Bump version to v0.2.4

fix: copy from local only if target not existing
fix: add missing default
2026-03-27 13:53:04 +00:00 · 2022-02-09 15:14:56 +01:00 · 2022-02-09 15:06:40 +01:00 · 2022-02-08 16:46:18 +01:00 · 2022-02-08 16:28:17 +01:00 · 2022-02-08 15:25:36 +01:00
10 changed files with 416 additions and 17 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,6 +27,7 @@ jobs:
        run: |
          python -m pip install --upgrade pip
          pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
+          pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt

      - name: Create default collection path
        run: |
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,14 @@
+
+## Contributor's Guidelines
+
+- All YAML files named with '.yml' extension
+- Use spaces around jinja variables. `{{ var }}` over `{{var}}`
+- Variables that are internal to the role should be lowercase and start with the role name
+- Keep roles self contained - Roles should avoid including tasks from other roles when possible
+- Plays should do nothing more than include a list of roles except where `pre_tasks` and `post_tasks` are required when possible
+- Separators - Use valid name, ie. underscores (e.g. `my_role` `my_playbook`) not dashes (`my-role`)
+- Paths - When defining paths, do not include trailing slashes (e.g. `my_path: /foo` not `my_path: /foo/`). When concatenating paths, follow the same convention (e.g. `{{ my_path }}/bar` not `{{ my_path }}bar`)
+- Indentation - Use 2 spaces for each indent
+- `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory
+- All arguments have a specification in `meta/argument_specs.yml`
+- All playbooks/roles should be focused on compatibility with Ansible Tower
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
 namespace: middleware_automation
 name: keycloak
-version: "0.2.2"
+version: "0.2.4"
 readme: README.md
 authors:
  - Romain Pelisse <rpelisse@redhat.com>
--- a/molecule/default/requirements.yml
+++ b/molecule/default/requirements.yml
@@ -2,8 +2,8 @@
 collections:
  - name: middleware_automation.redhat_csp_download
    version: ">=1.2.1"
-  - name: middleware_automation.jcliff
-    version: ">=0.0.19"
+  - name: middleware_automation.wildfly
+    version: ">=0.0.5"
  - name: community.general
  - name: community.docker
    version: ">=1.9.1"
--- a/requirements.yml
+++ b/requirements.yml
@@ -2,6 +2,6 @@
 collections:
  - name: middleware_automation.redhat_csp_download
    version: ">=1.2.1"
-  - name: middleware_automation.jcliff
-    version: ">=0.0.19"
+  - name: middleware_automation.wildfly
+    version: ">=0.0.5"
  - name: community.general
--- a/roles/keycloak/meta/argument_specs.yml
+++ b/roles/keycloak/meta/argument_specs.yml
@@ -0,0 +1,278 @@
+argument_specs:
+    main:
+        options:
+            keycloak_version:
+                # line 3 of keycloak/defaults/main.yml
+                default: "15.0.2"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_archive:
+                # line 4 of keycloak/defaults/main.yml
+                default: "keycloak-{{ keycloak_version }}.zip"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_download_url:
+                # line 5 of keycloak/defaults/main.yml
+                default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_download_url_9x:
+                # line 6 of keycloak/defaults/main.yml
+                default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_installdir:
+                # line 7 of keycloak/defaults/main.yml
+                default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhsso_version:
+                # line 10 of keycloak/defaults/main.yml
+                default: "7.5.0"
+                description: "TODO document argument"
+                type: "str"
+            rhsso_rhn_id:
+                # line 11 of keycloak/defaults/main.yml
+                default: "{{ rhsso_rhn_ids[keycloak_rhsso_version] }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhsso_archive:
+                # line 12 of keycloak/defaults/main.yml
+                default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhsso_installdir:
+                # line 13 of keycloak/defaults/main.yml
+                default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhn_url:
+                # line 14 of keycloak/defaults/main.yml
+                default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId="
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhsso_download_url:
+                # line 15 of keycloak/defaults/main.yml
+                default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_rhsso_enable:
+                # line 18 of keycloak/defaults/main.yml
+                default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_offline_install:
+                # line 20 of keycloak/defaults/main.yml
+                default: false
+                description: "TODO document argument"
+                type: "bool"
+            jvm_package:
+                # line 23 of keycloak/defaults/main.yml
+                default: "java-1.8.0-openjdk-devel"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_dest:
+                # line 24 of keycloak/defaults/main.yml
+                default: "/opt/keycloak"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_jboss_home:
+                # line 25 of keycloak/defaults/main.yml
+                default: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_config_dir:
+                # line 26 of keycloak/defaults/main.yml
+                default: "{{ keycloak_jboss_home }}/standalone/configuration"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_config_standalone_xml:
+                # line 27 of keycloak/defaults/main.yml
+                default: "keycloak.xml"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_config_path_to_standalone_xml:
+                # line 28 of keycloak/defaults/main.yml
+                default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_service_user:
+                # line 29 of keycloak/defaults/main.yml
+                default: "keycloak"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_service_group:
+                # line 30 of keycloak/defaults/main.yml
+                default: "keycloak"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_service_pidfile:
+                # line 31 of keycloak/defaults/main.yml
