diff --git a/CHANGELOG.md b/CHANGELOG.md index 3a3423a..a43a009 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,667 +1,675 @@ # Change log All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v6.25.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.25.0) (2020-12-30) + +[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.24.0...v6.25.0) + +### Added + +- Add client\_protocol\_mappers parameter [\#177](https://github.com/treydock/puppet-module-keycloak/pull/177) ([treydock](https://github.com/treydock)) + ## [v6.24.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.24.0) (2020-12-22) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.23.0...v6.24.0) ### Added - Support Keycloak 12 [\#176](https://github.com/treydock/puppet-module-keycloak/pull/176) ([treydock](https://github.com/treydock)) ## [v6.23.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.23.0) (2020-12-08) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.22.0...v6.23.0) ### Added - Support saml-group-membership-mapper [\#171](https://github.com/treydock/puppet-module-keycloak/pull/171) ([mattock](https://github.com/mattock)) - Add convenience define for setting up FreeIPA LDAP mappers [\#170](https://github.com/treydock/puppet-module-keycloak/pull/170) ([mattock](https://github.com/mattock)) - PDK Update - Use Github Actions [\#169](https://github.com/treydock/puppet-module-keycloak/pull/169) ([treydock](https://github.com/treydock)) - Add convenience wrapper for setting up FreeIPA ldap user providers [\#135](https://github.com/treydock/puppet-module-keycloak/pull/135) ([mattock](https://github.com/mattock)) ### Fixed - Fix puppet-lint warning [\#172](https://github.com/treydock/puppet-module-keycloak/pull/172) ([mattock](https://github.com/mattock)) ## [v6.22.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.22.0) (2020-11-23) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.21.0...v6.22.0) ### Added - Support realm remember\_me parameters [\#168](https://github.com/treydock/puppet-module-keycloak/pull/168) ([mattock](https://github.com/mattock)) ### Fixed - Vagrant: install puppetlabs-concat during provisioning [\#167](https://github.com/treydock/puppet-module-keycloak/pull/167) ([mattock](https://github.com/mattock)) ## [v6.21.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.21.0) (2020-10-30) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.20.0...v6.21.0) ### Added - Fixing wrong filename in module.xml for datasource oracle [\#153](https://github.com/treydock/puppet-module-keycloak/pull/153) ([zaeh](https://github.com/zaeh)) ## [v6.20.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.20.0) (2020-10-27) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.19.0...v6.20.0) ### Added - add oidc-usermodel-attribute-mapper [\#166](https://github.com/treydock/puppet-module-keycloak/pull/166) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) - Support oidc-usermodel-client-role-mapper type in client protocol mapper [\#165](https://github.com/treydock/puppet-module-keycloak/pull/165) ([mattock](https://github.com/mattock)) ## [v6.19.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.19.0) (2020-10-07) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.18.0...v6.19.0) ### Added - Enable roles management at realm and client level [\#164](https://github.com/treydock/puppet-module-keycloak/pull/164) ([anlambert](https://github.com/anlambert)) - Add more realm login related properties [\#163](https://github.com/treydock/puppet-module-keycloak/pull/163) ([anlambert](https://github.com/anlambert)) ## [v6.18.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.18.0) (2020-09-25) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.17.0...v6.18.0) ### Added - Support flow overrides on clients [\#161](https://github.com/treydock/puppet-module-keycloak/pull/161) ([treydock](https://github.com/treydock)) - Add registration\_allowed to keycloak\_realm [\#160](https://github.com/treydock/puppet-module-keycloak/pull/160) ([anlambert](https://github.com/anlambert)) - Have realms and identity providers auto require their configured flows [\#159](https://github.com/treydock/puppet-module-keycloak/pull/159) ([treydock](https://github.com/treydock)) ### Fixed - Realm can not depend on flow that depends on realm [\#162](https://github.com/treydock/puppet-module-keycloak/pull/162) ([treydock](https://github.com/treydock)) ## [v6.17.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.17.0) (2020-09-24) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.16.0...v6.17.0) ### Added - Improved unit and acceptance tests for recent changes [\#158](https://github.com/treydock/puppet-module-keycloak/pull/158) ([treydock](https://github.com/treydock)) - add bruteForceProtected [\#157](https://github.com/treydock/puppet-module-keycloak/pull/157) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) - add trustEmail [\#156](https://github.com/treydock/puppet-module-keycloak/pull/156) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) - add keycloak-oidc providerid and other new parameters [\#155](https://github.com/treydock/puppet-module-keycloak/pull/155) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) ## [v6.16.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.16.0) (2020-08-21) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.15.0...v6.16.0) ### Added - Added a parameter to control if the managed user is a system user [\#152](https://github.com/treydock/puppet-module-keycloak/pull/152) ([ZloeSabo](https://github.com/ZloeSabo)) ## [v6.15.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.15.0) (2020-08-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.14.0...v6.15.0) ### Added - add resources [\#151](https://github.com/treydock/puppet-module-keycloak/pull/151) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) ## [v6.14.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.14.0) (2020-08-11) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.1...v6.14.0) ### Added - add proxy-address-forwarding for https-listener [\#149](https://github.com/treydock/puppet-module-keycloak/pull/149) ([aba-rechsteiner](https://github.com/aba-rechsteiner)) - Add support for required actions [\#148](https://github.com/treydock/puppet-module-keycloak/pull/148) ([ZloeSabo](https://github.com/ZloeSabo)) ## [v6.13.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.1) (2020-08-03) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.0...v6.13.1) ### Fixed - Explicitly specifies what user to use with the admin generation script [\#146](https://github.com/treydock/puppet-module-keycloak/pull/146) ([ZloeSabo](https://github.com/ZloeSabo)) ## [v6.13.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.0) (2020-07-07) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.12.0...v6.13.0) ### Added - Concat custom code fragment to config.cli [\#145](https://github.com/treydock/puppet-module-keycloak/pull/145) ([danifr](https://github.com/danifr)) - Update usage of deprecated function postgresql\_password [\#143](https://github.com/treydock/puppet-module-keycloak/pull/143) ([Karlinde](https://github.com/Karlinde)) ## [v6.12.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.12.0) (2020-07-02) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.11.0...v6.12.0) ### Added - Emit warning if configured theme does not exist [\#140](https://github.com/treydock/puppet-module-keycloak/pull/140) ([treydock](https://github.com/treydock)) - Add support for JGroups JDBC\_PING mode in clustered mode [\#139](https://github.com/treydock/puppet-module-keycloak/pull/139) ([danifr](https://github.com/danifr)) ### UNCATEGORIZED PRS; GO LABEL THEM - Remove outdated line in class documentation [\#137](https://github.com/treydock/puppet-module-keycloak/pull/137) ([danifr](https://github.com/danifr)) ## [v6.11.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.11.0) (2020-05-22) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.10.0...v6.11.0) ### Added - PDK update and test Keycloak 10.0.1 [\#133](https://github.com/treydock/puppet-module-keycloak/pull/133) ([treydock](https://github.com/treydock)) ### UNCATEGORIZED PRS; GO LABEL THEM - Add support for defining smtpServer from realms [\#131](https://github.com/treydock/puppet-module-keycloak/pull/131) ([mattock](https://github.com/mattock)) - Allow enabling/disabling client authorization services [\#127](https://github.com/treydock/puppet-module-keycloak/pull/127) ([mattock](https://github.com/mattock)) ## [v6.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.10.0) (2020-03-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.9.0...v6.10.0) ### Added - Add support and tests for Keycloak 9.0.0 [\#128](https://github.com/treydock/puppet-module-keycloak/pull/128) ([treydock](https://github.com/treydock)) ## [v6.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.9.0) (2020-02-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.8.0...v6.9.0) ### Added - Add access\_token\_lifespan to keycloak\_realm [\#126](https://github.com/treydock/puppet-module-keycloak/pull/126) ([treydock](https://github.com/treydock)) ## [v6.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.8.0) (2020-02-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.7.0...v6.8.0) ### Added - Add access\_code\_lifespan to keycloak\_realm [\#125](https://github.com/treydock/puppet-module-keycloak/pull/125) ([treydock](https://github.com/treydock)) ## [v6.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.7.0) (2020-02-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.6.0...v6.7.0) ### Added - Add sso\_session\_idle\_timeout and sso\_session\_max\_lifespan to keycloak\_realm [\#124](https://github.com/treydock/puppet-module-keycloak/pull/124) ([treydock](https://github.com/treydock)) ## [v6.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.6.0) (2020-02-10) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.5.0...v6.6.0) ### Added - Support oidc-audience-mapper protocol mapper [\#122](https://github.com/treydock/puppet-module-keycloak/pull/122) ([treydock](https://github.com/treydock)) ## [v6.