diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e18c699f..25096d87 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -65,26 +65,17 @@ jobs: - "puppet7" - "puppet8" keycloak_version: - - "22.0.0" - - "24.0.3" + - "24.0.5" keycloak_full: - "no" include: - set: "el8" puppet: "puppet7" - keycloak_version: "22.0.0" + keycloak_version: "24.0.5" keycloak_full: "yes" - set: "el8" puppet: "puppet8" - keycloak_version: "22.0.0" - keycloak_full: "yes" - - set: "el8" - puppet: "puppet7" - keycloak_version: "24.0.3" - keycloak_full: "yes" - - set: "el8" - puppet: "puppet8" - keycloak_version: "24.0.3" + keycloak_version: "24.0.5" keycloak_full: "yes" env: BUNDLE_WITHOUT: development:release diff --git a/.sync.yml b/.sync.yml index 433d3eec..20823fdc 100644 --- a/.sync.yml +++ b/.sync.yml @@ -25,25 +25,16 @@ Rakefile: - puppet7 - puppet8 keycloak_version: - - '22.0.0' - - '24.0.3' + - '24.0.5' keycloak_full: ['no'] acceptance_includes: - set: el8 puppet: puppet7 - keycloak_version: '22.0.0' + keycloak_version: '24.0.5' keycloak_full: 'yes' - set: el8 puppet: puppet8 - keycloak_version: '22.0.0' - keycloak_full: 'yes' - - set: el8 - puppet: puppet7 - keycloak_version: '24.0.3' - keycloak_full: 'yes' - - set: el8 - puppet: puppet8 - keycloak_version: '24.0.3' + keycloak_version: '24.0.5' keycloak_full: 'yes' .gitignore: paths: diff --git a/README.md b/README.md index 9a971a23..de09ee6d 100644 --- a/README.md +++ b/README.md @@ -162,11 +162,11 @@ For `keycloak_ldap_mapper` ensure the `parent_id` property is set to point to ol ### Supported Versions of Keycloak -Currently this module supports Keycloak version 12.x. +Currently this module supports Keycloak version 24.x. This module may work on earlier versions but this is the only version tested. | Keycloak Version | Keycloak Puppet module versions | -| ---------------- | ------------------------------- | +|------------------|---------------------------------| | 3.x | 2.x | | 4.x - 6.x | 3.x | | 6.x - 8.x | 4.x - 5.x | @@ -176,6 +176,8 @@ This module may work on earlier versions but this is the only version tested. | 19.x - 21.x | 9.x | | 21.x | 10.x | | 22.x - 24.x | 11.x | +| 24.x | 12.x | +| -----------------|---------------------------------| ## Usage @@ -191,18 +193,18 @@ Install a specific version of Keycloak. ```puppet class { 'keycloak': - version => '22.0.0', + version => '24.0.0', db => 'mariadb', } ``` Upgrading Keycloak version works by changing `version` parameter as long as the `db` parameter is not the default of `dev-file`. An upgrade involves installing the new version without touching the old version, updating the symlink which defaults to `/opt/keycloak`, applying all changes to new version and then restarting the `keycloak` service. -If the previous `version` was `22.0.0` using the following will upgrade to `23.0.0`: +If the previous `version` was `22.0.0` using the following will upgrade to `24.0.0`: ```puppet class { 'keycloak': - version => '23.0.0', + version => '24.0.0', db => 'mariadb', } ``` diff --git a/lib/puppet/type/keycloak_realm.rb b/lib/puppet/type/keycloak_realm.rb index 5a151779..c5da2921 100644 --- a/lib/puppet/type/keycloak_realm.rb +++ b/lib/puppet/type/keycloak_realm.rb @@ -488,6 +488,11 @@ def insync?(is) defaultto [] end + newproperty(:web_authn_policy_extra_origins, array_matching: :all, parent: PuppetX::Keycloak::ArrayProperty) do + desc 'webAuthnPolicyExtraOrigins' + defaultto [] + end + newproperty(:web_authn_policy_passwordless_rp_entity_name) do desc 'webAuthnPolicyPasswordlessRpEntityName' defaultto 'keycloak' @@ -543,6 +548,11 @@ def insync?(is) defaultto [] end + newproperty(:web_authn_policy_passwordless_extra_origins, array_matching: :all, parent: PuppetX::Keycloak::ArrayProperty) do + desc 'webAuthnPolicyPasswordlessExtraOrigins' + defaultto [] + end + newproperty(:custom_properties) do desc 'custom properties to pass as realm configurations' defaultto {} diff --git a/manifests/init.pp b/manifests/init.pp index ed96f9ea..ed5c6d87 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -222,7 +222,7 @@ # Only necessary to set if the URL path to Keycloak is modified class keycloak ( Boolean $manage_install = true, - String $version = '22.0.0', + String $version = '24.0.5', Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl, Stdlib::Absolutepath]] $package_url= undef, Optional[Stdlib::Absolutepath] $install_dir = undef, Array[String[1]] $java_package_dependencies = [], diff --git a/spec/acceptance/2_realm_spec.rb b/spec/acceptance/2_realm_spec.rb index d06b4185..26d6a21b 100644 --- a/spec/acceptance/2_realm_spec.rb +++ b/spec/acceptance/2_realm_spec.rb @@ -239,6 +239,7 @@ class { 'keycloak': } web_authn_policy_create_timeout => 