chore: add build ignores / fix release tag names

Bump version to 1.0.0 to satisfy Automation hub

.ansible-lint

@@ -0,0 +1,27 @@
+# .ansible-lint
+exclude_paths:
+  - .cache/
+  - .github/
+  - molecule/
+  - .ansible-lint
+  - .yamllint
+
+rulesdir:
+   - ../../ansible-lint-custom-rules/rules/
+
+enable_list:
+  - fqcn-builtins  # opt-in
+  - no-log-password  # opt-in
+
+warn_list:
+  - role_vars_start_with_role_name
+  - vars_in_vars_files_have_valid_names
+  - vars_should_not_be_used
+  - experimental
+  - ignore-errors
+  - no-handler
+  - fqcn-builtins
+  - no-log-password
+
+use_default_rules: true
+parseable: true

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,48 @@
+---
+name: 🐛 Bug report
+about: Create a report to help us improve
+
+---
+
+##### SUMMARY
+<!-- Explain the problem briefly -->
+
+
+##### ISSUE TYPE
+ - Bug Report
+
+
+##### ANSIBLE VERSION
+<!-- Paste, BELOW THIS COMMENT, verbatim output from "ansible --version"-->
+```
+
+```
+
+##### COLLECTION VERSION
+<!-- Paste, BELOW THIS COMMENT, verbatim output from "ansible-galaxy collection list"-->
+<!-- If using virtual environments or execution environments, remember to activate them-->
+```
+
+```
+
+##### STEPS TO REPRODUCE
+<!-- List the steps to reproduce the problem, using a minimal test-case. -->
+
+<!-- Paste example playbook below -->
+```yaml
+
+```
+
+##### EXPECTED RESULTS
+<!-- What did you expect to happen when running the steps above? -->
+
+
+##### ACTUAL RESULTS
+<!-- What actually happened? If possible run with extra verbosity (-vvvv) and diff (--diff) -->
+<!-- Please also include check mode (--check --diff) output if the API returns an error -->
+<!-- Be sure to mask any sensitive information -->
+
+<!--- Paste verbatim command output between quotes below -->
+```
+
+```

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,12 @@
+---
+name: ✨ Feature request
+about: Suggest an idea for this project
+
+---
+
+##### SUMMARY
+<!--- Explain the problem briefly -->
+
+
+##### ISSUE TYPE
+ - Feature Idea

.github/workflows/ci.yml

@@ -29,6 +29,12 @@ jobs:
           pip install yamllint 'molecule[docker]~=3.5.2' ansible-core flake8 ansible-lint voluptuous
           pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
 
+      - name: Install ansible-lint custom rules
+        uses: actions/checkout@v2
+        with:
+          repository: ansible-middleware/ansible-lint-custom-rules
+          path: ansible_collections/ansible-lint-custom-rules/
+
       - name: Create default collection path
         run: |
           mkdir -p /home/runner/.ansible/collections/ansible_collections

.github/workflows/docs.yml

@@ -0,0 +1,75 @@
+---
+name: Documentation
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "[0-9]+.[0-9]+.[0-9]+"
+
+env:
+  COLORTERM: 'yes'
+  TERM: 'xterm-256color'
+  PYTEST_ADDOPTS: '--color=yes'
+
+jobs:
+  docs:
+    runs-on: ubuntu-latest
+    if: github.repository == 'ansible-middleware/keycloak'
+    permissions:
+      actions: write
+      checks: write
+      contents: write
+      deployments: write
+      packages: write
+      pages: write
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+        with:
+          path: ansible_collections/middleware_automation/keycloak
+          fetch-depth: 0
+
+      - name: Set up Python
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+
+      - name: Install doc dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r ansible_collections/middleware_automation/keycloak/docs/requirements.txt
+          pip install -r ansible_collections/middleware_automation/keycloak/requirements.txt
+
+      - name: Create default collection path
+        run: |
+          mkdir -p /home/runner/.ansible/collections/ansible_collections
+
+      - name: Create doc directories and resources
+        run: |
+          mkdir -p ./docs/plugins ./docs/roles
+          cat ./docs/roles.rst.template > ./docs/roles/index.rst
+          antsibull-docs collection --use-current --squash-hierarchy --dest-dir docs/plugins  middleware_automation.keycloak
+          for role_readme in roles/*/README.md; do ln -f -s ../../$role_readme ./docs/roles/$(basename $(dirname $role_readme)).md; echo " * :doc:\`$(basename $(dirname $role_readme))\`" >> ./docs/roles/index.rst; done
+        working-directory: ansible_collections/middleware_automation/keycloak
+
+      - name: Run sphinx
+        run: |
+          sphinx-build -M html . _build -v
+        working-directory: ansible_collections/middleware_automation/keycloak/docs/
+
+      - name: Commit docs
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+          git checkout gh-pages
+          rm -rf $(basename ${GITHUB_REF})
+          mv docs/_build/html $(basename ${GITHUB_REF})
+          ln --force --no-dereference --symbolic   main latest
+          git show origin/main:docs/_gh_include/header.inc > index.html
+          (echo main; echo latest; dirname *.*.*/index.html | sort --version-sort --reverse) | xargs -I@@ -n1 echo '<li class="toctree-l1"><a class="reference internal" href="@@/">@@</a></li>' >> index.html
+          git show origin/main:docs/_gh_include/footer.inc >> index.html
+          git add $(basename ${GITHUB_REF}) latest index.html
+          git commit -m "Update docs for $(basename ${GITHUB_REF})" || true
+          git push origin gh-pages
+        working-directory: ansible_collections/middleware_automation/keycloak/

.github/workflows/release.yml

@@ -1,9 +1,9 @@
+---
 name: Release collection
-
 on:
   push:
     tags:
-      - "*.*.*"
+      - "[0-9]+.[0-9]+.[0-9]+"
 
 jobs:
   release:
@@ -31,7 +31,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
           files: "*.tar.gz"
-          body: "Release ${{ steps.get_version.outputs.TAG_VERSION }}"
+          body: "Release v${{ steps.get_version.outputs.TAG_VERSION }}"
       - name: Publish collection
         env:
           ANSIBLE_GALAXY_API_KEY: ${{ secrets.ANSIBLE_GALAXY_API_KEY }}

.gitignore

@@ -1,2 +1,10 @@
 *.tar.gz
 *.zip
+.tmp
+.cache
+docs/plugins/
+docs/roles/
+docs/_build/
+.pytest_cache/
+.mypy_cache/
+*.retry

CONTRIBUTING.md

@@ -5,10 +5,10 @@
 - Use spaces around jinja variables. `{{ var }}` over `{{var}}`
 - Variables that are internal to the role should be lowercase and start with the role name
 - Keep roles self contained - Roles should avoid including tasks from other roles when possible
-- Plays should do nothing more than include a list of roles except where `pre_tasks` and `post_tasks` are required when possible
-- Separators - Use valid name, ie. underscores (e.g. `my_role` `my_playbook`) not dashes (`my-role`)
-- Paths - When defining paths, do not include trailing slashes (e.g. `my_path: /foo` not `my_path: /foo/`). When concatenating paths, follow the same convention (e.g. `{{ my_path }}/bar` not `{{ my_path }}bar`)
+- Plays should do nothing more than include a list of roles, except where `pre_tasks` and `post_tasks` are required, when possible
+- Separators - Use valid names, ie. underscores (e.g. `my_role` `my_playbook`) not dashes (`my-role`)
+- Paths - When defining paths, do not include trailing slashes (e.g. `my_path: /foo` not `my_path: /foo/`); when concatenating paths, follow the same convention (e.g. `{{ my_path }}/bar` not `{{ my_path }}bar`)
 - Indentation - Use 2 spaces for each indent
 - `vars/` vs `defaults/` - internal or interpolated variables that don't need to change or be overridden by user go in `vars/`, those that a user would likely override, go under `defaults/` directory
-- All arguments have a specification in `meta/argument_specs.yml`
+- All role arguments have a specification in `meta/argument_specs.yml`
 - All playbooks/roles should be focused on compatibility with Ansible Tower

README.md

@@ -1,4 +1,4 @@
-# Ansible Collection - keycloak
+# Ansible Collection - middleware_automation.keycloak
 
 [![Build Status](https://github.com/ansible-middleware/keycloak/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/keycloak/actions/workflows/ci.yml)
 
@@ -13,6 +13,7 @@ This collection has been tested against following Ansible versions: **>=2.9.10**
 Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions.
 <!--end requires_ansible-->
 
+
 ## Installation
 
 ### Installing the Collection from Ansible Galaxy
@@ -54,12 +55,12 @@ A requirement file is provided to install:
 
 Both playbooks include the `keycloak` role, with different settings, as described in the following sections.
 
