diff --git a/.ansible-lint b/.ansible-lint
index 8e4b5ca..eef1f63 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -5,8 +5,6 @@ exclude_paths:
- molecule/
- .ansible-lint
- .yamllint
- - meta/
- - playbooks/roles/
rulesdir:
- ../../ansible-lint-custom-rules/rules/
@@ -18,26 +16,12 @@ enable_list:
warn_list:
- role_vars_start_with_role_name
- vars_in_vars_files_have_valid_names
+ - vars_should_not_be_used
- experimental
- ignore-errors
- no-handler
+ - fqcn-builtins
- no-log-password
- - jinja[spacing]
- - jinja[invalid]
- - meta-no-tags
- - name[casing]
- - fqcn[action]
- - schema[meta]
- - key-order[task]
- - blocked_modules
- - run-once[task]
-
-skip_list:
- - vars_should_not_be_used
- - file_is_small_enough
- - file_has_valid_name
- - name[template]
- - var-naming[no-role-prefix]
use_default_rules: true
parseable: true
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index a622526..9a72e5c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,28 +1,51 @@
---
name: CI
-on:
+"on":
push:
branches:
- main
pull_request:
- workflow_dispatch:
- inputs:
- debug_verbosity:
- description: 'ANSIBLE_VERBOSITY envvar value'
- required: false
- schedule:
- - cron: '15 6 * * *'
jobs:
ci:
- uses: ansible-middleware/github-actions/.github/workflows/cish.yml@main
- secrets: inherit
- with:
- fqcn: 'middleware_automation/keycloak'
- debug_verbosity: "${{ github.event.inputs.debug_verbosity }}"
- molecule_tests: >-
- [ "debian", "quarkus", "quarkus_ha", "quarkus_ha_remote" ]
- podman_tests_current: >-
- [ "default", "quarkus_devmode", "quarkus_upgrade" ]
- podman_tests_next: >-
- [ "default", "quarkus_devmode", "quarkus_upgrade" ]
+ runs-on: ubuntu-latest
+ strategy:
+ matrix:
+ python_version: ["3.9"]
+ steps:
+ - name: Check out code
+ uses: actions/checkout@v2
+ with:
+ path: ansible_collections/middleware_automation/keycloak
+
+ - name: Set up Python ${{ matrix.python_version }}
+ uses: actions/setup-python@v1
+ with:
+ python-version: ${{ matrix.python_version }}
+
+ - name: Install yamllint, ansible and molecule
+ run: |
+ python -m pip install --upgrade pip
+ pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
+ pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
+
+ - name: Install ansible-lint custom rules
+ uses: actions/checkout@v2
+ with:
+ repository: ansible-middleware/ansible-lint-custom-rules
+ path: ansible_collections/ansible-lint-custom-rules/
+
+ - name: Create default collection path
+ run: |
+ mkdir -p /home/runner/.ansible/collections/ansible_collections
+
+ - name: Run sanity tests
+ run: ansible-test sanity --docker -v --color --python ${{ matrix.python_version }}
+ working-directory: ./ansible_collections/middleware_automation/keycloak
+
+ - name: Run molecule test
+ run: molecule test --all
+ working-directory: ./ansible_collections/middleware_automation/keycloak
+ env:
+ PY_COLORS: '1'
+ ANSIBLE_FORCE_COLOR: '1'
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
index 540fe4f..2e303d6 100644
--- a/.github/workflows/docs.yml
+++ b/.github/workflows/docs.yml
@@ -5,14 +5,71 @@ on:
branches:
- main
tags:
- - "[0-9]+.[0-9]+.[0-9]+"
- workflow_dispatch:
+ - "*.*.*"
+
+env:
+ COLORTERM: 'yes'
+ TERM: 'xterm-256color'
+ PYTEST_ADDOPTS: '--color=yes'
jobs:
docs:
- uses: ansible-middleware/github-actions/.github/workflows/docs.yml@main
- secrets: inherit
- with:
- fqcn: 'middleware_automation/keycloak'
- collection_fqcn: 'middleware_automation.keycloak'
- historical_docs: 'false'
+ runs-on: ubuntu-latest
+ if: github.repository == 'ansible-middleware/keycloak'
+ permissions:
+ actions: write
+ checks: write
+ contents: write
+ deployments: write
+ packages: write
+ pages: write
+ steps:
+ - name: Check out code
+ uses: actions/checkout@v2
+ with:
+ path: ansible_collections/middleware_automation/keycloak
+ fetch-depth: 0
+
+ - name: Set up Python
+ uses: actions/setup-python@v2
+ with:
+ python-version: 3.9
+
+ - name: Install doc dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install -r ansible_collections/middleware_automation/keycloak/docs/requirements.txt
+ pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
+
+ - name: Create default collection path
+ run: |
+ mkdir -p /home/runner/.ansible/collections/ansible_collections
+
+ - name: Create doc directories and resources
+ run: |
+ mkdir -p ./docs/plugins ./docs/roles
+ cat ./docs/roles.rst.template > ./docs/roles/index.rst
+ antsibull-docs collection --use-current --squash-hierarchy --dest-dir docs/plugins middleware_automation.keycloak
+ for role_readme in roles/*/README.md; do ln -f -s ../../$role_readme ./docs/roles/$(basename $(dirname $role_readme)).md; echo " * :doc:\`$(basename $(dirname $role_readme))\`" >> ./docs/roles/index.rst; done
+ working-directory: ansible_collections/middleware_automation/keycloak
+
+ - name: Run sphinx
+ run: |
+ sphinx-build -M html . _build -v
+ working-directory: ansible_collections/middleware_automation/keycloak/docs/
+
+ - name: Commit docs
+ run: |
+ git config user.name github-actions
+ git config user.email github-actions@github.com
+ git checkout gh-pages
+ rm -rf $(basename ${GITHUB_REF})
+ mv docs/_build/html $(basename ${GITHUB_REF})
+ ln --force --no-dereference --symbolic main latest
+ git show origin/main:docs/_gh_include/header.inc > index.html
+ (echo main; echo latest; dirname *.*.*/index.html | sort --version-sort --reverse) | xargs -I@@ -n1 echo '@@' >> index.html
+ git show origin/main:docs/_gh_include/footer.inc >> index.html
+ git add $(basename ${GITHUB_REF}) latest index.html
+ git commit -m "Update docs for $(basename ${GITHUB_REF})" || true
+ git push origin gh-pages
+ working-directory: ansible_collections/middleware_automation/keycloak/
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d0d14d8..cafc1eb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,28 +1,47 @@
----
name: Release collection
+
on:
- workflow_dispatch:
- inputs:
- release_summary:
- description: 'Optional release summary for changelogs'
- required: false
+ push:
+ tags:
+ - "*.*.*"
jobs:
release:
- uses: ansible-middleware/github-actions/.github/workflows/release.yml@main
- with:
- collection_fqcn: 'middleware_automation.keycloak'
- downstream_name: 'rhbk'
- release_summary: "${{ github.event.inputs.release_summary }}"
- secrets:
- galaxy_token: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
- jira_webhook: ${{ secrets.JIRA_WEBHOOK_CREATE_VERSION }}
-
+ runs-on: ubuntu-latest
+ steps:
+ - name: Checkout code
+ uses: actions/checkout@v2
+ - name: Set up Python
+ uses: actions/setup-python@v1
+ with:
+ python-version: "3.x"
+ - name: Get Tag Version
+ id: get_version
+ run: echo ::set-output name=TAG_VERSION::${GITHUB_REF#refs/tags/}
+ - name: Install dependencies
+ run: |
+ python -m pip install --upgrade pip
+ pip install ansible-core
+ - name: Build collection
+ run: |
+ ansible-galaxy collection build .
