ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-03-21 20:59:10 +00:00
Code Activity
community.general/changelogs/fragments
History
Ivan Kokalovic 80d21f2a0d
keycloak_realm_key: add full support for all Keycloak key providers (#11468) 
* feat(keycloak_realm_key): add support for auto-generated key providers

Add support for Keycloak's auto-generated key providers where Keycloak
manages the key material automatically:

- rsa-generated: Auto-generates RSA signing keys
- hmac-generated: Auto-generates HMAC signing keys
- aes-generated: Auto-generates AES encryption keys
- ecdsa-generated: Auto-generates ECDSA signing keys

New algorithms:
- HMAC: HS256, HS384, HS512
- ECDSA: ES256, ES384, ES512
- AES: AES (no algorithm parameter needed)

New config options:
- secret_size: For HMAC/AES providers (key size in bytes)
- key_size: For RSA-generated provider (key size in bits)
- elliptic_curve: For ECDSA-generated provider (P-256, P-384, P-521)

Changes:
- Make private_key/certificate optional (only required for rsa/rsa-enc)
- Add provider-algorithm validation with clear error messages
- Fix KeyError when managing default realm keys (issue #11459)
- Maintain backward compatibility: RS256 default works for rsa/rsa-generated

Fixes: #11459

* fix: address sanity test failures

- Add 'default: RS256' to algorithm documentation to match spec
- Add no_log=True to secret_size parameter per sanity check

* feat(keycloak_realm_key): extend support for all Keycloak key providers

Add support for remaining auto-generated key providers:
- rsa-enc-generated (RSA encryption keys with RSA1_5, RSA-OAEP, RSA-OAEP-256)
- ecdh-generated (ECDH key exchange with ECDH_ES, ECDH_ES_A128KW/A192KW/A256KW)
- eddsa-generated (EdDSA signing with Ed25519, Ed448 curves)

Changes:
- Add provider-specific elliptic curve config key mapping
  (ecdsaEllipticCurveKey, ecdhEllipticCurveKey, eddsaEllipticCurveKey)
- Add PROVIDERS_WITHOUT_ALGORITHM constant for providers that don't need algorithm
- Add elliptic curve validation per provider type
- Update documentation with all supported algorithms and examples
- Add comprehensive integration tests for all new providers

This completes full coverage of all Keycloak key provider types.

* style: apply ruff formatting

* feat(keycloak_realm_key): add java-keystore provider and update_password

Add support for java-keystore provider to import keys from Java
Keystore (JKS or PKCS12) files on the Keycloak server filesystem.

Add update_password parameter to control password handling for
java-keystore provider:
- always (default): Always send passwords to Keycloak
- on_create: Only send passwords when creating, preserve existing
  passwords when updating (enables idempotent playbooks)

The on_create mode sends the masked value ("**********") that Keycloak
recognizes as "preserve existing password", matching the behavior when
re-importing an exported realm.

Replace password_checksum with update_password - the checksum approach
was complex and error-prone. The update_password parameter is simpler
and follows the pattern used by ansible.builtin.user module.

Also adds key_info return value containing kid, certificate fingerprint,
status, and expiration for java-keystore keys.

* address PR review feedback

- Remove no_log=True from secret_size (just an int, not sensitive)
- Add version_added: 12.4.0 to new parameters and return values
- Remove "Added in community.general 12.4.0" from description text
- Consolidate changelog entries into 4 focused entries
- Remove bugfix from changelog (now in separate PR #11470)

* address review feedback from russoz and felixfontein

- remove docstrings from module-local helpers
- remove line-by-line comments and unnecessary null guard
- use specific exceptions instead of bare except Exception
- use module.params["key"] instead of .get("key")
- consolidate changelog into single entry
- avoid "complete set" claim, reference Keycloak 26 instead

