcn[action]
+ - schema[meta]
+ - key-order[task]
+ - blocked_modules
+ - run-once[task]
+
+skip_list:
+ - vars_should_not_be_used
+ - file_is_small_enough
+ - file_has_valid_name
+ - name[template]
+ - var-naming[no-role-prefix]
use_default_rules: true
parseable: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9a72e5c..a622526 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,51 +1,28 @@
---
name: CI
-"on":
+on:
push:
branches:
- main
pull_request:
+ workflow_dispatch:
+ inputs:
+ debug_verbosity:
+ description: 'ANSIBLE_VERBOSITY envvar value'
+ required: false
+ schedule:
+ - cron: '15 6 * * *'
jobs:
ci:
- runs-on: ubuntu-latest
- strategy:
- matrix:
- python_version: ["3.9"]
- steps:
- - name: Check out code
- uses: actions/checkout@v2
- with:
- path: ansible_collections/middleware_automation/keycloak
-
- - name: Set up Python ${{ matrix.python_version }}
- uses: actions/setup-python@v1
- with:
- python-version: ${{ matrix.python_version }}
-
- - name: Install yamllint, ansible and molecule
- run: |
- python -m pip install --upgrade pip
- pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
- pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
-
- - name: Install ansible-lint custom rules
- uses: actions/checkout@v2
- with:
- repository: ansible-middleware/ansible-lint-custom-rules
- path: ansible_collections/ansible-lint-custom-rules/
-
- - name: Create default collection path
- run: |
- mkdir -p /home/runner/.ansible/collections/ansible_collections
-
- - name: Run sanity tests
- run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }}
- working-directory: ./ansible_collections/middleware_automation/keycloak
-
- - name: Run molecule test
- run: molecule test --all
- working-directory: ./ansible_collections/middleware_automation/keycloak
- env:
- PY_COLORS: '1'
- ANSIBLE_FORCE_COLOR: '1'
+ uses: ansible-middleware/github-actions/.github/workflows/cish.yml@main
+ secrets: inherit
+ with:
+ fqcn: 'middleware_automation/keycloak'
+ debug_verbosity: "${{ github.event.inputs.debug_verbosity }}"
+ molecule_tests: >-
+ [ "debian", "quarkus", "quarkus_ha", "quarkus_ha_remote" ]
+ podman_tests_current: >-
+ [ "default", "quarkus_devmode", "quarkus_upgrade" ]
+ podman_tests_next: >-
+ [ "default", "quarkus_devmode", "quarkus_upgrade" ]
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 2e303d6..540fe4f 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -5,71 +5,14 @@ on:
branches:
- main
tags:
- - "*.*.*"
-
-env:
- COLORTERM: 'yes'
- TERM: 'xterm-256color'
- PYTEST_ADDOPTS: '--color=yes'
+ - "[0-9]+.[0-9]+.[0-9]+"
+ workflow_dispatch:
jobs:
docs:
- runs-on: ubuntu-latest
- if: github.repository == 'ansible-middleware/keycloak'
- permissions:
- actions: write
- checks: write
- contents: write
- deployments: write
- packages: write
- pages: write
- steps:
- - name: Check out code
- uses: actions/checkout@v2
- with:
- path: ansible_collections/middleware_automation/keycloak
- fetch-depth: 0
-
- - name: Set up Python
- uses: actions/setup-python@v2
- with:
- python-version: 3.9
-
- - name: Install doc dependencies
- run: |
- python -m pip install --upgrade pip
- pip install -r ansible_collections/middleware_automation/keycloak/docs/requirements.txt
- pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
-
- - name: Create default collection path
- run: |
- mkdir -p /home/runner/.ansible/collections/ansible_collections
-
- - name: Create doc directories and resources
- run: |
- mkdir -p ./docs/plugins ./docs/roles
- cat ./docs/roles.rst.template > ./docs/roles/index.rst
- antsibull-docs collection --use-current --squash-hierarchy --dest-dir docs/plugins middleware_automation.keycloak
- for role_readme in roles/*/README.md; do ln -f -s ../../$role_readme ./docs/roles/$(basename $(dirname $role_readme)).md; echo " * :doc:\`$(basename $(dirname $role_readme))\`" >> ./docs/roles/index.rst; done
- working-directory: ansible_collections/middleware_automation/keycloak
-
- - name: Run sphinx
- run: |
- sphinx-build -M html . _build -v
- working-directory: ansible_collections/middleware_automation/keycloak/docs/
-
- - name: Commit docs
- run: |
- git config user.name github-actions
- git config user.email github-actions@github.com
- git checkout gh-pages
- rm -rf $(basename ${GITHUB_REF})
- mv docs/_build/html $(basename ${GITHUB_REF})
- ln --force --no-dereference --symbolic main latest
- git show origin/main:docs/_gh_include/header.inc > index.html
- (echo main; echo latest; dirname *.*.*/index.html | sort --version-sort --reverse) | xargs -I@@ -n1 echo '
@@' >> index.html
- git show origin/main:docs/_gh_include/footer.inc >> index.html
- git add $(basename ${GITHUB_REF}) latest index.html
- git commit -m "Update docs for $(basename ${GITHUB_REF})" || true
- git push origin gh-pages
- working-directory: ansible_collections/middleware_automation/keycloak/
+ uses: ansible-middleware/github-actions/.github/workflows/docs.yml@main
+ secrets: inherit
+ with:
+ fqcn: 'middleware_automation/keycloak'
+ collection_fqcn: 'middleware_automation.keycloak'
+ historical_docs: 'false'
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index cafc1eb..d0d14d8 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,47 +1,28 @@
+---
name: Release collection
-
on:
- push:
- tags:
- - "*.*.*"
+ workflow_dispatch:
+ inputs:
+ release_summary:
+ description: 'Optional release summary for changelogs'
+ required: false
jobs:
release:
- runs-on: ubuntu-latest
- steps:
- - name: Checkout code
- uses: actions/checkout@v2
- - name: Set up Python
- uses: actions/setup-python@v1
- with:
- python-version: "3.x"
- - name: Get Tag Version
- id: get_version
- run: echo ::set-output name=TAG_VERSION::${GITHUB_REF#refs/tags/}
- - name: Install dependencies
- run: |
- python -m pip install --upgrade pip
- pip install ansible-core
- - name: Build collection
- run: |
- ansible-galaxy collection build .