+ - name: Publish Release
+ uses: softprops/action-gh-release@v1
+ env:
+ GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+ with:
+ files: "*.tar.gz"
+ body: "Release ${{ steps.get_version.outputs.TAG_VERSION }}"
+ - name: Publish collection
+ env:
+ ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
+ run: |
+ ansible-galaxy collection publish *.tar.gz --api-key $ANSIBLE_GALAXY_API_KEY
dispatch:
needs: release
strategy:
matrix:
- repo: ['ansible-middleware/ansible-middleware-ee']
+ repo: ['ansible-middleware/cross-dc-rhsso-demo', 'ansible-middleware/flange-demo']
runs-on: ubuntu-latest
steps:
- name: Repository Dispatch
@@ -30,5 +49,5 @@ jobs:
with:
token: ${{ secrets.TRIGGERING_PAT }}
repository: ${{ matrix.repo }}
- event-type: "Dependency released - Keycloak v${{ needs.release.outputs.tag_version }}"
+ event-type: "Dependency released - Keycloak"
client-payload: '{ "github": ${{toJson(github)}} }'
diff --git a/.github/workflows/traffic.yml b/.github/workflows/traffic.yml
deleted file mode 100644
index d997f4e..0000000
--- a/.github/workflows/traffic.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-name: Collect traffic stats
-on:
- schedule:
- - cron: "51 23 * * 0"
- workflow_dispatch:
-
-jobs:
- traffic:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
- with:
- ref: "gh-pages"
-
- - name: GitHub traffic
- uses: sangonzal/repository-traffic-action@v.0.1.6
- env:
- TRAFFIC_ACTION_TOKEN: ${{ secrets.TRIGGERING_PAT }}
-
- - name: Commit changes
- uses: EndBug/add-and-commit@v4
- with:
- author_name: Ansible Middleware
- message: "GitHub traffic"
- add: "./traffic/*"
- ref: "gh-pages"
diff --git a/.gitignore b/.gitignore
index ce41aef..f10cc78 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,15 +2,9 @@
*.zip
.tmp
.cache
-.vscode/
-__pycache__/
docs/plugins/
docs/roles/
docs/_build/
.pytest_cache/
.mypy_cache/
*.retry
-changelogs/.plugin-cache.yaml
-*.pem
-*.key
-*.p12
diff --git a/.yamllint b/.yamllint
index 10e554e..fa1f1fc 100644
--- a/.yamllint
+++ b/.yamllint
@@ -15,8 +15,7 @@ rules:
commas:
max-spaces-after: -1
level: error
- comments:
- min-spaces-from-content: 1
+ comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
@@ -31,8 +30,4 @@ rules:
new-lines:
type: unix
trailing-spaces: disable
- truthy: disable
- octal-values:
- forbid-implicit-octal: true
- forbid-explicit-octal: true
-
+ truthy: disable
\ No newline at end of file
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
deleted file mode 100644
index 981d6e7..0000000
--- a/CHANGELOG.rst
+++ /dev/null
@@ -1,513 +0,0 @@
-=============================================
-middleware\_automation.keycloak Release Notes
-=============================================
-
-.. contents:: Topics
-
-This changelog describes changes after version 0.2.6.
-
-v3.0.2
-======
-
-Minor Changes
--------------
-
-- New ``checksum`` property for keycloak_quarkus_providers `#280 `_
-- New parameter to set the jgroups host IP address `#281 `_
-- Session storage / distributed caches `#287 `_
-- Update keycloak/RHBK to v26.2.4 `#283 `_
-
-Bugfixes
---------
-
-- Fix ``keycloak_quarkus_force_install`` parameter being ignored by install `#296 `_
-- Fix alternate download location being ignored (JBossNeworkAPI always used) `#298 `_
-- Run config rebuild after SPI providers update `#285 `_
-- Use jdk21 as default in debian `#289 `_
-- keycloak_realm: federation default provider type should be a string `#302 `_
-
-v3.0.1
-======
-
-Minor Changes
--------------
-
-- Version update to 26.0.8 / rhbk 26.0.11 `#277 `_
-
-Bugfixes
---------
-
-- Trigger rebuild handler on envvars file change `#276 `_
-
-v3.0.0
-======
-
-Minor Changes
--------------
-
-- Add theme cache invalidation handler `#252 `_
-- keycloak_realm: change url variables to defaults `#268 `_
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- Bump major and ansible-core versions `#266 `_
-- Rename parameters to follow upstream `#270 `_
-- Update for keycloak v26 `#254 `_
-
-Bugfixes
---------
-
-- Access token lifespan is too short for ansible run `#251 `_
-- Load environment vars during kc rebuild `#274 `_
-- Rebuild config and restart service for local providers `#250 `_
-- Rename and honour parameter ``keycloak_quarkus_http_host`` `#271 `_
-
-New Modules
------------
-
-- middleware_automation.keycloak.keycloak_realm - Allows administration of Keycloak realm via Keycloak API
-
-v2.4.3
-======
-
-Minor Changes
--------------
-
-- Update keycloak to 24.0.5 `#241 `_
-
-v2.4.2
-======
-
-Minor Changes
--------------
-
-- New parameter ``keycloak_quarkus_download_path`` `#239 `_
-
-Bugfixes
---------
-
-- Add wait_for_port number parameter `#237 `_
-
-v2.4.1
-======
-
-Release Summary
----------------
-
-Internal release, documentation or test changes only.
