Update changelog for release 2.1.2

Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>

.github/workflows/release.yml

@@ -2,20 +2,27 @@
 name: Release collection
 on:
   workflow_dispatch:
+    inputs:
+      release_summary:
+        description: 'Optional release summary for changelogs'
+        required: false
 
 jobs:
   release:
     uses: ansible-middleware/github-actions/.github/workflows/release.yml@main
     with:
       collection_fqcn: 'middleware_automation.keycloak'
+      downstream_name: 'rhbk'
+      release_summary: "${{ github.event.inputs.release_summary }}"
     secrets:
       galaxy_token: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}
+      jira_webhook: ${{ secrets.JIRA_WEBHOOK_CREATE_VERSION }}
 
   dispatch:
     needs: release
     strategy:
       matrix:
-        repo: ['ansible-middleware/cross-dc-rhsso-demo', 'ansible-middleware/flange-demo', 'ansible-middleware/ansible-middleware-ee']
+        repo: ['ansible-middleware/ansible-middleware-ee']
     runs-on: ubuntu-latest
     steps:
       - name: Repository Dispatch

CHANGELOG.rst

@@ -6,6 +6,9 @@ middleware\_automation.keycloak Release Notes
 
 This changelog describes changes after version 0.2.6.
 
+v2.1.2
+======
+
 v2.1.1
 ======
 

changelogs/changelog.yaml

@@ -454,3 +454,5 @@ releases:
     - 187.yaml
     - 191.yaml
     release_date: '2024-04-17'
+  2.1.2:
+    release_date: '2024-04-17'

docs/_gh_include/header.inc

@@ -24,14 +24,15 @@
         <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="Navigation menu">
             <p class="caption" role="heading"><span class="caption-text">Middleware Automation</span></p>
             <ul>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/infinispan/">Infinispan / Red Hat Data Grid</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/keycloak/">Keycloak / Red Hat Single Sign-On</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/wildfly/">Wildfly / Red Hat JBoss EAP</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/jws/">Tomcat / Red Hat JWS</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/amq/">ActiveMQ / Red Hat AMQ Broker</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/amq_streams/">Kafka / Red Hat AMQ Streams</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/redhat-csp-download/">Red Hat CSP Download</a></li>
-              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/ansible_collections_jcliff/">JCliff</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/infinispan/main/">Infinispan / Red Hat Data Grid</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/keycloak/main/">Keycloak / Red Hat Single Sign-On</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/wildfly/main/">Wildfly / Red Hat JBoss EAP</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/jws/main/">Tomcat / Red Hat JWS</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/amq/main/">ActiveMQ / Red Hat AMQ Broker</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/amq_streams/main/">Kafka / Red Hat AMQ Streams</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/common/main/">Ansible Middleware utilities</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/redhat-csp-download/main/">Red Hat CSP Download</a></li>
+              <li class="toctree-l1"><a class="reference internal" href="https://ansible-middleware.github.io/ansible_collections_jcliff/main/">JCliff</a></li>
             </ul>
         </div>
       </div>

docs/index.rst

@@ -29,11 +29,12 @@ Welcome to Keycloak Collection documentation
    :maxdepth: 2
    :caption: Middleware collections
 