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.5.0) (2020-02-07) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.1...v6.5.0) ### Added - Add root\_url and base\_url properties to keycloak\_client [\#121](https://github.com/treydock/puppet-module-keycloak/pull/121) ([treydock](https://github.com/treydock)) - Allow enabling/disabling realm internationalization [\#119](https://github.com/treydock/puppet-module-keycloak/pull/119) ([mattock](https://github.com/mattock)) ## [v6.4.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.1) (2020-02-06) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.0...v6.4.1) ### Fixed - type/keycloak\_api: Set install\_dir default on /opt/keycloak [\#120](https://github.com/treydock/puppet-module-keycloak/pull/120) ([tcassaert](https://github.com/tcassaert)) ## [v6.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.0) (2020-02-03) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.3.0...v6.4.0) ### Added - Support oidc-group-membership-mapper protocol mapper type [\#118](https://github.com/treydock/puppet-module-keycloak/pull/118) ([treydock](https://github.com/treydock)) ## [v6.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.3.0) (2020-01-16) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.2.0...v6.3.0) ### Added - Add client\_auth\_method property to keycloak\_identity\_provider [\#117](https://github.com/treydock/puppet-module-keycloak/pull/117) ([treydock](https://github.com/treydock)) ## [v6.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.2.0) (2020-01-09) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.1.0...v6.2.0) ### Added - Support managing authentication flows [\#115](https://github.com/treydock/puppet-module-keycloak/pull/115) ([treydock](https://github.com/treydock)) - Support disabling the user cache [\#114](https://github.com/treydock/puppet-module-keycloak/pull/114) ([treydock](https://github.com/treydock)) - Support Keycloak SPI deployments [\#113](https://github.com/treydock/puppet-module-keycloak/pull/113) ([treydock](https://github.com/treydock)) - Add content\_security\_policy to keycloak\_realm [\#112](https://github.com/treydock/puppet-module-keycloak/pull/112) ([treydock](https://github.com/treydock)) - Improve handling of realm flow assignment to avoid errors [\#111](https://github.com/treydock/puppet-module-keycloak/pull/111) ([treydock](https://github.com/treydock)) - Support managing realm flow properties [\#110](https://github.com/treydock/puppet-module-keycloak/pull/110) ([treydock](https://github.com/treydock)) ### Fixed - Fix bug in flow parsing [\#116](https://github.com/treydock/puppet-module-keycloak/pull/116) ([treydock](https://github.com/treydock)) ## [v6.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.1.0) (2019-12-31) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.0.0...v6.1.0) ### Added - Add support for access.token.lifespan client attribute [\#109](https://github.com/treydock/puppet-module-keycloak/pull/109) ([mattock](https://github.com/mattock)) - Add two new realm properties [\#108](https://github.com/treydock/puppet-module-keycloak/pull/108) ([mattock](https://github.com/mattock)) ## [v6.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.0.0) (2019-12-18) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.10.0...v6.0.0) ### Changed - Change default Keycloak version to 8.0.1 [\#106](https://github.com/treydock/puppet-module-keycloak/pull/106) ([treydock](https://github.com/treydock)) - Change JAVA\_OPTS behavior for Keycloak [\#105](https://github.com/treydock/puppet-module-keycloak/pull/105) ([treydock](https://github.com/treydock)) - Change how install\_dir is defined, default behavior remains the same [\#90](https://github.com/treydock/puppet-module-keycloak/pull/90) ([treydock](https://github.com/treydock)) ## [v5.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.10.0) (2019-12-10) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.9.0...v5.10.0) ### Added - Allow defining supported locales for the realm [\#103](https://github.com/treydock/puppet-module-keycloak/pull/103) ([mattock](https://github.com/mattock)) ## [v5.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.9.0) (2019-12-09) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.8.0...v5.9.0) ### Added - Support Debian 10 [\#102](https://github.com/treydock/puppet-module-keycloak/pull/102) ([treydock](https://github.com/treydock)) ## [v5.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.8.0) (2019-12-06) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.7.0...v5.8.0) ### Added - Test against Keycloak 8.0.1 [\#100](https://github.com/treydock/puppet-module-keycloak/pull/100) ([treydock](https://github.com/treydock)) - Add option to enable tech preview features [\#99](https://github.com/treydock/puppet-module-keycloak/pull/99) ([treydock](https://github.com/treydock)) - Add login\_theme property to keycloak\_client [\#98](https://github.com/treydock/puppet-module-keycloak/pull/98) ([treydock](https://github.com/treydock)) - Add support for more client switches [\#96](https://github.com/treydock/puppet-module-keycloak/pull/96) ([mattock](https://github.com/mattock)) - Add option to enable tech preview features [\#95](https://github.com/treydock/puppet-module-keycloak/pull/95) ([danifr](https://github.com/danifr)) ### Fixed - Fix config.cli to be able to change datasource values [\#101](https://github.com/treydock/puppet-module-keycloak/pull/101) ([treydock](https://github.com/treydock)) ## [v5.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.7.0) (2019-10-29) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.6.0...v5.7.0) ### Added - Make JDBC xa-datasource-class name configurable [\#93](https://github.com/treydock/puppet-module-keycloak/pull/93) ([danifr](https://github.com/danifr)) ## [v5.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.6.0) (2019-10-10) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.5.0...v5.6.0) ### Added - Support EL8 [\#91](https://github.com/treydock/puppet-module-keycloak/pull/91) ([treydock](https://github.com/treydock)) ## [v5.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.5.0) (2019-09-26) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.4.0...v5.5.0) ### Added - Allow managing Keycloak installation from outside this module [\#87](https://github.com/treydock/puppet-module-keycloak/pull/87) ([mattock](https://github.com/mattock)) - Enable passing extra options to Keycloak in the systemd unit file [\#86](https://github.com/treydock/puppet-module-keycloak/pull/86) ([mattock](https://github.com/mattock)) - Enable defining bind address for the Keycloak systemd service [\#85](https://github.com/treydock/puppet-module-keycloak/pull/85) ([mattock](https://github.com/mattock)) ## [v5.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.4.0) (2019-09-05) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.2...v5.4.0) ### Added - Support Ubuntu 18.04 [\#84](https://github.com/treydock/puppet-module-keycloak/pull/84) ([treydock](https://github.com/treydock)) - Vagrant: add Ubuntu 1804 box [\#83](https://github.com/treydock/puppet-module-keycloak/pull/83) ([mattock](https://github.com/mattock)) ## [v5.3.2](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.2) (2019-09-03) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.1...v5.3.2) ### Fixed - Fix acceptance tests for SAML attribute name format [\#82](https://github.com/treydock/puppet-module-keycloak/pull/82) ([treydock](https://github.com/treydock)) ## [v5.3.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.1) (2019-09-03) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.0...v5.3.1) ### Fixed - Fix URI mapping for protocol mappers [\#81](https://github.com/treydock/puppet-module-keycloak/pull/81) ([treydock](https://github.com/treydock)) ## [v5.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.0) (2019-08-30) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.2.0...v5.3.0) ### Added - Fix \#78. Add clustered mode support [\#79](https://github.com/treydock/puppet-module-keycloak/pull/79) ([danifr](https://github.com/danifr)) ## [v5.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.2.0) (2019-08-29) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.1.0...v5.2.0) ### Added - Test against Keycloak 7.0.0 [\#77](https://github.com/treydock/puppet-module-keycloak/pull/77) ([treydock](https://github.com/treydock)) ## [v5.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.1.0) (2019-08-28) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.1...v5.1.0) ### Added - Support merging Hiera defined resources [\#75](https://github.com/treydock/puppet-module-keycloak/pull/75) ([treydock](https://github.com/treydock)) ## [v5.0.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.1) (2019-08-27) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.0...v5.0.1) ### Fixed - Should be no default for keycloak\_client\_scope consent\_screen\_text property [\#74](https://github.com/treydock/puppet-module-keycloak/pull/74) ([treydock](https://github.com/treydock)) ## [v5.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.0) (2019-08-27) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.2.0...v5.0.0) ### Changed - Remove keycloak::client\_template [\#71](https://github.com/treydock/puppet-module-keycloak/pull/71) ([treydock](https://github.com/treydock)) ## [v4.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.2.0) (2019-08-27) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.1...v4.2.0) ### Added - Support group-ldap-mapper and role-ldap-mapper [\#73](https://github.com/treydock/puppet-module-keycloak/pull/73) ([treydock](https://github.com/treydock)) - Support saml-javascript-mapper for keycloak\_client\_protocol\_mapper [\#72](https://github.com/treydock/puppet-module-keycloak/pull/72) ([treydock](https://github.com/treydock)) ## [v4.1.1](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.1) (2019-08-26) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.0...v4.1.1) ### Fixed - Fix default for keycloak\_identity\_provider prompt [\#70](https://github.com/treydock/puppet-module-keycloak/pull/70) ([treydock](https://github.com/treydock)) ## [v4.