-
-v2.4.0
-======
-
-Major Changes
--------------
-
-- Enable by default health check on restart `#234 `_
-- Update minimum ansible-core version > 2.15 `#232 `_
-
-v2.3.0
-======
-
-Major Changes
--------------
-
-- Allow for custom providers hosted on maven repositories `#223 `_
-- Restart handler strategy behaviour `#231 `_
-
-Minor Changes
--------------
-
-- Add support for policy files `#225 `_
-- Allow to add extra custom env vars in sysconfig file `#229 `_
-- Download from alternate URL with optional http authentication `#220 `_
-- Update Keycloak to version 24.0.4 `#218 `_
-- ``proxy-header`` enhancement `#227 `_
-
-Bugfixes
---------
-
-- ``kc.sh build`` uses configured jdk `#211 `_
-
-v2.2.2
-======
-
-Minor Changes
--------------
-
-- Copying of key material for TLS configuration `#210 `_
-- Validate certs parameter for JDBC driver downloads `#207 `_
-
-Bugfixes
---------
-
-- Turn off controller privilege escalation `#209 `_
-
-v2.2.1
-======
-
-Release Summary
----------------
-
-Internal release, documentation or test changes only.
-
-Bugfixes
---------
-
-- JDBC provider: fix clause in argument validation `#204 `_
-
-v2.2.0
-======
-
-Major Changes
--------------
-
-- Support java keystore for configuration of sensitive options `#189 `_
-
-Minor Changes
--------------
-
-- Add ``wait_for_port`` and ``wait_for_log`` systemd unit logic `#199 `_
-- Customize jdbc driver downloads, optional authentication `#202 `_
-- Keystore-based vault SPI configuration `#196 `_
-- New ``keycloak_quarkus_hostname_strict_https`` parameter `#195 `_
-- Providers config and custom providers `#201 `_
-- Remove administrator credentials from files once keycloak is bootstrapped `#197 `_
-- Update keycloak to 24.0 `#194 `_
-
-v2.1.2
-======
-
-Release Summary
----------------
-
-Internal release, documentation or test changes only.
-
-v2.1.1
-======
-
-Minor Changes
--------------
-
-- Add reverse ``proxy_headers`` config, supersedes ``proxy_mode`` `#187 `_
-- Debian/Ubuntu compatibility `#178 `_
-- Use ``keycloak_realm`` as default for sub-entities `#180 `_
-
-Bugfixes
---------
-
-- Fix permissions on controller-side downloaded artifacts `#184 `_
-- JVM args moved to ``JAVA_OPTS`` envvar (instead of JAVA_OPTS_APPEND) `#186 `_
-- Unrelax configuration file permissions `#191 `_
-- Utilize comment filter for ``ansible_managed`` annotations `#176 `_
-
-v2.1.0
-======
-
-Major Changes
--------------
-
-- Implement infinispan TCPPING discovery protocol `#159 `_
-
-Minor Changes
--------------
-
-- Set enable-recovery when xa transactions are enabled `#167 `_
-- keycloak_quarkus: Allow configuring log rotate options in quarkus configuration `#161 `_
-- keycloak_quarkus: ``sticky-session`` for infinispan routes `#163 `_
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- keycloak_quarkus: renamed infinispan host list configuration `#157 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: fix custom JAVA_HOME parameter name `#171 `_
-
-v2.0.2
-======
-
-Minor Changes
--------------
-
-- keycloak_quarkus: Add support for sqlserver jdbc driver `#148 `_
-- keycloak_quarkus: allow configuration of ``hostname-strict-backchannel`` `#152 `_
-- keycloak_quarkus: systemd restart behavior `#145 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: Use ``keycloak_quarkus_java_opts`` `#154 `_
-- keycloak_quarkus: allow ports <1024 (e.g. :443) in systemd unit `#150 `_
-
-v2.0.1
-======
-
-Minor Changes
--------------
-
-- keycloak_quarkus: add hostname-strict parameter `#139 `_
-- keycloak_quarkus: update to version 23.0.1 `#133 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: template requires lowercase boolean values `#138 `_
-
-v2.0.0
-======
-
-Minor Changes
--------------
-
-- Add new parameter for port offset configuration `#124 `_
-- Update Keycloak to version 22.0.5 `#122 `_
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- Add support for more http-related configs `#115 `_
-- Update minimum ansible-core version > 2.14 `#119 `_
-- keycloak_quarkus: enable config of key store and trust store `#116 `_
-
-v1.3.0
-======
-
-Major Changes
--------------
-
-- Run service as ``keycloak_service_user`` `#106 `_
-
-Minor Changes
--------------
-
-- keycloak_quarkus: Update Keycloak to version 22.0.3 `#112 `_
-- keycloak_quarkus: fix admin console redirect when running locally `#111 `_
-- keycloak_quarkus: skip proxy config if ``keycloak_quarkus_proxy_mode`` is ``none`` `#109 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: fix validation failure upon port configuration change `#113 `_
-
-v1.2.8
-======
-
-Minor Changes
--------------
-
-- keycloak_quarkus: set openjdk 17 as default `#103 `_
-- keycloak_quarkus: update to version 22.0.1 `#107 `_
-
-Bugfixes
---------
-
-- Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 `_
-- Undefine ``keycloak_db_valid_conn_sql`` default `#91 `_
-- Update bindep.txt package python3-devel to support RHEL9 `#105 `_
-
-v1.2.7
-======
-
-Minor Changes
--------------
-
-- Allow to override jgroups subnet `#93 `_
-- keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_
-
-v1.2.6
-======
-
-Minor Changes
--------------
-
-- Add profile features enabling/disabling `#87 `_
-- Improve service restart behavior configuration `#88 `_
-- Update default xa_datasource_class value for mariadb jdbc configuration `#89 `_
-
-Bugfixes
---------
-
-- Handle WFLYCTL0117 when background validation millis is 0 `#90 `_
-
-v1.2.5
-======
-
-Minor Changes
--------------
-
-- Add configuration for database connection pool validation `#85 `_
-- Allow to configure administration endpoint URL `#86 `_
-- Allow to force backend URLs to frontend URLs `#84 `_
-- Introduce systemd unit restart behavior `#81 `_
-
-v1.2.4
-======
-
-Minor Changes
--------------
-
-- Add ``sqlserver`` to keycloak role jdbc configurations `#78 `_
-- Add configurability for XA transactions `#73 `_
-
-Bugfixes
---------
-
-- Fix deprecation warning for ``ipaddr`` `#77 `_
