galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: middleware_automation
 name: keycloak
-version: "3.0.3"
+version: "3.0.2"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>

molecule/default/prepare.yml

@@ -18,7 +18,7 @@
 
     - name: Download keycloak archive to controller directory
       ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
-        url: https://github.com/keycloak/keycloak/releases/download/26.3.0/keycloak-26.3.0.zip
+        url: https://github.com/keycloak/keycloak/releases/download/26.2.4/keycloak-26.2.4.zip
         dest: /tmp/keycloak
         mode: '0640'
       delegate_to: localhost

molecule/quarkus/converge.yml

@@ -23,7 +23,7 @@
     keycloak_quarkus_systemd_wait_for_delay: 2
     keycloak_quarkus_systemd_wait_for_log: true
     keycloak_quarkus_restart_health_check: false # would fail because of self-signed cert
-    keycloak_quarkus_version: 26.3.0
+    keycloak_quarkus_version: 26.2.4
     keycloak_quarkus_java_heap_opts: "-Xms1024m -Xmx1024m"
     keycloak_quarkus_additional_env_vars:
       - key: KC_FEATURES_DISABLED
@@ -46,7 +46,7 @@
           repository_url: https://repo1.maven.org/maven2/ # https://mvnrepository.com/artifact/org.keycloak/keycloak-kerberos-federation/24.0.4
           group_id: org.keycloak
           artifact_id: keycloak-kerberos-federation
-          version: 26.3.0 # optional
+          version: 26.2.4 # optional
           # username: myUser # optional
           # password: myPAT # optional
       # - id: my-static-theme

roles/keycloak_quarkus/README.md

@@ -33,7 +33,7 @@ Role Defaults
 
 | Variable | Description | Default |
 |:---------|:------------|:--------|
-|`keycloak_quarkus_version`| keycloak.org package version | `26.3.0` |
+|`keycloak_quarkus_version`| keycloak.org package version | `26.2.4` |
 |`keycloak_quarkus_offline_install` | Perform an offline install | `False`|
 |`keycloak_quarkus_dest`| Installation root path | `/opt/keycloak` |
 |`keycloak_quarkus_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}` |
@@ -66,7 +66,7 @@ Role Defaults
 |`keycloak_quarkus_health_check_url`| Full URL (including scheme, host, path, fragment etc.) used for health check endpoint; keycloak_quarkus_hostname will NOT be prepended; helpful when health checks should happen against http port, but keycloak_quarkus_hostname uses https scheme per default | `` |
 |`keycloak_quarkus_health_check_url_path`| Path to the health check endpoint; keycloak_quarkus_hostname will be prepended automatically; Note that keycloak_quarkus_health_check_url takes precedence over this property | `realms/master/.well-known/openid-configuration` |
 |`keycloak_quarkus_proxy_headers`| Parse reverse proxy headers (`forwarded` or `xforwarded`) | `""` |
-|`keycloak_quarkus_config_key_store_file`| Path to the configuration key store; only used if `keycloak_quarkus_config_key_store_password` is not empty  | `{{ keycloak.home }}/conf/conf_store.p12` if `keycloak_quarkus_config_key_store_password != ''`, else `''` |
+|`keycloak_quarkus_config_key_store_file`| Path to the configuration key store; only used if `keycloak_quarkus_keystore_password` is not empty  | `{{ keycloak.home }}/conf/conf_store.p12` if `keycloak_quarkus_keystore_password != ''`, else `''` |
 |`keycloak_quarkus_config_key_store_password`| Password of the configuration keystore; if non-empty, `keycloak_quarkus_db_pass` will be saved to the keystore at `keycloak_quarkus_config_key_store_file` instead of being written to the configuration file in clear text | `""` |
 |`keycloak_quarkus_configure_firewalld` | Ensure firewalld is running and configure keycloak ports | `False` |
 |`keycloak_quarkus_configure_iptables` | Ensure iptables is configured for keycloak ports | `False` |
@@ -98,7 +98,7 @@ Role Defaults
 | Variable | Description | Default |
 |:---------|:------------|:--------|
 |`keycloak_quarkus_hostname`| Address at which is the server exposed. Can be a full URL, or just a hostname. When only hostname is provided, scheme, port and context path are resolved from the request. | |
-|`keycloak_quarkus_hostname_admin`| Set the base URL for accessing the administration console, including scheme, host, port and path | `` |
+|`keycloak_quarkus_hostname_admin`| Set the base URL for accessing the administration console, including scheme, host, port and path | |
 |`keycloak_quarkus_hostname_strict`| Disables dynamically resolving the hostname from request headers | `true` |
 |`keycloak_quarkus_hostname_backchannel_dynamic`| Enables dynamic resolving of backchannel URLs, including hostname, scheme, port and context path. Set to true if your application accesses Keycloak via a private network. If set to true, hostname option needs to be specified as a full URL. | `false` |
 |`keycloak_quarkus_hostname_strict_backchannel`| Deprecated, use (the inverted!)`keycloak_quarkus_hostname_backchannel_dynamic` instead. |  |
@@ -221,7 +221,6 @@ keycloak_quarkus_providers:
     restart: true                           # optional, whether to rebuild config and restart the service after deploying, default true
     url: https://.../.../custom_spi.jar     # optional, url for download via http
     local_path: my_theme_spi.jar            # optional, path on local controller for SPI to be uploaded
-    remote: true                            # optional, whether to copy from localhost or remotely, see https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html#parameter-remote_src, default false
     maven:                                  # optional, for download using maven
       repository_url: https://maven.pkg.github.com/OWNER/REPOSITORY # optional, maven repo url
       group_id:  my.group                   # optional, maven group id