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.0) (2019-08-26) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.0.0...v4.1.0) ### Added - Add clients parameter [\#69](https://github.com/treydock/puppet-module-keycloak/pull/69) ([treydock](https://github.com/treydock)) - Simplify how keycloak\_client\_protocol\_mapper and keycloak\_protcol\_mapper are queried during prefetch [\#68](https://github.com/treydock/puppet-module-keycloak/pull/68) ([treydock](https://github.com/treydock)) - Support managing protocl mapper saml-javascript-mapper [\#67](https://github.com/treydock/puppet-module-keycloak/pull/67) ([treydock](https://github.com/treydock)) - Update module dependency version requirements [\#66](https://github.com/treydock/puppet-module-keycloak/pull/66) ([treydock](https://github.com/treydock)) - Use iteration and added parameters to define resources [\#65](https://github.com/treydock/puppet-module-keycloak/pull/65) ([treydock](https://github.com/treydock)) - Add keycloak\_identity\_provider type [\#64](https://github.com/treydock/puppet-module-keycloak/pull/64) ([treydock](https://github.com/treydock)) ## [v4.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.0.0) (2019-06-12) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v3.8.0...v4.0.0) ### Changed - Simplify and consolidate datasource parameters [\#63](https://github.com/treydock/puppet-module-keycloak/pull/63) ([treydock](https://github.com/treydock)) - Set default Keycloak version to 6.0.1 [\#61](https://github.com/treydock/puppet-module-keycloak/pull/61) ([treydock](https://github.com/treydock)) ### Added - Use hiera v5 module data [\#62](https://github.com/treydock/puppet-module-keycloak/pull/62) ([treydock](https://github.com/treydock)) +### Fixed + +- Fix handling of events config during updates [\#56](https://github.com/treydock/puppet-module-keycloak/pull/56) ([treydock](https://github.com/treydock)) + ## [v3.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v3.8.0) (2019-05-23) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.7.0...v3.8.0) ### Added -- Expand postgresql support to behave more like mysql support, simplified a bit [\#60](https://github.com/treydock/puppet-module-keycloak/pull/60) ([treydock](https://github.com/treydock)) - Use PDK [\#58](https://github.com/treydock/puppet-module-keycloak/pull/58) ([treydock](https://github.com/treydock)) ## [3.7.0](https://github.com/treydock/puppet-module-keycloak/tree/3.7.0) (2019-05-20) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.1...3.7.0) ### Added +- Expand postgresql support to behave more like mysql support, simplified a bit [\#60](https://github.com/treydock/puppet-module-keycloak/pull/60) ([treydock](https://github.com/treydock)) - Postgresql support [\#59](https://github.com/treydock/puppet-module-keycloak/pull/59) ([verrydtj](https://github.com/verrydtj)) ## [3.6.1](https://github.com/treydock/puppet-module-keycloak/tree/3.6.1) (2019-05-13) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.0...3.6.1) -### Fixed - -- Fix handling of events config during updates [\#56](https://github.com/treydock/puppet-module-keycloak/pull/56) ([treydock](https://github.com/treydock)) - ## [3.6.0](https://github.com/treydock/puppet-module-keycloak/tree/3.6.0) (2019-05-06) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.5.0...3.6.0) ### Added - Support managing realm's events config [\#55](https://github.com/treydock/puppet-module-keycloak/pull/55) ([treydock](https://github.com/treydock)) - Test against Keycloak 6 [\#54](https://github.com/treydock/puppet-module-keycloak/pull/54) ([treydock](https://github.com/treydock)) ## [3.5.0](https://github.com/treydock/puppet-module-keycloak/tree/3.5.0) (2019-04-09) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.4.0...3.5.0) ### Added - manage user support [\#53](https://github.com/treydock/puppet-module-keycloak/pull/53) ([cborisa](https://github.com/cborisa)) ## [3.4.0](https://github.com/treydock/puppet-module-keycloak/tree/3.4.0) (2019-02-25) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.3.0...3.4.0) ### Added - JAVA\_OPTS via systemd unit Environment variable [\#51](https://github.com/treydock/puppet-module-keycloak/pull/51) ([danifr](https://github.com/danifr)) - Add option for service environment file [\#50](https://github.com/treydock/puppet-module-keycloak/pull/50) ([asieraguado](https://github.com/asieraguado)) ## [3.3.0](https://github.com/treydock/puppet-module-keycloak/tree/3.3.0) (2019-01-28) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.2.0...3.3.0) ### Added - Better ID handling [\#47](https://github.com/treydock/puppet-module-keycloak/pull/47) ([treydock](https://github.com/treydock)) - Test against Keycloak 4.8.1.Final and document version handling and upgrade [\#43](https://github.com/treydock/puppet-module-keycloak/pull/43) ([treydock](https://github.com/treydock)) ### Fixed - Fix keycloak\_ldap\_mapper id handling and write\_only property [\#46](https://github.com/treydock/puppet-module-keycloak/pull/46) ([treydock](https://github.com/treydock)) - Fix PuppetX usage for keycloak\_ldap\_mapper [\#45](https://github.com/treydock/puppet-module-keycloak/pull/45) ([treydock](https://github.com/treydock)) ## [3.2.0](https://github.com/treydock/puppet-module-keycloak/tree/3.2.0) (2018-12-21) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.1.0...3.2.0) ### Added -- Support SSSD User Provider [\#42](https://github.com/treydock/puppet-module-keycloak/pull/42) ([treydock](https://github.com/treydock)) - Add enabled property to keycloak\_ldap\_user\_provider [\#41](https://github.com/treydock/puppet-module-keycloak/pull/41) ([treydock](https://github.com/treydock)) ## [3.1.0](https://github.com/treydock/puppet-module-keycloak/tree/3.1.0) (2018-12-13) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.0.0...3.1.0) ### Added +- Support SSSD User Provider [\#42](https://github.com/treydock/puppet-module-keycloak/pull/42) ([treydock](https://github.com/treydock)) - Bump dependency ranges for stdlib and mysql [\#40](https://github.com/treydock/puppet-module-keycloak/pull/40) ([treydock](https://github.com/treydock)) - Support Puppet 6 and drop support for Puppet 4 [\#39](https://github.com/treydock/puppet-module-keycloak/pull/39) ([treydock](https://github.com/treydock)) - Use beaker 4.x [\#37](https://github.com/treydock/puppet-module-keycloak/pull/37) ([treydock](https://github.com/treydock)) ### Fixed - Fix keycloak\_ldap\_user\_provider bind\_credential property to be idempotent [\#38](https://github.com/treydock/puppet-module-keycloak/pull/38) ([treydock](https://github.com/treydock)) ## [3.0.0](https://github.com/treydock/puppet-module-keycloak/tree/3.0.0) (2018-08-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.1...3.0.0) ### Added - Update module dependency version ranges [\#35](https://github.com/treydock/puppet-module-keycloak/pull/35) ([treydock](https://github.com/treydock)) ## [2.7.1](https://github.com/treydock/puppet-module-keycloak/tree/2.7.1) (2018-08-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.0...2.7.1) ### Fixed - Update reference [\#36](https://github.com/treydock/puppet-module-keycloak/pull/36) ([treydock](https://github.com/treydock)) ## [2.7.0](https://github.com/treydock/puppet-module-keycloak/tree/2.7.0) (2018-08-14) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.6.0...2.7.0) ### Added - Oracle support [\#33](https://github.com/treydock/puppet-module-keycloak/pull/33) ([cborisa](https://github.com/cborisa)) ## [2.6.0](https://github.com/treydock/puppet-module-keycloak/tree/2.6.0) (2018-07-20) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.5.0...2.6.0) ### Added - Use puppet-strings for documentation [\#30](https://github.com/treydock/puppet-module-keycloak/pull/30) ([treydock](https://github.com/treydock)) - Add search\_scope and custom\_user\_search\_filter properties to keycloak\_ldap\_user\_provider type [\#29](https://github.com/treydock/puppet-module-keycloak/pull/29) ([treydock](https://github.com/treydock)) - Explicitly define all type properties [\#27](https://github.com/treydock/puppet-module-keycloak/pull/27) ([treydock](https://github.com/treydock)) - Improve acceptance tests [\#26](https://github.com/treydock/puppet-module-keycloak/pull/26) ([treydock](https://github.com/treydock)) ### Fixed - Fix for keycloak\_protocol\_mapper type property and type unit test improvements [\#28](https://github.com/treydock/puppet-module-keycloak/pull/28) ([treydock](https://github.com/treydock)) ## [2.5.0](https://github.com/treydock/puppet-module-keycloak/tree/2.5.0) (2018-07-18) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.4.0...2.5.0) ### Added - Support setting auth\_type=simple related properties for keycloak\_ldap\_user\_provider type [\#24](https://github.com/treydock/puppet-module-keycloak/pull/24) ([treydock](https://github.com/treydock)) ## [2.4.0](https://github.com/treydock/puppet-module-keycloak/tree/2.4.0) (2018-06-04) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.1...2.4.0) ### Added - Add keycloak\_api configuration type [\#22](https://github.com/treydock/puppet-module-keycloak/pull/22) ([treydock](https://github.com/treydock)) ## [2.3.1](https://github.com/treydock/puppet-module-keycloak/tree/2.3.1) (2018-03-10) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.0...2.3.1) ### Fixed - Fix title patterns that use procs are not supported [\#21](https://github.com/treydock/puppet-module-keycloak/pull/21) ([alexjfisher](https://github.com/alexjfisher)) ## [2.3.0](https://github.com/treydock/puppet-module-keycloak/tree/2.3.0) (2018-03-08) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.1...2.3.0) ### Added - Allow