- - name: Publish Release
- uses: softprops/action-gh-release@v1
- env:
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- with:
- files: "*.tar.gz"
- body: "Release ${{ steps.get_version.outputs.TAG_VERSION }}"
- - name: Publish collection
- env:
- ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
- run: |
- ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
+ uses: ansible-middleware/github-actions/.github/workflows/release.yml@main
+ with:
+ collection_fqcn: 'middleware_automation.keycloak'
+ downstream_name: 'rhbk'
+ release_summary: "${{ github.event.inputs.release_summary }}"
+ secrets:
+ galaxy_token: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
+ jira_webhook: ${{ secrets.JIRA_WEBHOOK_CREATE_VERSION }}
+
dispatch:
needs: release
strategy:
matrix:
- repo: ['ansible-middleware/cross-dc-rhsso-demo', 'ansible-middleware/flange-demo']
+ repo: ['ansible-middleware/ansible-middleware-ee']
runs-on: ubuntu-latest
steps:
- name: Repository Dispatch
@@ -49,5 +30,5 @@ jobs:
with:
token: ${{ secrets.TRIGGERING_PAT }}
repository: ${{ matrix.repo }}
- event-type: "Dependency released - Keycloak"
+ event-type: "Dependency released - Keycloak v${{ needs.release.outputs.tag_version }}"
client-payload: '{ "github": ${{toJson(github)}} }'
diff --git a/.github/workflows/traffic.yml b/.github/workflows/traffic.yml
new file mode 100644
index 0000000..d997f4e
--- /dev/null
+++ b/.github/workflows/traffic.yml
@@ -0,0 +1,26 @@
+name: Collect traffic stats
+on:
+ schedule:
+ - cron: "51 23 * * 0"
+ workflow_dispatch:
+
+jobs:
+ traffic:
+ runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v2
+ with:
+ ref: "gh-pages"
+
+ - name: GitHub traffic
+ uses: sangonzal/repository-traffic-action@v.0.1.6
+ env:
+ TRAFFIC_ACTION_TOKEN: ${{ secrets.TRIGGERING_PAT }}
+
+ - name: Commit changes
+ uses: EndBug/add-and-commit@v4
+ with:
+ author_name: Ansible Middleware
+ message: "GitHub traffic"
+ add: "./traffic/*"
+ ref: "gh-pages"
diff --git a/.gitignore b/.gitignore
index f10cc78..ce41aef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,9 +2,15 @@
*.zip
.tmp
.cache
+.vscode/
+__pycache__/
docs/plugins/
docs/roles/
docs/_build/
.pytest_cache/
.mypy_cache/
*.retry
+changelogs/.plugin-cache.yaml
+*.pem
+*.key
+*.p12
diff --git a/.yamllint b/.yamllint
index fa1f1fc..10e554e 100644
--- a/.yamllint
+++ b/.yamllint
@@ -15,7 +15,8 @@ rules:
commas:
max-spaces-after: -1
level: error
- comments: disable
+ comments:
+ min-spaces-from-content: 1
comments-indentation: disable
document-start: disable
empty-lines:
@@ -30,4 +31,8 @@ rules:
new-lines:
type: unix
trailing-spaces: disable
- truthy: disable
\ No newline at end of file
+ truthy: disable
+ octal-values:
+ forbid-implicit-octal: true
+ forbid-explicit-octal: true
+
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
new file mode 100644
index 0000000..981d6e7
--- /dev/null
+++ b/CHANGELOG.rst
@@ -0,0 +1,513 @@
+=============================================
+middleware\_automation.keycloak Release Notes
+=============================================
+
+.. contents:: Topics
+
+This changelog describes changes after version 0.2.6.
+
+v3.0.2
+======
+
+Minor Changes
+-------------
+
+- New ``checksum`` property for keycloak_quarkus_providers `#280 `_
+- New parameter to set the jgroups host IP address `#281 `_
+- Session storage / distributed caches `#287 `_
+- Update keycloak/RHBK to v26.2.4 `#283 `_
+
+Bugfixes
+--------
+
+- Fix ``keycloak_quarkus_force_install`` parameter being ignored by install `#296 `_
+- Fix alternate download location being ignored (JBossNeworkAPI always used) `#298 `_
+- Run config rebuild after SPI providers update `#285 `_
+- Use jdk21 as default in debian `#289 `_
+- keycloak_realm: federation default provider type should be a string `#302 `_
+
+v3.0.1
+======
+
+Minor Changes
+-------------
+
+- Version update to 26.0.8 / rhbk 26.0.11 `#277 `_
+
+Bugfixes
+--------
+
+- Trigger rebuild handler on envvars file change `#276 `_
+
+v3.0.0
+======
+
+Minor Changes
+-------------
+
+- Add theme cache invalidation handler `#252 `_
+- keycloak_realm: change url variables to defaults `#268 `_
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- Bump major and ansible-core versions `#266 `_
+- Rename parameters to follow upstream `#270 `_
+- Update for keycloak v26 `#254 `_
+
+Bugfixes
+--------
+
+- Access token lifespan is too short for ansible run `#251 `_
+- Load environment vars during kc rebuild `#274 `_
+- Rebuild config and restart service for local providers `#250 `_
+- Rename and honour parameter ``keycloak_quarkus_http_host`` `#271 `_
+
+New Modules
+-----------
+
+- middleware_automation.keycloak.keycloak_realm - Allows administration of Keycloak realm via Keycloak API
+
+v2.4.3
+======
+
+Minor Changes
+-------------
+
+- Update keycloak to 24.0.5 `#241 `_
+
+v2.4.2
+======
+
+Minor Changes
+-------------
+
+- New parameter ``keycloak_quarkus_download_path`` `#239 `_
+
+Bugfixes
+--------
+
+- Add wait_for_port number parameter `#237 `_
+
+v2.4.1
+======
+
+Release Summary
+---------------
+
+Internal release, documentation or test changes only.