-   Infinispan / Red Hat Data Grid <https://ansible-middleware.github.io/infinispan/>
-   Keycloak / Red Hat Single Sign-On <https://ansible-middleware.github.io/keycloak/>
-   Wildfly / Red Hat JBoss EAP <https://ansible-middleware.github.io/wildfly/>
-   Tomcat / Red Hat JWS <https://ansible-middleware.github.io/jws/>
-   ActiveMQ / Red Hat AMQ Broker <https://ansible-middleware.github.io/amq/>
-   Kafka / Red Hat AMQ Streams <https://ansible-middleware.github.io/amq_streams/>
-   Red Hat CSP Download <https://ansible-middleware.github.io/redhat-csp-download/>
-   JCliff <https://ansible-middleware.github.io/ansible_collections_jcliff/>
+   Infinispan / Red Hat Data Grid <https://ansible-middleware.github.io/infinispan/main/>
+   Keycloak / Red Hat Single Sign-On <https://ansible-middleware.github.io/keycloak/main/>
+   Wildfly / Red Hat JBoss EAP <https://ansible-middleware.github.io/wildfly/main/>
+   Tomcat / Red Hat JWS <https://ansible-middleware.github.io/jws/main/>
+   ActiveMQ / Red Hat AMQ Broker <https://ansible-middleware.github.io/amq/main/>
+   Kafka / Red Hat AMQ Streams <https://ansible-middleware.github.io/amq_streams/main/>
+   Ansible Middleware utilities <https://ansible-middleware.github.io/common/main/>
+   Red Hat CSP Download <https://ansible-middleware.github.io/redhat-csp-download/main/>
+   JCliff <https://ansible-middleware.github.io/ansible_collections_jcliff/main/>

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: middleware_automation
 name: keycloak
-version: "2.1.1"
+version: "2.1.2"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>
@@ -35,7 +35,6 @@ issues: https://github.com/ansible-middleware/keycloak/issues
 build_ignore:
   - .gitignore
   - .github
-  - .ansible-lint
   - .yamllint
   - '*.tar.gz'
   - '*.zip'

molecule/prepare.yml

@@ -25,7 +25,7 @@
     fail_msg: "sudo is not installed on target system"
 
 - name: "Install iproute"
-  become: yes
+  become: true
   ansible.builtin.yum:
     name:
       - iproute
@@ -33,7 +33,7 @@
 
 - name: "Retrieve assets server from env"
   ansible.builtin.set_fact:
-    assets_server: "{{ lookup('env','MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
+    assets_server: "{{ lookup('env', 'MIDDLEWARE_DOWNLOAD_RELEASE_SERVER_URL') }}"
 
 - name: "Download artefacts only if assets_server is set"
   when:
@@ -51,6 +51,7 @@
         url: "{{ asset }}"
         dest: "{{ lookup('env', 'PWD') }}"
         validate_certs: no
+        mode: '0644'
       delegate_to: localhost
       loop: "{{ assets }}"
       loop_control:

molecule/quarkus-devmode/prepare.yml

@@ -30,11 +30,11 @@
         src: "{{ item }}"
         dest: /opt/openjdk
         force: true
-        with_fileglob:
-          - /usr/lib/jvm/java-17-openjdk*
+      with_fileglob:
+        - /usr/lib/jvm/java-17-openjdk*
       when:
         - ansible_facts.os_family == "Debian"
-          
+
     - name: Link default logs directory
       ansible.builtin.file:
         state: link

molecule/quarkus/prepare.yml

@@ -2,15 +2,10 @@
 - name: Prepare
   hosts: all
   tasks:
-    - name: Install sudo
-      ansible.builtin.package:
-        name: sudo
-        state: present
-
     - name: "Display hera_home if defined."
       ansible.builtin.set_fact:
         hera_home: "{{ lookup('env', 'HERA_HOME') }}"
-        
+
     - name: "Ensure common prepare phase are set."
       ansible.builtin.include_tasks: ../prepare.yml
 

plugins/modules/keycloak_client.py

@@ -637,7 +637,7 @@ EXAMPLES = '''
       - test01
       - test02
     authentication_flow_binding_overrides:
-        browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb
+      browser: 4c90336b-bf1d-4b87-916d-3677ba4e5fbb
     protocol_mappers:
       - config:
           access.token.claim: true

plugins/modules/keycloak_role.py

@@ -142,14 +142,14 @@ EXAMPLES = '''
     auth_password: PASSWORD
     name: my-new-role
     attributes:
-        attrib1: value1
-        attrib2: value2
-        attrib3:
-            - with
-            - numerous
-            - individual
-            - list
-            - items
+      attrib1: value1
+      attrib2: value2
+      attrib3:
+        - with
+        - numerous
+        - individual
+        - list
+        - items
   delegate_to: localhost
 '''
 

plugins/modules/keycloak_user_federation.py

@@ -475,99 +475,99 @@ author:
 '''
 