-- Fix undefined facts when offline patching sso `#71 `_
-
-v1.2.1
-======
-
-Minor Changes
--------------
-
-- Allow to setup keycloak HA cluster without remote cache store `#68 `_
-
-Bugfixes
---------
-
-- Pass attributes to realm clients `#69 `_
-
-v1.2.0
-======
-
-Major Changes
--------------
-
-- Provide config for multiple modcluster proxies `#60 `_
-
-Minor Changes
--------------
-
-- Allow to configure TCPPING for cluster discovery `#62 `_
-- Drop community.general from dependencies `#61 `_
-- Switch middleware_automation.redhat_csp_download for middleware_automation.common `#63 `_
-- Switch to middleware_automation.common for rh-sso patching `#64 `_
-
-v1.1.1
-======
-
-Bugfixes
---------
-
-- keycloak-quarkus: fix ``cache-config-file`` path in keycloak.conf.j2 template `#53 `_
-
-v1.1.0
-======
-
-Minor Changes
--------------
-
-- Update keycloak to 18.0.2 - sso to 7.6.1 `#46 `_
-- Variable ``keycloak_no_log`` controls ansible ``no_log`` parameter (for debugging purposes) `#47 `_
-- Variables to override service start retries and delay `#51 `_
-- keycloak_quarkus: variable to enable development mode `#45 `_
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- Rename variables from ``infinispan_`` prefix to ``keycloak_infinispan_`` `#42 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: fix /var/log/keycloak symlink to keycloak log directory `#44 `_
-
-v1.0.7
-======
-
-Breaking Changes / Porting Guide
---------------------------------
-
-- keycloak_quarkus: use absolute path for certificate files `#39 `_
-
-Bugfixes
---------
-
-- keycloak_quarkus: use become for tasks that will otherwise fail `#38 `_
-
-v1.0.6
-======
-
-Bugfixes
---------
-
-- keycloak_quarkus: add selected java to PATH in systemd unit `#34 `_
-- keycloak_quarkus: set logfile path correctly under keycloak home `#35 `_
-
-v1.0.5
-======
-
-Minor Changes
--------------
-
-- Update config options: keycloak and quarkus `#32 `_
-
-v1.0.4
-======
-
-Release Summary
----------------
-
-Internal release, documentation or test changes only.
-
-v1.0.3
-======
-
-Major Changes
--------------
-
-- New role for installing keycloak >= 17.0.0 (quarkus) `#29 `_
-
-Minor Changes
--------------
-
-- Add ``keycloak_config_override_template`` parameter for passing a custom xml config template `#30 `_
-
-Bugfixes
---------
-
-- Make sure systemd unit starts with selected java JVM `#31 `_
-
-v1.0.2
-======
-
-Minor Changes
--------------
-
-- Make ``keycloak_admin_password`` a default with assert (was: role variable) `#26 `_
-- Simplify dependency install logic and reduce play execution time `#19 `_
-
-Bugfixes
---------
-
-- Set ``keycloak_frontend_url`` default according to other defaults `#25 `_
-
-v1.0.1
-======
-
-Release Summary
----------------
-
-Minor enhancements, bug and documentation fixes.
-
-Major Changes
--------------
-
-- Apply latest cumulative patch of RH-SSO automatically when new parameter ``keycloak_rhsso_apply_patches`` is ``true`` `#18 `_
-
-Minor Changes
--------------
-
-- Clustered installs now perform database initialization on first node to avoid locking issues `#17 `_
-
-v1.0.0
-======
-
-Release Summary
----------------
-
-This is the first stable release of the ``middleware_automation.keycloak`` collection.
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 95b60ed..613657d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,41 +1,7 @@
-## Developing
-
-### Build and install locally
-
-Clone the repository, checkout the tag you want to build, or pick the main branch for the development version; then:
-
- ansible-galaxy collection build .
- ansible-galaxy collection install middleware_automation-keycloak-*.tar.gz
-
-
-### Development environment
-
-Make sure your development machine has avilable:
-
-* python 3.11+
-* virtualenv
-* docker (or podman)
-
-In order to run setup the development environment and run the molecule tests locally, after cloning the repository:
-
-```
-# create new virtualenv using python 3
-virtualenv $PATH_TO_DEV_VIRTUALENV
-# activate the virtual env
-source $PATH_TO_DEV_VIRTUALENV/bin/activate
-# install ansible and tools onto the virtualenv
-pip install yamllint 'molecule>=6.0' 'molecule-plugins[docker]' 'ansible-core>=2.16' ansible-lint
-# install collection dependencies
-ansible-galaxy collection install -r requirements.yml
-# install python dependencies
-pip install -r requirements.txt molecule/requirements.txt
-# execute the tests (replace --all with -s subdirectory to run a single test)
-molecule test --all
-```
## Contributor's Guidelines
-- All YAML files named with `.yml` extension
+- All YAML files named with '.yml' extension
- Use spaces around jinja variables. `{{ var }}` over `{{var}}`
- Variables that are internal to the role should be lowercase and start with the role name
- Keep roles self contained - Roles should avoid including tasks from other roles when possible
@@ -45,4 +11,4 @@ molecule test --all
- Indentation - Use 2 spaces for each indent
- `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory
- All role arguments have a specification in `meta/argument_specs.yml`
-- All playbooks/roles should be focused on compatibility with Ansible Automation Platform
+- All playbooks/roles should be focused on compatibility with Ansible Tower
diff --git a/README.md b/README.md
index 9e9867d..93d7a98 100644
--- a/README.md
+++ b/README.md
@@ -1,18 +1,14 @@
# Ansible Collection - middleware_automation.keycloak
-
[](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
-> **_NOTE:_ If you are Red Hat customer, install `redhat.rhbk` (for Red Hat Build of Keycloak) or `redhat.sso` (for Red Hat Single Sign-On) from [Automation Hub](https://console.redhat.com/ansible/ansible-dashboard) as the certified version of this collection.**
-
-
-Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on) / [Red Hat Build of Keycloak](https://access.redhat.com/products/red-hat-build-of-keycloak).