-For service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
+For full service configuration details, refer to the [keycloak role README](roles/keycloak/README.md).
 
 
 ### Choosing between upstream project (Keycloak) and Red Hat Single Sign-On (RHSSO)
 
-The general flag `keycloak_rhsso_enable` controls what to install between upstream(Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
+The general flag `keycloak_rhsso_enable` controls what to install between upstream (Keycloak, when `False`) or Red Hat Single Sign-On (when `True`).
 The default value for the flag if `True` when Red Hat Network credentials are defined, `False` otherwise.
 
 
@@ -133,15 +134,15 @@ ansible-playbook -i <ansible_hosts> -e @rhn-creds.yml playbooks/keycloak.yml -e
 
 ### Config Playbook
 
-[`playbooks/keycloak-realm.yml`](playbooks/keycloak-realm.yml) creates provided realm, user federation(s), client(s), client role(s) and client user(s) if they don't exist.
+[`playbooks/keycloak_realm.yml`](playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
 
 
 ### Example configuration command
 
-Execute the following command from the source root directory
+Execute the following command from the source root directory:
 
 ```bash
-ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
+ansible-playbook -i <ansible_hosts> playbooks/keycloak_realm.yml -e keycloak_admin_password=<changeme> -e keycloak_realm=test
 ```
 
 - `keycloak_admin_password` password for the administration console user account.
@@ -153,8 +154,11 @@ ansible-playbook -i <ansible_hosts> playbooks/keycloak-realm.yml -e keycloak_adm
   localhost ansible_connection=local
   ```
 
-For configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
+For full configuration details, refer to the [keycloak_realm role README](roles/keycloak_realm/README.md).
 
+## Support
+
+Keycloak collection v1.0.0 is a Beta release and for [Technical Preview](https://access.redhat.com/support/offerings/techpreview). If you have any issues or questions related to collection, please don't hesitate to contact us on Ansible-middleware-core@redhat.com or open an issue on https://github.com/ansible-middleware/keycloak/issues
 
 ## License
 

docs/README.md

@@ -0,0 +1 @@
+../README.md

docs/_gh_include/footer.inc

@@ -0,0 +1,21 @@
+              </ul>
+            </div>
+          </section>
+        </div>
+      </div>
+      <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
+      </div>
+      <hr/>
+      <div role="contentinfo">
+        <p>&#169; Copyright 2022, Red Hat, Inc..</p>
+      </div>
+      Built with <a href="https://www.sphinx-doc.org/">Sphinx</a> using a
+        <a href="https://github.com/readthedocs/sphinx_rtd_theme">theme</a>
+        provided by <a href="https://readthedocs.org">Read the Docs</a>.
+      </footer>
+    </div>
+  </div>
+</section>
+</div>
+</body>
+</html>

docs/_gh_include/header.inc

@@ -0,0 +1,43 @@
+<!doctype html>
+<html>
+  <head>
+    <title>Keycloak Ansible Collection documentation index</title>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="stylesheet" href="https://ansible-middleware.github.io/keycloak/main/_static/pygments.css" type="text/css" />
+    <link rel="stylesheet" href="https://ansible-middleware.github.io/keycloak/main/_static/css/theme.css" type="text/css" />
+    <link rel="stylesheet" href="https://ansible-middleware.github.io/keycloak/main/_static/ansible-basic-sphinx-ext.css" type="text/css" />
+    <script data-url_root="./" id="documentation_options" src="https://ansible-middleware.github.io/keycloak/main/_static/documentation_options.js"></script>
+    <script src="https://ansible-middleware.github.io/keycloak/main/_static/jquery.js"></script>
+    <script src="https://ansible-middleware.github.io/keycloak/main/_static/underscore.js"></script>
+    <script src="https://ansible-middleware.github.io/keycloak/main/_static/doctools.js"></script>
+    <script src="https://ansible-middleware.github.io/keycloak/main/_static/js/theme.js"></script>
+  </head>
+
+<body class="wy-body-for-nav">
+  <div class="wy-grid-for-nav">
+    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
+      <div class="wy-side-scroll">
+        <div class="wy-side-nav-search" >
+            <a href="#" class="icon icon-home"> Keycloak Ansible Collection</a>
+        </div>
+      </div>
+    </nav>
+    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
+      <div class="wy-nav-content">
+          <div class="rst-content">
+            <div role="navigation" aria-label="Page navigation">
+              <ul class="wy-breadcrumbs">
+                  <li><a href="#" class="icon icon-home"></a> &raquo;</li>
+                  <li>Welcome to Keycloak Collection documentation</li>
+                  <li class="wy-breadcrumbs-aside"></li>
+              </ul>
+              <hr/>
+            </div>
+          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
+             <div itemprop="articleBody">
+                <section id="welcome-to-keycloak-collection-documentation">
+                  <h1>Welcome to Keycloak Collection documentation<a class="headerlink" href="#welcome-to-keycloak-collection-documentation" title="Permalink to this headline"></a></h1>
+                    <div class="toctree-wrapper compound">
+                      <p class="caption" role="heading"><span class="caption-text">Pick collection version:</span></p>
+                        <ul>

docs/conf.py

@@ -0,0 +1,170 @@
+# -*- coding: utf-8 -*-
+#
+# Configuration file for the Sphinx documentation builder.
+#
+# This file does only contain a selection of the most common options. For a
+# full list see the documentation:
+# http://www.sphinx-doc.org/en/master/config
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+import datetime
+import os
+import sys
+sys.path.insert(0, os.path.abspath('../plugins/module_utils/'))
+# sys.path.insert(0, os.path.abspath('.'))
+
+# -- Project information -----------------------------------------------------
+
+project = 'Keycloak Ansible Collection'
+copyright = '{y}, Red Hat, Inc.'.format(y=datetime.date.today().year)
+author = 'Red Hat, Inc.'
+
+# The short X.Y version
+version = ''
+# The full version, including alpha/beta/rc tags
+release = ''
+
+
+# -- General configuration ---------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+#
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    'myst_parser',
+    'sphinx.ext.autodoc',
+    'sphinx.ext.intersphinx',
+    'ansible_basic_sphinx_ext',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# The suffix(es) of source filenames.
+# You can specify multiple suffix as a list of string:
+#
+# source_suffix = ['.rst', '.md']
+source_suffix = ['.rst', '.md']
+
+# The master toctree document.
+master_doc = 'index'
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+#
+# This is also used if you do content translation via gettext catalogs.
+# Usually you set "language" from the command line for these cases.
+language = None
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path .
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', '.tmp']
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+highlight_language = 'YAML+Jinja'
+
+# -- Options for HTML output -------------------------------------------------
+html_theme_path = ['_themes']
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+# html_theme = 'alabaster'
+html_theme = 'sphinx_rtd_theme'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+#
+# html_theme_options = {}
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+html_static_path = []
+
+# Custom sidebar templates, must be a dictionary that maps document names
+# to template names.
+#
+# The default sidebars (for documents that don't match any pattern) are