 EXAMPLES = '''
-  - name: Create LDAP user federation
-    middleware_automation.keycloak.keycloak_user_federation:
-      auth_keycloak_url: https://keycloak.example.com/auth
-      auth_realm: master
-      auth_username: admin
-      auth_password: password
-      realm: my-realm
-      name: my-ldap
-      state: present
-      provider_id: ldap
-      provider_type: org.keycloak.storage.UserStorageProvider
-      config:
-        priority: 0
-        enabled: true
-        cachePolicy: DEFAULT
-        batchSizeForSync: 1000
-        editMode: READ_ONLY
-        importEnabled: true
-        syncRegistrations: false
-        vendor: other
-        usernameLDAPAttribute: uid
-        rdnLDAPAttribute: uid
-        uuidLDAPAttribute: entryUUID
-        userObjectClasses: inetOrgPerson, organizationalPerson
-        connectionUrl: ldaps://ldap.example.com:636
-        usersDn: ou=Users,dc=example,dc=com
-        authType: simple
-        bindDn: cn=directory reader
-        bindCredential: password
-        searchScope: 1
-        validatePasswordPolicy: false
-        trustEmail: false
-        useTruststoreSpi: ldapsOnly
-        connectionPooling: true
-        pagination: true
-        allowKerberosAuthentication: false
-        debug: false
-        useKerberosForPasswordAuthentication: false
-      mappers:
-        - name: "full name"
-          providerId: "full-name-ldap-mapper"
-          providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
-          config:
-            ldap.full.name.attribute: cn
-            read.only: true
-            write.only: false
+- name: Create LDAP user federation
+  middleware_automation.keycloak.keycloak_user_federation:
+    auth_keycloak_url: https://keycloak.example.com/auth
+    auth_realm: master
+    auth_username: admin
+    auth_password: password
+    realm: my-realm
+    name: my-ldap
+    state: present
+    provider_id: ldap
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config:
+    priority: 0
+    enabled: true
+    cachePolicy: DEFAULT
+    batchSizeForSync: 1000
+    editMode: READ_ONLY
+    importEnabled: true
+    syncRegistrations: false
+    vendor: other
+    usernameLDAPAttribute: uid
+    rdnLDAPAttribute: uid
+    uuidLDAPAttribute: entryUUID
+    userObjectClasses: inetOrgPerson, organizationalPerson
+    connectionUrl: ldaps://ldap.example.com:636
+    usersDn: ou=Users,dc=example,dc=com
+    authType: simple
+    bindDn: cn=directory reader
+    bindCredential: password
+    searchScope: 1
+    validatePasswordPolicy: false
+    trustEmail: false
+    useTruststoreSpi: ldapsOnly
+    connectionPooling: true
+    pagination: true
+    allowKerberosAuthentication: false
+    debug: false
+    useKerberosForPasswordAuthentication: false
+    mappers:
+      - name: "full name"
+        providerId: "full-name-ldap-mapper"
+        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
+        config:
+          ldap.full.name.attribute: cn
+          read.only: true
+          write.only: false
 
-  - name: Create Kerberos user federation
-    middleware_automation.keycloak.keycloak_user_federation:
-      auth_keycloak_url: https://keycloak.example.com/auth
-      auth_realm: master
-      auth_username: admin
-      auth_password: password
-      realm: my-realm
-      name: my-kerberos
-      state: present
-      provider_id: kerberos
-      provider_type: org.keycloak.storage.UserStorageProvider
-      config:
-        priority: 0
-        enabled: true
-        cachePolicy: DEFAULT
-        kerberosRealm: EXAMPLE.COM
-        serverPrincipal: HTTP/host.example.com@EXAMPLE.COM
-        keyTab: keytab
-        allowPasswordAuthentication: false
-        updateProfileFirstLogin: false
+- name: Create Kerberos user federation
+  middleware_automation.keycloak.keycloak_user_federation:
+    auth_keycloak_url: https://keycloak.example.com/auth
+    auth_realm: master
+    auth_username: admin
+    auth_password: password
+    realm: my-realm
+    name: my-kerberos
+    state: present
+    provider_id: kerberos
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config:
+    priority: 0
+    enabled: true
+    cachePolicy: DEFAULT
+    kerberosRealm: EXAMPLE.COM
+    serverPrincipal: HTTP/host.example.com@EXAMPLE.COM
+    keyTab: keytab
+    allowPasswordAuthentication: false
+    updateProfileFirstLogin: false
 