-
+Collection to install and configure [Keycloak](https://www.keycloak.org/) or [Red Hat Single Sign-On](https://access.redhat.com/products/red-hat-single-sign-on).
+
## Ansible version compatibility
-This collection has been tested against following Ansible versions: **>=2.16.0**.
+This collection has been tested against following Ansible versions: **>=2.9.10**.
Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
@@ -20,15 +16,12 @@ Plugins and modules within a collection may be tested with only specific Ansible
## Installation
-
### Installing the Collection from Ansible Galaxy
Before using the collection, you need to install it with the Ansible Galaxy CLI:
ansible-galaxy collection install middleware_automation.keycloak
-
-
You can also include it in a `requirements.yml` file and install it via `ansible-galaxy collection install -r requirements.yml`, using the format:
```yaml
@@ -40,60 +33,92 @@ collections:
The keycloak collection also depends on the following python packages to be present on the controller host:
* netaddr
-* lxml
A requirement file is provided to install:
pip install -r requirements.txt
-
+
### Included roles
-* `keycloak_quarkus`: role for installing keycloak (>= 19.0.0, quarkus based).
-* `keycloak_realm`: role for configuring a realm, user federation(s), clients and users, in an installed service.
-* `keycloak`: role for installing legacy keycloak (<= 19.0, wildfly based).
+* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing the service.
+* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
-
## Usage
### Install Playbook
-
-* [`playbooks/keycloak_quarkus.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_quarkus.yml) installs keycloak >= 17 based on the defined variables (using most defaults).
-* [`playbooks/keycloak.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak.yml) installs keycloak legacy based on the defined variables (using most defaults).
+
+* [`playbooks/keycloak.yml`](playbooks/keycloak.yml) installs the upstream(Keycloak) based on the defined variables.
+* [`playbooks/rhsso.yml`](playbooks/rhsso.yml) installs Red Hat Single Sign-On(RHSSO) based on defined variables.
Both playbooks include the `keycloak` role, with different settings, as described in the following sections.
-For full service configuration details, refer to the [keycloak role README](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md).
-
+For full service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
-#### Install from controller node (offline)
-Making the keycloak zip archive available to the playbook working directory, and setting `keycloak_offline_install` to `true`, allows to skip
-the download tasks. The local path for the archive does match the downloaded archive path, so that it is also used as a cache when multiple hosts are provisioned in a cluster.
+### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO)
+
+The general flag `keycloak_rhsso_enable` controls what to install between upstream (Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
+The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise.
+
+
+#### Install upstream (Keycloak) from keycloak releases
+
+This is the default approach when RHN credentials are not defined. Keycloak is downloaded from keycloak builds (hosted on github.com) locally, and distributed to target nodes.
+
+
+#### Install RHSSO from the Red Hat Customer Support Portal
+
+Define the credentials as follows, and the default behaviour is to download a fresh archive of RHSSO on the controller node, then distribute to target nodes.
```yaml
-keycloak_offline_install: true
+rhn_username: ''
+rhn_password: ''
+# (keycloak_rhsso_enable defaults to True)
```
-
-
+#### Install from controller node (local source)
+
+Making the keycloak zip archive (or the RHSSO zip archive), available to the playbook repository root directory, and setting `keycloak_offline_install` to `True`, allows to skip
+the download tasks. The local path for the archive matches the downloaded archive path, so it is also used as a cache when multiple hosts are provisioned in a cluster.
+
+```yaml
+keycloak_offline_install: True
+```
+
+And depending on `keycloak_rhsso_enable`:
+
+* `True`: install RHSSO using file rh-sso-x.y.z-server-dist.zip
+* `False`: install keycloak using file keycloak-x.y.zip
#### Install from alternate sources (like corporate Nexus, artifactory, proxy, etc)
-It is possible to perform downloads from alternate sources, using the `keycloak_download_url` variable; make sure the final downloaded filename matches with the source filename (ie. keycloak-legacy-x.y.zip or rh-sso-x.y.z-server-dist.zip).
+For RHSSO:
+
+```yaml
+keycloak_rhsso_enable: True
+keycloak_rhsso_download_url: "https://///rh-sso-x.y.z-server-dist.zip"
+```
+
+For keycloak:
+
+```yaml
+keycloak_rhsso_enable: False
+keycloak_download_url: "https://///keycloak-x.y.zip"
+```
### Example installation command
-Execute the following command from the source root directory
+Execute the following command from the source root directory
```
ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e keycloak_admin_password=
-```
+```
- `keycloak_admin_password` Password for the administration console user account.
- `ansible_hosts` is the inventory, below is an example inventory for deploying to localhost
@@ -103,16 +128,14 @@ ansible-playbook -i -e @rhn-creds.yml playbooks/keycloak.yml -e
localhost ansible_connection=local
```
-Note: when deploying clustered configurations, all hosts belonging to the cluster must be present in `ansible_play_batch`; ie. they must be targeted by the same ansible-playbook execution.
-
## Configuration
### Config Playbook
-
-[`playbooks/keycloak_realm.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
-
+
+[`playbooks/keycloak_realm.yml`](playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
+
### Example configuration command
@@ -130,17 +153,13 @@ ansible-playbook -i playbooks/keycloak_realm.yml -e keycloak_adm
[keycloak]
localhost ansible_connection=local
```
-
-For full configuration details, refer to the [keycloak_realm role README](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md).
-
-
-
+For full configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
## License
Apache License v2.0 or later
-
+
See [LICENSE](LICENSE) to view the full text.