+
+v2.4.0
+======
+
+Major Changes
+-------------
+
+- Enable by default health check on restart `#234 `_
+- Update minimum ansible-core version > 2.15 `#232 `_
+
+v2.3.0
+======
+
+Major Changes
+-------------
+
+- Allow for custom providers hosted on maven repositories `#223 `_
+- Restart handler strategy behaviour `#231 `_
+
+Minor Changes
+-------------
+
+- Add support for policy files `#225 `_
+- Allow to add extra custom env vars in sysconfig file `#229 `_
+- Download from alternate URL with optional http authentication `#220 `_
+- Update Keycloak to version 24.0.4 `#218 `_
+- ``proxy-header`` enhancement `#227 `_
+
+Bugfixes
+--------
+
+- ``kc.sh build`` uses configured jdk `#211 `_
+
+v2.2.2
+======
+
+Minor Changes
+-------------
+
+- Copying of key material for TLS configuration `#210 `_
+- Validate certs parameter for JDBC driver downloads `#207 `_
+
+Bugfixes
+--------
+
+- Turn off controller privilege escalation `#209 `_
+
+v2.2.1
+======
+
+Release Summary
+---------------
+
+Internal release, documentation or test changes only.
+
+Bugfixes
+--------
+
+- JDBC provider: fix clause in argument validation `#204 `_
+
+v2.2.0
+======
+
+Major Changes
+-------------
+
+- Support java keystore for configuration of sensitive options `#189 `_
+
+Minor Changes
+-------------
+
+- Add ``wait_for_port`` and ``wait_for_log`` systemd unit logic `#199 `_
+- Customize jdbc driver downloads, optional authentication `#202 `_
+- Keystore-based vault SPI configuration `#196 `_
+- New ``keycloak_quarkus_hostname_strict_https`` parameter `#195 `_
+- Providers config and custom providers `#201 `_
+- Remove administrator credentials from files once keycloak is bootstrapped `#197 `_
+- Update keycloak to 24.0 `#194 `_
+
+v2.1.2
+======
+
+Release Summary
+---------------
+
+Internal release, documentation or test changes only.
+
+v2.1.1
+======
+
+Minor Changes
+-------------
+
+- Add reverse ``proxy_headers`` config, supersedes ``proxy_mode`` `#187 `_
+- Debian/Ubuntu compatibility `#178 `_
+- Use ``keycloak_realm`` as default for sub-entities `#180 `_
+
+Bugfixes
+--------
+
+- Fix permissions on controller-side downloaded artifacts `#184 `_
+- JVM args moved to ``JAVA_OPTS`` envvar (instead of JAVA_OPTS_APPEND) `#186 `_
+- Unrelax configuration file permissions `#191 `_
+- Utilize comment filter for ``ansible_managed`` annotations `#176 `_
+
+v2.1.0
+======
+
+Major Changes
+-------------
+
+- Implement infinispan TCPPING discovery protocol `#159 `_
+
+Minor Changes
+-------------
+
+- Set enable-recovery when xa transactions are enabled `#167 `_
+- keycloak_quarkus: Allow configuring log rotate options in quarkus configuration `#161 `_
+- keycloak_quarkus: ``sticky-session`` for infinispan routes `#163 `_
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- keycloak_quarkus: renamed infinispan host list configuration `#157 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: fix custom JAVA_HOME parameter name `#171 `_
+
+v2.0.2
+======
+
+Minor Changes
+-------------
+
+- keycloak_quarkus: Add support for sqlserver jdbc driver `#148 `_
+- keycloak_quarkus: allow configuration of ``hostname-strict-backchannel`` `#152 `_
+- keycloak_quarkus: systemd restart behavior `#145 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: Use ``keycloak_quarkus_java_opts`` `#154 `_
+- keycloak_quarkus: allow ports <1024 (e.g. :443) in systemd unit `#150 `_
+
+v2.0.1
+======
+
+Minor Changes
+-------------
+
+- keycloak_quarkus: add hostname-strict parameter `#139 `_
+- keycloak_quarkus: update to version 23.0.1 `#133 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: template requires lowercase boolean values `#138 `_
+
+v2.0.0
+======
+
+Minor Changes
+-------------
+
+- Add new parameter for port offset configuration `#124 `_
+- Update Keycloak to version 22.0.5 `#122 `_
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- Add support for more http-related configs `#115 `_
+- Update minimum ansible-core version > 2.14 `#119 `_
+- keycloak_quarkus: enable config of key store and trust store `#116 `_
+
+v1.3.0
+======
+
+Major Changes
+-------------
+
+- Run service as ``keycloak_service_user`` `#106 `_
+
+Minor Changes
+-------------
+
+- keycloak_quarkus: Update Keycloak to version 22.0.3 `#112 `_
+- keycloak_quarkus: fix admin console redirect when running locally `#111 `_
+- keycloak_quarkus: skip proxy config if ``keycloak_quarkus_proxy_mode`` is ``none`` `#109 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: fix validation failure upon port configuration change `#113 `_
+
+v1.2.8
+======
+
+Minor Changes
+-------------
+
+- keycloak_quarkus: set openjdk 17 as default `#103 `_
+- keycloak_quarkus: update to version 22.0.1 `#107 `_
+
+Bugfixes
+--------
+
+- Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 `_
+- Undefine ``keycloak_db_valid_conn_sql`` default `#91 `_
+- Update bindep.txt package python3-devel to support RHEL9 `#105 `_
+
+v1.2.7
+======
+
+Minor Changes
+-------------
+
+- Allow to override jgroups subnet `#93 `_
+- keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_
+
+v1.2.6
+======
+
+Minor Changes
+-------------
+
+- Add profile features enabling/disabling `#87 `_
+- Improve service restart behavior configuration `#88 `_
+- Update default xa_datasource_class value for mariadb jdbc configuration `#89 `_
+
+Bugfixes
+--------
+
+- Handle WFLYCTL0117 when background validation millis is 0 `#90 `_
+
+v1.2.5
+======
+
+Minor Changes
+-------------
+
+- Add configuration for database connection pool validation `#85 `_
+- Allow to configure administration endpoint URL `#86 `_
+- Allow to force backend URLs to frontend URLs `#84 `_
+- Introduce systemd unit restart behavior `#81 `_
+
+v1.2.4
+======
+
+Minor Changes
+-------------
+
+- Add ``sqlserver`` to keycloak role jdbc configurations `#78 `_
+- Add configurability for XA transactions `#73 `_
+
+Bugfixes
+--------
+
+- Fix deprecation warning for ``ipaddr`` `#77 `_
+- Fix undefined facts when offline patching sso `#71 `_