keycloak\_protocol\_mapper attribute\_nameformat to be simpler values [\#18](https://github.com/treydock/puppet-module-keycloak/pull/18) ([treydock](https://github.com/treydock)) - Add SAML username protocol mapper to keycloak::client\_template [\#17](https://github.com/treydock/puppet-module-keycloak/pull/17) ([treydock](https://github.com/treydock)) - Support SAML role list protocol mapper [\#16](https://github.com/treydock/puppet-module-keycloak/pull/16) ([treydock](https://github.com/treydock)) - Add SAML support to keycloak\_protocol\_mapper and keycloak::client\_template [\#15](https://github.com/treydock/puppet-module-keycloak/pull/15) ([treydock](https://github.com/treydock)) ### Fixed - Fix SAML username protocol mapper to match keycloak code [\#19](https://github.com/treydock/puppet-module-keycloak/pull/19) ([treydock](https://github.com/treydock)) ## [2.2.1](https://github.com/treydock/puppet-module-keycloak/tree/2.2.1) (2018-02-27) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.0...2.2.1) ### Fixed - Do not show diff of files that may contain passwords [\#14](https://github.com/treydock/puppet-module-keycloak/pull/14) ([treydock](https://github.com/treydock)) ## [2.2.0](https://github.com/treydock/puppet-module-keycloak/tree/2.2.0) (2018-02-26) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.1.0...2.2.0) ### Added - Make management of the MySQL database optional [\#13](https://github.com/treydock/puppet-module-keycloak/pull/13) ([treydock](https://github.com/treydock)) ## [2.1.0](https://github.com/treydock/puppet-module-keycloak/tree/2.1.0) (2018-02-22) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.1...2.1.0) ### Added - Increase minimum java dependency to 2.2.0 to to support Debian 9. Update unit tests to test all supported OSes [\#12](https://github.com/treydock/puppet-module-keycloak/pull/12) ([treydock](https://github.com/treydock)) - Symlink instead of copy mysql connector. puppetlabs/mysql 5 compatibility [\#11](https://github.com/treydock/puppet-module-keycloak/pull/11) ([NITEMAN](https://github.com/NITEMAN)) - Add support for http port configuration [\#9](https://github.com/treydock/puppet-module-keycloak/pull/9) ([NITEMAN](https://github.com/NITEMAN)) - Add Debian 9 support [\#8](https://github.com/treydock/puppet-module-keycloak/pull/8) ([NITEMAN](https://github.com/NITEMAN)) ### Fixed - Fix ownership of install dir [\#10](https://github.com/treydock/puppet-module-keycloak/pull/10) ([NITEMAN](https://github.com/NITEMAN)) ## [2.0.1](https://github.com/treydock/puppet-module-keycloak/tree/2.0.1) (2017-12-18) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.0...2.0.1) ### Fixed - Fix configuration order when proxy\_https is true [\#7](https://github.com/treydock/puppet-module-keycloak/pull/7) ([treydock](https://github.com/treydock)) ## [2.0.0](https://github.com/treydock/puppet-module-keycloak/tree/2.0.0) (2017-12-11) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/1.0.0...2.0.0) ### Changed - BREAKING: Remove deprecated defined types [\#6](https://github.com/treydock/puppet-module-keycloak/pull/6) ([treydock](https://github.com/treydock)) - BREAKING: Set default version to 3.4.1.Final [\#4](https://github.com/treydock/puppet-module-keycloak/pull/4) ([treydock](https://github.com/treydock)) - BREAKING: Drop Puppet 3 support [\#3](https://github.com/treydock/puppet-module-keycloak/pull/3) ([treydock](https://github.com/treydock)) ### Added - Add always\_read\_value\_from\_ldap property to keycloak\_ldap\_mapper [\#5](https://github.com/treydock/puppet-module-keycloak/pull/5) ([treydock](https://github.com/treydock)) ## [1.0.0](https://github.com/treydock/puppet-module-keycloak/tree/1.0.0) (2017-09-05) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/0.0.1...1.0.0) ### Added - New types [\#1](https://github.com/treydock/puppet-module-keycloak/pull/1) ([treydock](https://github.com/treydock)) ## [0.0.1](https://github.com/treydock/puppet-module-keycloak/tree/0.0.1) (2017-08-11) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/7af5fcb032534265eac261fc7a723cb7b27007f4...0.0.1) \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/REFERENCE.md b/REFERENCE.md index 3ddaa73..7123b69 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -1,3232 +1,3314 @@ # Reference + ## Table of Contents -**Classes** +### Classes -_Public Classes_ +#### Public Classes * [`keycloak`](#keycloak): Manage Keycloak * [`keycloak::config`](#keycloakconfig): Private class. * [`keycloak::datasource::h2`](#keycloakdatasourceh2): Private class. * [`keycloak::install`](#keycloakinstall): Private class. * [`keycloak::service`](#keycloakservice): Private class. * [`keycloak::sssd`](#keycloaksssd): Private class. -_Private Classes_ +#### Private Classes * `keycloak::datasource::mysql`: Manage MySQL datasource * `keycloak::datasource::oracle`: Manage Oracle datasource * `keycloak::datasource::postgresql`: Manage postgresql datasource * `keycloak::resources`: Define Keycloak resources -**Defined types** +### Defined types * [`keycloak::client_scope::oidc`](#keycloakclient_scopeoidc): Manage Keycloak OpenID Connect client scope using built-in mappers * [`keycloak::client_scope::saml`](#keycloakclient_scopesaml): Manage Keycloak SAML client scope using built-in mappers * [`keycloak::freeipa_ldap_mappers`](#keycloakfreeipa_ldap_mappers): setup FreeIPA LDAP mappers for Keycloak * [`keycloak::freeipa_user_provider`](#keycloakfreeipa_user_provider): setup IPA as an LDAP user provider for Keycloak * [`keycloak::spi_deployment`](#keycloakspi_deployment): Manage Keycloak SPI deployment * [`keycloak::truststore::host`](#keycloaktruststorehost): Add host to Keycloak truststore -**Resource types** +### Resource types * [`keycloak_api`](#keycloak_api): Type that configures API connection parameters for other keycloak types that use the Keycloak API. * [`keycloak_client`](#keycloak_client): Manage Keycloak clients * [`keycloak_client_protocol_mapper`](#keycloak_client_protocol_mapper): Manage Keycloak protocol mappers * [`keycloak_client_scope`](#keycloak_client_scope): Manage Keycloak client scopes * [`keycloak_conn_validator`](#keycloak_conn_validator): Verify that a connection can be successfully established between a node and the keycloak server. Its primary use is as a precondition to pre * [`keycloak_flow`](#keycloak_flow): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of `flow_alias` if `top_level=fals * [`keycloak_flow_execution`](#keycloak_flow_execution): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of value defined for `flow_alias` * [`keycloak_identity_provider`](#keycloak_identity_provider): Manage Keycloak identity providers * [`keycloak_ldap_mapper`](#keycloak_ldap_mapper): Manage Keycloak LDAP attribute mappers * [`keycloak_ldap_user_provider`](#keycloak_ldap_user_provider): Manage Keycloak LDAP user providers * [`keycloak_protocol_mapper`](#keycloak_protocol_mapper): Manage Keycloak client scope protocol mappers * [`keycloak_realm`](#keycloak_realm): Manage Keycloak realms * [`keycloak_required_action`](#keycloak_required_action): Manage Keycloak required actions * [`keycloak_resource_validator`](#keycloak_resource_validator): Verify that a specific Keycloak resource is available * [`keycloak_sssd_user_provider`](#keycloak_sssd_user_provider): Manage Keycloak SSSD user providers ## Classes -### keycloak +### `keycloak` Manage Keycloak #### Examples ##### ```puppet include ::keycloak ``` #### Parameters The following parameters are available in the `keycloak` class. ##### `manage_install` Data type: `Boolean` Install Keycloak from upstream Keycloak tarball. Set to false to manage installation of Keycloak outside this module and set $install_dir to match. Defaults to true. -Default value: `true` +Default value: ``true`` ##### `version` Data type: `String` Version of Keycloak to install and manage. -Default value: '8.0.1' +Default value: `'8.0.1'` ##### `package_url` Data type: `Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]` URL of the Keycloak download. Default is based on version. -Default value: `undef` +Default value: ``undef`` ##### `install_dir` Data type: `Optional[Stdlib::Absolutepath]` The directory of where to install Keycloak. Default is `/opt/keycloak-${version}`. -Default value: `undef` +Default value: ``undef`` ##### `service_name` Data type: `String` Keycloak service name. Default is `keycloak`. -Default value: 'keycloak' +Default value: `'keycloak'` ##### `service_ensure` Data type: `String` Keycloak service ensure property. Default is `running`. -Default value: 'running' +Default value: `'running'` ##### `service_enable` Data type: `Boolean` Keycloak service enable property. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `service_hasstatus` Data type: `Boolean` Keycloak service hasstatus parameter. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `service_hasrestart` Data type: `Boolean` Keycloak service hasrestart parameter. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `service_bind_address` Data type: `Stdlib::IP::Address` Bind address for Keycloak service. Default is '0.0.0.0'. -Default value: '0.0.0.0' +Default value: `'0.0.0.0'` ##### `java_opts` Data type: `Optional[Variant[String, Array]]` Sets additional options to Java virtual machine environment variable. -Default value: `undef` +Default value: ``undef`` ##### `java_opts_append` Data type: `Boolean` Determine if $JAVA_OPTS should be appended to when setting `java_opts` parameter -Default value: `true` +Default value: ``true`` ##### `service_extra_opts` Data type: `Optional[String]` Additional options added to the end of the service command-line. -Default value: `undef` +Default value: ``undef`` ##### `manage_user` Data type: `Boolean` Defines if the module should manage the Linux user for Keycloak installation -Default value: `true` +Default value: ``true`` ##### `user` Data type: `String` Keycloak user name. Default is `keycloak`. -Default value: 'keycloak' +Default value: `'keycloak'` ##### `user_shell` Data type: `Stdlib::Absolutepath` Keycloak user shell. -Default value: '/sbin/nologin' +Default value: `'/sbin/nologin'` ##### `group` Data type: `String` Keycloak user group name. Default is `keycloak`. -Default value: 'keycloak' +Default value: `'keycloak'` ##### `user_uid` Data type: `Optional[Integer]` Keycloak user UID. Default is `undef`. -Default value: `undef` +Default value: ``undef`` ##### `group_gid` Data type: `Optional[Integer]` Keycloak user group GID. Default is `undef`. -Default value: `undef` +Default value: ``undef`` ##### `system_user` Data type: `Boolean` If keycloak user should be a system user with lower uid and gid. Default is `true` -Default value: `true` +Default value: ``true`` ##### `admin_user` Data type: `String` Keycloak administrative username. Default is `admin`. -Default value: 'admin' +Default value: `'admin'` ##### `admin_user_password` Data type: `String` Keycloak administrative user password. Default is `changeme`. -Default value: 'changeme' +Default value: `'changeme'` ##### `manage_datasource` Data type: `Boolean` Boolean that determines if configured datasource will be managed. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `datasource_driver` Data type: `Enum['h2', 'mysql', 'oracle', 'postgresql']` Datasource driver to use for Keycloak. Valid values are `h2`, `mysql`, 'oracle' and 'postgresql' Default is `h2`. -Default value: 'h2' +Default value: `'h2'` ##### `datasource_host` Data type: `Optional[String]` Datasource host. Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql' Default is `localhost` for MySQL. -Default value: `undef` +Default value: ``undef`` ##### `datasource_port` Data type: `Optional[Integer]` Datasource port. Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql' Default is `3306` for MySQL. -Default value: `undef` +Default value: ``undef`` ##### `datasource_url` Data type: `Optional[String]` Datasource url. Default datasource URLs are defined in init class. -Default value: `undef` +Default value: ``undef`` ##### `datasource_dbname` Data type: `String` Datasource database name. Default is `keycloak`. -Default value: 'keycloak' +Default value: `'keycloak'` ##### `datasource_username` Data type: `String` Datasource user name. Default is `sa`. -Default value: 'sa' +Default value: `'sa'` ##### `datasource_password` Data type: `String` Datasource user password. Default is `sa`. -Default value: 'sa' +Default value: `'sa'` ##### `datasource_package` Data type: `Optional[String]` Package to add specified datasource support -Default value: `undef` +Default value: ``undef`` ##### `datasource_jar_source` Data type: `Optional[String]` Source for datasource JDBC driver - could be puppet link or local file on the node. Default is dependent on value for `datasource_driver`. This parameter is required if `datasource_driver` is `oracle`. -Default value: `undef` +Default value: ``undef`` ##### `datasource_jar_filename` Data type: `Optional[String]` Specify the filename of the destination datasource jar in the module dir of keycloak. This parameter is only working at the moment if `datasource_driver` is `oracle`. -Default value: `undef` +Default value: ``undef`` ##### `datasource_module_source` Data type: `Optional[String]` Source for datasource module.xml. Default depends on `datasource_driver`. -Default value: `undef` +Default value: ``undef`` ##### `datasource_xa_class` Data type: `Optional[String]` MySQL Connector/J JDBC driver xa-datasource class name -Default value: `undef` +Default value: ``undef`` ##### `proxy_https` Data type: `Boolean` Boolean that sets if HTTPS proxy should be enabled. Set to `true` if proxying traffic through Apache. Default is `false`. -Default value: `false` +Default value: ``false`` ##### `truststore` Data type: `Boolean` Boolean that sets if truststore should be used. Default is `false`. -Default value: `false` +Default value: ``false`` ##### `truststore_hosts` Data type: `Hash` Hash that is used to define `keycloak::turststore::host` resources. Default is `{}`. -Default value: {} +Default value: `{}` ##### `truststore_password` Data type: `String` Truststore password. Default is `keycloak`. -Default value: 'keycloak' +Default value: `'keycloak'` ##### `truststore_hostname_verification_policy` Data type: `Enum['WILDCARD', 'STRICT', 'ANY']` Valid values are `WILDCARD`, `STRICT`, and `ANY`. Default is `WILDCARD`. -Default value: 'WILDCARD' +Default value: `'WILDCARD'` ##### `http_port` Data type: `Integer` HTTP port used by Keycloak. Default is `8080`. -Default value: 8080 +Default value: `8080` ##### `theme_static_max_age` Data type: `Integer` Max cache age in seconds of static content. Default is `2592000`. -Default value: 2592000 +Default value: `2592000` ##### `theme_cache_themes` Data type: `Boolean` Boolean that sets if themes should be cached. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `theme_cache_templates` Data type: `Boolean` Boolean that sets if templates should be cached. Default is `true`. -Default value: `true` +Default value: ``true`` ##### `realms` Data type: `Hash` Hash that is used to define keycloak_realm resources. Default is `{}`. -Default value: {} +Default value: `{}` ##### `realms_merge` Data type: `Boolean` Boolean that sets if `realms` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `oidc_client_scopes` Data type: `Hash` Hash that is used to define keycloak::client_scope::oidc resources. Default is `{}`. -Default value: {} +Default value: `{}` ##### `oidc_client_scopes_merge` Data type: `Boolean` Boolean that sets if `oidc_client_scopes` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `saml_client_scopes` Data type: `Hash` Hash that is used to define keycloak::client_scope::saml resources. Default is `{}`. -Default value: {} +Default value: `{}` ##### `saml_client_scopes_merge` Data type: `Boolean` Boolean that sets if `saml_client_scopes` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `identity_providers` Data type: `Hash` Hash that is used to define keycloak_identity_provider resources. -Default value: {} +Default value: `{}` ##### `identity_providers_merge` Data type: `Boolean` Boolean that sets if `identity_providers` should be merged from Hiera. -Default value: `false` +Default value: ``false`` + +##### `client_protocol_mappers` + +Data type: `Hash` + +Hash that is used to define keycloak_client_protocol_mapper resources. + +Default value: `{}` ##### `client_scopes` Data type: `Hash` Hash that is used to define keycloak_client_scope resources. -Default value: {} +Default value: `{}` ##### `client_scopes_merge` Data type: `Boolean` Boolean that sets if `client_scopes` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `protocol_mappers` Data type: `Hash` Hash that is used to define keycloak_protocol_mapper resources. -Default value: {} +Default value: `{}` ##### `protocol_mappers_merge` Data type: `Boolean` Boolean that sets if `protocol_mappers` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `clients` Data type: `Hash` Hash that is used to define keycloak_client resources. -Default value: {} +Default value: `{}` ##### `clients_merge` Data type: `Boolean` Boolean that sets if `clients` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `flows` Data type: `Hash` Hash taht is used to define keycloak_flow resources. -Default value: {} +Default value: `{}` ##### `flows_merge` Data type: `Boolean` Boolean that sets if `flows` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `flow_executions` Data type: `Hash` Hash taht is used to define keycloak_flow resources. -Default value: {} +Default value: `{}` ##### `flow_executions_merge` Data type: `Boolean` Boolean that sets if `flows` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `required_actions` Data type: `Hash` Hash that is used to define keycloak_required_action resources. -Default value: {} +Default value: `{}` ##### `required_actions_merge` Data type: `Boolean` Boolean that sets if `required_actions` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `ldap_mappers` Data type: `Hash` Hash that is used to define keycloak_ldap_mapper resources. -Default value: {} +Default value: `{}` ##### `ldap_mappers_merge` Data type: `Boolean` Boolean that sets if `ldap_mappers` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `ldap_user_providers` Data type: `Hash` Hash that is used to define keycloak_ldap_user_provider resources. -Default value: {} +Default value: `{}` ##### `ldap_user_providers_merge` Data type: `Boolean` Boolean that sets if `ldap_user_providers` should be merged from Hiera. -Default value: `false` +Default value: ``false`` ##### `with_sssd_support` Data type: `Boolean` Boolean that determines if SSSD user provider support should be available -Default value: `false` +Default value: ``false`` ##### `libunix_dbus_java_source` Data type: `Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]` Source URL of libunix-dbus-java -Default value: 'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz' +Default value: `'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz'` ##### `install_libunix_dbus_java_build_dependencies` Data type: `Boolean` Boolean that determines of libunix-dbus-java build dependencies are managed by this module -Default value: `true` +Default value: ``true`` ##### `libunix_dbus_java_build_dependencies` Data type: `Array` Packages needed to build libunix-dbus-java -Default value: [] +Default value: `[]` ##### `libunix_dbus_java_libdir` Data type: `Stdlib::Absolutepath` Path to directory to install libunix-dbus-java libraries -Default value: '/usr/lib64' +Default value: `'/usr/lib64'` ##### `jna_package_name` Data type: `String` Package name for jna -Default value: 'jna' +Default value: `'jna'` ##### `manage_sssd_config` Data type: `Boolean` Boolean that determines if SSSD ifp config for Keycloak is managed -Default value: `true` +Default value: ``true`` ##### `sssd_ifp_user_attributes` Data type: `Array` user_attributes to define for