-  - name: Create sssd user federation
-    middleware_automation.keycloak.keycloak_user_federation:
-      auth_keycloak_url: https://keycloak.example.com/auth
-      auth_realm: master
-      auth_username: admin
-      auth_password: password
-      realm: my-realm
-      name: my-sssd
-      state: present
-      provider_id: sssd
-      provider_type: org.keycloak.storage.UserStorageProvider
-      config:
-        priority: 0
-        enabled: true
-        cachePolicy: DEFAULT
+- name: Create sssd user federation
+  middleware_automation.keycloak.keycloak_user_federation:
+    auth_keycloak_url: https://keycloak.example.com/auth
+    auth_realm: master
+    auth_username: admin
+    auth_password: password
+    realm: my-realm
+    name: my-sssd
+    state: present
+    provider_id: sssd
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config:
+    priority: 0
+    enabled: true
+    cachePolicy: DEFAULT
 
-  - name: Delete user federation
-    middleware_automation.keycloak.keycloak_user_federation:
-      auth_keycloak_url: https://keycloak.example.com/auth
-      auth_realm: master
-      auth_username: admin
-      auth_password: password
-      realm: my-realm
-      name: my-federation
-      state: absent
+- name: Delete user federation
+  middleware_automation.keycloak.keycloak_user_federation:
+    auth_keycloak_url: https://keycloak.example.com/auth
+    auth_realm: master
+    auth_username: admin
+    auth_password: password
+    realm: my-realm
+    name: my-federation
+    state: absent
 '''
 
 RETURN = '''

roles/keycloak_quarkus/defaults/main.yml

@@ -86,7 +86,8 @@ keycloak_quarkus_proxy_mode: edge
 # disable xa transactions
 keycloak_quarkus_transaction_xa_enabled: true
 
-# If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
+# If the route should be attached to cookies to reflect the node that owns a particular session.
+# If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy
 keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route: true
 
 keycloak_quarkus_metrics_enabled: false
@@ -120,7 +121,8 @@ keycloak_quarkus_default_jdbc:
   mssql:
     url: 'jdbc:sqlserver://localhost:1433;databaseName=keycloak;'
     version: 12.2.0
-    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar" # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
+    driver_jar_url: "https://repo1.maven.org/maven2/com/microsoft/sqlserver/mssql-jdbc/12.2.0.jre11/mssql-jdbc-12.2.0.jre11.jar"
+    # cf. https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/22.0/html/server_guide/db-#db-installing-the-microsoft-sql-server-driver
 ### logging configuration
 keycloak_quarkus_log: file
 keycloak_quarkus_log_level: info

roles/keycloak_quarkus/handlers/main.yml

@@ -5,4 +5,4 @@
   listen: "rebuild keycloak config"
 - name: "Restart {{ keycloak.service_name }}"
   ansible.builtin.include_tasks: restart.yml
-  listen: "restart keycloak"
+  listen: "restart keycloak"