+# defined by theme itself.  Builtin themes are using these templates by
+# default: ``['localtoc.html', 'relations.html', 'sourcelink.html',
+# 'searchbox.html']``.
+#
+# html_sidebars = {}
+
+
+# -- Options for HTMLHelp output ---------------------------------------------
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'KeycloakCollectionDoc'
+
+
+# -- Options for LaTeX output ------------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    #
+    # 'papersize': 'letterpaper',
+
+    # The font size ('10pt', '11pt' or '12pt').
+    #
+    # 'pointsize': '10pt',
+
+    # Additional stuff for the LaTeX preamble.
+    #
+    # 'preamble': '',
+
+    # Latex figure (float) alignment
+    #
+    # 'figure_align': 'htbp',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    (master_doc, 'KeycloakCollection.tex', 'Red Hat Single Sign-On Ansible Collection Documentation',
+     'Red Hat, Inc.', 'manual'),
+]
+
+
+# -- Options for manual page output ------------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    (master_doc, 'keycloakcollection', 'Red Hat Single Sign-On Ansible Collection Documentation',
+     [author], 1)
+]
+
+
+# -- Options for Texinfo output ----------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    (master_doc, 'KeycloakCollection', 'Red Hat Single Sign-On Ansible Collection Documentation',
+     author, 'KeycloakCollection', 'One line description of project.',
+     'Miscellaneous'),
+]
+
+
+# -- Extension configuration -------------------------------------------------
+
+# -- Options for intersphinx extension ---------------------------------------
+
+# Example configuration for intersphinx: refer to the Python standard library.
+intersphinx_mapping = {'python': ('https://docs.python.org/2', None), 'ansible': ('https://docs.ansible.com/ansible/latest/', None)}

docs/developing.md

@@ -0,0 +1 @@
+../CONTRIBUTING.md

docs/index.rst

@@ -0,0 +1,32 @@
+.. Red Hat middleware_automation Keycloak Ansible Collection documentation main file
+
+Welcome to Keycloak Collection documentation
+============================================
+
+.. toctree::
+   :maxdepth: 2
+   :caption: User documentation
+
+   README
+   plugins/index
+   roles/index
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Developer documentation
+
+   developing
+   testing
+   releasing
+
+.. toctree::
+   :maxdepth: 2
+   :caption: General
+
+   Changelog <CHANGELOG>
+
+Indices and tables
+==================
+
+* :ref:`genindex`
+* :ref:`search`

docs/requirements.txt

@@ -0,0 +1,5 @@
+antsibull>=0.17.0
+ansible-base>=2.10.12
+sphinx-rtd-theme
+git+https://github.com/felixfontein/ansible-basic-sphinx-ext
+myst-parser

docs/roles.rst.template

@@ -0,0 +1,3 @@
+Role Index
+==========
+

galaxy.yml

@@ -1,6 +1,7 @@
+---
 namespace: middleware_automation
 name: keycloak
-version: "0.2.4"
+version: "1.0.0"
 readme: README.md
 authors:
   - Romain Pelisse <rpelisse@redhat.com>
@@ -12,12 +13,21 @@ tags:
   - keycloak
   - redhat
   - rhel
-  - rhn
   - sso
+  - openid
+  - application
+  - identity
+  - security
+  - infrastructure
+  - authentication
 dependencies:
   "middleware_automation.redhat_csp_download": ">=1.2.1"
-  "middleware_automation.wildfly": ">=0.0.4"
+  "middleware_automation.wildfly": ">=0.0.6"
 repository: https://github.com/ansible-middleware/keycloak
-documentation: https://github.com/ansible-middleware/keycloak
+documentation: https://ansible-middleware.github.io/keycloak
 homepage: https://github.com/ansible-middleware/keycloak
 issues: https://github.com/ansible-middleware/keycloak/issues
+build_ignore:
+  - molecule
+  - docs
+  - .github

molecule/default/molecule.yml

@@ -4,6 +4,9 @@ dependency:
   command: ansible-galaxy collection install -r molecule/default/requirements.yml -p $HOME/.ansible/collections --force-with-deps
 driver:
   name: docker
+lint: |
+  ansible-lint --version
+  ansible-lint -v
 platforms:
   - name: instance
     image: registry.access.redhat.com/ubi8/ubi-init:latest

molecule/default/prepare.yml

@@ -3,10 +3,10 @@
   hosts: all
   tasks:
     - name: Disable beta repos
-      command: yum config-manager --disable '*beta*'
+      ansible.builtin.command: yum config-manager --disable '*beta*'
       ignore_errors: yes
 
     - name: Install sudo
-      yum:
+      ansible.builtin.yum:
         name: sudo
         state: present

molecule/default/verify.yml

@@ -5,6 +5,6 @@
     - name: Populate service facts
       ansible.builtin.service_facts:
     - name: Check if keycloak service started
-      assert:
+      ansible.builtin.assert:
         that:
           - ansible_facts.services["keycloak.service"]["state"] == "running"

playbooks/keycloak.yml

@@ -5,7 +5,7 @@
     - middleware_automation.keycloak
   tasks:
     - name: Include keycloak role
-      include_role:
-        name: keycloak
+      ansible.builtin.include_role:
+        name: middleware_automation.keycloak.keycloak
       vars:
         keycloak_admin_password: "changeme"

playbooks/keycloak_realm.yml

@@ -3,8 +3,8 @@
   hosts: keycloak
   tasks:
     - name: Keycloak Realm Role
-      include_role:
-        name: keycloak_realm
+      ansible.builtin.include_role:
+        name: middleware_automation.keycloak.keycloak_realm
       vars:
         keycloak_admin_password: "changeme"
         keycloak_realm: TestRealm

playbooks/rhsso.yml

@@ -4,11 +4,11 @@
   collections:
     - middleware_automation.redhat_csp_download
   roles:
-    - redhat_csp_download
+    - middleware_automation.redhat_csp_download.redhat_csp_download
   tasks:
     - name: Keycloak Role
-      include_role:
-        name: keycloak
+      ansible.builtin.include_role:
+        name: middleware_automation.keycloak.keycloak
       vars:
         keycloak_admin_password: "changeme"
         keycloak_rhsso_enable: True

roles/keycloak/README.md

@@ -69,6 +69,29 @@ Role Defaults
 |`keycloak_version`| keycloak.org package version | `15.0.2` |
 |`keycloak_rhsso_version`| RHSSO version | `7.5.0` |
 |`keycloak_dest`| Installation root path | `/opt/keycloak` |
+|`keycloak_download_url` | Download URL for keycloak | `https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}` |
+|`keycloak_rhn_url` | Base download URI for customer portal | `https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId=` |
+
+
+* Miscellaneous configuration
+
+| Variable | Description | Default |
+|:---------|:------------|:--------|
+|`keycloak_archive` | keycloak install archive filename | `keycloak-{{ keycloak_version }}.zip` |
+|`keycloak_download_url_9x` | Download URL for keycloak (deprecated) | `https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}` |
+|`keycloak_installdir` | Installation path | `{{ keycloak_dest }}/keycloak-{{ keycloak_version }}` |
+|`keycloak_rhsso_archive` | Red Hat SSO install archive filename | `rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip` |
+|`keycloak_rhsso_installdir`| Installation path for Red Hat SSO | `{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\.([0-9]*).*', '\1.\2') }}` |
+|`keycloak_rhsso_download_url`| Full download URI for Red Hat SSO | `{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}` |
+|`keycloak_jboss_home` | Installation work directory | `{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}` |
+|`keycloak_config_dir` | Path for configuration | `{{ keycloak_jboss_home }}/standalone/configuration` |
+|`keycloak_config_path_to_standalone_xml` | Custom path for configuration | `{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}` |
+|`keycloak_auth_realm` | Name for rest authentication realm | `master` |
+|`keycloak_auth_client` | Authentication client for configuration REST calls | `admin-cli` |