+
+v1.2.1
+======
+
+Minor Changes
+-------------
+
+- Allow to setup keycloak HA cluster without remote cache store `#68 `_
+
+Bugfixes
+--------
+
+- Pass attributes to realm clients `#69 `_
+
+v1.2.0
+======
+
+Major Changes
+-------------
+
+- Provide config for multiple modcluster proxies `#60 `_
+
+Minor Changes
+-------------
+
+- Allow to configure TCPPING for cluster discovery `#62 `_
+- Drop community.general from dependencies `#61 `_
+- Switch middleware_automation.redhat_csp_download for middleware_automation.common `#63 `_
+- Switch to middleware_automation.common for rh-sso patching `#64 `_
+
+v1.1.1
+======
+
+Bugfixes
+--------
+
+- keycloak-quarkus: fix ``cache-config-file`` path in keycloak.conf.j2 template `#53 `_
+
+v1.1.0
+======
+
+Minor Changes
+-------------
+
+- Update keycloak to 18.0.2 - sso to 7.6.1 `#46 `_
+- Variable ``keycloak_no_log`` controls ansible ``no_log`` parameter (for debugging purposes) `#47 `_
+- Variables to override service start retries and delay `#51 `_
+- keycloak_quarkus: variable to enable development mode `#45 `_
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- Rename variables from ``infinispan_`` prefix to ``keycloak_infinispan_`` `#42 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: fix /var/log/keycloak symlink to keycloak log directory `#44 `_
+
+v1.0.7
+======
+
+Breaking Changes / Porting Guide
+--------------------------------
+
+- keycloak_quarkus: use absolute path for certificate files `#39 `_
+
+Bugfixes
+--------
+
+- keycloak_quarkus: use become for tasks that will otherwise fail `#38 `_
+
+v1.0.6
+======
+
+Bugfixes
+--------
+
+- keycloak_quarkus: add selected java to PATH in systemd unit `#34 `_
+- keycloak_quarkus: set logfile path correctly under keycloak home `#35 `_
+
+v1.0.5
+======
+
+Minor Changes
+-------------
+
+- Update config options: keycloak and quarkus `#32 `_
+
+v1.0.4
+======
+
+Release Summary
+---------------
+
+Internal release, documentation or test changes only.
+
+v1.0.3
+======
+
+Major Changes
+-------------
+
+- New role for installing keycloak >= 17.0.0 (quarkus) `#29 `_
+
+Minor Changes
+-------------
+
+- Add ``keycloak_config_override_template`` parameter for passing a custom xml config template `#30 `_
+
+Bugfixes
+--------
+
+- Make sure systemd unit starts with selected java JVM `#31 `_
+
+v1.0.2
+======
+
+Minor Changes
+-------------
+
+- Make ``keycloak_admin_password`` a default with assert (was: role variable) `#26 `_
+- Simplify dependency install logic and reduce play execution time `#19 `_
+
+Bugfixes
+--------
+
+- Set ``keycloak_frontend_url`` default according to other defaults `#25 `_
+
+v1.0.1
+======
+
+Release Summary
+---------------
+
+Minor enhancements, bug and documentation fixes.
+
+Major Changes
+-------------
+
+- Apply latest cumulative patch of RH-SSO automatically when new parameter ``keycloak_rhsso_apply_patches`` is ``true`` `#18 `_
+
+Minor Changes
+-------------
+
+- Clustered installs now perform database initialization on first node to avoid locking issues `#17 `_
+
+v1.0.0
+======
+
+Release Summary
+---------------
+
+This is the first stable release of the ``middleware_automation.keycloak`` collection.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 613657d..95b60ed 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,7 +1,41 @@
+## Developing
+
+### Build and install locally
+
+Clone the repository, checkout the tag you want to build, or pick the main branch for the development version; then:
+
+ ansible-galaxy collection build .
+ ansible-galaxy collection install middleware_automation-keycloak-*.tar.gz
+
+
+### Development environment
+
+Make sure your development machine has avilable:
+
+* python 3.11+
+* virtualenv
+* docker (or podman)
+
+In order to run setup the development environment and run the molecule tests locally, after cloning the repository:
+
+```
+# create new virtualenv using python 3
+virtualenv $PATH_TO_DEV_VIRTUALENV
+# activate the virtual env
+source $PATH_TO_DEV_VIRTUALENV/bin/activate
+# install ansible and tools onto the virtualenv
+pip install yamllint 'molecule>=6.0' 'molecule-plugins[docker]' 'ansible-core>=2.16' ansible-lint
+# install collection dependencies
+ansible-galaxy collection install -r requirements.yml
+# install python dependencies
+pip install -r requirements.txt molecule/requirements.txt
+# execute the tests (replace --all with -s subdirectory to run a single test)
+molecule test --all
+```
## Contributor's Guidelines
-- All YAML files named with '.yml' extension
+- All YAML files named with `.yml` extension
- Use spaces around jinja variables. `{{ var }}` over `{{var}}`
- Variables that are internal to the role should be lowercase and start with the role name
- Keep roles self contained - Roles should avoid including tasks from other roles when possible
@@ -11,4 +45,4 @@
- Indentation - Use 2 spaces for each indent
- `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory
- All role arguments have a specification in `meta/argument_specs.yml`
-- All playbooks/roles should be focused on compatibility with Ansible Tower
+- All playbooks/roles should be focused on compatibility with Ansible Automation Platform
diff --git a/README.md b/README.md
index 93d7a98..9e9867d 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,18 @@
# Ansible Collection - middleware_automation.keycloak
+
[](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
+> **_NOTE:_ If you are Red Hat customer, install `redhat.rhbk` (for Red Hat Build of Keycloak) or `redhat.sso` (for Red Hat Single Sign-On) from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection.**
-Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on).
-
+
+
+Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on) / [Red Hat Build of Keycloak](https://access.redhat.com/products/red-hat-build-of-keycloak).
+
## Ansible version compatibility
-This collection has been tested against following Ansible versions: **>=2.9.10**.
