diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 761d0feb..860cf935 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -24,7 +24,7 @@ jobs: puppet: 8 fixtures: .fixtures.yml allow_failure: false - - ruby: 2.7.6 + - ruby: 2.7.7 puppet: 7 fixtures: .fixtures-latest.yml allow_failure: true @@ -56,10 +56,8 @@ jobs: fail-fast: false matrix: set: - - "el7" - "el8" - "el9" - - "debian-10" - "debian-11" - "ubuntu-2004" - "ubuntu-2204" @@ -67,17 +65,17 @@ jobs: - "puppet7" - "puppet8" keycloak_version: - - "21.0.1" + - "22.0.0" keycloak_full: - "no" include: - set: "el8" puppet: "puppet7" - keycloak_version: "21.0.1" + keycloak_version: "22.0.0" keycloak_full: "yes" - set: "el8" puppet: "puppet8" - keycloak_version: "21.0.1" + keycloak_version: "22.0.0" keycloak_full: "yes" env: BUNDLE_WITHOUT: development:release diff --git a/.sync.yml b/.sync.yml index 8b8289ea..d919c452 100644 --- a/.sync.yml +++ b/.sync.yml @@ -15,10 +15,9 @@ Rakefile: acceptance_name: '${{ matrix.puppet }} ${{ matrix.set }} (keycloak=${{ matrix.keycloak_version }} full=${{ matrix.keycloak_full }})' acceptance_matrix: set: - - el7 + - ---el7 - el8 - el9 - - debian-10 - debian-11 - ubuntu-2004 - ubuntu-2204 @@ -26,16 +25,16 @@ Rakefile: - puppet7 - puppet8 keycloak_version: - - '21.0.1' + - '22.0.0' keycloak_full: ['no'] acceptance_includes: - set: el8 puppet: puppet7 - keycloak_version: 21.0.1 + keycloak_version: 22.0.0 keycloak_full: 'yes' - set: el8 puppet: puppet8 - keycloak_version: 21.0.1 + keycloak_version: 22.0.0 keycloak_full: 'yes' .gitignore: paths: @@ -51,11 +50,10 @@ Rakefile: Enabled: false appveyor.yml: delete: true -spec/acceptance/nodesets/debian-9.yml: +spec/acceptance/nodesets/el7.yml: delete: true spec/acceptance/nodesets/debian-10.yml: - packages: - - iproute2 + delete: true spec/acceptance/nodesets/debian-11.yml: packages: - iproute2 diff --git a/README.md b/README.md index 83c463f2..5cde2bb7 100644 --- a/README.md +++ b/README.md @@ -175,6 +175,7 @@ This module may work on earlier versions but this is the only version tested. | 18.x | 8.x | | 19.x - 21.x | 9.x | | 21.x | 10.x | +| 22.x | 11.x | ## Usage @@ -190,18 +191,18 @@ Install a specific version of Keycloak. ```puppet class { 'keycloak': - version => '18.0.0', + version => '22.0.0', db => 'mariadb', } ``` Upgrading Keycloak version works by changing `version` parameter as long as the `db` parameter is not the default of `dev-file`. An upgrade involves installing the new version without touching the old version, updating the symlink which defaults to `/opt/keycloak`, applying all changes to new version and then restarting the `keycloak` service. -If the previous `version` was `18.0.0` using the following will upgrade to `19.0.0`: +If the previous `version` was `22.0.0` using the following will upgrade to `23.0.0`: ```puppet class { 'keycloak': - version => '19.0.0', + version => '23.0.0', db => 'mariadb', } ``` @@ -283,7 +284,7 @@ A simple example of deploying a custom SPI from a URL: keycloak::spi_deployment { 'duo-spi': ensure => 'present', deployed_name => 'DuoUniversalKeycloakAuthenticator-jar-with-dependencies.jar', - source => 'https://github.com/instipod/DuoUniversalKeycloakAuthenticator/releases/download/1.0.4/DuoUniversalKeycloakAuthenticator-jar-with-dependencies-1.0.4.jar', + source => 'https://github.com/instipod/DuoUniversalKeycloakAuthenticator/releases/download/1.0.5/DuoUniversalKeycloakAuthenticator-jar-with-dependencies-1.0.5.jar', } ``` @@ -615,12 +616,9 @@ keycloak_required_action { 'webauthn-register on master': This module has been