+|`keycloak_force_install` | Remove pre-existing versions of service | `False` |
+|`keycloak_url` | URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
+|`keycloak_management_url` | URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
+|`rhsso_rhn_id` | Customer Portal product ID for Red Hat SSO | `{{ rhsso_rhn_ids[keycloak_rhsso_version] }}` |
 
 
 Role Variables

roles/keycloak/handlers/main.yml

@@ -1,3 +1,3 @@
 ---
 - name: restart keycloak
-  include_tasks: restart_keycloak.yml
+  ansible.builtin.include_tasks: restart_keycloak.yml

roles/keycloak/meta/argument_specs.yml

@@ -4,162 +4,162 @@ argument_specs:
             keycloak_version:
                 # line 3 of keycloak/defaults/main.yml
                 default: "15.0.2"
-                description: "TODO document argument"
+                description: "keycloak.org package version"
                 type: "str"
             keycloak_archive:
                 # line 4 of keycloak/defaults/main.yml
                 default: "keycloak-{{ keycloak_version }}.zip"
-                description: "TODO document argument"
+                description: "keycloak install archive filename"
                 type: "str"
             keycloak_download_url:
                 # line 5 of keycloak/defaults/main.yml
                 default: "https://github.com/keycloak/keycloak/releases/download/{{ keycloak_version }}/{{ keycloak_archive }}"
-                description: "TODO document argument"
+                description: "Download URL for keycloak"
                 type: "str"
             keycloak_download_url_9x:
                 # line 6 of keycloak/defaults/main.yml
                 default: "https://downloads.jboss.org/keycloak/{{ keycloak_version }}/{{ keycloak_archive }}"
-                description: "TODO document argument"
+                description: "Download URL for keycloak (deprecated)"
                 type: "str"
             keycloak_installdir:
                 # line 7 of keycloak/defaults/main.yml
                 default: "{{ keycloak_dest }}/keycloak-{{ keycloak_version }}"
-                description: "TODO document argument"
+                description: "Installation path"
                 type: "str"
             keycloak_rhsso_version:
                 # line 10 of keycloak/defaults/main.yml
                 default: "7.5.0"
-                description: "TODO document argument"
+                description: "Red Hat Single Sign-On version"
                 type: "str"
             rhsso_rhn_id:
                 # line 11 of keycloak/defaults/main.yml
                 default: "{{ rhsso_rhn_ids[keycloak_rhsso_version] }}"
-                description: "TODO document argument"
+                description: "Customer Portal product ID for Red Hat SSO"
                 type: "str"
             keycloak_rhsso_archive:
                 # line 12 of keycloak/defaults/main.yml
                 default: "rh-sso-{{ keycloak_rhsso_version }}-server-dist.zip"
-                description: "TODO document argument"
+                description: "ed Hat SSO install archive filename"
                 type: "str"
             keycloak_rhsso_installdir:
                 # line 13 of keycloak/defaults/main.yml
                 default: "{{ keycloak_dest }}/rh-sso-{{ keycloak_rhsso_version | regex_replace('^([0-9])\\.([0-9]*).*', '\\1.\\2') }}"
-                description: "TODO document argument"
+                description: "Installation path for Red Hat SSO"
                 type: "str"
             keycloak_rhn_url:
                 # line 14 of keycloak/defaults/main.yml
                 default: "https://access.redhat.com/jbossnetwork/restricted/softwareDownload.html?softwareId="
-                description: "TODO document argument"
+                description: "Base download URI for customer portal"
                 type: "str"
             keycloak_rhsso_download_url:
                 # line 15 of keycloak/defaults/main.yml
                 default: "{{ keycloak_rhn_url }}{{ rhsso_rhn_id }}"
-                description: "TODO document argument"
+                description: "Full download URI for Red Hat SSO"
                 type: "str"
             keycloak_rhsso_enable:
                 # line 18 of keycloak/defaults/main.yml
                 default: "{{ True if rhsso_rhn_id is defined and rhn_username is defined and rhn_password is defined else False }}"
-                description: "TODO document argument"
+                description: "Enable Red Hat Single Sign-on installation"
                 type: "str"
             keycloak_offline_install:
                 # line 20 of keycloak/defaults/main.yml
                 default: false
-                description: "TODO document argument"
+                description: "Perform an offline install"
                 type: "bool"
             jvm_package:
                 # line 23 of keycloak/defaults/main.yml
                 default: "java-1.8.0-openjdk-devel"
-                description: "TODO document argument"
+                description: "RHEL java package runtime rpm"
                 type: "str"
             keycloak_dest:
                 # line 24 of keycloak/defaults/main.yml
                 default: "/opt/keycloak"
-                description: "TODO document argument"
+                description: "Root installation directory"
                 type: "str"
             keycloak_jboss_home:
                 # line 25 of keycloak/defaults/main.yml
                 default: "{{ keycloak_rhsso_installdir if keycloak_rhsso_enable else keycloak_installdir }}"
-                description: "TODO document argument"
+                description: "Installation work directory"
                 type: "str"
             keycloak_config_dir:
                 # line 26 of keycloak/defaults/main.yml
                 default: "{{ keycloak_jboss_home }}/standalone/configuration"
-                description: "TODO document argument"
+                description: "Path for configuration"
                 type: "str"
             keycloak_config_standalone_xml:
                 # line 27 of keycloak/defaults/main.yml
                 default: "keycloak.xml"
-                description: "TODO document argument"
+                description: "Service configuration filename"
                 type: "str"
             keycloak_config_path_to_standalone_xml:
                 # line 28 of keycloak/defaults/main.yml
                 default: "{{ keycloak_jboss_home }}/standalone/configuration/{{ keycloak_config_standalone_xml }}"
-                description: "TODO document argument"
+                description: "Custom path for configuration"
                 type: "str"
             keycloak_service_user:
                 # line 29 of keycloak/defaults/main.yml
                 default: "keycloak"
-                description: "TODO document argument"
+                description: "posix account username"
                 type: "str"
             keycloak_service_group:
                 # line 30 of keycloak/defaults/main.yml
                 default: "keycloak"
-                description: "TODO document argument"
+                description: "posix account group"
                 type: "str"
             keycloak_service_pidfile:
                 # line 31 of keycloak/defaults/main.yml
                 default: "/run/keycloak.pid"
-                description: "TODO document argument"
+                description: "PID file path for service"
                 type: "str"
             keycloak_bind_address:
                 # line 34 of keycloak/defaults/main.yml
                 default: "0.0.0.0"
-                description: "TODO document argument"
+                description: "Address for binding service ports"