SSSD ifp service -Default value: [] +Default value: `[]` ##### `restart_sssd` Data type: `Boolean` Boolean that determines if SSSD should be restarted -Default value: `true` +Default value: ``true`` ##### `service_environment_file` Data type: `Optional[Stdlib::Absolutepath]` Path to the file with environment variables for the systemd service -Default value: `undef` +Default value: ``undef`` ##### `operating_mode` Data type: `Enum['standalone', 'clustered']` Keycloak operating mode deployment -Default value: 'standalone' +Default value: `'standalone'` ##### `enable_jdbc_ping` Data type: `Boolean` Use JDBC_PING to discover the nodes and manage the replication of data More info: http://jgroups.org/manual/#_jdbc_ping Only applies when `operating_mode` is `clustered` JDBC_PING uses port 7600 to ensure cluster members are discoverable by each other This module does not manage firewall changes -Default value: `false` +Default value: ``false`` ##### `jboss_bind_public_address` Data type: `Stdlib::IP::Address` JBoss bind public IP address -Default value: $facts['networking']['ip'] +Default value: `$facts['networking']['ip']` ##### `jboss_bind_private_address` Data type: `Stdlib::IP::Address` JBoss bind private IP address -Default value: $facts['networking']['ip'] +Default value: `$facts['networking']['ip']` ##### `user_cache` Data type: `Boolean` Boolean that determines if userCache is enabled -Default value: `true` +Default value: ``true`` ##### `tech_preview_features` Data type: `Array` List of technology Preview features to enable -Default value: [] +Default value: `[]` ##### `auto_deploy_exploded` Data type: `Boolean` Set if exploded deployements will be auto deployed -Default value: `false` +Default value: ``false`` ##### `auto_deploy_zipped` Data type: `Boolean` Set if zipped deployments will be auto deployed -Default value: `true` +Default value: ``true`` ##### `spi_deployments` Data type: `Hash` Hash used to define keycloak::spi_deployment resources -Default value: {} +Default value: `{}` ##### `custom_config_content` Data type: `Optional[String]` Custom configuration content to be added to config.cli -Default value: `undef` +Default value: ``undef`` ##### `custom_config_source` Data type: `Optional[Variant[String, Array]]` Custom configuration source file to be added to config.cli -Default value: `undef` +Default value: ``undef`` -### keycloak::config +### `keycloak::config` Private class. -### keycloak::datasource::h2 +### `keycloak::datasource::h2` Private class. -### keycloak::install +### `keycloak::install` Private class. -### keycloak::service +### `keycloak::service` Private class. -### keycloak::sssd +### `keycloak::sssd` Private class. ## Defined types -### keycloak::client_scope::oidc +### `keycloak::client_scope::oidc` Manage Keycloak OpenID Connect client scope using built-in mappers #### Examples ##### ```puppet keycloak::client_scope::oidc { 'oidc-clients': realm => 'test', } ``` #### Parameters The following parameters are available in the `keycloak::client_scope::oidc` defined type. ##### `realm` Data type: `String` Realm of the client scope. ##### `resource_name` Data type: `String` Name of the client scope resource -Default value: $name +Default value: `$name` -### keycloak::client_scope::saml +### `keycloak::client_scope::saml` Manage Keycloak SAML client scope using built-in mappers #### Examples ##### ```puppet keycloak::client_scope::saml { 'saml-clients': realm => 'test', } ``` #### Parameters The following parameters are available in the `keycloak::client_scope::saml` defined type. ##### `realm` Data type: `String` Realm of the client scope. ##### `resource_name` Data type: `String` Name of the client scope resource -Default value: $name +Default value: `$name` -### keycloak::freeipa_ldap_mappers +### `keycloak::freeipa_ldap_mappers` setup FreeIPA LDAP mappers for Keycloak #### Examples ##### ```puppet keycloak::freeipa_ldap_mappers { 'ipa.example.org': realm => 'EXAMPLE.ORG', groups_dn => 'cn=groups,cn=accounts,dc=example,dc=org', roles_dn => 'cn=groups,cn=accounts,dc=example,dc=org' } ``` #### Parameters The following parameters are available in the `keycloak::freeipa_ldap_mappers` defined type. ##### `realm` Data type: `String` Keycloak realm ##### `groups_dn` Data type: `String` Groups DN ##### `roles_dn` Data type: `String` Roles DN ##### `parent_id` Data type: `Optional[String]` Identifier (parentId) for the LDAP provider to add this mapper to. Will be passed to the $ldap parameter in keycloak_ldap_mapper. -Default value: `undef` +Default value: ``undef`` -### keycloak::freeipa_user_provider +### `keycloak::freeipa_user_provider` setup IPA as an LDAP user provider for Keycloak #### Examples ##### Add FreeIPA as a user provider ```puppet keycloak::freeipa_user_provider { 'ipa.example.org': ensure => 'present', realm => 'EXAMPLE.ORG', bind_dn => 'uid=ldapproxy,cn=sysaccounts,cn=etc,dc=example,dc=org', bind_credential => 'secret', users_dn => 'cn=users,cn=accounts,dc=example,dc=org', priority => 10, } ``` #### Parameters The following parameters are available in the `keycloak::freeipa_user_provider` defined type. ##### `ensure` Data type: `Enum['present', 'absent']` LDAP user provider status -Default value: 'present' +Default value: `'present'` ##### `ipa_host` Data type: `Stdlib::Host` Hostname of the FreeIPA server (e.g. ipa.example.org) -Default value: $title +Default value: `$title` ##### `realm` Data type: `String` Keycloak realm ##### `bind_dn` Data type: `String` LDAP bind dn ##### `bind_credential` Data type: `String` LDAP bind password ##### `users_dn` Data type: `String` The DN for user search ##### `priority` Data type: `Integer` Priority for this user provider -Default value: 10 +Default value: `10` ##### `ldaps` Data type: `Boolean` Use LDAPS protocol instead of LDAP -Default value: `false` +Default value: ``false`` -### keycloak::spi_deployment +### `keycloak::spi_deployment` } #### Examples ##### Add Duo SPI ```puppet keycloak::spi_deployment { 'duo-spi': ensure => 'present', deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar', source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar', } ``` ##### Add Duo SPI and check API for existance of resources before going onto dependenct resources ```puppet keycloak::spi_deployment { 'duo-spi': deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar', source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar', test_url => 'authentication/authenticator-providers', test_key => 'id', test_value => 'duo-mfa-authenticator', test_realm => 'test', before => Keycloak_flow_execution['duo-mfa-authenticator under form-browser-with-duo on test'], ``` #### Parameters The following parameters are available in the `keycloak::spi_deployment` defined type. ##### `ensure` Data type: `Enum['present', 'absent']` State of the deployment -Default value: 'present' +Default value: `'present'` ##### `deployed_name` Data type: `String[1]` Name of the file to be deployed. Defaults to `$name`. -Default value: $name +Default value: `$name` ##### `source` Data type: `Variant[Stdlib::Filesource, Stdlib::HTTPSUrl]` Source of the deployment, supports 'file://', 'puppet://', 'https://' or 'http://' ##### `test_url` Data type: `Optional[String]` URL to test for existance of resources created by this SPI -Default value: `undef` +Default value: ``undef`` ##### `test_key` Data type: `Optional[String]` Key of resource when testing for resource created by this SPI -Default value: `undef` +Default value: ``undef`` ##### `test_value` Data type: `Optional[String]` Value of the `test_key` when testing for resources created by this SPI -Default value: `undef` +Default value: ``undef`` ##### `test_realm` Data type: `Optional[String]` Realm to query when looking for resources created by this SPI -Default value: `undef` +Default value: ``undef`` -### keycloak::truststore::host +### `keycloak::truststore::host` Add host to Keycloak truststore #### Examples ##### ```puppet keycloak::truststore::host { 'ldap1.example.com': certificate => '/etc/openldap/certs/0a00000.0', } ``` #### Parameters The following parameters are available in the `keycloak::truststore::host` defined type. ##### `certificate` Data type: `String` Path to host certificate ##### `ensure` Data type: `Enum['latest', 'present', 'absent']` Host ensure value passed to `java_ks` resource. -Default value: 'latest' +Default value: `'latest'` ## Resource types -### keycloak_api +### `keycloak_api` Type that configures API connection parameters for other keycloak types that use the Keycloak API. #### Examples ##### Define API access ```puppet keycloak_api { 'keycloak' install_dir => '/opt/keycloak', server => 'http://localhost:8080/auth', realm => 'master', user => 'admin', password => 'changeme', } ``` #### Parameters The following parameters are available in the `keycloak_api` type. -##### `name` +##### `install_dir` -namevar +Install location of Keycloak -Keycloak API config +Default value: `/opt/keycloak` -##### `install_dir` +##### `name` -Install location of Keycloak +namevar -Default value: /opt/keycloak +Keycloak API config -##### `server` +##### `password` -Auth URL for Keycloak server +Password for authentication -Default value: http://localhost:8080/auth +Default value: `changeme` ##### `realm` Realm for authentication -Default value: master +Default value: `master` -##### `user` +##### `server` -User for authentication +Auth URL for Keycloak server -Default value: admin +Default value: `http://localhost:8080/auth` -##### `password` +##### `use_wrapper` -Password for authentication +Valid values: ``true``, ``false`` -Default value: changeme +Boolean that determines if kcadm_wrapper.sh should be used -##### `use_wrapper` +Default value: ``false`` -Valid values: `true`, `false` +##### `user` -Boolean that determines if kcadm_wrapper.sh should be used +User for authentication -Default value: `false` +Default value: `admin` -### keycloak_client +### `keycloak_client` Manage Keycloak