+                default: "/run/keycloak.pid"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_bind_address:
+                # line 34 of keycloak/defaults/main.yml
+                default: "0.0.0.0"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_host:
+                # line 35 of keycloak/defaults/main.yml
+                default: "localhost"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_http_port:
+                # line 36 of keycloak/defaults/main.yml
+                default: 8080
+                description: "TODO document argument"
+                type: "int"
+            keycloak_https_port:
+                # line 37 of keycloak/defaults/main.yml
+                default: 8443
+                description: "TODO document argument"
+                type: "int"
+            keycloak_ajp_port:
+                # line 38 of keycloak/defaults/main.yml
+                default: 8009
+                description: "TODO document argument"
+                type: "int"
+            keycloak_jgroups_port:
+                # line 39 of keycloak/defaults/main.yml
+                default: 7600
+                description: "TODO document argument"
+                type: "int"
+            keycloak_management_http_port:
+                # line 40 of keycloak/defaults/main.yml
+                default: 9990
+                description: "TODO document argument"
+                type: "int"
+            keycloak_management_https_port:
+                # line 41 of keycloak/defaults/main.yml
+                default: 9993
+                description: "TODO document argument"
+                type: "int"
+            keycloak_java_opts:
+                # line 42 of keycloak/defaults/main.yml
+                default: "-Xms1024m -Xmx2048m"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_prefer_ipv4:
+                # line 43 of keycloak/defaults/main.yml
+                default: true
+                description: "TODO document argument"
+                type: "bool"
+            keycloak_ha_enabled:
+                # line 46 of keycloak/defaults/main.yml
+                default: false
+                description: "Enable auto configuration for database backend, clustering and remote caches on infinispan"
+                type: "bool"
+            keycloak_db_enabled:
+                # line 48 of keycloak/defaults/main.yml
+                default: "{{ True if keycloak_ha_enabled else False }}"
+                description: "Enable auto configuration for database backend"
+                type: "str"
+            keycloak_admin_user:
+                # line 51 of keycloak/defaults/main.yml
+                default: "admin"
+                description: "Administration console user account"
+                type: "str"
+            keycloak_auth_realm:
+                # line 52 of keycloak/defaults/main.yml
+                default: "master"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_auth_client:
+                # line 53 of keycloak/defaults/main.yml
+                default: "admin-cli"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_force_install:
+                # line 55 of keycloak/defaults/main.yml
+                default: false
+                description: "TODO document argument"
+                type: "bool"
+            keycloak_modcluster_url:
+                # line 58 of keycloak/defaults/main.yml
+                default: "localhost"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_frontend_url:
+                # line 59 of keycloak/defaults/main.yml
+                default: "http://localhost"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_user:
+                # line 62 of keycloak/defaults/main.yml
+                default: "supervisor"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_pass:
+                # line 63 of keycloak/defaults/main.yml
+                default: "supervisor"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_url:
+                # line 64 of keycloak/defaults/main.yml
+                default: "localhost"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_sasl_mechanism:
+                # line 65 of keycloak/defaults/main.yml
+                default: "SCRAM-SHA-512"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_use_ssl:
+                # line 66 of keycloak/defaults/main.yml
+                default: false
+                description: "TODO document argument"
+                type: "bool"
+            infinispan_trust_store_path:
+                # line 68 of keycloak/defaults/main.yml
+                default: "/etc/pki/java/cacerts"
+                description: "TODO document argument"
+                type: "str"
+            infinispan_trust_store_password:
+                # line 69 of keycloak/defaults/main.yml
+                default: "changeit"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_jdbc_engine:
+                # line 72 of keycloak/defaults/main.yml
+                default: "postgres"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_db_user:
+                # line 74 of keycloak/defaults/main.yml
+                default: "keycloak-user"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_db_pass:
+                # line 75 of keycloak/defaults/main.yml
+                default: "keycloak-pass"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_jdbc_url:
+                # line 76 of keycloak/defaults/main.yml
+                default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_jdbc_driver_version:
+                # line 77 of keycloak/defaults/main.yml
+                default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_admin_password:
+                # line 4 of keycloak/vars/main.yml
+                required: true
+                description: "TODO document argument"
+                type: "str"
+            keycloak_url:
+                # line 12 of keycloak/vars/main.yml
+                default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_management_url:
+                # line 13 of keycloak/vars/main.yml
+                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+                description: "TODO document argument"
+                type: "str"
--- a/roles/keycloak/tasks/install.yml
+++ b/roles/keycloak/tasks/install.yml
@@ -110,6 +110,12 @@
    - not keycloak_offline_install
    - not keycloak_rhn_url in keycloak_rhsso_download_url