                 type: "str"
             keycloak_host:
                 # line 35 of keycloak/defaults/main.yml
                 default: "localhost"
-                description: "TODO document argument"
+                description: "Hostname for service"
                 type: "str"
             keycloak_http_port:
                 # line 36 of keycloak/defaults/main.yml
                 default: 8080
-                description: "TODO document argument"
+                description: "Listening HTTP port"
                 type: "int"
             keycloak_https_port:
                 # line 37 of keycloak/defaults/main.yml
                 default: 8443
-                description: "TODO document argument"
+                description: "Listening HTTPS port"
                 type: "int"
             keycloak_ajp_port:
                 # line 38 of keycloak/defaults/main.yml
                 default: 8009
-                description: "TODO document argument"
+                description: "Listening AJP port"
                 type: "int"
             keycloak_jgroups_port:
                 # line 39 of keycloak/defaults/main.yml
                 default: 7600
-                description: "TODO document argument"
+                description: "jgroups cluster tcp port"
                 type: "int"
             keycloak_management_http_port:
                 # line 40 of keycloak/defaults/main.yml
                 default: 9990
-                description: "TODO document argument"
+                description: "Management port (http)"
                 type: "int"
             keycloak_management_https_port:
                 # line 41 of keycloak/defaults/main.yml
                 default: 9993
-                description: "TODO document argument"
+                description: "Management port (https)"
                 type: "int"
             keycloak_java_opts:
                 # line 42 of keycloak/defaults/main.yml
                 default: "-Xms1024m -Xmx2048m"
-                description: "TODO document argument"
+                description: "Additional JVM options"
                 type: "str"
             keycloak_prefer_ipv4:
                 # line 43 of keycloak/defaults/main.yml
                 default: true
-                description: "TODO document argument"
+                description: "Prefer IPv4 stack and addresses for port binding"
                 type: "bool"
             keycloak_ha_enabled:
                 # line 46 of keycloak/defaults/main.yml
@@ -179,52 +179,52 @@ argument_specs:
             keycloak_auth_realm:
                 # line 52 of keycloak/defaults/main.yml
                 default: "master"
-                description: "TODO document argument"
+                description: "Name for rest authentication realm"
                 type: "str"
             keycloak_auth_client:
                 # line 53 of keycloak/defaults/main.yml
                 default: "admin-cli"
-                description: "TODO document argument"
+                description: "Authentication client for configuration REST calls"
                 type: "str"
             keycloak_force_install:
                 # line 55 of keycloak/defaults/main.yml
                 default: false
-                description: "TODO document argument"
+                description: "Remove pre-existing versions of service"
                 type: "bool"
             keycloak_modcluster_url:
                 # line 58 of keycloak/defaults/main.yml
                 default: "localhost"
-                description: "TODO document argument"
+                description: "URL for the modcluster reverse proxy"
                 type: "str"
             keycloak_frontend_url:
                 # line 59 of keycloak/defaults/main.yml
                 default: "http://localhost"
-                description: "TODO document argument"
+                description: "Frontend URL for keycloak endpoints when a reverse proxy is used"
                 type: "str"
             infinispan_user:
                 # line 62 of keycloak/defaults/main.yml
                 default: "supervisor"
-                description: "TODO document argument"
+                description: "Username for connecting to infinispan"
                 type: "str"
             infinispan_pass:
                 # line 63 of keycloak/defaults/main.yml
                 default: "supervisor"
-                description: "TODO document argument"
+                description: "Password for connecting to infinispan"
                 type: "str"
             infinispan_url:
                 # line 64 of keycloak/defaults/main.yml
                 default: "localhost"
-                description: "TODO document argument"
+                description: "URL for the infinispan remote-cache server"
                 type: "str"
             infinispan_sasl_mechanism:
                 # line 65 of keycloak/defaults/main.yml
                 default: "SCRAM-SHA-512"
-                description: "TODO document argument"
+                description: "Authentication type to infinispan server"
                 type: "str"
             infinispan_use_ssl:
                 # line 66 of keycloak/defaults/main.yml
                 default: false
-                description: "TODO document argument"
+                description: "Enable hotrod client TLS communication"
                 type: "bool"
             infinispan_trust_store_path:
                 # line 68 of keycloak/defaults/main.yml
@@ -234,45 +234,45 @@ argument_specs:
             infinispan_trust_store_password:
                 # line 69 of keycloak/defaults/main.yml
                 default: "changeit"
-                description: "TODO document argument"
+                description: "Path to truststore containing infinispan server certificate"
                 type: "str"
             keycloak_jdbc_engine:
                 # line 72 of keycloak/defaults/main.yml
                 default: "postgres"
-                description: "TODO document argument"
+                description: "Backend database flavour when db is enabled: [ postgres, mariadb ]"
                 type: "str"
             keycloak_db_user:
                 # line 74 of keycloak/defaults/main.yml
                 default: "keycloak-user"
-                description: "TODO document argument"
+                description: "Username for connecting to database"
                 type: "str"
             keycloak_db_pass:
                 # line 75 of keycloak/defaults/main.yml
                 default: "keycloak-pass"
-                description: "TODO document argument"
+                description: "Password for connecting to database"
                 type: "str"
             keycloak_jdbc_url:
                 # line 76 of keycloak/defaults/main.yml
                 default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].url }}"
-                description: "TODO document argument"
+                description: "URL for connecting to backend database"
                 type: "str"
             keycloak_jdbc_driver_version:
                 # line 77 of keycloak/defaults/main.yml
                 default: "{{ keycloak_default_jdbc[keycloak_jdbc_engine].version }}"
-                description: "TODO document argument"
+                description: "Version for the JDBC driver to download"
                 type: "str"
             keycloak_admin_password:
                 # line 4 of keycloak/vars/main.yml
                 required: true
-                description: "TODO document argument"
+                description: "Password for the administration console user account"
                 type: "str"