-
+
diff --git a/bindep.txt b/bindep.txt
deleted file mode 100644
index 0014f47..0000000
--- a/bindep.txt
+++ /dev/null
@@ -1,9 +0,0 @@
-python3-dev [compile platform:dpkg]
-python3-devel [compile platform:rpm]
-python39-devel [compile platform:centos-8 platform:rhel-8]
-git-lfs [platform:rpm platform:dpkg]
-python3-netaddr [platform:rpm platform:dpkg]
-python3-lxml [platform:rpm platform:dpkg]
-python3-jmespath [platform:rpm platform:dpkg]
-python3-requests [platform:rpm platform:dpkg]
-
diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml
deleted file mode 100644
index 6fbf0ab..0000000
--- a/changelogs/changelog.yaml
+++ /dev/null
@@ -1,721 +0,0 @@
-ancestor: 0.2.6
-releases:
- 1.0.0:
- changes:
- release_summary: 'This is the first stable release of the ``middleware_automation.keycloak``
- collection.
-
- '
- release_date: '2022-03-04'
- 1.0.1:
- changes:
- major_changes:
- - Apply latest cumulative patch of RH-SSO automatically when new parameter ``keycloak_rhsso_apply_patches``
- is ``true`` `#18 `_
- minor_changes:
- - Clustered installs now perform database initialization on first node to avoid
- locking issues `#17 `_
- release_summary: 'Minor enhancements, bug and documentation fixes.
-
- '
- release_date: '2022-03-11'
- 1.0.2:
- changes:
- bugfixes:
- - 'Set ``keycloak_frontend_url`` default according to other defaults `#25 `_
-
- '
- minor_changes:
- - 'Make ``keycloak_admin_password`` a default with assert (was: role variable)
- `#26 `_
-
- '
- - 'Simplify dependency install logic and reduce play execution time `#19 `_
-
- '
- fragments:
- - 19.yaml
- - 25.yaml
- - 26.yaml
- release_date: '2022-04-01'
- 1.0.3:
- changes:
- bugfixes:
- - 'Make sure systemd unit starts with selected java JVM `#31 `_
-
- '
- major_changes:
- - 'New role for installing keycloak >= 17.0.0 (quarkus) `#29 `_
-
- '
- minor_changes:
- - 'Add ``keycloak_config_override_template`` parameter for passing a custom
- xml config template `#30 `_
-
- '
- fragments:
- - 29.yaml
- - 30.yaml
- - 31.yaml
- release_date: '2022-05-09'
- 1.0.4:
- changes:
- release_summary: 'Internal release, documentation or test changes only.
-
- '
- release_date: '2022-05-11'
- 1.0.5:
- changes:
- minor_changes:
- - 'Update config options: keycloak and quarkus `#32 `_
-
- '
- fragments:
- - 32.yaml
- release_date: '2022-05-25'
- 1.0.6:
- changes:
- bugfixes:
- - 'keycloak_quarkus: add selected java to PATH in systemd unit `#34 `_
-
- '
- - 'keycloak_quarkus: set logfile path correctly under keycloak home `#35 `_
-
- '
- fragments:
- - 34.yaml
- - 35.yaml
- release_date: '2022-06-01'
- 1.0.7:
- changes:
- breaking_changes:
- - 'keycloak_quarkus: use absolute path for certificate files `#39 `_
-
- '
- bugfixes:
- - 'keycloak_quarkus: use become for tasks that will otherwise fail `#38 `_
-
- '
- fragments:
- - 38.yaml
- - 39.yaml
- release_date: '2022-07-06'
- 1.1.0:
- changes:
- breaking_changes:
- - 'Rename variables from ``infinispan_`` prefix to ``keycloak_infinispan_``
- `#42 `_
-
- '
- bugfixes:
- - 'keycloak_quarkus: fix /var/log/keycloak symlink to keycloak log directory
- `#44 `_
-
- '
- minor_changes:
- - 'Update keycloak to 18.0.2 - sso to 7.6.1 `#46 `_
-
- '
- - 'Variable ``keycloak_no_log`` controls ansible ``no_log`` parameter (for debugging
- purposes) `#47 `_
-
- '
- - 'Variables to override service start retries and delay `#51 `_
-
- '
- - 'keycloak_quarkus: variable to enable development mode `#45 `_
-
- '
- fragments:
- - 42.yaml
- - 44.yaml
- - 45.yaml
- - 46.yaml
- - 47.yaml
- - 51.yaml
- release_date: '2023-01-09'
- 1.1.1:
- changes:
- bugfixes:
- - 'keycloak-quarkus: fix ``cache-config-file`` path in keycloak.conf.j2 template
- `#53 `_
-
- '
- fragments:
- - 53.yaml
- release_date: '2023-03-07'
- 1.2.0:
- changes:
- major_changes:
- - 'Provide config for multiple modcluster proxies `#60 `_
-
- '
- minor_changes:
- - 'Allow to configure TCPPING for cluster discovery `#62 `_
-
- '
- - 'Drop community.general from dependencies `#61 `_
-
- '
- - 'Switch middleware_automation.redhat_csp_download for middleware_automation.common
- `#63 `_
-
- '
- - 'Switch to middleware_automation.common for rh-sso patching `#64 `_
-
- '
- fragments:
- - 60.yaml
- - 61.yaml
- - 62.yaml
- - 63.yaml
- - 64.yaml
- release_date: '2023-03-16'
- 1.2.1:
- changes:
- bugfixes:
- - 'Pass attributes to realm clients `#69 `_
-
- '
- minor_changes:
- - 'Allow to setup keycloak HA cluster without remote cache store `#68 `_
-
- '
- fragments:
- - 68.yaml
- - 69.yaml
- release_date: '2023-04-11'
- 1.2.4:
- changes:
- bugfixes:
- - 'Fix deprecation warning for ``ipaddr`` `#77 `_
-
- '
- - 'Fix undefined facts when offline patching sso `#71 `_
-
- '
- minor_changes:
- - 'Add ``sqlserver`` to keycloak role jdbc configurations `#78 `_
-
- '
- - 'Add configurability for XA transactions `#73 `_
-
- '
- fragments:
- - 71.yaml
- - 73.yaml
- - 77.yaml
- - 78.yaml
- release_date: '2023-05-09'
- 1.2.5:
- changes:
- minor_changes:
- - 'Add configuration for database connection pool validation `#85 `_
-
- '
- - 'Allow to configure administration endpoint URL `#86 `_
-
- '
- - 'Allow to force backend URLs to frontend URLs `#84 `_
-
- '
- - 'Introduce systemd unit restart behavior `#81 `_
-
- '
- fragments:
- - 81.yaml
- - 84.yaml
- - 85.yaml
- - 86.yaml
- release_date: '2023-05-26'
- 1.2.6:
- changes:
- bugfixes:
- - 'Handle WFLYCTL0117 when background validation millis is 0 `#90 `_
-
- '
- minor_changes:
- - 'Add profile features enabling/disabling `#87 `_
-
- '
- - 'Improve service restart behavior configuration `#88 `_
-
- '
- - 'Update default xa_datasource_class value for mariadb jdbc configuration `#89
- `_
-
- '
- fragments:
- - 87.yaml
- - 88.yaml
- - 89.yaml
- - 90.yaml
- release_date: '2023-06-07'
- 1.2.7:
- changes:
- minor_changes:
- - 'Allow to override jgroups subnet `#93 `_
-
- '
- - 'keycloak-quarkus: update keycloakx to v21.1.1 `#92 `_
-
- '
- fragments:
- - 92.yaml
- - 93.yaml
- release_date: '2023-06-19'
- 1.2.8:
- changes:
- bugfixes:
- - 'Fix incorrect checks for ``keycloak_jgroups_subnet`` `#98 `_
-
- '
- - 'Undefine ``keycloak_db_valid_conn_sql`` default `#91 `_
-
- '
- - 'Update bindep.txt package python3-devel to support RHEL9 `#105 `_
-
- '
- minor_changes:
- - 'keycloak_quarkus: set openjdk 17 as default `#103 `_
-
- '
- - 'keycloak_quarkus: update to version 22.0.1 `#107 `_
-
- '
- fragments:
- - 103.yaml
- - 105.yaml
- - 107.yaml
- - 91.yaml
- - 98.yaml
- release_date: '2023-08-28'
- 1.3.0:
- changes:
- bugfixes:
- - 'keycloak_quarkus: fix validation failure upon port configuration change `#113
- `_
-
- '
- major_changes:
- - 'Run service as ``keycloak_service_user`` `#106 `_
-
- '
- minor_changes:
- - 'keycloak_quarkus: Update Keycloak to version 22.0.3 `#112 `_
-
- '
- - 'keycloak_quarkus: fix admin console redirect when running locally `#111 `_
-
- '
- - 'keycloak_quarkus: skip proxy config if ``keycloak_quarkus_proxy_mode`` is
- ``none`` `#109 `_
-
- '
- fragments:
- - 106.yaml
- - 109.yaml
- - 111.yaml
- - 112.yaml
- - 113.yaml
- release_date: '2023-09-25'
- 2.0.0:
- changes:
- breaking_changes:
- - 'Add support for more http-related configs `#115 `_
-
- '
- - 'Update minimum ansible-core version > 2.14 `#119 `_
-
- '
- - 'keycloak_quarkus: enable config of key store and trust store `#116 `_
-
- '
- minor_changes:
- - 'Add new parameter for port offset configuration `#124 `_
-
- '
- - 'Update Keycloak to version 22.0.5 `#122 `_
-
- '
- fragments:
- - 115.yaml
- - 116.yaml
- - 119.yaml
- - 122.yaml
- - 124.yaml
- release_date: '2023-11-20'
- 2.0.1:
- changes:
- bugfixes:
- - 'keycloak_quarkus: template requires lowercase boolean values `#138 `_
-
- '
- minor_changes:
- - 'keycloak_quarkus: add hostname-strict parameter `#139 `_
-
- '
- - 'keycloak_quarkus: update to version 23.0.1 `#133 `_
-
- '
- fragments:
- - 133.yaml
- - 138.yaml
- - 139.yaml
- release_date: '2023-12-07'
- 2.0.2:
- changes:
- bugfixes:
- - 'keycloak_quarkus: Use ``keycloak_quarkus_java_opts`` `#154 `_
-
- '
- - 'keycloak_quarkus: allow ports <1024 (e.g. :443) in systemd unit `#150 `_
-
- '
- minor_changes:
- - 'keycloak_quarkus: Add support for sqlserver jdbc driver `#148 `_
-
- '
- - 'keycloak_quarkus: allow configuration of ``hostname-strict-backchannel``
- `#152 `_
-
- '
- - 'keycloak_quarkus: systemd restart behavior `#145 `_
-
- '
- fragments:
- - 145.yaml
- - 148.yaml
- - 150.yaml
- - 152.yaml
- - 154.yaml
- release_date: '2024-01-17'
- 2.1.0:
- changes:
- breaking_changes:
- - 'keycloak_quarkus: renamed infinispan host list configuration `#157 `_
-
- '
- bugfixes:
- - 'keycloak_quarkus: fix custom JAVA_HOME parameter name `#171 `_
-
- '
- major_changes:
- - 'Implement infinispan TCPPING discovery protocol `#159 `_
-
- '
- minor_changes:
- - 'Set enable-recovery when xa transactions are enabled `#167 `_
-
- '
- - 'keycloak_quarkus: Allow configuring log rotate options in quarkus configuration
- `#161 `_
-
- '
- - 'keycloak_quarkus: ``sticky-session`` for infinispan routes `#163 `_
-
- '
- fragments:
- - 157.yaml
- - 159.yaml
- - 161.yaml
- - 163.yaml
- - 167.yaml
- - 171.yaml
- release_date: '2024-02-28'
- 2.1.1:
- changes:
- bugfixes:
- - 'Fix permissions on controller-side downloaded artifacts `#184 `_
-
- '
- - 'JVM args moved to ``JAVA_OPTS`` envvar (instead of JAVA_OPTS_APPEND) `#186
- `_
-
- '
- - 'Unrelax configuration file permissions `#191 `_
-
- '
- - 'Utilize comment filter for ``ansible_managed`` annotations `#176 `_
-
- '
- minor_changes:
- - 'Add reverse ``proxy_headers`` config, supersedes ``proxy_mode`` `#187 `_
-
- '
- - 'Debian/Ubuntu compatibility `#178 `_
-
- '
- - 'Use ``keycloak_realm`` as default for sub-entities `#180 `_
-
- '
- fragments:
- - 176.yaml
- - 178.yaml
- - 180.yaml
- - 184.yaml
- - 186.yaml
- - 187.yaml
- - 191.yaml
- release_date: '2024-04-17'
- 2.1.2:
- changes:
- release_summary: 'Internal release, documentation or test changes only.