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -161,7 +161,10 @@ argument_specs:
                 description: "Heap memory JVM setting"
                 type: "str"
             keycloak_quarkus_java_jvm_opts:
-                default: "-XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8 -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512"
+                default: >
+                  -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=256m -Dfile.encoding=UTF-8 -Dsun.stdout.encoding=UTF-8 -Dsun.err.encoding=UTF-8
+                  -Dstdout.encoding=UTF-8 -Dstderr.encoding=UTF-8 -XX:+ExitOnOutOfMemoryError -Djava.security.egd=file:/dev/urandom -XX:+UseParallelGC
+                  -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:FlightRecorderOptions=stackdepth=512
                 description: "Other JVM settings"
                 type: "str"
             keycloak_quarkus_java_opts:
@@ -272,7 +275,9 @@ argument_specs:
             keycloak_quarkus_log_max_file_size:
                 default: 10M
                 type: "str"
-                description: "Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes."
+                description: >
+                  Set the maximum log file size before a log rotation happens; A size configuration option recognises string in this format (shown as a regular
+                  expression): [0-9]+[KkMmGgTtPpEeZzYy]?. If no suffix is given, assume bytes.
             keycloak_quarkus_log_max_backup_index:
                 default: 10
                 type: "str"
@@ -280,7 +285,9 @@ argument_specs:
             keycloak_quarkus_log_file_suffix:
                 default: '.yyyy-MM-dd.zip'
                 type: "str"
-                description: "Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix; Note: If the suffix ends with .zip or .gz, the rotation file will also be compressed."
+                description: >
+                  Set the log file handler rotation file suffix. When used, the file will be rotated based on its suffix. Note: If the suffix ends
+                  with .zip or .gz, the rotation file will also be compressed.
             keycloak_quarkus_proxy_mode:
                 default: 'edge'
                 type: "str"
@@ -300,19 +307,25 @@ argument_specs:
             keycloak_quarkus_hostname_strict:
                 default: true
                 type: "bool"
-                description: "Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless proxy verifies the Host header."
+                description: >
+                  Disables dynamically resolving the hostname from request headers. Should always be set to true in production, unless
+                  proxy verifies the Host header.
             keycloak_quarkus_hostname_strict_backchannel:
                 default: false
                 type: "bool"
-                description: "By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all applications use the public URL this option should be enabled."
+                description: >
+                  By default backchannel URLs are dynamically resolved from request headers to allow internal and external applications. If all
+                  applications use the public URL this option should be enabled.
             keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route:
                 default: true
                 type: "bool"
-                description: "If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy"
+                description: >
+                  If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies
+                  and we rely on the session affinity capabilities from reverse proxy
     downstream:
         options:
             rhbk_version:
-                default: "22.0.6"
+                default: "22.0.10"
                 description: "Red Hat Build of Keycloak version"
                 type: "str"
             rhbk_archive:
@@ -334,7 +347,7 @@ argument_specs:
             rhbk_enable:
                 default: true
                 description: "Enable Red Hat Build of Keycloak installation"
-                type: "str"
+                type: "bool"
             rhbk_offline_install:
                 default: false
                 description: "Perform an offline install"

roles/keycloak_quarkus/tasks/fastpackages.yml

@@ -8,7 +8,8 @@
 
 - name: "Add missing packages to the yum install list"
   ansible.builtin.set_fact:
-    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
+    packages_to_install: "{{ packages_to_install | default([]) + rpm_info.stdout_lines | \
+                             map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
   when: ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_to_install }}"
@@ -17,8 +18,8 @@
     name: "{{ packages_to_install }}"
     state: present
   when:
-  - packages_to_install | default([]) | length > 0
-  - ansible_facts.os_family == "RedHat"
+    - packages_to_install | default([]) | length > 0
+    - ansible_facts.os_family == "RedHat"
 
 - name: "Install packages: {{ packages_list }}"
   become: true

roles/keycloak_quarkus/tasks/install.yml

@@ -22,7 +22,7 @@
     name: "{{ keycloak.service_user }}"
     home: /opt/keycloak
     system: true
-    create_home: no
+    create_home: false
 
 - name: "Create {{ keycloak.service_name }} install location"
   become: true
@@ -132,7 +132,7 @@
   register: path_to_workdir
   become: true
 