             keycloak_url:
                 # line 12 of keycloak/vars/main.yml
                 default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
-                description: "TODO document argument"
+                description: "URL for configuration rest calls"
                 type: "str"
             keycloak_management_url:
                 # line 13 of keycloak/vars/main.yml
                 default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
-                description: "TODO document argument"
+                description: "URL for management console rest calls"
                 type: "str"

roles/keycloak/meta/main.yml

@@ -6,7 +6,7 @@ collections:
 galaxy_info:
   role_name: keycloak
   namespace: middleware_automation
-  author: Romain Pelisse, Guido Grazioli
+  author: Romain Pelisse, Guido Grazioli, Pavan Kumar Motaparthi
   description: Install keycloak or Red Hat Single Sing-On server configurations
   company: Red Hat, Inc.
 
@@ -17,7 +17,6 @@ galaxy_info:
   platforms:
    - name: EL
      versions:
-     - 7
      - 8
 
   galaxy_tags:

roles/keycloak/tasks/fastpackages/check.yml

@@ -1,14 +1,14 @@
 ---
 - block:
   - name: "Check if package {{ package_name }} is already installed"
-    command: rpm -q {{ package_name }}
+    ansible.builtin.command: rpm -q {{ package_name }}
     args:
       warn: no
     register: rpm_info
     changed_when: rpm_info.failed
 
   rescue:
-    - name: "If package {{ package_name }} is missing, add it to the yum install list."
-      set_fact:
+    - name: "Add {{ package_name }} to the yum install list if missing"
+      ansible.builtin.set_fact:
         packages_to_install: "{{ packages_to_install + [ package_name ] }}"
       when: rpm_info.failed

roles/keycloak/tasks/fastpackages/install.yml

@@ -1,17 +1,18 @@
 ---
-- set_fact:
+- name: Set facts
+  ansible.builtin.set_fact:
     update_cache: true
     packages_to_install: []
 
 - name: "Check packages to be installed"
-  include_tasks: check.yml
+  ansible.builtin.include_tasks: check.yml
   loop: "{{ packages_list | flatten }}"
   loop_control:
     loop_var: package_name
 
 - name: "Install packages: {{ packages_to_install }}"
   become: yes
-  yum:
+  ansible.builtin.yum:
     name: "{{ packages_to_install }}"
     state: present
   when: packages_to_install | length > 0

roles/keycloak/tasks/firewalld.yml

@@ -7,7 +7,7 @@
 
 - name: Enable and start the firewalld service
   become: yes
-  systemd:
+  ansible.builtin.systemd:
     name: firewalld
     enabled: yes
     state: started

roles/keycloak/tasks/install.yml

@@ -1,6 +1,6 @@
 ---
 - name: Validate parameters
-  assert:
+  ansible.builtin.assert:
     that:
       - keycloak_jboss_home is defined
       - keycloak_service_user is defined
@@ -12,7 +12,7 @@
 
 - name: Check for an existing deployment
   become: yes
-  stat:
+  ansible.builtin.stat:
     path: "{{ keycloak_jboss_home }}"
   register: existing_deploy
 
@@ -20,24 +20,24 @@
     - name: Stop the old keycloak service
       become: yes
       ignore_errors: yes
-      systemd:
+      ansible.builtin.systemd:
         name: keycloak
         state: stopped
     - name: Remove the old Keycloak deployment
       become: yes
-      file:
+      ansible.builtin.file:
         path: "{{ keycloak_jboss_home }}"
         state: absent
   when: existing_deploy.stat.exists and keycloak_force_install|bool
 
 - name: check for an existing deployment after possible forced removal
   become: yes
-  stat:
+  ansible.builtin.stat:
     path: "{{ keycloak_jboss_home }}"
 
 - name: create Keycloak service user/group
   become: yes
-  user:
+  ansible.builtin.user:
     name: "{{ keycloak_service_user }}"
     home: /opt/keycloak
     system: yes
@@ -45,7 +45,7 @@
 
 - name: create Keycloak install location
   become: yes
-  file:
+  ansible.builtin.file:
     dest: "{{ keycloak_dest }}"
     state: directory
     owner: "{{ keycloak_service_user }}"
@@ -54,23 +54,23 @@
 
 ## check remote archive
 - name: Set download archive path
-  set_fact:
+  ansible.builtin.set_fact:
     archive: "{{ keycloak_dest }}/{{ keycloak.bundle }}"
 
 - name: Check download archive path
-  stat:
+  ansible.builtin.stat:
     path: "{{ archive }}"
   register: archive_path
 
 ## download to controller
-- name: Check load download archive path
-  stat:
+- name: Check local download archive path
+  ansible.builtin.stat:
     path: "{{ lookup('env', 'PWD') }}"
   register: local_path
   delegate_to: localhost
 
 - name: Download keycloak archive
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ keycloak_download_url }}"
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
   delegate_to: localhost
@@ -81,8 +81,8 @@
     - not keycloak_rhsso_enable
     - not keycloak_offline_install
 
-- name: Performing download from RHN
-  redhat_csp_download:
+- name: Perform download from RHN
+  middleware_automation.redhat_csp_download.redhat_csp_download:
     url: "{{ keycloak_rhsso_download_url }}"
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
     username: "{{ rhn_username }}"
@@ -98,7 +98,7 @@
     - keycloak_rhn_url in keycloak_rhsso_download_url
 
 - name: Download rhsso archive from alternate location
-  get_url:
+  ansible.builtin.get_url:
     url: "{{ keycloak_rhsso_download_url }}"
     dest: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
   delegate_to: localhost
@@ -111,14 +111,14 @@
     - not keycloak_rhn_url in keycloak_rhsso_download_url
 
 - name: Check downloaded archive
-  stat:
+  ansible.builtin.stat:
     path: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
   register: local_archive_path
   delegate_to: localhost
 
 ## copy and unpack
 - name: Copy archive to target nodes
-  copy:
+  ansible.builtin.copy:
     src: "{{ local_path.stat.path }}/{{ keycloak.bundle }}"
     dest: "{{ archive }}"
     owner: "{{ keycloak_service_user }}"
@@ -132,13 +132,13 @@
   become: yes
 
 - name: "Check target directory: {{ keycloak.home }}"
-  stat:
+  ansible.builtin.stat:
     path: "{{ keycloak.home }}"
   register: path_to_workdir
   become: yes
 
 - name: "Extract {{ 'Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Keycloak' }} archive on target"
-  unarchive:
+  ansible.builtin.unarchive:
     remote_src: yes
     src: "{{ archive }}"
     dest: "{{ keycloak_dest }}"
@@ -152,13 +152,13 @@
     - restart keycloak
 
 - name: Inform decompression was not executed
-  debug:
+  ansible.builtin.debug:
     msg: "{{ keycloak.home }} already exists and version unchanged, skipping decompression"
   when:
     - not new_version_downloaded.changed and path_to_workdir.stat.exists
 
 - name: "Reown installation directory to {{ keycloak_service_user }}"
-  file:
+  ansible.builtin.file:
     path: "{{ keycloak.home }}"
     owner: "{{ keycloak_service_user }}"
     group: "{{ keycloak_service_group }}"
@@ -168,8 +168,8 @@
 
 # driver and configuration
 - name: "Install {{ keycloak_jdbc_engine }} driver"
-  include_role:
-    name: wildfly_driver
+  ansible.builtin.include_role:
+    name: middleware_automation.wildfly.wildfly_driver
   vars:
       wildfly_user: "{{ keycloak_service_user }}"
       jdbc_driver_module_dir: "{{ keycloak_jdbc[keycloak_jdbc_engine].driver_module_dir }}"
@@ -182,7 +182,7 @@
 
 - name: "Deploy {{ keycloak.service_name }} config to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
-  template:
+  ansible.builtin.template:
     src: templates/standalone.xml.j2
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"
@@ -194,7 +194,7 @@
 
 - name: "Deploy {{ keycloak.service_name }} config with remote cache store to {{ keycloak_config_path_to_standalone_xml }}"
   become: yes
-  template:
+  ansible.builtin.template:
     src: templates/standalone-infinispan.xml.j2