+This collection has been tested against following Ansible versions: **>=2.16.0**.
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
@@ -16,12 +20,15 @@ Plugins and modules within a collection may be tested with only specific Ansible
## Installation
+
### Installing the Collection from Ansible Galaxy
Before using the collection, you need to install it with the Ansible Galaxy CLI:
ansible-galaxy collection install middleware_automation.keycloak
+
+
You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml`, using the format:
```yaml
@@ -33,92 +40,60 @@ collections:
The keycloak collection also depends on the following python packages to be present on the controller host:
* netaddr
+* lxml
A requirement file is provided to install:
pip install -r requirements.txt
-
+
### Included roles
-* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service.
-* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
+* `keycloak_quarkus`: role for installing keycloak (>= 19.0.0, quarkus based).
+* `keycloak_realm`: role for configuring a realm, user federation(s), clients and users, in an installed service.
+* `keycloak`: role for installing legacy keycloak (<= 19.0, wildfly based).
+
## Usage
### Install Playbook
-
-* [`playbooks/keycloak.yml`](playbooks/keycloak.yml) installs the upstream(Keycloak) based on the defined variables.
-* [`playbooks/rhsso.yml`](playbooks/rhsso.yml) installs Red Hat Single Sign-On(RHSSO) based on defined variables.
+
+* [`playbooks/keycloak_quarkus.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_quarkus.yml) installs keycloak >= 17 based on the defined variables (using most defaults).
+* [`playbooks/keycloak.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak.yml) installs keycloak legacy based on the defined variables (using most defaults).
Both playbooks include the `keycloak` role, with different settings, as described in the following sections.
-For full service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
+For full service configuration details, refer to the [keycloak role README](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md).
+
+#### Install from controller node (offline)
-### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO)
-
-The general flag `keycloak_rhsso_enable` controls what to install between upstream (Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
-The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise.
-
-
-#### Install upstream (Keycloak) from keycloak releases
-
-This is the default approach when RHN credentials are not defined. Keycloak is downloaded from keycloak builds (hosted on github.com) locally, and distributed to target nodes.
-
-
-#### Install RHSSO from the Red Hat Customer Support Portal
-
-Define the credentials as follows, and the default behaviour is to download a fresh archive of RHSSO on the controller node, then distribute to target nodes.
+Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `true`, allows to skip
+the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster.
```yaml
-rhn_username: ''
-rhn_password: ''
-# (keycloak_rhsso_enable defaults to True)
+keycloak_offline_install: true
```
-#### Install from controller node (local source)
-
-Making the keycloak zip archive (or the RHSSO zip archive), available to the playbook repository root directory, and setting `keycloak_offline_install` to `True`, allows to skip
-the download tasks. The local path for the archive matches the downloaded archive path, so it is also used as a cache when multiple hosts are provisioned in a cluster.
-
-```yaml
-keycloak_offline_install: True
-```
-
-And depending on `keycloak_rhsso_enable`:
-
-* `True`: install RHSSO using file rh-sso-x.y.z-server-dist.zip
-* `False`: install keycloak using file keycloak-x.y.zip
+
+
#### Install from alternate sources (like corporate Nexus, artifactory, proxy, etc)
-For RHSSO:
-
-```yaml
-keycloak_rhsso_enable: True
-keycloak_rhsso_download_url: "https://///rh-sso-x.y.z-server-dist.zip"
-```
-
-For keycloak:
-
-```yaml
-keycloak_rhsso_enable: False
-keycloak_download_url: "https://///keycloak-x.y.zip"
-```
+It is possible to perform downloads from alternate sources, using the `keycloak_download_url` variable; make sure the final downloaded filename matches with the source filename (ie. keycloak-legacy-x.y.zip or rh-sso-x.y.z-server-dist.zip).
### Example installation command
-Execute the following command from the source root directory
+Execute the following command from the source root directory
```
ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=
-```
+```
- `keycloak_admin_password` Password for the administration console user account.
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
@@ -128,14 +103,16 @@ ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e
localhost ansible_connection=local
```
+Note: when deploying clustered configurations, all hosts belonging to the cluster must be present in `ansible_play_batch`; ie. they must be targeted by the same ansible-playbook execution.
+
## Configuration
### Config Playbook
-
-[`playbooks/keycloak_realm.yml`](playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
-
+
+[`playbooks/keycloak_realm.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
+
### Example configuration command
@@ -153,13 +130,17 @@ ansible-playbook -i playbooks/keycloak_realm.yml -e keycloak_adm
[keycloak]
localhost ansible_connection=local
```
+
+For full configuration details, refer to the [keycloak_realm role README](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md).
+
-For full configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
+
+
## License
Apache License v2.0 or later
-
+
See [LICENSE](LICENSE) to view the full text.
-
+
diff --git a/bindep.txt b/bindep.txt
new file mode 100644
index 0000000..0014f47
--- /dev/null
+++ b/bindep.txt
@@ -0,0 +1,9 @@
+python3-dev [compile platform:dpkg]
+python3-devel [compile platform:rpm]
+python39-devel [compile platform:centos-8 platform:rhel-8]
+git-lfs [platform:rpm platform:dpkg]
+python3-netaddr [platform:rpm platform:dpkg]
+python3-lxml [platform:rpm platform:dpkg]
+python3-jmespath [platform:rpm platform:dpkg]
+python3-requests [platform:rpm platform:dpkg]
+
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
new file mode 100644
index 0000000..6fbf0ab
--- /dev/null
+++ b/changelogs/changelog.yaml
@@ -0,0 +1,721 @@
+ancestor: 0.2.6
+releases:
+ 1.0.0:
+ changes:
+ release_summary: 'This is the first stable release of the ``middleware_automation.keycloak``
+ collection.
+
+ '
+ release_date: '2022-03-04'
+ 1.0.1:
+ changes:
+ major_changes:
+ - Apply latest cumulative patch of RH-SSO automatically when new parameter ``keycloak_rhsso_apply_patches``
+ is ``true`` `#18 `_
+ minor_changes:
+ - Clustered installs now perform database initialization on first node to avoid
+ locking issues `#17 `_
+ release_summary: 'Minor enhancements, bug and documentation fixes.