+- name: Check downloaded archive
+  stat:
+    path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
+  register: local_archive_path
+  delegate_to: localhost
+
 ## copy and unpack
 - name: Copy archive to target nodes
  copy:
@@ -119,6 +125,10 @@
    group: "{{ keycloak_service_group }}"
    mode: 0750
  register: new_version_downloaded
+  when:
+    - not archive_path.stat.exists
+    - local_archive_path.stat is defined
+    - local_archive_path.stat.exists
  become: yes

 - name: "Check target directory: {{ keycloak.home }}"
@@ -160,7 +170,6 @@
 - name: "Install {{ keycloak_jdbc_engine }} driver"
  include_role:
    name: wildfly_driver
-    tasks_from: jdbc_driver.yml
  vars:
      wildfly_user: "{{ keycloak_service_user }}"
      jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
--- a/roles/keycloak_realm/defaults/main.yml
+++ b/roles/keycloak_realm/defaults/main.yml
@@ -3,32 +3,34 @@
 keycloak_host: localhost
 keycloak_http_port: 8080
 keycloak_https_port: 8443
+keycloak_management_http_port: 9990
+keycloak_rhsso_enable: False

 ### Keycloak administration console user
 keycloak_admin_user: admin
 keycloak_auth_realm: master
 keycloak_auth_client: admin-cli

-### List of Keycloak User Federation
-keycloak_user_federation: []

-### Keycloak realm client defaults
+### Keycloak realms, clients, roles, federation
 # list of clients to create in the realm
 #
 # Refer to the playbook for a comprehensive example.
+# Also refer to meta/argument_specs.yml for specifications.
 #
 # Each client has the form:
 #    { name: '', roles: [], realm: '', public_client: bool, web_origins: '', users: [] }
 # where roles is a list of default role names for the client
 # and users is a list of account, see below for the format definition
 # an empty name will skip the creation of the client
-keycloak_clients:
-  - name: ''
-    roles: "{{ keycloak_client_default_roles }}"
-    realm: "{{ keycloak_realm }}"
-    public_client: "{{ keycloak_client_public }}"
-    web_origins: "{{ keycloak_client_web_origins }}"
-    users: "{{ keycloak_client_users }}"
+#
+#keycloak_clients:
+#  - name: ''
+#    roles: "{{ keycloak_client_default_roles }}"
+#    realm: "{{ keycloak_realm }}"
+#    public_client: "{{ keycloak_client_public }}"
+#    web_origins: "{{ keycloak_client_web_origins }}"
+#    users: "{{ keycloak_client_users }}"