     dest: "{{ keycloak_config_path_to_standalone_xml }}"
     owner: "{{ keycloak_service_user }}"

roles/keycloak/tasks/main.yml

@@ -1,26 +1,26 @@
 ---
 # tasks file for keycloak
 
-- name: Prerequisites
-  include_tasks: prereqs.yml
+- name: Check prerequisites
+  ansible.builtin.include_tasks: prereqs.yml
   tags:
     - prereqs
 
 - name: Include install tasks
-  include_tasks: tasks/install.yml
+  ansible.builtin.include_tasks: tasks/install.yml
 
 - name: Include systemd tasks
-  include_tasks: tasks/systemd.yml
+  ansible.builtin.include_tasks: tasks/systemd.yml
 
 - name: Link default logs directory
-  file:
+  ansible.builtin.file:
     state: link
     src: "{{ keycloak_jboss_home }}/standalone/log"
     dest: /var/log/keycloak
 
 - block:
     - name: Check admin credentials by generating a token
-      uri:
+      ansible.builtin.uri:
         url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
         method: POST
         body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
@@ -31,18 +31,19 @@
       delay: 2
   rescue:
     - name: "Create {{ keycloak.service_name }} admin user"
-      command:
+      ansible.builtin.command:
       args:
         argv:
           - "{{ keycloak_jboss_home }}/bin/add-user-keycloak.sh"
           - "-rmaster"
           - "-u{{ keycloak_admin_user }}"
           - "-p{{ keycloak_admin_password }}"
+      changed_when: yes
       become: yes
     - name: "Restart {{ keycloak.service_name }}"
-      include_tasks: tasks/restart_keycloak.yml
+      ansible.builtin.include_tasks: tasks/restart_keycloak.yml
     - name: "Wait until {{ keycloak.service_name }} becomes active {{ keycloak.health_url }}"
-      uri:
+      ansible.builtin.uri:
         url: "{{ keycloak.health_url }}"
       register: keycloak_status
       until: keycloak_status.status == 200

roles/keycloak/tasks/prereqs.yml

@@ -1,6 +1,6 @@
 ---
 - name: Validate configuration
-  assert:
+  ansible.builtin.assert:
     that:
       - (keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and keycloak_db_enabled) or (not keycloak_ha_enabled and not keycloak_db_enabled)
     quiet: True
@@ -8,7 +8,7 @@
     success_msg: "{{ 'Configuring HA' if keycloak_ha_enabled else 'Configuring standalone' }}"
 
 - name: Validate credentials
-  assert:
+  ansible.builtin.assert:
     that:
       - (rhn_username is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
       - (rhn_password is defined and keycloak_rhsso_enable) or not keycloak_rhsso_enable or keycloak_offline_install
@@ -17,7 +17,7 @@
     success_msg: "{{ 'Installing Red Hat Single Sign-On' if keycloak_rhsso_enable else 'Installing keycloak.org' }}"
 
 - name: Set required packages facts
-  set_fact:
+  ansible.builtin.set_fact:
     required_packages:
     - "{{ jvm_package }}"
     - unzip

roles/keycloak/tasks/restart_keycloak.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Restart and enable keycloack service"
-  systemd:
+  ansible.builtin.systemd:
     name: keycloak
     enabled: yes
     state: restarted

roles/keycloak/tasks/stop_keycloak.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Stop SSO service"
-  systemd:
+  ansible.builtin.systemd:
     name: keycloak
     enabled: yes
     state: stopped

roles/keycloak/tasks/systemd.yml

@@ -1,6 +1,6 @@
 - name: configure keycloak service script wrapper
   become: yes
-  template:
+  ansible.builtin.template:
     src: keycloak-service.sh.j2
     dest: "{{ keycloak_dest }}/keycloak-service.sh"
     owner: root
@@ -11,7 +11,7 @@
 
 - name: configure sysconfig file for keycloak service
   become: yes
-  template:
+  ansible.builtin.template:
     src: keycloak-sysconfig.j2
     dest: /etc/sysconfig/keycloak
     owner: root
@@ -21,7 +21,7 @@
     - restart keycloak
 
 - name: configure systemd unit file for keycloak service
-  template:
+  ansible.builtin.template:
     src: keycloak.service.j2
     dest: /etc/systemd/system/keycloak.service
     owner: root
@@ -34,32 +34,33 @@
 
 - name: reload systemd
   become: yes
-  systemd:
+  ansible.builtin.systemd:
     daemon_reload: yes
   when: systemdunit.changed
 
 - name: start keycloak
-  systemd:
+  ansible.builtin.systemd:
     name: keycloak
     enabled: yes
     state: started
   become: yes
 
 - name: Check service status
-  command: "systemctl status keycloak"
+  ansible.builtin.command: "systemctl status keycloak"
   register: keycloak_service_status
   changed_when: False
 
 - name: Verify service status
-  assert:
+  ansible.builtin.assert:
     that:
       - keycloak_service_status is defined
       - keycloak_service_status.stdout is defined
 
-- meta: flush_handlers
+- name: Flush handlers
+  ansible.builtin.meta: flush_handlers
 
 - name: "Wait until Keycloak becomes active {{ keycloak.health_url }}"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak.health_url }}"
   register: keycloak_status
   until: keycloak_status.status == 200

roles/keycloak_realm/README.md

@@ -9,13 +9,18 @@ Role Defaults
 
 | Variable | Description | Default |
 |:---------|:------------|:---------|
-|`keycloak_admin_user` | Administration console user account | `admin` |
-|`keycloak_host` | hostname | `localhost` |
-|`keycloak_http_port` | HTTP port | `8080` |
-|`keycloak_https_port` | TLS HTTP port | `8443` |
-|`keycloak_auth_realm` | Name of the main authentication realm | `master` |
-|`keycloak_rhsso_enable` | Define service is an upstream(Keycloak) or RHSSO | `master` |
-
+|`keycloak_admin_user`| Administration console user account | `admin` |
+|`keycloak_host`| hostname | `localhost` |
+|`keycloak_http_port`| HTTP port | `8080` |
+|`keycloak_https_port`| TLS HTTP port | `8443` |
+|`keycloak_auth_realm`| Name of the main authentication realm | `master` |
+|`keycloak_rhsso_enable`| Define service is an upstream(Keycloak) or RHSSO | `master` |
+|`keycloak_management_http_port`| Management port | `9990` |
+|`keycloak_auth_client`| Authentication client for configuration REST calls | `admin-cli` |
+|`keycloak_client_public`| Configure a public realm client | `True` |
+|`keycloak_client_web_origins`| Web origins for realm client | `+` |
+|`keycloak_url`| URL for configuration rest calls | `http://{{ keycloak_host }}:{{ keycloak_http_port }}` |
+|`keycloak_management_url`| URL for management console rest calls | `http://{{ keycloak_host }}:{{ keycloak_management_http_port }}` |
 
 
 Role Variables
@@ -37,6 +42,7 @@ The following variables are available for creating clients:
 |`keycloak_client_default_roles` | List of default role name for clients | `[]` |
 |`keycloak_client_users` | List of user/role mappings for a client | `[]` |
 
+
 The following variable are available for creating user federation:
 
 | Variable | Description | Default |
@@ -52,14 +58,15 @@ Variable formats
 ```yaml
     - realm:  <name of the realm in which user federation should be configured, required>
       name: <name of the user federation provider, required>
-      provider_id: <Type of the user federation provider, required>
-      provider_type: < Provider Type, default is set to org.keycloak.storage.UserStorageProvider>
-      config: <Dictionary of supported configuration values, required>
-      mappers: <List of supported configuration values, required>
+      provider_id: <type of the user federation provider, required>
+      provider_type: <Provider Type, default is set to org.keycloak.storage.UserStorageProvider>
+      config: <dictionary of supported configuration values, required>
+      mappers: <list of supported configuration values, required>
 ```
 
 Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_user_federation_module.html) for information on supported variables.
 
+
 * `keycloak_clients`, a list of:
 