roles/keycloak_quarkus/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ### Configuration specific to keycloak
-keycloak_quarkus_version: 26.3.0
+keycloak_quarkus_version: 26.2.4
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
 keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
@@ -88,7 +88,7 @@ keycloak_quarkus_systemd_wait_for_delay: 10
 
 ### keycloak frontend url
 keycloak_quarkus_hostname:
-keycloak_quarkus_hostname_admin: ""
+keycloak_quarkus_hostname_admin:
 
 ### Set the path relative to / for serving resources. The path must start with a /
 ### (set to `/auth` for retrocompatibility with pre-quarkus releases)

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -2,7 +2,7 @@ argument_specs:
     main:
         options:
             keycloak_quarkus_version:
-                default: "26.3.0"
+                default: "26.2.4"
                 description: "keycloak.org package version"
                 type: "str"
             keycloak_quarkus_archive:
@@ -183,7 +183,7 @@ argument_specs:
                 type: "str"
             keycloak_quarkus_config_key_store_file:
                 default: "{{ keycloak.home }}/conf/conf_store.p12"
-                description: "Path to the configuration key store; only used if `keycloak_quarkus_config_key_store_password` is not empty"
+                description: "Path to the configuration key store; only used if `keycloak_quarkus_keystore_password` is not empty"
                 type: "str"
             keycloak_quarkus_config_key_store_password:
                 default: ""
@@ -540,7 +540,7 @@ argument_specs:
                 description: 'The password to access the Truststore.'
                 default: ''
                 type: "str"
-            keycloak_quarkus_jgroups_port:
+            keycloak_quarkus_jgroups_port: 
                 description: 'jgroups bind port'
                 default: 7800
                 type: "int"
@@ -552,7 +552,7 @@ argument_specs:
                 description: 'IP address that other instances in the Keycloak should use to contact this node'
                 default: "{{ keycloak_quarkus_jgroups_bind_address }}"
                 type: "str"
-            keycloak_quarkus_jgroups_external_port:
+            keycloak_quarkus_jgroups_external_port: 
                 description: 'Port that other instances in the Keycloak cluster should use to contact this node'
                 default: "{{ keycloak_quarkus_jgroups_port }}"
                 type: "int"
@@ -563,7 +563,7 @@ argument_specs:
     downstream:
         options:
             rhbk_version:
-                default: "26.2.5"
+                default: "26.2.4"
                 description: "Red Hat Build of Keycloak version"
                 type: "str"
             rhbk_archive:

roles/keycloak_quarkus/tasks/install.yml

@@ -280,7 +280,6 @@
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
     mode: '0640'
-    remote_src: "{{ item.remote | default(false) }}"
   become: true
   loop: "{{ keycloak_quarkus_providers }}"
   when: item.local_path is defined

roles/keycloak_quarkus/tasks/restart/serial.yml

@@ -2,7 +2,7 @@
 - name: "Restart services in serial, with optional healtch check (keycloak_quarkus_restart_health_check)"
   throttle: 1
   block:
-    - name: "Restart and enable {{ keycloak.service_name }} service"
+    - name: "Restart and enable {{ keycloak.service_name }} service on {{ item }}"
       ansible.builtin.include_tasks:
         file: restart.yml
         apply:

roles/keycloak_quarkus/templates/cache-ispn.xml.j2

@@ -22,7 +22,6 @@
         xmlns="urn:infinispan:config:15.0">
 
 {% set stack_expression='' %}
-{% if keycloak_quarkus_version is version_compare('26.2.0', '<') %}
 {% if keycloak_quarkus_ha_enabled %}
 {% if keycloak_quarkus_ha_discovery == 'TCPPING' %}
 {% set stack_expression='stack="tcpping"' %}
@@ -40,7 +39,6 @@
 {% elif keycloak_quarkus_ha_discovery == 'JDBCPING' %}
 {% set stack_expression='stack="JDBC_PING2"' %}
 {% endif %}
-{% endif %}
 {% endif %}
 
     <cache-container name="keycloak">

roles/keycloak_quarkus/templates/quarkus.properties.j2

@@ -1,11 +1,11 @@
 {{ ansible_managed | comment }}
 {% if keycloak_quarkus_ha_enabled %}
 {% if keycloak_quarkus_version.split('.')[0] | int < 22 %}
-quarkus.infinispan-client.server-list={{ keycloak_quarkus_cache_remote_host }}:{{ keycloak_quarkus_cache_remote_port }}
+quarkus.infinispan-client.server-list={{ keycloak_quarkus_cache_remote_host }}
 quarkus.infinispan-client.auth-username={{ keycloak_quarkus_cache_remote_username }}
 quarkus.infinispan-client.auth-password={{ keycloak_quarkus_cache_remote_password }}
 {% else %}
-quarkus.infinispan-client.hosts={{ keycloak_quarkus_cache_remote_host }}:{{ keycloak_quarkus_cache_remote_port }}
+quarkus.infinispan-client.hosts={{ keycloak_quarkus_cache_remote_host }}
 quarkus.infinispan-client.username={{ keycloak_quarkus_cache_remote_username }}
 quarkus.infinispan-client.password={{ keycloak_quarkus_cache_remote_password }}
 {% endif %}

roles/keycloak_realm/README.md

@@ -74,7 +74,6 @@ Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/ge
     - name: <name of the client>
       id: <id of the client>
       client_id: <id of the client>
-      secret: <secret of the client (Optional)>
       roles: <keycloak_client_default_roles>
       realm: <name of the realm that contains the client>
       public_client: <true for public, false for confidential>

roles/keycloak_realm/tasks/main.yml

@@ -76,7 +76,6 @@
     default_roles: "{{ item.roles | default(omit) }}"
     client_id: "{{ item.client_id | default(omit) }}"
     id: "{{ item.id | default(omit) }}"
-    secret: "{{ item.secret | default(omit) }}"
     name: "{{ item.name | default(omit) }}"
     description: "{{ item.description | default(omit) }}"
     root_url: "{{ item.root_url | default('') }}"