600, web_authn_policy_avoid_same_authenticator_register => true, web_authn_policy_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], + web_authn_policy_extra_origins => ['https://example.com'], web_authn_policy_passwordless_rp_entity_name => 'Keycloak', web_authn_policy_passwordless_signature_algorithms => ['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512'], web_authn_policy_passwordless_rp_id => 'https://example.com', @@ -249,6 +250,7 @@ class { 'keycloak': } web_authn_policy_passwordless_create_timeout => 600, web_authn_policy_passwordless_avoid_same_authenticator_register => true, web_authn_policy_passwordless_acceptable_aaguids => ['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1'], + web_authn_policy_passwordless_extra_origins => ['https://example.com'], } PUPPET_PP @@ -321,6 +323,7 @@ class { 'keycloak': } expect(data['webAuthnPolicyCreateTimeout']).to eq(600) expect(data['webAuthnPolicyAvoidSameAuthenticatorRegister']).to eq(true) expect(data['webAuthnPolicyAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) + expect(data['webAuthnPolicyExtraOrigins']).to eq(['https://example.com']) expect(data['webAuthnPolicyPasswordlessRpEntityName']).to eq('Keycloak') expect(data['webAuthnPolicyPasswordlessSignatureAlgorithms']).to eq(['ES256', 'ES384', 'ES512', 'RS256', 'RS384', 'RS512']) expect(data['webAuthnPolicyPasswordlessRpId']).to eq('https://example.com') @@ -331,6 +334,7 @@ class { 'keycloak': } expect(data['webAuthnPolicyPasswordlessCreateTimeout']).to eq(600) expect(data['webAuthnPolicyPasswordlessAvoidSameAuthenticatorRegister']).to eq(true) expect(data['webAuthnPolicyPasswordlessAcceptableAaguids']).to eq(['d1d1d1d1-d1d1-d1d1-d1d1-d1d1d1d1d1d1']) + expect(data['webAuthnPolicyPasswordlessExtraOrigins']).to eq(['https://example.com']) end end diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 85328ba6..32d1b8ca 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '22.0.0' } + let(:version) { '24.0.5' } case facts[:osfamily] when %r{RedHat} diff --git a/spec/defines/partial_import_spec.rb b/spec/defines/partial_import_spec.rb index b1e9c470..6655c583 100644 --- a/spec/defines/partial_import_spec.rb +++ b/spec/defines/partial_import_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '22.0.0' } + let(:version) { '24.0.5' } let(:title) { 'test' } let(:params) do { diff --git a/spec/defines/spi_deployment_spec.rb b/spec/defines/spi_deployment_spec.rb index e91ad633..a0d9419d 100644 --- a/spec/defines/spi_deployment_spec.rb +++ b/spec/defines/spi_deployment_spec.rb @@ -8,7 +8,7 @@ let(:facts) do facts.merge(concat_basedir: '/dne') end - let(:version) { '22.0.0' } + let(:version) { '24.0.5' } let(:title) { 'duo-spi' } let(:params) { { deployed_name: 'keycloak-duo-spi-jar-with-dependencies.jar', source: 'https://example.com/files/keycloak-duo-spi-jar-with-dependencies.jar' } } diff --git a/spec/spec_helper_acceptance_setup.rb b/spec/spec_helper_acceptance_setup.rb index 7c289958..396509c3 100644 --- a/spec/spec_helper_acceptance_setup.rb +++ b/spec/spec_helper_acceptance_setup.rb @@ -3,7 +3,7 @@ RSpec.configure do |c| c.add_setting :keycloak_version keycloak_version = if ENV['BEAKER_keycloak_version'].nil? || ENV['BEAKER_keycloak_version'].empty? - '22.0.0' + '24.0.5' else ENV['BEAKER_keycloak_version'] end diff --git a/spec/unit/puppet/type/keycloak_realm_spec.rb b/spec/unit/puppet/type/keycloak_realm_spec.rb index 42a48eba..dca25314 100644 --- a/spec/unit/puppet/type/keycloak_realm_spec.rb +++ b/spec/unit/puppet/type/keycloak_realm_spec.rb @@ -82,6 +82,7 @@ web_authn_policy_create_timeout: 0, web_authn_policy_avoid_same_authenticator_register: :false, web_authn_policy_acceptable_aaguids: [], + web_authn_policy_extra_origins: [], web_authn_policy_passwordless_rp_entity_name: 'keycloak', web_authn_policy_passwordless_signature_algorithms: ['ES256'], web_authn_policy_passwordless_rp_id: '', @@ -91,7 +92,8 @@ web_authn_policy_passwordless_user_verification_requirement: 'not specified', web_authn_policy_passwordless_create_timeout: 0, web_authn_policy_passwordless_avoid_same_authenticator_register: :false, - web_authn_policy_passwordless_acceptable_aaguids: [] + web_authn_policy_passwordless_acceptable_aaguids: [], + web_authn_policy_passwordless_extra_origins: [] } describe 'otp_policy_digits' do @@ -348,8 +350,10 @@ :roles, :web_authn_policy_signature_algorithms, :web_authn_policy_acceptable_aaguids, + :web_authn_policy_extra_origins, :web_authn_policy_passwordless_signature_algorithms, - :web_authn_policy_passwordless_acceptable_aaguids + :web_authn_policy_passwordless_acceptable_aaguids, + :web_authn_policy_passwordless_extra_origins ].each do |p| it "accepts array for #{p}" do config[p] = ['foo', 'bar']