-- name: "Extract Keycloak archive on target"
+- name: "Extract Keycloak archive on target" # noqa no-handler need to run this here
   ansible.builtin.unarchive:
     remote_src: true
     src: "{{ archive }}"

roles/keycloak_quarkus/tasks/jdbc_driver.yml

@@ -1,5 +1,4 @@
 ---
-
 - name: "Retrieve JDBC Driver from {{ keycloak_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"
   ansible.builtin.get_url:
     url: "{{ keycloak_quarkus_default_jdbc[keycloak_quarkus_jdbc_engine].driver_jar_url }}"

roles/keycloak_quarkus/tasks/main.yml

@@ -73,7 +73,7 @@
 - name: Ensure logdirectory exists
   ansible.builtin.file:
     state: directory
-    path:  "{{ keycloak.log.file | dirname }}"
+    path: "{{ keycloak.log.file | dirname }}"
     owner: "{{ keycloak.service_user }}"
     group: "{{ keycloak.service_group }}"
     mode: '0775'

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -4,7 +4,7 @@
     that:
       - keycloak_quarkus_admin_pass | length > 12
     quiet: true
-    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass variable to a 12+ char long string"
+    fail_msg: "The console administrator password is empty or invalid. Please set the keycloak_quarkus_admin_pass to a 12+ char long string"
     success_msg: "{{ 'Console administrator password OK' }}"
 
 - name: Validate relative path
@@ -12,15 +12,17 @@
     that:
       - keycloak_quarkus_http_relative_path is regex('^/.*')
     quiet: true
-    fail_msg: "the relative path must begin with /"
-    success_msg: "{{ 'relative path OK' }}"
+    fail_msg: "The relative path for keycloak_quarkus_http_relative_path must begin with /"
+    success_msg: "{{ 'Relative path OK' }}"
 
 - name: Validate configuration
   ansible.builtin.assert:
     that:
-      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
+      - (keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled) or
+        (not keycloak_quarkus_ha_enabled and not keycloak_quarkus_db_enabled)
     quiet: true
-    fail_msg: "Cannot install HA setup without a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
+    fail_msg: "HA setup requires a backend database service. Check keycloak_quarkus_ha_enabled and keycloak_quarkus_db_enabled"
     success_msg: "{{ 'Configuring HA' if keycloak_quarkus_ha_enabled else 'Configuring standalone' }}"
 
 - name: Validate OS family

roles/keycloak_quarkus/tasks/start.yml

@@ -13,4 +13,4 @@
   register: keycloak_status
   until: keycloak_status.status == 200
   retries: 25
-  delay: 10
+  delay: 10

roles/keycloak_quarkus/tasks/systemd.yml

@@ -8,7 +8,7 @@
     group: root
     mode: '0640'
   vars:
-    keycloak_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
+    keycloak_sys_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
   notify:
     - restart keycloak
 

roles/keycloak_quarkus/templates/keycloak-sysconfig.j2

@@ -1,6 +1,6 @@
 {{ ansible_managed | comment }}
 KEYCLOAK_ADMIN={{ keycloak_quarkus_admin_user }}
 KEYCLOAK_ADMIN_PASSWORD='{{ keycloak_quarkus_admin_pass }}'
-PATH={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_pkg_java_home, true) }}
+PATH={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+JAVA_HOME={{ keycloak_quarkus_java_home | default(keycloak_sys_pkg_java_home, true) }}
 JAVA_OPTS={{ keycloak_quarkus_java_opts }}

roles/keycloak_quarkus/vars/debian.yml

@@ -1,10 +1,11 @@
 ---
 keycloak_quarkus_varjvm_package: "{{ keycloak_quarkus_jvm_package | default('openjdk-17-jdk-headless') }}"
 keycloak_quarkus_prereq_package_list:
-      - "{{ keycloak_quarkus_varjvm_package  }}"
+      - "{{ keycloak_quarkus_varjvm_package }}"
       - unzip
       - procps
       - apt
       - tzdata
 keycloak_quarkus_sysconf_file: /etc/default/keycloak
-keycloak_quarkus_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_quarkus_varjvm_package | regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"
+keycloak_quarkus_pkg_java_home: "/usr/lib/jvm/java-{{ keycloak_quarkus_varjvm_package | \
+                                 regex_search('(?!:openjdk-)[0-9.]+') }}-openjdk-{{ 'arm64' if ansible_architecture == 'aarch64' else 'amd64' }}"

