Update changelog for release 3.0.8

Signed-off-by: ansible-middleware-core <ansible-middleware-core@redhat.com>

.ansible-lint

@@ -1,4 +1,6 @@
 # .ansible-lint
+profile: production
+
 exclude_paths:
   - .cache/
   - .github/

CHANGELOG.rst

@@ -6,6 +6,9 @@ middleware\_automation.keycloak Release Notes
 
 This changelog describes changes after version 0.2.6.
 
+v3.0.8
+======
+
 v3.0.7
 ======
 

README.md

@@ -49,9 +49,9 @@ A requirement file is provided to install:
 <!--start roles_paths -->
 ### Included roles
 
-* `keycloak_quarkus`: role for installing keycloak (>= 19.0.0, quarkus based).
+* [`keycloak_quarkus`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_quarkus/README.md): role for installing keycloak (>= 19.0.0, quarkus based).
-* `keycloak_realm`: role for configuring a realm, user federation(s), clients and users, in an installed service.
+* [`keycloak_realm`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak_realm/README.md): role for configuring a realm, user federation(s), clients and users, in an installed service.
-* `keycloak`: role for installing legacy keycloak (<= 19.0, wildfly based).
+* [`keycloak`](https://github.com/ansible-middleware/keycloak/blob/main/roles/keycloak/README.md): role for installing legacy keycloak (<= 19.0, wildfly based).
 
 <!--end roles_paths -->
 
@@ -220,5 +220,5 @@ For details on changes between versions, please see the [CHANGELOG](https://gith
 
 Apache License v2.0 or later
 <!--start license -->
-See [LICENSE](LICENSE) to view the full text.
+See [LICENSE](https://github.com/ansible-middleware/keycloak/blob/main/LICENSE) to view the full text.
 <!--end license -->

changelogs/changelog.yaml

@@ -825,3 +825,5 @@ releases:
     - 341.yaml
     - 343.yaml
     release_date: '2026-06-01'
+  3.0.8:
+    release_date: '2026-06-09'

plugins/module_utils/identity/keycloak/keycloak.py

@@ -154,18 +154,6 @@ URL_AUTHZ_CUSTOM_POLICY = "{url}/admin/realms/{realm}/clients/{client_id}/authz/
 URL_AUTHZ_CUSTOM_POLICIES = "{url}/admin/realms/{realm}/clients/{client_id}/authz/resource-server/policy"
 
 
-def normalize_keycloak_url(url: str) -> str:
-    """Normalize Keycloak base URL for Admin REST API access.
-
-    Keycloak 17+ (Quarkus) exposes the API at the server root without an /auth prefix.
-    WildFly-based Keycloak used /auth as the context path. Trailing slashes are removed.
-    """
-    url = url.rstrip("/")
-    if url.endswith("/auth"):
-        return url[:-5]
-    return url
-
-
 def keycloak_argument_spec() -> dict[str, t.Any]:
     """
     Returns argument_spec of options common to keycloak_*-modules
@@ -215,7 +203,7 @@ def _token_request(module_params: dict[str, t.Any], payload: dict[str, t.Any]) -
            'refresh_token' for type 'refresh_token'.
     :return: access token
     """
-    base_url = normalize_keycloak_url(module_params["auth_keycloak_url"])
+    base_url = module_params["auth_keycloak_url"]
     if not base_url.lower().startswith(("http", "https")):
         raise KeycloakError(f"auth_url '{base_url}' should either start with 'http' or 'https'.")
     auth_realm = module_params.get("auth_realm")
@@ -403,7 +391,7 @@ class KeycloakAPI:
 
     def __init__(self, module: AnsibleModule, connection_header: dict[str, str]) -> None:
         self.module = module
-        self.baseurl = normalize_keycloak_url(self.module.params.get("auth_keycloak_url"))
+        self.baseurl = self.module.params.get("auth_keycloak_url")
         self.validate_certs = self.module.params.get("validate_certs")
         self.connection_timeout = self.module.params.get("connection_timeout")
         self.restheaders = connection_header