+
+ '
+ release_date: '2022-03-11'
+ 1.0.2:
+ changes:
+ bugfixes:
+ - 'Set ``keycloak_frontend_url`` default according to other defaults `#25 `_
+
+ '
+ minor_changes:
+ - 'Make ``keycloak_admin_password`` a default with assert (was: role variable)
+ `#26 `_
+
+ '
+ - 'Simplify dependency install logic and reduce play execution time `#19 `_
+
+ '
+ fragments:
+ - 19.yaml
+ - 25.yaml
+ - 26.yaml
+ release_date: '2022-04-01'
+ 1.0.3:
+ changes:
+ bugfixes:
+ - 'Make sure systemd unit starts with selected java JVM `#31 `_
+
+ '
+ major_changes:
+ - 'New role for installing keycloak >= 17.0.0 (quarkus) `#29 `_
+
+ '
+ minor_changes:
+ - 'Add ``keycloak_config_override_template`` parameter for passing a custom
+ xml config template `#30 `_
+
+ '
+ fragments:
+ - 29.yaml
+ - 30.yaml
+ - 31.yaml
+ release_date: '2022-05-09'
+ 1.0.4:
+ changes:
+ release_summary: 'Internal release, documentation or test changes only.
+
+ '
+ release_date: '2022-05-11'
+ 1.0.5:
+ changes:
+ minor_changes:
+ - 'Update config options: keycloak and quarkus `#32 `_
+
+ '
+ fragments:
+ - 32.yaml
+ release_date: '2022-05-25'
+ 1.0.6:
+ changes:
+ bugfixes:
+ - 'keycloak_quarkus: add selected java to PATH in systemd unit `#34 `_
+
+ '
+ - 'keycloak_quarkus: set logfile path correctly under keycloak home `#35 `_
+
+ '
+ fragments:
+ - 34.yaml
+ - 35.yaml
+ release_date: '2022-06-01'
+ 1.0.7:
+ changes:
+ breaking_changes:
+ - 'keycloak_quarkus: use absolute path for certificate files `#39 `_
+
+ '
+ bugfixes:
+ - 'keycloak_quarkus: use become for tasks that will otherwise fail `#38 `_
+
+ '
+ fragments:
+ - 38.yaml
+ - 39.yaml
+ release_date: '2022-07-06'
+ 1.1.0:
+ changes:
+ breaking_changes:
+ - 'Rename variables from ``infinispan_`` prefix to ``keycloak_infinispan_``
+ `#42 `_
+
+ '
+ bugfixes:
+ - 'keycloak_quarkus: fix /var/log/keycloak symlink to keycloak log directory
+ `#44 `_
+
+ '
+ minor_changes:
+ - 'Update keycloak to 18.0.2 - sso to 7.6.1 `#46 `_
+
+ '
+ - 'Variable ``keycloak_no_log`` controls ansible ``no_log`` parameter (for debugging
+ purposes) `#47 `_
+
+ '
+ - 'Variables to override service start retries and delay `#51 `_
+
+ '
+ - 'keycloak_quarkus: variable to enable development mode `#45 `_
+
+ '
+ fragments:
+ - 42.yaml
+ - 44.yaml
+ - 45.yaml
+ - 46.yaml
+ - 47.yaml
+ - 51.yaml
+ release_date: '2023-01-09'
+ 1.1.1:
+ changes:
+ bugfixes:
+ - 'keycloak-quarkus: fix ``cache-config-file`` path in keycloak.conf.j2 template
+ `#53 `_
+
+ '
+ fragments:
+ - 53.yaml
+ release_date: '2023-03-07'
+ 1.2.0:
+ changes:
+ major_changes:
+ - 'Provide config for multiple modcluster proxies `#60 `_
+
+ '
+ minor_changes:
+ - 'Allow to configure TCPPING for cluster discovery `#62 `_
+
+ '
+ - 'Drop community.general from dependencies `#61 `_
+
+ '
+ - 'Switch middleware_automation.redhat_csp_download for middleware_automation.common
+ `#63 `_
+
+ '
+ - 'Switch to middleware_automation.common for rh-sso patching `#64 `_
+
+ '
+ fragments:
+ - 60.yaml
+ - 61.yaml
+ - 62.yaml
+ - 63.yaml
+ - 64.yaml
+ release_date: '2023-03-16'
+ 1.2.1:
+ changes:
+ bugfixes:
+ - 'Pass attributes to realm clients `#69 `_
+
+ '
+ minor_changes:
+ - 'Allow to setup keycloak HA cluster without remote cache store `#68 `_
+
+ '
+ fragments:
+ - 68.yaml
+ - 69.yaml
+ release_date: '2023-04-11'
+ 1.2.4:
+ changes:
+ bugfixes:
+ - 'Fix deprecation warning for ``ipaddr`` `#77 `_
+
+ '
+ - 'Fix undefined facts when offline patching sso `#71 `_
+
+ '
+ minor_changes:
+ - 'Add ``sqlserver`` to keycloak role jdbc configurations `#78 `_
+
+ '
+ - 'Add configurability for XA transactions `#73 `_
+
+ '
+ fragments:
+ - 71.yaml
+ - 73.yaml
+ - 77.yaml
+ - 78.yaml
+ release_date: '2023-05-09'
+ 1.2.5:
+ changes:
+ minor_changes:
+ - 'Add configuration for database connection pool validation `#85 `_
+
+ '
+ - 'Allow to configure administration endpoint URL `#86 `_
+
+ '
+ - 'Allow to force backend URLs to frontend URLs `#84 `_
+
+ '
+ - 'Introduce systemd unit restart behavior `#81 `_
+
+ '
+ fragments:
+ - 81.yaml
+ - 84.yaml
+ - 85.yaml
+ - 86.yaml
+ release_date: '2023-05-26'
+ 1.2.6:
+ changes:
+ bugfixes:
+ - 'Handle WFLYCTL0117 when background validation millis is 0 `#90 `_
+
+ '
+ minor_changes:
+ - 'Add profile features enabling/disabling `#87 `_
+
+ '
+ - 'Improve service restart behavior configuration `#88 `_
