Update changelog for release 2.3.0

Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>

CHANGELOG.rst

@@ -6,6 +6,29 @@ middleware\_automation.keycloak Release Notes
 
 This changelog describes changes after version 0.2.6.
 
+v2.3.0
+======
+
+Major Changes
+-------------
+
+- Allow for custom providers hosted on maven repositories `#223 <https://github.com/ansible-middleware/keycloak/pull/223>`_
+- Restart handler strategy behaviour `#231 <https://github.com/ansible-middleware/keycloak/pull/231>`_
+
+Minor Changes
+-------------
+
+- Add support for policy files `#225 <https://github.com/ansible-middleware/keycloak/pull/225>`_
+- Allow to add extra custom env vars in sysconfig file `#229 <https://github.com/ansible-middleware/keycloak/pull/229>`_
+- Download from alternate URL with optional http authentication `#220 <https://github.com/ansible-middleware/keycloak/pull/220>`_
+- Update Keycloak to version 24.0.4 `#218 <https://github.com/ansible-middleware/keycloak/pull/218>`_
+- ``proxy-header`` enhancement `#227 <https://github.com/ansible-middleware/keycloak/pull/227>`_
+
+Bugfixes
+--------
+
+- ``kc.sh build`` uses configured jdk `#211 <https://github.com/ansible-middleware/keycloak/pull/211>`_
+
 v2.2.2
 ======
 

changelogs/changelog.yaml

@@ -532,3 +532,42 @@ releases:
     - 209.yaml
     - 210.yaml
     release_date: '2024-05-06'
+  2.3.0:
+    changes:
+      bugfixes:
+      - '``kc.sh build`` uses configured jdk `#211 <https://github.com/ansible-middleware/keycloak/pull/211>`_
+
+        '
+      major_changes:
+      - 'Allow for custom providers hosted on maven repositories `#223 <https://github.com/ansible-middleware/keycloak/pull/223>`_
+
+        '
+      - 'Restart handler strategy behaviour `#231 <https://github.com/ansible-middleware/keycloak/pull/231>`_
+
+        '
+      minor_changes:
+      - 'Add support for policy files `#225 <https://github.com/ansible-middleware/keycloak/pull/225>`_
+
+        '
+      - 'Allow to add extra custom env vars in sysconfig file `#229 <https://github.com/ansible-middleware/keycloak/pull/229>`_
+
+        '
+      - 'Download from alternate URL with optional http authentication `#220 <https://github.com/ansible-middleware/keycloak/pull/220>`_
+
+        '
+      - 'Update Keycloak to version 24.0.4 `#218 <https://github.com/ansible-middleware/keycloak/pull/218>`_
+
+        '
+      - '``proxy-header`` enhancement `#227 <https://github.com/ansible-middleware/keycloak/pull/227>`_
+
+        '
+    fragments:
+    - 211.yaml
+    - 218.yaml
+    - 220.yaml
+    - 223.yaml
+    - 225.yaml
+    - 227.yaml
+    - 229.yaml
+    - 231.yaml
+    release_date: '2024-05-20'

molecule/debian/converge.yml

@@ -2,6 +2,7 @@
 - name: Converge
   hosts: all
   vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_realm: TestRealm
     keycloak_quarkus_log: file

molecule/https_revproxy/converge.yml

@@ -1,7 +1,8 @@
 ---
 - name: Converge
   hosts: all
-  vars: 
+  vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm

molecule/quarkus-devmode/converge.yml

@@ -1,7 +1,8 @@
 ---
 - name: Converge
   hosts: all
-  vars: 
+  vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm

molecule/quarkus/converge.yml

@@ -2,6 +2,7 @@
 - name: Converge
   hosts: all
   vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm

molecule/quarkus_ha/converge.yml

@@ -2,6 +2,7 @@
 - name: Converge
   hosts: keycloak
   vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_admin_pass: "remembertochangeme"
     keycloak_admin_password: "remembertochangeme"
     keycloak_realm: TestRealm

molecule/quarkus_upgrade/converge.yml

@@ -4,6 +4,7 @@
   vars_files:
     - vars.yml
   vars:
+    keycloak_quarkus_show_deprecation_warnings: false
     keycloak_quarkus_version: 24.0.3
   roles:
     - role: keycloak_quarkus

roles/keycloak_quarkus/README.md

@@ -167,6 +167,7 @@ Role Defaults
 |`keycloak_quarkus_start_dev`| Whether to start the service in development mode (start-dev) | `False` |
 |`keycloak_quarkus_transaction_xa_enabled`| Whether to use XA transactions | `True` |
 |`keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route`| If the route should be attached to cookies to reflect the node that owns a particular session. If false, route is not attached to cookies and we rely on the session affinity capabilities from reverse proxy | `True` |
+|`keycloak_quarkus_show_deprecation_warnings`| Whether deprecation warnings should be shown | `True` |
 
 
 #### Vault SPI

roles/keycloak_quarkus/defaults/main.yml

@@ -8,6 +8,8 @@ keycloak_quarkus_installdir: "{{ keycloak_quarkus_dest }}/keycloak-{{ keycloak_q
 # whether to install from local archive
 keycloak_quarkus_offline_install: false
 