 ```yaml
@@ -90,7 +97,8 @@ Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/ge
       realm: <name of the realm>
 ```
 
-For a comprehensive example, refer to the [playbook](playbooks/keycloak.yml).
+For a comprehensive example, refer to the [playbook](../../playbooks/keycloak_realm.yml).
+
 
 Example Playbook
 ----------------

roles/keycloak_realm/defaults/main.yml

@@ -31,6 +31,7 @@ keycloak_auth_client: admin-cli
 #    public_client: "{{ keycloak_client_public }}"
 #    web_origins: "{{ keycloak_client_web_origins }}"
 #    users: "{{ keycloak_client_users }}"
+keycloak_clients: []
 
 # list of roles to create in the client
 keycloak_client_default_roles: []

roles/keycloak_realm/meta/argument_specs.yml

@@ -4,90 +4,90 @@ argument_specs:
             keycloak_host:
                 # line 3 of keycloak_realm/defaults/main.yml
                 default: "localhost"
-                description: "TODO document argument"
+                description: "hostname for rest calls"
                 type: "str"
             keycloak_http_port:
                 # line 4 of keycloak_realm/defaults/main.yml
                 default: 8080
-                description: "TODO document argument"
+                description: "HTTP port"
                 type: "int"
             keycloak_https_port:
                 # line 5 of keycloak_realm/defaults/main.yml
                 default: 8443
-                description: "TODO document argument"
+                description: "HTTPS port"
                 type: "int"
             keycloak_management_http_port:
                 # line 6 of keycloak_realm/defaults/main.yml
                 default: 9990
-                description: "TODO document argument"
+                description: "Management port"
                 type: "int"
             keycloak_rhsso_enable:
                 # line 7 of keycloak_realm/defaults/main.yml
                 default: false
-                description: "TODO document argument"
+                description: "Enable Red Hat Single Sign-on"
                 type: "bool"
             keycloak_admin_user:
                 # line 10 of keycloak_realm/defaults/main.yml
                 default: "admin"
-                description: "TODO document argument"
+                description: "Administration console user account"
                 type: "str"
             keycloak_auth_realm:
                 # line 11 of keycloak_realm/defaults/main.yml
                 default: "master"
-                description: "TODO document argument"
+                description: "Name of the main authentication realm"
                 type: "str"
             keycloak_auth_client:
                 # line 12 of keycloak_realm/defaults/main.yml
                 default: "admin-cli"
-                description: "TODO document argument"
+                description: "Authentication client for configuration REST calls"
                 type: "str"
             keycloak_client_default_roles:
                 # line 36 of keycloak_realm/defaults/main.yml
                 default: "[]"
-                description: "TODO document argument"
+                description: "List of roles to configure as client default"
                 type: "list"
             keycloak_client_public:
                 # line 39 of keycloak_realm/defaults/main.yml
                 default: true
-                description: "TODO document argument"
+                description: "Configure a public realm client"
                 type: "bool"
             keycloak_client_web_origins:
                 # line 42 of keycloak_realm/defaults/main.yml
                 default: "+"
-                description: "TODO document argument"
+                description: "Web origins for realm client"
                 type: "str"
             keycloak_client_users:
                 # line 49 of keycloak_realm/defaults/main.yml
                 default: "[]"
-                description: "TODO document argument"
+                description: "List of users to configure in the realm client"
                 type: "list"
             keycloak_user_federation:
                 # line 52 of keycloak_realm/defaults/main.yml
                 default: "[]"
-                description: "TODO document argument"
+                description: "List of user federations to configure in the realm"
                 type: "list"
             keycloak_admin_password:
                 # line 5 of keycloak_realm/vars/main.yml
                 required: true
-                description: "TODO document argument"
+                description: "Password for the administration console user account"
                 type: "str"
             keycloak_realm:
                 # line 8 of keycloak_realm/vars/main.yml
                 required: true
-                description: "TODO document argument"
+                description: "Name of the realm to be configured"
                 type: "str"
             keycloak_clients:
                 # line 11 of keycloak_realm/vars/main.yml
-                required: true
-                description: "TODO document argument"
-                type: "str"
+                default: "[]"
+                description: "List of client declarations for the realm"
+                type: "list"
             keycloak_url:
                 # line 14 of keycloak_realm/vars/main.yml
                 default: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
-                description: "TODO document argument"
+                description: "URL for configuration rest calls"
                 type: "str"
             keycloak_management_url:
                 # line 15 of keycloak_realm/vars/main.yml
                 default: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"
-                description: "TODO document argument"
+                description: "URL for management console rest calls"
                 type: "str"

roles/keycloak_realm/meta/main.yml

@@ -13,7 +13,6 @@ galaxy_info:
   platforms:
    - name: EL
      versions:
-     - 7
      - 8
 
   galaxy_tags:

roles/keycloak_realm/tasks/main.yml

@@ -1,17 +1,18 @@
 ---
 - name: Generate keycloak auth token
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
     validate_certs: no
+  no_log: True
   register: keycloak_auth_response
   until: keycloak_auth_response.status == 200
   retries: 5
   delay: 2
 
 - name: "Determine if realm exists"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}"
     method: GET
     status_code:
@@ -23,7 +24,7 @@
   register: keycloak_realm_exists
 
 - name: Create Realm
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms"
     method: POST
     body: "{{ lookup('template','realm.json.j2') }}"
@@ -47,6 +48,7 @@
     provider_type: "{{ item.provider_type | default(org.keycloak.storage.UserStorageProvider) }}" 
     config: "{{ item.config }}"
     mappers: "{{ item.mappers | default(omit) }}"
+  no_log: True
   register: create_user_federation_result
   loop: "{{ keycloak_user_federation | flatten }}"
   when: keycloak_user_federation is defined
@@ -78,19 +80,20 @@
     public_client: "{{ item.public_client | default(False) }}"
     protocol: "{{ item.protocol | default(omit) }}"
     state: present
+  no_log: True
   register: create_client_result
   loop: "{{ keycloak_clients | flatten }}"
   when: (item.name is defined and item.client_id is defined) or (item.name is defined and item.id is defined)
 
 - name: Create client roles
-  include_tasks: manage_client_roles.yml
+  ansible.builtin.include_tasks: manage_client_roles.yml
   loop: "{{ keycloak_clients | flatten }}"
   loop_control:
     loop_var: client
   when: "'roles' in client"
 
 - name: Create client users
-  include_tasks: manage_client_users.yml
+  ansible.builtin.include_tasks: manage_client_users.yml
   loop: "{{ keycloak_clients | flatten }}"
   loop_control:
     loop_var: client

roles/keycloak_realm/tasks/manage_client_roles.yml

@@ -10,3 +10,4 @@
     auth_password: "{{ keycloak_admin_password }}"
     state: present
   loop: "{{ client.roles | flatten }}"
+  no_log: True

roles/keycloak_realm/tasks/manage_client_users.yml

@@ -1,12 +1,12 @@
 ---
 - name: Manage Users
-  include_tasks: manage_user.yml
+  ansible.builtin.include_tasks: manage_user.yml
   loop: "{{ client.users | flatten }}"
   loop_control:
     loop_var: user
 
 - name: Manage User Roles
-  include_tasks: manage_user_roles.yml
+  ansible.builtin.include_tasks: manage_user_roles.yml
   loop: "{{ client.users | flatten }}"
   loop_control:
     loop_var: user

roles/keycloak_realm/tasks/manage_user.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Check if User Already Exists"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     validate_certs: no
     headers:
@@ -8,7 +8,7 @@
   register: keycloak_user_search_result
 
 - name: "Create User"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users"
     method: POST
     body:
@@ -26,7 +26,7 @@
   when: keycloak_user_search_result.json | length == 0
 
 - name: "Get User"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     validate_certs: no
     headers:
@@ -34,7 +34,7 @@
   register: keycloak_user
 
 - name: "Update User Password"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users/{{ (keycloak_user.json | first).id }}/reset-password"
     method: PUT
     body:

roles/keycloak_realm/tasks/manage_user_client_roles.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Get Realm for role"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}"
     method: GET
     status_code:
@@ -11,7 +11,7 @@
   register: client_role_realm
 
 - name: Check if Mapping is available
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}/available"
     method: GET
     status_code:
@@ -22,7 +22,7 @@
   register: client_role_user_available
 
 - name: "Create Role Mapping"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ client_role.realm }}/users/{{ (keycloak_user.json | first).id }}/role-mappings/clients/{{ (create_client_result.results | selectattr('end_state.clientId', 'equalto', client_role.client) | list | first).end_state.id }}"
     method: POST
     body:

roles/keycloak_realm/tasks/manage_user_roles.yml

@@ -1,6 +1,6 @@
 ---
 - name: "Get User {{ user.username }}"
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/admin/realms/{{ keycloak_realm }}/users?username={{ user.username }}"
     headers:
       validate_certs: no
@@ -8,18 +8,19 @@
   register: keycloak_user
 
 - name: Refresh keycloak auth token
-  uri:
+  ansible.builtin.uri:
     url: "{{ keycloak_url }}/auth/realms/master/protocol/openid-connect/token"
     method: POST
     body: "client_id={{ keycloak_auth_client }}&username={{ keycloak_admin_user }}&password={{ keycloak_admin_password }}&grant_type=password"
     validate_certs: no
   register: keycloak_auth_response
+  no_log: True
   until: keycloak_auth_response.status == 200
   retries: 5
   delay: 2
 
 - name: "Manage Client Role Mapping for {{ user.username }}"
-  include_tasks: manage_user_client_roles.yml
+  ansible.builtin.include_tasks: manage_user_client_roles.yml
   loop: "{{ user.client_roles | flatten }}"
   loop_control:
     loop_var: client_role

roles/keycloak_realm/vars/main.yml

@@ -7,9 +7,6 @@ keycloak_admin_password:
 # name of the realm to create, this is a required variable
 keycloak_realm:
 
-# keycloak realm clients, this is a required variable
-keycloak_clients:
-
 # other settings
 keycloak_url: "http://{{ keycloak_host }}:{{ keycloak_http_port }}"
 keycloak_management_url: "http://{{ keycloak_host }}:{{ keycloak_management_http_port }}"