Update changelog for release 3.0.1

Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>

CHANGELOG.rst

@@ -6,6 +6,19 @@ middleware\_automation.keycloak Release Notes
 
 This changelog describes changes after version 0.2.6.
 
+v3.0.1
+======
+
+Minor Changes
+-------------
+
+- Version update to 26.0.8 / rhbk 26.0.11 `#277 <https://github.com/ansible-middleware/keycloak/pull/277>`_
+
+Bugfixes
+--------
+
+- Trigger rebuild handler on envvars file change `#276 <https://github.com/ansible-middleware/keycloak/pull/276>`_
+
 v3.0.0
 ======
 

changelogs/changelog.yaml

@@ -660,3 +660,17 @@ releases:
       name: keycloak_realm
       namespace: ''
     release_date: '2025-04-23'
+  3.0.1:
+    changes:
+      bugfixes:
+      - 'Trigger rebuild handler on envvars file change `#276 <https://github.com/ansible-middleware/keycloak/pull/276>`_
+
+        '
+      minor_changes:
+      - 'Version update to 26.0.8 / rhbk 26.0.11 `#277 <https://github.com/ansible-middleware/keycloak/pull/277>`_
+
+        '
+    fragments:
+    - 276.yaml
+    - 277.yaml
+    release_date: '2025-05-02'

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: middleware_automation
 name: keycloak
-version: "3.0.0"
+version: "3.0.1"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>

molecule/default/prepare.yml

@@ -7,10 +7,6 @@
   tasks:
     - name: "Run preparation common to all scenario"
       ansible.builtin.include_tasks: ../prepare.yml
-      vars:
-        assets:
-          - "{{ assets_server }}/sso/7.6.0/rh-sso-7.6.0-server-dist.zip"
-          - "{{ assets_server }}/sso/7.6.1/rh-sso-7.6.1-patch.zip"
 
     - name: Create controller directory for downloads
       ansible.builtin.file: # noqa risky-file-permissions delegated, uses controller host user
@@ -22,7 +18,7 @@
 
     - name: Download keycloak archive to controller directory
       ansible.builtin.get_url: # noqa risky-file-permissions delegated, uses controller host user
-        url: https://github.com/keycloak/keycloak/releases/download/26.0.7/keycloak-26.0.7.zip
+        url: https://github.com/keycloak/keycloak/releases/download/26.0.8/keycloak-26.0.8.zip
         dest: /tmp/keycloak
         mode: '0640'
       delegate_to: localhost

molecule/quarkus_upgrade/converge.yml

@@ -5,6 +5,9 @@
     - vars.yml
   vars:
     keycloak_quarkus_show_deprecation_warnings: false
+    keycloak_quarkus_additional_env_vars:
+      - key: KC_FEATURES_DISABLED
+        value: ciba,device-flow,impersonation,kerberos,docker
     keycloak_quarkus_version: 26.0.7
   roles:
     - role: keycloak_quarkus

molecule/quarkus_upgrade/prepare.yml

@@ -5,7 +5,10 @@
     - vars.yml
   vars:
     sudo_pkg_name: sudo
-    keycloak_quarkus_version: 24.0.5
+    keycloak_quarkus_version: 26.0.4
+    keycloak_quarkus_additional_env_vars:
+      - key: KC_FEATURES_DISABLED
+        value: impersonation,kerberos
   pre_tasks:
     - name: Install sudo
       ansible.builtin.apt:
@@ -44,6 +47,7 @@
       changed_when: false
   roles:
     - role: keycloak_quarkus
+
   post_tasks:
     - name: "Delete custom fact"
       ansible.builtin.file:

roles/keycloak_quarkus/defaults/main.yml

@@ -1,6 +1,6 @@
 ---
 ### Configuration specific to keycloak
-keycloak_quarkus_version: 26.0.7
+keycloak_quarkus_version: 26.0.8
 keycloak_quarkus_archive: "keycloak-{{ keycloak_quarkus_version }}.zip"
 keycloak_quarkus_download_url: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_quarkus_version }}/{{ keycloak_quarkus_archive }}"
 keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_quarkus_version }}"
@@ -110,14 +110,12 @@ keycloak_quarkus_metrics_enabled: false
 keycloak_quarkus_health_enabled: true
 