* address round 2 review feedback

- Extract remove_sensitive_config_keys() helper (DRY refactor)
- Simplify RS256 validation to single code path
- Add TypeError to inner except in compute_certificate_fingerprint()
- Remove redundant comments (L812, L1031)
- Switch .get() to direct dict access for module.params
2026-02-18 07:48:37 +01:00
..
.keep Rename changelogs/fragments/.empty -> changelogs/fragments/.keep 2020-08-07 08:17:57 +02:00
5117-maven-artifact-snapshot-resolution.yml maven_artifact: resolve SNAPSHOT to latest using snapshot metadata block (#11501) 2026-02-14 21:03:00 +01:00
11029-extra-whitespace.yml remove extraneous whitespaces (#11029) 2025-11-05 22:27:33 +01:00
11030-wsl-typing.yml Fix typing failure in CI (#11030) 2025-11-05 21:49:32 +01:00
11031-tss-lookup-delinea-rebranding.yml Update TSS lookup plugin documentation and add Delinea Platform authentication examples (#11031) 2025-11-10 06:31:37 +01:00
11043-ruff-check.yml Address issues reported by ruff check (#11043) 2025-11-08 17:05:21 +13:00
11045-check-cobbler-version.yml Use Cobbler API version format to check version (#11045) 2025-11-12 06:47:07 +01:00
11046-locale-gen-usrlocal.yml locale_gen: search for available locales in /usr/local as well (#11046) 2025-11-16 11:17:08 +13:00
11048-py3-cond.yml remove conditional code for old snakes (#11048) 2025-11-08 17:21:46 +01:00
11049-ruff-check.yml Improve Python code: address unused variables (#11049) 2025-11-09 08:14:35 +01:00
11052-dnsimple-info-improves.yml dnsimple_info: minor improvements (#11052) 2025-11-09 18:02:29 +01:00
11054-zfs-facts-checkrc.yml zfs_facts: use check_rc (#11054) 2025-11-09 08:14:56 +01:00
11069-deprecate-spotinst.yml spotinst_aws_elastigroup: deprecation (#11069) 2025-11-11 19:21:51 +13:00
11070-deprecate-layman.yml layman: deprecation (#11070) 2025-11-11 18:12:22 +13:00
11072-opendj-checkrc.yml opendj_backendprop: use check_rc (#11072) 2025-11-10 19:36:21 +13:00
11076-irc-true.yml irc: use True instead of 1 (#11076) 2025-11-10 19:29:06 +13:00
11078-py2-ssl.yml discard Python 2 ssl handling (#11078) 2025-11-10 21:12:17 +01:00
11087-deprecate-swupd.yml swupd: deprecation (#11087) 2025-11-11 18:48:42 +13:00
11088-deprecate-dconf-fallback.yml dconf: deprecate fallback mechanism (#11088) 2025-11-11 18:03:59 +13:00
11093-yum-versionlock-to-native.yml yum_versionlock: remove to_native() around command output (#11093) 2025-11-11 19:10:10 +13:00
11095-raise-from.yml Use raise from in plugins (#11095) 2025-11-12 20:34:26 +01:00
11097-raise-from.yml Use raise from in modules (#11097) 2025-11-12 21:00:17 +01:00
11098-tonative-1.yml replace batch of redundant to_native() occurrences (#11098) 2025-11-11 19:10:00 +13:00
11102-tonative-2.yml replace batch of redundant to_native() occurrences (#11102) 2025-11-12 21:42:19 +01:00
11104-tonative-3.yml replace batch of redundant to_native()/to_text() occurrences (#11104) 2025-11-12 21:42:37 +01:00
11105-tonative-4.yml replace batch of redundant to_native()/to_text() occurrences (#11105) 2025-11-12 21:42:52 +01:00
11106-tonative-5.yml replace batch of redundant to_native()/to_text() occurrences (#11106) 2025-11-12 21:43:14 +01:00
11107-extend-merge-variables-failure-message.yml Extend failure message for merge_variables type detection (#11107) 2025-11-16 13:31:07 +01:00