+
+ '
+ - 'Update default xa_datasource_class value for mariadb jdbc configuration `#89
+ `_
+
+ '
+ fragments:
+ - 87.yaml
+ - 88.yaml
+ - 89.yaml
+ - 90.yaml
+ release_date: '2023-06-07'
+ 1.2.7:
+ changes:
+ minor_changes:
+ - 'Allow to override jgroups subnet `#93 `_
+
+ '
+ - 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_
+
+ '
+ fragments:
+ - 92.yaml
+ - 93.yaml
+ release_date: '2023-06-19'
+ 1.2.8:
+ changes:
+ bugfixes:
+ - 'Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 `_
+
+ '
+ - 'Undefine ``keycloak_db_valid_conn_sql`` default `#91 `_
+
+ '
+ - 'Update bindep.txt package python3-devel to support RHEL9 `#105 `_
+
+ '
+ minor_changes:
+ - 'keycloak_quarkus: set openjdk 17 as default `#103 `_
+
+ '
+ - 'keycloak_quarkus: update to version 22.0.1 `#107 `_
+
+ '
+ fragments:
+ - 103.yaml
+ - 105.yaml
+ - 107.yaml
+ - 91.yaml
+ - 98.yaml
+ release_date: '2023-08-28'
+ 1.3.0:
+ changes:
+ bugfixes:
+ - 'keycloak_quarkus: fix validation failure upon port configuration change `#113
+ `_
+
+ '
+ major_changes:
+ - 'Run service as ``keycloak_service_user`` `#106 `_
+
+ '
+ minor_changes:
+ - 'keycloak_quarkus: Update Keycloak to version 22.0.3 `#112 `_
+
+ '
+ - 'keycloak_quarkus: fix admin console redirect when running locally `#111 `_
+
+ '
+ - 'keycloak_quarkus: skip proxy config if ``keycloak_quarkus_proxy_mode`` is
+ ``none`` `#109 `_
+
+ '
+ fragments:
+ - 106.yaml
+ - 109.yaml
+ - 111.yaml
+ - 112.yaml
+ - 113.yaml
+ release_date: '2023-09-25'
+ 2.0.0:
+ changes:
+ breaking_changes:
+ - 'Add support for more http-related configs `#115 `_
+
+ '
+ - 'Update minimum ansible-core version > 2.14 `#119 `_
+
+ '
+ - 'keycloak_quarkus: enable config of key store and trust store `#116 `_
+
+ '
+ minor_changes:
+ - 'Add new parameter for port offset configuration `#124 `_
+
+ '
+ - 'Update Keycloak to version 22.0.5 `#122 `_
+
+ '
+ fragments:
+ - 115.yaml
+ - 116.yaml
+ - 119.yaml
+ - 122.yaml
+ - 124.yaml
+ release_date: '2023-11-20'
+ 2.0.1:
+ changes:
+ bugfixes:
+ - 'keycloak_quarkus: template requires lowercase boolean values `#138 `_
+
+ '
+ minor_changes:
+ - 'keycloak_quarkus: add hostname-strict parameter `#139 `_
+
+ '
+ - 'keycloak_quarkus: update to version 23.0.1 `#133 `_
+
+ '
+ fragments:
+ - 133.yaml
+ - 138.yaml
+ - 139.yaml
+ release_date: '2023-12-07'
+ 2.0.2:
+ changes:
+ bugfixes:
+ - 'keycloak_quarkus: Use ``keycloak_quarkus_java_opts`` `#154 `_
+
+ '
+ - 'keycloak_quarkus: allow ports <1024 (e.g. :443) in systemd unit `#150 `_
+
+ '
+ minor_changes:
+ - 'keycloak_quarkus: Add support for sqlserver jdbc driver `#148 `_
+
+ '
+ - 'keycloak_quarkus: allow configuration of ``hostname-strict-backchannel``
+ `#152 `_
+
+ '
+ - 'keycloak_quarkus: systemd restart behavior `#145 `_
+
+ '
+ fragments:
+ - 145.yaml
+ - 148.yaml
+ - 150.yaml
+ - 152.yaml
+ - 154.yaml
+ release_date: '2024-01-17'
+ 2.1.0:
+ changes:
+ breaking_changes:
+ - 'keycloak_quarkus: renamed infinispan host list configuration `#157 `_
+
+ '
+ bugfixes:
+ - 'keycloak_quarkus: fix custom JAVA_HOME parameter name `#171 `_
+
+ '
+ major_changes:
+ - 'Implement infinispan TCPPING discovery protocol `#159 `_
+
+ '
+ minor_changes:
+ - 'Set enable-recovery when xa transactions are enabled `#167 `_
+
+ '
+ - 'keycloak_quarkus: Allow configuring log rotate options in quarkus configuration
+ `#161 `_
+
+ '
+ - 'keycloak_quarkus: ``sticky-session`` for infinispan routes `#163 `_
+
+ '
+ fragments:
+ - 157.yaml
+ - 159.yaml
+ - 161.yaml
+ - 163.yaml
+ - 167.yaml
+ - 171.yaml
+ release_date: '2024-02-28'
+ 2.1.1:
+ changes:
+ bugfixes:
+ - 'Fix permissions on controller-side downloaded artifacts `#184 `_
+
+ '
+ - 'JVM args moved to ``JAVA_OPTS`` envvar (instead of JAVA_OPTS_APPEND) `#186
+ `_
+
+ '
+ - 'Unrelax configuration file permissions `#191 `_
+
+ '
+ - 'Utilize comment filter for ``ansible_managed`` annotations `#176 `_
+
+ '
+ minor_changes:
+ - 'Add reverse ``proxy_headers`` config, supersedes ``proxy_mode`` `#187 `_
+
+ '
+ - 'Debian/Ubuntu compatibility `#178 `_
+
+ '
+ - 'Use ``keycloak_realm`` as default for sub-entities `#180 `_
+
+ '
+ fragments:
+ - 176.yaml
+ - 178.yaml
+ - 180.yaml
+ - 184.yaml
+ - 186.yaml
+ - 187.yaml
+ - 191.yaml
+ release_date: '2024-04-17'
+ 2.1.2:
+ changes:
+ release_summary: 'Internal release, documentation or test changes only.