-
- '
- release_date: '2024-04-17'
- 2.2.0:
- changes:
- major_changes:
- - 'Support java keystore for configuration of sensitive options `#189 `_
-
- '
- minor_changes:
- - 'Add ``wait_for_port`` and ``wait_for_log`` systemd unit logic `#199 `_
-
- '
- - 'Customize jdbc driver downloads, optional authentication `#202 `_
-
- '
- - 'Keystore-based vault SPI configuration `#196 `_
-
- '
- - 'New ``keycloak_quarkus_hostname_strict_https`` parameter `#195 `_
-
- '
- - 'Providers config and custom providers `#201 `_
-
- '
- - 'Remove administrator credentials from files once keycloak is bootstrapped
- `#197 `_
-
- '
- - 'Update keycloak to 24.0 `#194 `_
-
- '
- fragments:
- - 189.yaml
- - 194.yaml
- - 195.yaml
- - 196.yaml
- - 197.yaml
- - 199.yaml
- - 201.yaml
- - 202.yaml
- release_date: '2024-05-01'
- 2.2.1:
- changes:
- bugfixes:
- - 'JDBC provider: fix clause in argument validation `#204 `_
-
- '
- release_summary: Internal release, documentation or test changes only.
- fragments:
- - 204.yaml
- - v2.2.1-devel_summary.yaml
- release_date: '2024-05-02'
- 2.2.2:
- changes:
- bugfixes:
- - 'Turn off controller privilege escalation `#209 `_
-
- '
- minor_changes:
- - 'Copying of key material for TLS configuration `#210 `_
-
- '
- - 'Validate certs parameter for JDBC driver downloads `#207 `_
-
- '
- fragments:
- - 207.yaml
- - 209.yaml
- - 210.yaml
- release_date: '2024-05-06'
- 2.3.0:
- changes:
- bugfixes:
- - '``kc.sh build`` uses configured jdk `#211 `_
-
- '
- major_changes:
- - 'Allow for custom providers hosted on maven repositories `#223 `_
-
- '
- - 'Restart handler strategy behaviour `#231 `_
-
- '
- minor_changes:
- - 'Add support for policy files `#225 `_
-
- '
- - 'Allow to add extra custom env vars in sysconfig file `#229 `_
-
- '
- - 'Download from alternate URL with optional http authentication `#220 `_
-
- '
- - 'Update Keycloak to version 24.0.4 `#218 `_
-
- '
- - '``proxy-header`` enhancement `#227 `_
-
- '
- fragments:
- - 211.yaml
- - 218.yaml
- - 220.yaml
- - 223.yaml
- - 225.yaml
- - 227.yaml
- - 229.yaml
- - 231.yaml
- release_date: '2024-05-20'
- 2.4.0:
- changes:
- major_changes:
- - 'Enable by default health check on restart `#234 `_
-
- '
- - 'Update minimum ansible-core version > 2.15 `#232 `_
-
- '
- fragments:
- - 232.yaml
- - 234.yaml
- release_date: '2024-06-04'
- 2.4.1:
- changes:
- release_summary: Internal release, documentation or test changes only.
- fragments:
- - v2.4.1-devel_summary.yaml
- release_date: '2024-07-02'
- 2.4.2:
- changes:
- bugfixes:
- - 'Add wait_for_port number parameter `#237 `_
-
- '
- minor_changes:
- - 'New parameter ``keycloak_quarkus_download_path`` `#239 `_
-
- '
- fragments:
- - 237.yaml
- - 239.yaml
- release_date: '2024-09-26'
- 2.4.3:
- changes:
- minor_changes:
- - 'Update keycloak to 24.0.5 `#241 `_
-
- '
- fragments:
- - 241.yaml
- release_date: '2024-10-16'
- 3.0.0:
- changes:
- breaking_changes:
- - 'Bump major and ansible-core versions `#266 `_
-
- '
- - 'Rename parameters to follow upstream `#270 `_
-
- '
- - 'Update for keycloak v26 `#254 `_
-
- '
- bugfixes:
- - 'Access token lifespan is too short for ansible run `#251 `_
-
- '
- - 'Load environment vars during kc rebuild `#274 `_
-
- '
- - 'Rebuild config and restart service for local providers `#250 `_
-
- '
- - 'Rename and honour parameter ``keycloak_quarkus_http_host`` `#271 `_
-
- '
- minor_changes:
- - 'Add theme cache invalidation handler `#252 `_
-
- '
- - 'keycloak_realm: change url variables to defaults `#268 `_
-
- '
- fragments:
- - 250.yaml
- - 251.yaml
- - 252.yaml
- - 254.yaml
- - 266.yaml
- - 268.yaml
- - 270.yaml
- - 271.yaml
- - 274.yaml
- modules:
- - description: Allows administration of Keycloak realm via Keycloak API
- name: keycloak_realm
- namespace: ''
- release_date: '2025-04-23'
- 3.0.1:
- changes:
- bugfixes:
- - 'Trigger rebuild handler on envvars file change `#276 `_
-
- '
- minor_changes:
- - 'Version update to 26.0.8 / rhbk 26.0.11 `#277 `_
-
- '
- fragments:
- - 276.yaml
- - 277.yaml
- release_date: '2025-05-02'
- 3.0.2:
- changes:
- bugfixes:
- - 'Fix ``keycloak_quarkus_force_install`` parameter being ignored by install
- `#296 `_
-
- '
- - 'Fix alternate download location being ignored (JBossNeworkAPI always used)
- `#298 `_
-
- '
- - 'Run config rebuild after SPI providers update `#285 `_
-
- '
- - 'Use jdk21 as default in debian `#289 `_
-
- '
- - 'keycloak_realm: federation default provider type should be a string `#302
- `_
-
- '
- minor_changes:
- - 'New ``checksum`` property for keycloak_quarkus_providers `#280 `_
-
- '
- - 'New parameter to set the jgroups host IP address `#281