11110-tonative-6.yml replace batch 6 of redundant to_native()/to_text() occurrences (#11110) 2025-11-12 21:43:39 +01:00
11112-tonative-7.yml replace redundant to_native()/to_text() occurrences, batch 7 (#11112) 2025-11-13 10:38:29 +13:00
11114-nmcli-idempotency.yml nmcli idempotency connection check (#11114) 2026-01-20 22:08:47 +01:00
11115-ruff-cases-1.yml fix ruff case B007 (#11115) 2025-11-12 21:06:14 +01:00
11119-ruff-cases-2.yml fix ruff case SIM103 (#11119) 2025-11-12 21:12:47 +01:00
11121-ruff-cases-3.yml fix ruff case E721 (#11121) 2025-11-12 21:14:04 +01:00
11122-yield-from-ignore.yml remove ignore lines for Python 2 (#11122) 2025-11-12 21:14:51 +01:00
11143-tonative-8.yml replace redundant to_native()/to_text() occurrences, batch 8 (#11143) 2025-11-16 11:18:17 +13:00
11144-xcc-redfish-command-listkeys.yml xcc_redfish_command: fix messages showing dict keys (#11144) 2025-11-16 11:07:56 +13:00
11145-ruff-cases-4.yml fix ruff case B015 (#11145) 2025-11-13 06:23:30 +01:00
11148-snmp-facts-improve.yml snmp_facts: improvements (#11148) 2025-11-23 13:17:11 +01:00
11149-rv-exception.yml fix return value exception (#11149) 2025-11-18 20:07:26 +13:00
11167-typing.yml Add type hints to action and test plugins and to plugin utils; fix some bugs, and improve input validation (#11167) 2025-11-22 22:52:21 +01:00
11168-homebrew_service.yml Address UP014: use NamedTuple class syntax (#11168) 2025-11-21 18:19:36 +01:00
11172-zfs-changed-extra-props.yml zfs: mark change correctly when updating properties whose current value differs, even if they already have a non-default value (Fixes #11019) (#11172) 2025-11-30 14:51:14 +01:00
11174-gitlab-runner-timeout.yml Allow None value maximum_timeout for gitlab_runner (#11174) 2025-11-25 21:58:14 +01:00
11179-mas-list-parsing.yml mas: Fix parsing on mas 3.0.0+. (#11179) 2025-11-24 21:32:16 +01:00
11182-vxlan-parent-bridging.yml nmcli: allow VxLan multicast and bridge port (#11182) 2025-12-02 21:34:34 +01:00
11189-ruff-cases-6.yml fix ruff case UP030 (#11189) 2025-11-23 08:37:41 +01:00
11190-ruff-cases-7.yml fix ruff case SIM112 (#11190) 2025-11-23 08:37:12 +01:00
11192-solaris-zone-os-system.yml solaris_zone: replace os.system() with run_command() (#11192) 2025-11-25 09:07:25 +13:00
11193-onepassword-info-popen.yml onepassword_info: replace subprocess.Popen() with run_command() (#11193) 2025-11-25 09:11:24 +13:00
11197-keycloak-realm-webauthnpolicypasswordlesspasskeysenabled.yml keycloak_realm: add webAuthnPolicyPasswordlessPasskeysEnabled param (#11197) 2025-11-29 15:20:34 +01:00
11199-incus-windows.yml Added support for Windows VM with Incus connection. (#11199) 2025-11-29 15:18:02 +01:00
11204-lxc-container-popen.yml lxc_container: replace subprocess.Popen() with run_command() (#11204) 2025-12-29 11:47:26 +01:00
11205-module_utils.yml Deprecate unused module utils (#11205) 2025-11-25 06:50:06 +01:00
11206-datetime.yml Fix crash in module_utils.datetime.fromtimestamp() (#11206) 2025-11-25 06:49:32 +01:00
11215-ruff-cases-8.yml fix ruff case SIM110 (#11215) 2025-11-26 09:47:50 +13:00
11222-typing.yml Add basic typing for module_utils (#11222) 2025-12-01 20:40:06 +01:00
11223-ruff-cases-9.yml fix ruff case UP031 (#11223) 2025-11-29 08:28:22 +01:00
11224-deprecate-pushbullet.yml pushbullet: deprecation (#11224) 2025-11-27 21:49:28 +13:00