 # list of roles to create in the client
 keycloak_client_default_roles: []
@@ -45,3 +47,6 @@ keycloak_client_web_origins: '+'
 # where each client_role has the form:
 #    { client: '', role: '', realm: '' }
 keycloak_client_users: []
+
+### List of Keycloak User Federation
+keycloak_user_federation: []
--- a/roles/keycloak_realm/meta/argument_specs.yml
+++ b/roles/keycloak_realm/meta/argument_specs.yml
@@ -0,0 +1,93 @@
+argument_specs:
+    main:
+        options:
+            keycloak_host:
+                # line 3 of keycloak_realm/defaults/main.yml
+                default: "localhost"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_http_port:
+                # line 4 of keycloak_realm/defaults/main.yml
+                default: 8080
+                description: "TODO document argument"
+                type: "int"
+            keycloak_https_port:
+                # line 5 of keycloak_realm/defaults/main.yml
+                default: 8443
+                description: "TODO document argument"
+                type: "int"
+            keycloak_management_http_port:
+                # line 6 of keycloak_realm/defaults/main.yml
+                default: 9990
+                description: "TODO document argument"
+                type: "int"
+            keycloak_rhsso_enable:
+                # line 7 of keycloak_realm/defaults/main.yml
+                default: false
+                description: "TODO document argument"
+                type: "bool"
+            keycloak_admin_user:
+                # line 10 of keycloak_realm/defaults/main.yml
+                default: "admin"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_auth_realm:
+                # line 11 of keycloak_realm/defaults/main.yml
+                default: "master"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_auth_client:
+                # line 12 of keycloak_realm/defaults/main.yml
+                default: "admin-cli"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_client_default_roles:
+                # line 36 of keycloak_realm/defaults/main.yml
+                default: "[]"
+                description: "TODO document argument"
+                type: "list"
+            keycloak_client_public:
+                # line 39 of keycloak_realm/defaults/main.yml
+                default: true
+                description: "TODO document argument"
+                type: "bool"
+            keycloak_client_web_origins:
+                # line 42 of keycloak_realm/defaults/main.yml
+                default: "+"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_client_users:
+                # line 49 of keycloak_realm/defaults/main.yml
+                default: "[]"
+                description: "TODO document argument"
+                type: "list"
+            keycloak_user_federation:
+                # line 52 of keycloak_realm/defaults/main.yml
+                default: "[]"
+                description: "TODO document argument"
+                type: "list"
+            keycloak_admin_password:
+                # line 5 of keycloak_realm/vars/main.yml
+                required: true
+                description: "TODO document argument"
+                type: "str"
+            keycloak_realm:
+                # line 8 of keycloak_realm/vars/main.yml
+                required: true
+                description: "TODO document argument"
+                type: "str"
+            keycloak_clients:
+                # line 11 of keycloak_realm/vars/main.yml
+                required: true
+                description: "TODO document argument"
+                type: "str"
+            keycloak_url:
+                # line 14 of keycloak_realm/vars/main.yml
+                default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
+                description: "TODO document argument"
+                type: "str"
+            keycloak_management_url:
+                # line 15 of keycloak_realm/vars/main.yml
+                default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
+                description: "TODO document argument"
+                type: "str"
--- a/roles/keycloak_realm/vars/main.yml
+++ b/roles/keycloak_realm/vars/main.yml
@@ -13,4 +13,3 @@ keycloak_clients:
 # other settings
 keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
-keycloak_rhsso_enable: False
Author	SHA1	Message	Date
Guido Grazioli	662918f5f8	Bump version to v0.2.4	2022-02-09 15:14:56 +01:00
Guido Grazioli	e0664d53a9	fix: copy from local only if target not existing	2022-02-09 15:06:40 +01:00
Guido Grazioli	9cafd431fb	fix: add missing default	2022-02-08 16:46:18 +01:00
Guido Grazioli	f74d504b53	Add roles argument_specs.yml	2022-02-08 16:28:17 +01:00
Guido Grazioli	c853df5745	fix: ci	2022-02-08 15:25:36 +01:00
Guido Grazioli	a800517422	chore: update dep on jcliff -> wildfly	2022-02-08 15:15:27 +01:00
Guido Grazioli	cbb8ed4993	Start work on 0.2.3	2022-02-01 13:29:03 +01:00