roles/keycloak_quarkus/vars/main.yml

@@ -1,10 +1,11 @@
 ---
-keycloak:
+keycloak: # noqa var-naming this is an internal dict of interpolated values
   home: "{{ keycloak_quarkus_home }}"
   config_dir: "{{ keycloak_quarkus_config_dir }}"
   bundle: "{{ keycloak_quarkus_archive }}"
   service_name: "keycloak"
-  health_url: "http://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_http_port }}{{ keycloak_quarkus_http_relative_path }}{{ '/' if keycloak_quarkus_http_relative_path | length > 1 else '' }}realms/master/.well-known/openid-configuration"
+  health_url: "http://{{ keycloak_quarkus_host }}:{{ keycloak_quarkus_http_port }}{{ keycloak_quarkus_http_relative_path }}{{ '/' \
+               if keycloak_quarkus_http_relative_path | length > 1 else '' }}realms/master/.well-known/openid-configuration"
   cli_path: "{{ keycloak_quarkus_home }}/bin/kcadm.sh"
   service_user: "{{ keycloak_quarkus_service_user }}"
   service_group: "{{ keycloak_quarkus_service_group }}"

roles/keycloak_realm/defaults/main.yml

@@ -26,14 +26,14 @@ keycloak_admin_password: ''
 # and users is a list of account, see below for the format definition
 # an empty name will skip the creation of the client
 #
-#keycloak_clients:
-#  - name: ''
-#    roles: "{{ keycloak_client_default_roles }}"
-#    realm: "{{ keycloak_realm }}"
-#    public_client: "{{ keycloak_client_public }}"
-#    web_origins: "{{ keycloak_client_web_origins }}"
-#    redirect_uris: "{{ keycloak_client_redirect_uris }}"
-#    users: "{{ keycloak_client_users }}"
+# keycloak_clients:
+#   - name: ''
+#     roles: "{{ keycloak_client_default_roles }}"
+#     realm: "{{ keycloak_realm }}"
+#     public_client: "{{ keycloak_client_public }}"
+#     web_origins: "{{ keycloak_client_web_origins }}"
+#     redirect_uris: "{{ keycloak_client_redirect_uris }}"
+#     users: "{{ keycloak_client_users }}"
 keycloak_clients: []
 
 # list of roles to create in the client

roles/keycloak_realm/meta/argument_specs.yml

@@ -10,7 +10,7 @@ argument_specs:
                 # line 5 of keycloak_realm/defaults/main.yml
                 default: "/auth"
                 description: "Context path for rest calls"
-                type: "str"                
+                type: "str"
             keycloak_http_port:
                 # line 4 of keycloak_realm/defaults/main.yml
                 default: 8080
@@ -112,7 +112,7 @@ argument_specs:
             sso_enable:
                 default: true
                 description: "Enable Red Hat Single Sign-on installation"
-                type: "str"
+                type: "bool"
             rhbk_version:
                 default: "22.0.6"
                 description: "Red Hat Build of Keycloak version"
@@ -132,4 +132,4 @@ argument_specs:
             rhbk_enable:
                 default: true
                 description: "Enable Red Hat Build of Keycloak installation"
-                type: "str"
+                type: "bool"

roles/keycloak_realm/tasks/manage_client_users.yml

@@ -10,4 +10,4 @@
   loop: "{{ client.users | flatten }}"
   loop_control:
     loop_var: user
-  when: "'client_roles' in user"
+  when: "'client_roles' in user"

roles/keycloak_realm/tasks/manage_user_client_roles.yml

@@ -12,7 +12,9 @@
 
 - name: Check if Mapping is available
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
     method: GET
     status_code:
       - 200
@@ -23,7 +25,9 @@
 
 - name: "Create Role Mapping"
   ansible.builtin.uri:
-    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
+    url: "{{ keycloak_url }}{{ keycloak_context }}/admin/realms/{{ client_role.realm | \
+          default(keycloak_realm) }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | \
+          selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
     method: POST
     body:
       - id: "{{ item.id }}"