11229-fstr-mishaps.yml fix couple of f-string mishaps (#11229) 2025-11-30 08:27:13 +01:00
11231-perc-format.yml remove % templating (#11231) 2025-12-01 06:46:50 +01:00
11232-mount.yml Remove no longer needed _mount module util (#11232) 2025-12-01 06:42:13 +01:00
11240-btrfs-run-command.yml btrfs module utils: pass command as list to run_command() (#11240) 2025-12-03 00:08:41 +13:00
11242-deps-enum.yml deps module util: use Enum to represent states (#11242) 2025-12-03 00:07:46 +13:00
11245-monit-enum.yml monit: use enum (#11245) 2025-12-02 21:54:50 +01:00
11255-monit-integrationtests.yml monit: investigating tests again - using copilot on this one (#11255) 2025-12-10 13:29:32 +01:00
11256-fix-keycloak-roles-mapping.yml keycloak_user_rolemapping: fix: failling to assign role to user (#11256) 2025-12-06 13:41:40 +01:00
11258-iptables_state.yml iptables_state: get rid of temporary files (#11258) 2025-12-06 13:40:59 +01:00
11260-keycloak-realm-crash-when-no-realms.yml fix(sanitize_cr): avoid crash when realmrep is empty (#11260) 2025-12-08 22:51:02 +01:00
11265-fix-apk-3.yml apk: fix packages return value for apk-tools >= 3 (fix #11264) (#11265) 2025-12-10 13:29:41 +01:00
11285-extended-keycloak-user-profile-validations.yml Add support for missing validations in keycloak_userprofile (#11285) 2025-12-22 09:40:26 +01:00
11301-idrac-info-multi-manager.yml Add support for multiple managers to get_manager_attributes command in idrac_redfish_info module (#11301) 2026-01-02 17:58:49 +01:00
11308-wsl-shell-type.yml Add option for wsl_shell_type, protect wsl.exe arguments if SSH shell is Powershell (#11308) 2026-01-16 21:07:11 +01:00
11309-keycloak-userprofile-selector-option.yml keycloak_userprofile: Add missing selector option (#11309) 2025-12-28 09:30:56 +01:00
11311-scaleway-scw-profile-var.yml Adding support for the Scaleway SCW_PROFILE environment variable. (#11311) 2025-12-28 21:03:20 +01:00
11314-scaleway-scw-profile-var-modules.yml Adding scw_profile parameter to Scaleway module utilities. (#11314) 2025-12-28 21:03:55 +01:00
11322-handle-redfish-settings-in-setbootoverride.yml Handle @Redfish.Settings when setting ComputerSystem boot attributes (#11322) 2026-01-22 21:38:18 +01:00
11323-lxc-container-tempdir.yml lxc_container: use tempfile.TemporaryDirectory (#11323) 2025-12-25 08:18:19 +01:00
11340-cronvar-simplify-exc.yml cronvar: simplify exception raise - remove import sys (#11340) 2025-12-30 16:09:24 +01:00
11341-pyupgrade-1.yml batch 1 - update Python idiom to 3.7 using pyupgrade (#11341) 2025-12-30 16:15:24 +01:00
11343-pyupgrade-3.yml batch 3 - update Python idiom to 3.7 using pyupgrade (#11343) 2025-12-30 22:18:52 +01:00
11344-pyupgrade-4.yml batch 4 - update Python idiom to 3.7 using pyupgrade (#11344) 2025-12-30 16:15:48 +01:00
11346-incus-readability.yml incus conn plugin: improve readability (was ruff: set target-python 3.7) (#11346) 2025-12-31 11:27:49 +13:00
11347-incus-regex.yml incus connection: fix regex (#11347) 2026-01-09 21:07:31 +01:00
11366-scaleway-sg-project-param.yml Adding 'project' parameter support for the Scaleway SG module. (#11366) 2026-01-25 21:12:19 +01:00
11368-scaleway-ip-project-param.yml Adding 'project' parameter to Scaleway IP module. (#11368) 2026-01-25 21:12:06 +01:00