tested on: -* RedHat/CentOS 7 x86_64 * RedHat/Rocky/AlmaLinux 8 x86_64 * RedHat/Rocky/AlmaLinux 9 x86_64 -* Debian 10 x86_64 * Debian 11 x86_64 -* Ubuntu 18.04 x86_64 * Ubuntu 20.04 x86_64 * Ubuntu 22.04 x86_64 diff --git a/data/os/Debian/10.yaml b/data/os/Debian/10.yaml deleted file mode 100644 index 1877e0af..00000000 --- a/data/os/Debian/10.yaml +++ /dev/null @@ -1,4 +0,0 @@ -keycloak::java_package: openjdk-11-jdk -keycloak::java_home: /usr/lib/jvm/java-1.11.0-openjdk-amd64/ -keycloak::java_alternative_path: /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -keycloak::java_alternative: java-1.11.0-openjdk-amd64 diff --git a/data/os/RedHat/7.yaml b/data/os/RedHat/7.yaml deleted file mode 100644 index 518e83df..00000000 --- a/data/os/RedHat/7.yaml +++ /dev/null @@ -1,4 +0,0 @@ -keycloak::java_package: java-11-openjdk-devel -keycloak::java_home: /usr/lib/jvm/java-11-openjdk/ -keycloak::java_alternative_path: /usr/lib/jvm/java-11-openjdk/bin/java -keycloak::java_alternative: /usr/lib/jvm/java-11-openjdk/bin/java diff --git a/lib/puppet/type/keycloak_ldap_user_provider.rb b/lib/puppet/type/keycloak_ldap_user_provider.rb index a0bbdb14..a3966368 100644 --- a/lib/puppet/type/keycloak_ldap_user_provider.rb +++ b/lib/puppet/type/keycloak_ldap_user_provider.rb @@ -73,8 +73,8 @@ newproperty(:use_truststore_spi) do desc 'useTruststoreSpi' - defaultto 'ldapsOnly' - newvalues('always', 'ldapsOnly', 'never') + defaultto 'always' + newvalues('always', 'never') munge { |v| v } end diff --git a/manifests/config.pp b/manifests/config.pp index 30fdb7f6..4a3d66d1 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -27,11 +27,11 @@ ensure => 'directory', owner => $keycloak::user, group => $keycloak::group, - mode => '0755', + mode => $keycloak::conf_dir_mode, purge => $keycloak::conf_dir_purge, force => $keycloak::conf_dir_purge, recurse => $keycloak::conf_dir_purge, - ignore => ['cache-ispn.xml', 'README.md'], + ignore => $keycloak::conf_dir_purge_ignore, notify => Class['keycloak::service'], } diff --git a/manifests/freeipa_user_provider.pp b/manifests/freeipa_user_provider.pp index a2da6081..de66d451 100644 --- a/manifests/freeipa_user_provider.pp +++ b/manifests/freeipa_user_provider.pp @@ -67,7 +67,7 @@ rdn_ldap_attribute => 'uid', search_scope => '1', use_kerberos_for_password_authentication => 'false', - use_truststore_spi => 'ldapsOnly', + use_truststore_spi => 'always', user_object_classes => ['inetOrgPerson', ' organizationalPerson'], username_ldap_attribute => 'uid', users_dn => $users_dn, diff --git a/manifests/init.pp b/manifests/init.pp index b8473ac1..3a9bd545 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -222,15 +222,15 @@ # Only necessary to set if the URL path to Keycloak is modified class keycloak ( Boolean $manage_install = true, - String $version = '21.0.1', + String $version = '22.0.0', Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]] $package_url= undef, Optional[Stdlib::Absolutepath] $install_dir = undef, Array[String[1]] $java_package_dependencies = [], Enum['include','class'] $java_declare_method = 'class', - String[1] $java_package = 'java-11-openjdk-devel', - Stdlib::Absolutepath $java_home = '/usr/lib/jvm/java-11-openjdk', - Stdlib::Absolutepath $java_alternative_path = '/usr/lib/jvm/java-11-openjdk/bin/java', - String[1] $java_alternative = '/usr/lib/jvm/java-11-openjdk/bin/java', + String[1] $java_package = 'java-17-openjdk-devel', + Stdlib::Absolutepath $java_home = '/usr/lib/jvm/java-17-openjdk', + Stdlib::Absolutepath $java_alternative_path = '/usr/lib/jvm/java-17-openjdk/bin/java', + String[1] $java_alternative = '/usr/lib/jvm/java-17-openjdk/bin/java', String $service_name = 'keycloak', String $service_ensure = 'running', Boolean $service_enable = true, diff --git a/metadata.json b/metadata.json index 8188ff8e..858c083b 100644 --- a/metadata.json +++ b/metadata.json @@ -41,17 +41,10 @@ { "operatingsystem": "RedHat", "operatingsystemrelease": [ - "7", "8", "9" ] }, - { - "operatingsystem": "CentOS", - "operatingsystemrelease": [ - "7" - ] - }, { "operatingsystem": "Rocky", "operatingsystemrelease": [ @@ -69,7 +62,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "10", "11" ] }, diff --git a/spec/acceptance/1_class_spec.rb b/spec/acceptance/1_class_spec.rb index 15d8bd3c..48d81f30 100644 --- a/spec/acceptance/1_class_spec.rb +++ b/spec/acceptance/1_class_spec.rb @@ -70,7 +70,7 @@ class { 'keycloak': pp = <<-PUPPET_PP class { 'keycloak': http_relative_path => '/auth', - java_opts => '-Xmx512m -Xms64m', + java_opts => '-Xmx512m -Xms64m -Djava.net.preferIPv4Stack=true', configs => { 'metrics-enabled' => true, }, diff --git a/spec/acceptance/nodesets/debian-10.yml b/spec/acceptance/nodesets/debian-10.yml deleted file mode 100644 index 6f96bade..00000000 --- a/spec/acceptance/nodesets/debian-10.yml +++ /dev/null @@ -1,28 +0,0 @@ -HOSTS: - debian10: - roles: - - agent - platform: debian-10-amd64 - hypervisor: docker - image: debian:10 - docker_preserve_image: true - docker_cmd: - - '/sbin/init' - docker_image_commands: - - 'apt-get install -y wget net-tools systemd-sysv locales apt-transport-https ca-certificates iproute2' - - 'echo "LC_ALL=en_US.UTF-8" >> /etc/environment' - - 'echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen' - - 'echo "LANG=en_US.UTF-8" > /etc/locale.conf' - - 'locale-gen en_US.UTF-8' - docker_env: - - LANG=en_US.UTF-8 - - LANGUAGE=en_US.UTF-8 - - LC_ALL=en_US.UTF-8 - docker_container_name: 'keycloak-debian10' -CONFIG: - log_level: debug - type: foss -ssh: - password: root - auth_methods: ["password"] - diff --git a/spec/acceptance/nodesets/el7.yml b/spec/acceptance/nodesets/el7.yml deleted file mode 100644 index 7ddcf4ff..00000000 --- a/spec/acceptance/nodesets/el7.yml +++ /dev/null @@ -1,26 +0,0 @@ -HOSTS: - centos-7: - roles: - - agent - platform: el-7-x86_64 - hypervisor: docker - image: centos:7 - docker_preserve_image: true - docker_cmd: - - '/usr/sbin/init' - docker_image_commands: - - 'yum install -y wget which cronie iproute initscripts' - - 'wget --no-check-certificate https://copr.fedorainfracloud.org/coprs/jsynacek/systemd-backports-for-centos-7/repo/epel-7/jsynacek-systemd-backports-for-centos-7-epel-7.repo -O /etc/yum.repos.d/jsynacek-systemd-centos-7.repo' - - 'yum update -y systemd' - docker_env: - - LANG=en_US.UTF-8 - - LANGUAGE=en_US.UTF-8 - - LC_ALL=en_US.UTF-8 - docker_container_name: 'keycloak-el7' -CONFIG: - log_level: debug - type: foss -ssh: - password: root - auth_methods: ["password"] - diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 04939584..bb236129 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '21.0.1' } + let(:version) { '22.0.0' } case facts[:osfamily] when %r{RedHat} diff --git a/spec/defines/freeipa_user_provider_spec.rb b/spec/defines/freeipa_user_provider_spec.rb index 6cc58f07..0b8ec158 100644 --- a/spec/defines/freeipa_user_provider_spec.rb +++ b/spec/defines/freeipa_user_provider_spec.rb @@ -31,7 +31,7 @@ rdn_ldap_attribute: 'uid', search_scope: '1', use_kerberos_for_password_authentication: 'false', - use_truststore_spi: 'ldapsOnly', + use_truststore_spi: 'always', user_object_classes: ['inetOrgPerson', ' organizationalPerson'], username_ldap_attribute: 'uid', users_dn: 'cn=users,cn=accounts,dc=example,dc=org', diff --git a/spec/defines/partial_import_spec.rb b/spec/defines/partial_import_spec.rb index bdacf5cd..f20c3daf 100644 --- a/spec/defines/partial_import_spec.rb +++ b/spec/defines/partial_import_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '21.0.1' } + let(:version) { '22.0.0' } let(:title) { 'test' } let(:params) do { diff --git a/spec/defines/spi_deployment_spec.rb b/spec/defines/spi_deployment_spec.rb index d479e681..4a5e2c0b 100644 --- a/spec/defines/spi_deployment_spec.rb +++ b/spec/defines/spi_deployment_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '21.0.1' } + let(:version) { '22.0.0' } let(:title) { 'duo-spi' } let(:params) { { deployed_name: 'keycloak-duo-spi-jar-with-dependencies.jar', source: 'https://example.com/files/keycloak-duo-spi-jar-with-dependencies.jar' } } diff --git a/spec/fixtures/DuoUniversalKeycloakAuthenticator-jar-with-dependencies.jar b/spec/fixtures/DuoUniversalKeycloakAuthenticator-jar-with-dependencies.jar index 5c8b383f..147355a3 100644 Binary files a/spec/fixtures/DuoUniversalKeycloakAuthenticator-jar-with-dependencies.jar and b/spec/fixtures/DuoUniversalKeycloakAuthenticator-jar-with-dependencies.jar differ diff --git a/spec/spec_helper_acceptance_setup.rb b/spec/spec_helper_acceptance_setup.rb index 7c3bce4e..7c289958 100644 --- a/spec/spec_helper_acceptance_setup.rb +++ b/spec/spec_helper_acceptance_setup.rb @@ -3,7 +3,7 @@ RSpec.configure do |c| c.add_setting :keycloak_version keycloak_version = if ENV['BEAKER_keycloak_version'].nil? || ENV['BEAKER_keycloak_version'].empty? - '21.0.1' + '22.0.0' else ENV['BEAKER_keycloak_version'] end @@ -28,26 +28,17 @@ - name: "Common" path: "common.yaml" HIERA_YAML -centos7_yaml = <<-EL7_YAML -postgresql::server::service_reload: 'systemctl reload postgresql 2>/dev/null 1>/dev/null' -EL7_YAML -ubuntu1804_yaml = <<-UBUNTU18_YAML -keycloak::db: mysql -UBUNTU18_YAML common_yaml = <<-COMMON_YAML --- keycloak::version: '#{RSpec.configuration.keycloak_version}' keycloak::http_host: '127.0.0.1' keycloak::db: mariadb keycloak::proxy: edge +# Force only listen on IPv4 for testing +keycloak::java_opts: '-Djava.net.preferIPv4Stack=true' postgresql::server::service_status: 'service postgresql status 2>/dev/null 1>/dev/null' COMMON_YAML create_remote_file(hosts, '/etc/puppetlabs/puppet/hiera.yaml', hiera_yaml) on hosts, 'mkdir -p /etc/puppetlabs/puppet/data' create_remote_file(hosts, '/etc/puppetlabs/puppet/data/common.yaml', common_yaml) -on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/CentOS' -create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/CentOS/7.yaml', centos7_yaml) -on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/Ubuntu' -create_remote_file(hosts, '/etc/puppetlabs/puppet/data/os/Ubuntu/18.04.yaml', ubuntu1804_yaml) -on hosts, 'mkdir -p /etc/puppetlabs/puppet/data/os/Debian' diff --git a/spec/unit/puppet/type/keycloak_ldap_user_provider_spec.rb b/spec/unit/puppet/type/keycloak_ldap_user_provider_spec.rb index 0f2c7e18..66ed428b 100644 --- a/spec/unit/puppet/type/keycloak_ldap_user_provider_spec.rb +++ b/spec/unit/puppet/type/keycloak_ldap_user_provider_spec.rb @@ -79,8 +79,8 @@ }.to raise_error(%r{foo}) end - it 'defaults to use_truststore_spi=ldapsOnly' do - expect(resource[:use_truststore_spi]).to eq('ldapsOnly') + it 'defaults to use_truststore_spi=always' do + expect(resource[:use_truststore_spi]).to eq('always') end it 'does not allow invalid use_truststore_spi' do