+
+ '
+ release_date: '2024-04-17'
+ 2.2.0:
+ changes:
+ major_changes:
+ - 'Support java keystore for configuration of sensitive options `#189 `_
+
+ '
+ minor_changes:
+ - 'Add ``wait_for_port`` and ``wait_for_log`` systemd unit logic `#199 `_
+
+ '
+ - 'Customize jdbc driver downloads, optional authentication `#202 `_
+
+ '
+ - 'Keystore-based vault SPI configuration `#196 `_
+
+ '
+ - 'New ``keycloak_quarkus_hostname_strict_https`` parameter `#195 `_
+
+ '
+ - 'Providers config and custom providers `#201 `_
+
+ '
+ - 'Remove administrator credentials from files once keycloak is bootstrapped
+ `#197 `_
+
+ '
+ - 'Update keycloak to 24.0 `#194 `_
+
+ '
+ fragments:
+ - 189.yaml
+ - 194.yaml
+ - 195.yaml
+ - 196.yaml
+ - 197.yaml
+ - 199.yaml
+ - 201.yaml
+ - 202.yaml
+ release_date: '2024-05-01'
+ 2.2.1:
+ changes:
+ bugfixes:
+ - 'JDBC provider: fix clause in argument validation `#204 `_
+
+ '
+ release_summary: Internal release, documentation or test changes only.
+ fragments:
+ - 204.yaml
+ - v2.2.1-devel_summary.yaml
+ release_date: '2024-05-02'
+ 2.2.2:
+ changes:
+ bugfixes:
+ - 'Turn off controller privilege escalation `#209 `_
+
+ '
+ minor_changes:
+ - 'Copying of key material for TLS configuration `#210 `_
+
+ '
+ - 'Validate certs parameter for JDBC driver downloads `#207 `_
+
+ '
+ fragments:
+ - 207.yaml
+ - 209.yaml
+ - 210.yaml
+ release_date: '2024-05-06'
+ 2.3.0:
+ changes:
+ bugfixes:
+ - '``kc.sh build`` uses configured jdk `#211 `_
+
+ '
+ major_changes:
+ - 'Allow for custom providers hosted on maven repositories `#223 `_
+
+ '
+ - 'Restart handler strategy behaviour `#231 `_
+
+ '
+ minor_changes:
+ - 'Add support for policy files `#225 `_
+
+ '
+ - 'Allow to add extra custom env vars in sysconfig file `#229 `_
+
+ '
+ - 'Download from alternate URL with optional http authentication `#220 `_
+
+ '
+ - 'Update Keycloak to version 24.0.4 `#218 `_
+
+ '
+ - '``proxy-header`` enhancement `#227 `_
+
+ '
+ fragments:
+ - 211.yaml
+ - 218.yaml
+ - 220.yaml
+ - 223.yaml
+ - 225.yaml
+ - 227.yaml
+ - 229.yaml
+ - 231.yaml
+ release_date: '2024-05-20'
+ 2.4.0:
+ changes:
+ major_changes:
+ - 'Enable by default health check on restart `#234 `_
+
+ '
+ - 'Update minimum ansible-core version > 2.15 `#232 `_
+
+ '
+ fragments:
+ - 232.yaml
+ - 234.yaml
+ release_date: '2024-06-04'
+ 2.4.1:
+ changes:
+ release_summary: Internal release, documentation or test changes only.
+ fragments:
+ - v2.4.1-devel_summary.yaml
+ release_date: '2024-07-02'
+ 2.4.2:
+ changes:
+ bugfixes:
+ - 'Add wait_for_port number parameter `#237 `_
+
+ '
+ minor_changes:
+ - 'New parameter ``keycloak_quarkus_download_path`` `#239 `_
+
+ '
+ fragments:
+ - 237.yaml
+ - 239.yaml
+ release_date: '2024-09-26'
+ 2.4.3:
+ changes:
+ minor_changes:
+ - 'Update keycloak to 24.0.5 `#241 `_
+
+ '
+ fragments:
+ - 241.yaml
+ release_date: '2024-10-16'
+ 3.0.0:
+ changes:
+ breaking_changes:
+ - 'Bump major and ansible-core versions `#266 `_
+
+ '
+ - 'Rename parameters to follow upstream `#270 `_
+
+ '
+ - 'Update for keycloak v26 `#254 `_
+
+ '
+ bugfixes:
+ - 'Access token lifespan is too short for ansible run `#251 `_
+
+ '
+ - 'Load environment vars during kc rebuild `#274 `_
+
+ '
+ - 'Rebuild config and restart service for local providers `#250 `_
+
+ '
+ - 'Rename and honour parameter ``keycloak_quarkus_http_host`` `#271 `_
+
+ '
+ minor_changes:
+ - 'Add theme cache invalidation handler `#252 `_
+
+ '
+ - 'keycloak_realm: change url variables to defaults `#268 `_
+
+ '
+ fragments:
+ - 250.yaml
+ - 251.yaml
+ - 252.yaml
+ - 254.yaml
+ - 266.yaml
+ - 268.yaml
+ - 270.yaml
+ - 271.yaml
+ - 274.yaml
+ modules:
+ - description: Allows administration of Keycloak realm via Keycloak API
+ name: keycloak_realm
+ namespace: ''
+ release_date: '2025-04-23'
+ 3.0.1:
+ changes:
+ bugfixes:
+ - 'Trigger rebuild handler on envvars file change `#276 `_
+
+ '
+ minor_changes:
+ - 'Version update to 26.0.8 / rhbk 26.0.11 `#277 `_
+
+ '
+ fragments:
+ - 276.yaml
+ - 277.yaml
+ release_date: '2025-05-02'
+ 3.0.2:
+ changes:
+ bugfixes:
+ - 'Fix ``keycloak_quarkus_force_install`` parameter being ignored by install
+ `#296 `_
+
+ '
+ - 'Fix alternate download location being ignored (JBossNeworkAPI always used)
+ `#298 `_
+
+ '
+ - 'Run config rebuild after SPI providers update `#285 `_
+
+ '
+ - 'Use jdk21 as default in debian `#289 `_
+
+ '
+ - 'keycloak_realm: federation default provider type should be a string `#302
+ `_
+
+ '
+ minor_changes:
+ - 'New ``checksum`` property for keycloak_quarkus_providers `#280 `_
+
+ '
+ - 'New parameter to set the jgroups host IP address `#281