+keycloak_quarkus_show_deprecation_warnings: true
+
 ### Install location and service settings
 keycloak_quarkus_java_home:
 keycloak_quarkus_dest: /opt/keycloak
@@ -91,7 +93,10 @@ keycloak_quarkus_hostname_strict: true
 # If all applications use the public URL this option should be enabled.
 keycloak_quarkus_hostname_strict_backchannel: false
 
-# proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
+# The proxy headers that should be accepted by the server. ['', 'forwarded', 'xforwarded']
+keycloak_quarkus_proxy_headers: ""
+
+# deprecated: proxy address forwarding mode if the server is behind a reverse proxy. [none, edge, reencrypt, passthrough]
 keycloak_quarkus_proxy_mode: edge
 
 # disable xa transactions

roles/keycloak_quarkus/meta/argument_specs.yml

@@ -456,7 +456,7 @@ argument_specs:
     downstream:
         options:
             rhbk_version:
-                default: "24.0.4"
+                default: "24.0.3"
                 description: "Red Hat Build of Keycloak version"
                 type: "str"
             rhbk_archive:
@@ -483,6 +483,10 @@ argument_specs:
                 default: false
                 description: "Perform an offline install"
                 type: "bool"
+            keycloak_quarkus_show_deprecation_warnings:
+                default: true
+                description: "Whether deprecation warnings should be shown"
+                type: "bool"
             rhbk_service_name:
                 default: "rhbk"
                 description: "systemd service name for Red Hat Build of Keycloak"

roles/keycloak_quarkus/tasks/deprecations.yml

@@ -10,7 +10,7 @@
         - keycloak_quarkus_key_store_file is defined
         - keycloak_quarkus_key_store_file != ''
         - keycloak_quarkus_https_key_store_file == keycloak.home + "/conf/key_store.p12" # default value
-      changed_when: true
+      changed_when: keycloak_quarkus_show_deprecation_warnings
       ansible.builtin.set_fact:
         keycloak_quarkus_https_key_store_file: "{{ keycloak_quarkus_key_store_file }}"
         deprecated_variable: "keycloak_quarkus_key_store_file" # read in deprecation handler
@@ -25,7 +25,7 @@
         - keycloak_quarkus_key_store_password is defined
         - keycloak_quarkus_key_store_password != ''
         - keycloak_quarkus_https_key_store_password == "" # default value
-      changed_when: true
+      changed_when: keycloak_quarkus_show_deprecation_warnings
       ansible.builtin.set_fact:
         keycloak_quarkus_https_key_store_password: "{{ keycloak_quarkus_key_store_password }}"
         deprecated_variable: "keycloak_quarkus_key_store_password" # read in deprecation handler
@@ -34,3 +34,20 @@
 
     - name: Flush handlers
       ansible.builtin.meta: flush_handlers
+
+# https://access.redhat.com/documentation/en-us/red_hat_build_of_keycloak/24.0/html-single/upgrading_guide/index#deprecated_literal_proxy_literal_option
+- name: Check deprecation of keycloak_quarkus_proxy_mode
+  when:
+    - keycloak_quarkus_proxy_mode is defined
+    - keycloak_quarkus_proxy_headers is defined and keycloak_quarkus_proxy_headers | length == 0
+    - keycloak_quarkus_version.split('.') | first | int >= 24
+  delegate_to: localhost
+  run_once: true
+  changed_when: keycloak_quarkus_show_deprecation_warnings
+  ansible.builtin.set_fact:
+    deprecated_variable: "keycloak_quarkus_proxy_mode" # read in deprecation handler
+  notify:
+    - print deprecation warning
+
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers

roles/keycloak_quarkus/tasks/prereqs.yml

@@ -93,3 +93,10 @@
     fail_msg: "Additional env variable definition is incorrect: `key` and `value` are mandatory."
   no_log: true
   loop: "{{ keycloak_quarkus_additional_env_vars }}"
+
+- name: "Validate proxy-headers"
+  ansible.builtin.assert:
+    that:
+      - keycloak_quarkus_proxy_headers | lower in ['', 'forwarded', 'xforwarded']
+    quiet: true
+    fail_msg: "keycloak_quarkus_proxy_headers must be either '', 'forwarded' or 'xforwarded'"

roles/keycloak_quarkus/templates/keycloak.conf.j2

@@ -69,14 +69,12 @@ cache-config-file=cache-ispn.xml
 {% endif %}
 {% endif %}
 
-{% if keycloak_quarkus_proxy_mode is defined and keycloak_quarkus_proxy_mode != "none" %}
+{% if keycloak_quarkus_proxy_headers | length > 0 %}
+proxy-headers={{ keycloak_quarkus_proxy_headers | lower }}
+{% elif keycloak_quarkus_proxy_mode is defined and keycloak_quarkus_proxy_mode != "none" %}
 # Deprecated Proxy configuration
 proxy={{ keycloak_quarkus_proxy_mode }}
 {% endif %}
-{% if keycloak_quarkus_proxy_headers is defined and keycloak_quarkus_proxy_headers != "none" %}
-# Proxy
-proxy-headers={{ keycloak_quarkus_proxy_headers }}
-{% endif %}
 
 spi-sticky-session-encoder-infinispan-should-attach-route={{ keycloak_quarkus_spi_sticky_session_encoder_infinispan_should_attach_route | d(true) | lower }}