11376-netcup-dns-diff-mode.yml Support diff mode for netcup-dns module (#11376) 2026-01-03 17:53:12 +01:00
11377-cloudflare_dns-caa.yml cloudflare_dns: also allow 128 as a value for flag (#11377) 2026-01-05 18:04:21 +01:00
11388-pmem-redundant-regexps.yml pmem: remove redundant use of regexp (#11388) 2026-01-07 20:40:37 +01:00
11390-slackpkg-query.yml slackpkg: simplify function query_package() (#11390) 2026-01-06 18:20:02 +01:00
11391-ruff-cases-11.yml fix ruff cases UP024,UP041 (#11391) 2026-01-06 17:29:44 +01:00
11396-in-def-imports.yml move imports from functions to the top of the file (#11396) 2026-01-07 21:23:03 +01:00
11413-nmcli-routing-rules6.yml feat(nmcli): Add support for IPv6 routing rules (#11413) 2026-01-16 21:05:43 +01:00
11425-nsupdate-gss-tsig.yml nsupdate: add server FQDN and GSS-TSIG support (#11425) 2026-01-22 06:42:23 +01:00
11430-fix-keycloak-client-diff-for-flow-overrides.yml keycloak_client: fix diff for keycloak client auth flow overrides (#11455) 2026-02-07 16:20:38 +01:00
11440-logstash-plugin-fix-version-argument-order.yml Logstash plugin version fix (#11440) 2026-01-26 06:17:23 +01:00
11442-gem-module-ruby-4.yml fix gem module compatibility with ruby-4-rubygems (#11442) 2026-01-26 17:16:44 +01:00
11443-fix-keycloak-client-diff-for-null-attributes.yml keycloak_client: 11443: Fix false change detection for null client attributes (#11444) 2026-01-26 17:16:33 +01:00
11453-keycloak-client-protocol-mapper-ids.yml keycloak_client: remove id's as change from diff for protocol mappers (#11454) 2026-02-05 17:20:51 +01:00
11486-seport-dccp-sctp.yaml seport: Add support for dccp and sctp protocols (#11486) 2026-02-14 21:03:59 +01:00
11488-mh-ensure-compatibiliy-with-module-tests.yml ModuleHelper: ensure compatibility with ModuleTestCase (#11488) 2026-02-18 07:08:49 +01:00
11492-python_requires_info.yml python_requirements_info: use importlib.metadata when available (#11495) 2026-02-10 22:44:06 +01:00
11503-keycloak-group-search-optimization.yml keycloak module utils: group search optimization (#11503) 2026-02-14 21:06:28 +01:00
11504-redfish-info-add-results-to-return.yml Update check_availability_service to return data instead of boolean (#11504) 2026-02-14 21:05:57 +01:00
filesystem-xfs-resize-slack.yml filesystem: xfs resize: minimal required increment (#11033) 2025-11-07 21:27:50 +01:00
fix-nsupdate-keyring.yml nsupdate: fix missing keyring initialization without TSIG auth (#11461) 2026-02-18 06:48:49 +01:00
keycloak-client-add-missing-fields.yml keycloak_client: add valid_post_logout_redirect_uris and backchannel_logout_url (#11473) 2026-02-07 16:19:29 +01:00
keycloak-realm-key-generated-providers.yml keycloak_realm_key: add full support for all Keycloak key providers (#11468) 2026-02-18 07:48:37 +01:00
keycloak-realm-key-keyerror-bugfix.yml keycloak_realm_key: handle missing config fields for default keys (#11470) 2026-02-07 16:21:32 +01:00
keycloak-url-encode-query-params.yml keycloak: URL-encode query parameters for usernames with special characters (#11472) 2026-02-06 07:10:55 +01:00
listen-ports-facts-return-no-facts.yml fix: listen_ports_facts return no facts when using with podman (#11332) 2025-12-28 21:02:31 +01:00
private.yml Announce making all module utils, plugin utils, and doc fragments private (#11320) 2025-12-23 22:59:38 +01:00