 ### infinispan remote caches access (hotrod)
-keycloak_quarkus_ispn_user: supervisor
-keycloak_quarkus_ispn_pass: supervisor
-keycloak_quarkus_ispn_hosts: "localhost:11222"
-keycloak_quarkus_ispn_sasl_mechanism: SCRAM-SHA-512
-keycloak_quarkus_ispn_use_ssl: false
-# if ssl is enabled, import ispn server certificate here
-keycloak_quarkus_ispn_trust_store_path: /etc/pki/java/cacerts
-keycloak_quarkus_ispn_trust_store_password: changeit
+keycloak_quarkus_cache_remote_username: supervisor
+keycloak_quarkus_cache_remote_password: supervisor
+keycloak_quarkus_cache_remote_host: "localhost:11222"
+keycloak_quarkus_cache_remote_tls_enabled: false
+keycloak_quarkus_cache_remote_sasl_mechanism: SCRAM-SHA-512
+
 
 ### database backend engine: values [ 'postgres', 'mariadb' ]
 keycloak_quarkus_db_engine: postgres

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -2,7 +2,7 @@ argument_specs:
     main:
         options:
             keycloak_quarkus_version:
-                default: "26.0.7"
+                default: "26.0.8"
                 description: "keycloak.org package version"
                 type: "str"
             keycloak_quarkus_archive:
@@ -471,7 +471,7 @@ argument_specs:
     downstream:
         options:
             rhbk_version:
-                default: "26.0.7"
+                default: "26.0.11"
                 description: "Red Hat Build of Keycloak version"
                 type: "str"
             rhbk_archive:

roles/keycloak_quarkus/tasks/systemd.yml

@@ -10,6 +10,7 @@
   vars:
     keycloak_sys_pkg_java_home: "{{ keycloak_quarkus_pkg_java_home }}"
   notify:
+    - rebuild keycloak config
     - restart keycloak
 
 - name: "Configure systemd unit file for keycloak service"

roles/keycloak_quarkus/templates/quarkus.properties.j2

@@ -1,22 +1,22 @@
 {{ ansible_managed | comment }}
 {% if keycloak_quarkus_ha_enabled %}
 {% if keycloak_quarkus_version.split('.')[0] | int < 22 %}
-quarkus.infinispan-client.server-list={{ keycloak_quarkus_ispn_hosts }}
-quarkus.infinispan-client.auth-username={{ keycloak_quarkus_ispn_user }}
-quarkus.infinispan-client.auth-password={{ keycloak_quarkus_ispn_pass }}
+quarkus.infinispan-client.server-list={{ keycloak_quarkus_cache_remote_host }}
+quarkus.infinispan-client.auth-username={{ keycloak_quarkus_cache_remote_username }}
+quarkus.infinispan-client.auth-password={{ keycloak_quarkus_cache_remote_password }}
 {% else %}
-quarkus.infinispan-client.hosts={{ keycloak_quarkus_ispn_hosts }}
-quarkus.infinispan-client.username={{ keycloak_quarkus_ispn_user }}
-quarkus.infinispan-client.password={{ keycloak_quarkus_ispn_pass }}
+quarkus.infinispan-client.hosts={{ keycloak_quarkus_cache_remote_host }}
+quarkus.infinispan-client.username={{ keycloak_quarkus_cache_remote_username }}
+quarkus.infinispan-client.password={{ keycloak_quarkus_cache_remote_password }}
 {% endif %}
 quarkus.infinispan-client.client-intelligence=HASH_DISTRIBUTION_AWARE
 quarkus.infinispan-client.use-auth=true
 quarkus.infinispan-client.auth-realm=default
 quarkus.infinispan-client.auth-server-name=infinispan
-quarkus.infinispan-client.sasl-mechanism={{ keycloak_quarkus_ispn_sasl_mechanism }}
-{% if keycloak_quarkus_ispn_use_ssl %}
-quarkus.infinispan-client.trust-store={{ keycloak_quarkus_ispn_trust_store_path }}
-quarkus.infinispan-client.trust-store-password={{ keycloak_quarkus_ispn_trust_store_password }}
+quarkus.infinispan-client.sasl-mechanism={{ keycloak_quarkus_cache_remote_sasl_mechanism }}
+{% if keycloak_quarkus_cache_remote_tls_enabled %}
+quarkus.infinispan-client.trust-store={{ keycloak_quarkus_https_trust_store_file }}
+quarkus.infinispan-client.trust-store-password={{ keycloak_quarkus_https_trust_store_password }}
 quarkus.infinispan-client.trust-store-type=jks
 {% endif %}
 #quarkus.infinispan-client.use-schema-registration=true