clients #### Examples ##### Add a OpenID Connect client ```puppet keycloak_client { 'www.example.com': ensure => 'present', realm => 'test', redirect_uris => [ "https://www.example.com/oidc", "https://www.example.com", ], default_client_scopes => ['profile','email'], secret => 'supersecret', } ``` #### Properties The following properties are available in the `keycloak_client` type. -##### `ensure` +##### `access_token_lifespan` -Valid values: present, absent +access.token.lifespan -The basic property that the resource should be in. +##### `authorization_services_enabled` -Default value: present +Valid values: ``true``, ``false`` -##### `protocol` +authorizationServicesEnabled -Valid values: openid-connect, saml +Default value: `false` -protocol +##### `base_url` + +baseUrl + +##### `browser_flow` -Default value: openid-connect +authenticationFlowBindingOverrides.browser (Use flow alias, not ID) + +Default value: `absent` ##### `client_authenticator_type` clientAuthenticatorType -Default value: client-secret +Default value: `client-secret` ##### `default_client_scopes` defaultClientScopes -Default value: [] +Default value: `[]` -##### `optional_client_scopes` +##### `direct_access_grants_enabled` -optionalClientScopes +Valid values: ``true``, ``false`` -Default value: [] +enabled -##### `full_scope_allowed` +Default value: `true` -Valid values: `true`, `false` +##### `direct_grant_flow` -fullScopeAllowed +authenticationFlowBindingOverrides.direct_grant (Use flow alias, not ID) -Default value: true +Default value: `absent` ##### `enabled` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` enabled -Default value: true +Default value: `true` -##### `standard_flow_enabled` +##### `ensure` -Valid values: `true`, `false` +Valid values: `present`, `absent` -standardFlowEnabled +The basic property that the resource should be in. -Default value: true +Default value: `present` -##### `implicit_flow_enabled` +##### `full_scope_allowed` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -implicitFlowEnabled +fullScopeAllowed -Default value: false +Default value: `true` -##### `direct_access_grants_enabled` +##### `implicit_flow_enabled` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -enabled +implicitFlowEnabled -Default value: true +Default value: `false` -##### `service_accounts_enabled` +##### `login_theme` -Valid values: `true`, `false` +login_theme -serviceAccountsEnabled +Default value: `absent` -Default value: false +##### `optional_client_scopes` -##### `authorization_services_enabled` +optionalClientScopes -Valid values: `true`, `false` +Default value: `[]` -authorizationServicesEnabled +##### `protocol` -Default value: false +Valid values: `openid-connect`, `saml` -##### `public_client` +protocol -Valid values: `true`, `false` +Default value: `openid-connect` -enabled +##### `public_client` -Default value: false +Valid values: ``true``, ``false`` -##### `root_url` +enabled -rootUrl +Default value: `false` ##### `redirect_uris` redirectUris -Default value: [] +Default value: `[]` -##### `base_url` +##### `roles` -baseUrl +roles -##### `web_origins` +Default value: `[]` -webOrigins +##### `root_url` -Default value: [] +rootUrl -##### `login_theme` +##### `service_accounts_enabled` -login_theme +Valid values: ``true``, ``false`` -Default value: absent +serviceAccountsEnabled -##### `access_token_lifespan` +Default value: `false` -access.token.lifespan +##### `standard_flow_enabled` -##### `browser_flow` +Valid values: ``true``, ``false`` -authenticationFlowBindingOverrides.browser (Use flow alias, not ID) +standardFlowEnabled -Default value: absent +Default value: `true` -##### `direct_grant_flow` +##### `web_origins` -authenticationFlowBindingOverrides.direct_grant (Use flow alias, not ID) +webOrigins -Default value: absent +Default value: `[]` -##### `roles` +#### Parameters -roles +The following parameters are available in the `keycloak_client` type. + +##### `client_id` -Default value: [] +clientId. Defaults to `name`. -#### Parameters +##### `id` -The following parameters are available in the `keycloak_client` type. +Id. Defaults to `client_id` ##### `name` namevar The client name -##### `client_id` - -clientId. Defaults to `name`. - -##### `id` +##### `provider` -Id. Defaults to `client_id` +The specific backend to use for this `keycloak_client` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. ##### `realm` realm ##### `secret` secret -### keycloak_client_protocol_mapper +### `keycloak_client_protocol_mapper` Manage Keycloak protocol mappers #### Examples ##### Add email protocol mapper to test.example.com client in realm test ```puppet keycloak_client_protocol_mapper { "email for test.example.com on test": claim_name => 'email', user_attribute => 'email', } ``` #### Properties The following properties are available in the `keycloak_client_protocol_mapper` type. -##### `ensure` - -Valid values: present, absent - -The basic property that the resource should be in. +##### `access_token_claim` -Default value: present +Valid values: ``true``, ``false`` -##### `protocol` +access.token.claim. Default to `true` for `protocol` `openid-connect`. -Valid values: openid-connect, saml +##### `attribute_name` -protocol +attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`. -Default value: openid-connect +##### `attribute_nameformat` -##### `user_attribute` +attribute.nameformat -user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper` +##### `claim_name` -##### `json_type_label` +claim.name -json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`. +##### `ensure` -##### `full_path` +Valid values: `present`, `absent` -Valid values: `true`, `false` +The basic property that the resource should be in. -full.path. Default to `false` for `type` `oidc-group-membership-mapper`. +Default value: `present` ##### `friendly_name` friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`. -##### `attribute_name` - -attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`. +##### `full_path` -##### `claim_name` +Valid values: ``true``, ``false`` -claim.name +full.path. Default to `false` for `type` `oidc-group-membership-mapper`. ##### `id_token_claim` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` id.token.claim. Default to `true` for `protocol` `openid-connect`. -##### `access_token_claim` +##### `included_client_audience` -Valid values: `true`, `false` +included.client.audience Required for `type` of `oidc-audience-mapper` -access.token.claim. Default to `true` for `protocol` `openid-connect`. +##### `json_type_label` -##### `userinfo_token_claim` +json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`. -Valid values: `true`, `false` +##### `protocol` -userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`. +Valid values: `openid-connect`, `saml` -##### `attribute_nameformat` +protocol -attribute.nameformat +Default value: `openid-connect` + +##### `script` + +Script, only valid for `type` of `saml-javascript-mapper`' + +Array values will be joined with newlines. Strings will be kept unchanged. ##### `single` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` single. Default to `false` for `type` `saml-role-list-mapper`. -##### `script` +##### `user_attribute` -Script, only valid for `type` of `saml-javascript-mapper`' +user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper` -Array values will be joined with newlines. Strings will be kept unchanged. +##### `userinfo_token_claim` -##### `included_client_audience` +Valid values: ``true``, ``false`` -included.client.audience Required for `type` of `oidc-audience-mapper` +userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`. #### Parameters The following parameters are available in the `keycloak_client_protocol_mapper` type. -##### `name` - -namevar +##### `client` -The protocol mapper name +client ##### `id` Id. -##### `resource_name` +##### `name` -The protocol mapper name. Defaults to `name`. +namevar -##### `client` +The protocol mapper name -client +##### `provider` + +The specific backend to use for this `keycloak_client_protocol_mapper` resource. You will seldom need to specify this +--- Puppet will usually discover the appropriate provider for your platform. ##### `realm` realm +##### `resource_name` + +The protocol mapper name. Defaults to `name`. + ##### `type` -Valid values: oidc-usermodel-client-role-mapper, oidc-usermodel-property-mapper, oidc-full-name-mapper, oidc-group-membership-mapper, oidc-audience-mapper, saml-user-property-mapper, saml-role-list-mapper +Valid values: `oidc-usermodel-client-role-mapper`, `oidc-usermodel-property-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-user-property-mapper`, `saml-role-list-mapper` protocolMapper. Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and `saml-user-property-mapper` for `protocol` `saml`. -### keycloak_client_scope +### `keycloak_client_scope` Manage Keycloak client scopes #### Examples ##### Define a OpenID Connect client scope in the test realm ```puppet keycloak_client_scope { 'email on test': protocol => 'openid-connect', } ``` #### Properties The following properties are available in the `keycloak_client_scope` type. -##### `ensure` +##### `consent_screen_text` -Valid values: present, absent +consent.screen.text -The basic property that the resource should be in. +##### `display_on_consent_screen` -Default value: present +Valid values: ``true``, ``false`` -##### `protocol` +display.on.consent.screen -Valid values: openid-connect, saml +Default value: `true` -protocol +##### `ensure` -Default value: openid-connect +Valid values: `present`, `absent` -##### `consent_screen_text` +The basic property that the resource should be in. -consent.screen.text +Default value: `present` -##### `display_on_consent_screen` +##### `protocol` -Valid values: `true`, `false` +Valid values: `openid-connect`, `saml` -display.on.consent.screen +protocol -Default value: true +Default value: `openid-connect` #### Parameters The following parameters are available in the `keycloak_client_scope` type. -##### `name` +##### `id` -namevar +Id. Defaults to `resource_name`. -The client scope name +##### `name` -##### `resource_name` +namevar -The client scope name. Defaults to `name`. +The client scope name -##### `id` +##### `provider` -Id. Defaults to `resource_name`. +The specific backend to use for this `keycloak_client_scope` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. ##### `realm` realm -### keycloak_conn_validator +##### `resource_name` + +The client scope name. Defaults to `name`. + +### `keycloak_conn_validator` Verify that a connection can be successfully established between a node and the keycloak server. Its primary use is as a precondition to prevent configuration changes from being applied if the keycloak server cannot be reached, but it could potentially be used for other purposes such as monitoring. #### Properties The following properties are available in the `keycloak_conn_validator` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `keycloak_conn_validator` type. -##### `name` +##### `keycloak_port` -namevar +The port that the keycloak server should be listening on. -An arbitrary name used as the identity of the resource. +Default value: `8080` ##### `keycloak_server` The DNS name or IP address of the server where keycloak should be running. -Default value: localhost +Default value: `localhost` -##### `keycloak_port` - -The port that the keycloak server should be listening on. +##### `name` -Default value: 8080 +namevar -##### `use_ssl` +An arbitrary name used as the identity of the resource. -Whether the connection will be attemped using https +##### `provider` -Default value: `false` +The specific backend to use for this `keycloak_conn_validator` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. ##### `test_url` URL to use for testing if the Keycloak database is up -Default value: /auth/admin/serverinfo +Default value: `/auth/admin/serverinfo` ##### `timeout` -The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; defaults to 15 seconds. +The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; +defaults to 15 seconds. + +Default value: `30` + +##### `use_ssl` + +Whether the connection will be attemped using https -Default value: 30 +Default value: ``false`` -### keycloak_flow +### `keycloak_flow` Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of `flow_alias` if `top_level=false` * `keycloak_flow` of `flow_alias` if other `index` is lower and if `top_level=false` * `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower and if `top_level=false` #### Examples ##### Add custom flow ```puppet keycloak_flow { 'browser-with-duo': ensure => 'present', realm => 'test', } ``` ##### Add a flow execution to existing browser-with-duo flow ```puppet keycloak_flow { 'form-browser-with-duo under browser-with-duo on test': ensure => 'present', index => 2, requirement => 'ALTERNATIVE', top_level => false, } ``` #### Properties The following properties are available in the `keycloak_flow` type. +##### `description` + +description + ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` ##### `index` execution index, only applied to top_level=false, required for top_level=false -##### `description` - -description - ##### `requirement` -Valid values: DISABLED, ALTERNATIVE, REQUIRED, CONDITIONAL, disabled, alternative, required, conditional +Valid values: `DISABLED`, `ALTERNATIVE`, `REQUIRED`, `CONDITIONAL`, `disabled`, `alternative`, `required`, `conditional` requirement, only applied to top_level=false and defaults to DISABLED #### Parameters The following parameters are available in the `keycloak_flow` type. -##### `name` +##### `alias` -namevar +Alias. Default to `name`. -The flow name +##### `flow_alias` + +flowAlias, required for top_level=false ##### `id` Id. Default to `$alias-$realm` when top_level is true. Only applies to top_level=true -##### `alias` - -Alias. Default to `name`. +##### `name` -##### `flow_alias` +namevar -flowAlias, required for top_level=false +The flow name -##### `realm` +##### `provider` -realm +The specific backend to use for this `keycloak_flow` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. ##### `provider_id` -Valid values: basic-flow, form-flow +Valid values: `basic-flow`, `form-flow` providerId -Default value: basic-flow +Default value: `basic-flow` -##### `type` +##### `realm` -sub-flow execution provider, default to `registration-page-form` for top_level=false and does not apply to top_level=true +realm ##### `top_level` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` topLevel -Default value: `true` +Default value: ``true`` -### keycloak_flow_execution +##### `type` + +sub-flow execution provider, default to `registration-page-form` for top_level=false and does not apply to +top_level=true + +### `keycloak_flow_execution` Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of value defined for `flow_alias` * `keycloak_flow` if they share same `flow_alias` value and the other resource `index` is lower * `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower #### Examples ##### Add an execution to a flow ```puppet keycloak_flow_execution { 'auth-cookie under browser-with-duo on test': ensure => 'present', configurable => false, display_name => 'Cookie', index => 0, requirement => 'ALTERNATIVE', } ``` ##### Add an execution to a execution flow that is one level deeper than top level ```puppet keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test': ensure => 'present', configurable => false, display_name => 'Username Password Form', index => 0, requirement => 'REQUIRED', } ``` ##### Add an execution with a configuration ```puppet keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo on test': ensure => 'present', configurable => true, display_name => 'Duo MFA', alias => 'Duo', config => { "duomfa.akey" => "foo-akey", "duomfa.apihost" => "api-foo.duosecurity.com", "duomfa.skey" => "secret", "duomfa.ikey" => "foo-ikey", "duomfa.groups" => "duo" }, requirement => 'REQUIRED', index => 1, } ``` #### Properties The following properties are available in the `keycloak_flow_execution` type. +##### `config` + +execution config + +##### `configurable` + +Valid values: ``true``, ``false`` + +configurable + ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` ##### `index` execution index -##### `configurable` - -Valid values: `true`, `false` - -configurable - ##### `requirement` -Valid values: DISABLED, ALTERNATIVE, REQUIRED, CONDITIONAL, disabled, alternative, required, conditional +Valid values: `DISABLED`, `ALTERNATIVE`, `REQUIRED`, `CONDITIONAL`, `disabled`, `alternative`, `required`, `conditional` requirement -Default value: DISABLED - -##### `config` - -execution config +Default value: `DISABLED` #### Parameters The following parameters are available in the `keycloak_flow_execution` type. -##### `name` - -namevar +##### `alias` -The flow execution name +alias -##### `id` +##### `config_id` -read-only Id +read-only config ID -##### `provider_id` +##### `display_name` -provider +displayName ##### `flow_alias` flowAlias -##### `realm` +##### `id` -realm +read-only Id -##### `display_name` +##### `name` -displayName +namevar -##### `alias` +The flow execution name -alias +##### `provider` -##### `config_id` +The specific backend to use for this `keycloak_flow_execution` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. -read-only config ID +##### `provider_id` + +provider + +##### `realm` + +realm -### keycloak_identity_provider +### `keycloak_identity_provider` Manage Keycloak identity providers #### Examples ##### Add CILogon identity provider to test realm ```puppet keycloak_identity_provider { 'cilogon on test': ensure => 'present', display_name => 'CILogon', provider_id => 'oidc', first_broker_login_flow_alias => 'browser', client_id => 'cilogon:/client_id/foobar', client_secret => 'supersecret', user_info_url => 'https://cilogon.org/oauth2/userinfo', token_url => 'https://cilogon.org/oauth2/token', authorization_url => 'https://cilogon.org/authorize', } ``` #### Properties The following properties are available in the `keycloak_identity_provider` type. -##### `ensure` +##### `add_read_token_role_on_create` -Valid values: present, absent +Valid values: ``true``, ``false`` -The basic property that the resource should be in. +addReadTokenRoleOnCreate -Default value: present +Default value: `false` -##### `display_name` +##### `allowed_clock_skew` -displayName +allowedClockSkew -##### `enabled` +##### `authenticate_by_default` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -enabled +authenticateByDefault -Default value: true +Default value: `false` -##### `update_profile_first_login_mode` +##### `authorization_url` -Valid values: on, off +authorizationUrl -updateProfileFirstLoginMode +##### `backchannel_supported` -Default value: on +Valid values: ``true``, ``false`` -##### `trust_email` +backchannelSupported -Valid values: `true`, `false` +Default value: `false` -trustEmail +##### `client_auth_method` -Default value: false +Valid values: `client_secret_post`, `client_secret_basic`, `client_secret_jwt`, `private_key_jwt` -##### `store_token` +clientAuthMethod -Valid values: `true`, `false` +Default value: `client_secret_post` -storeToken +##### `client_id` -Default value: false +clientId -##### `add_read_token_role_on_create` +##### `client_secret` -Valid values: `true`, `false` +clientSecret -addReadTokenRoleOnCreate +##### `default_scope` -Default value: false +default_scope -##### `authenticate_by_default` +##### `disable_user_info` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -authenticateByDefault +disableUserInfo -Default value: false +Default value: `false` -##### `link_only` +##### `display_name` -Valid values: `true`, `false` +displayName -linkOnly +##### `enabled` -Default value: false +Valid values: ``true``, ``false`` -##### `gui_order` +enabled -guiOrder +Default value: `true` -##### `first_broker_login_flow_alias` +##### `ensure` -firstBrokerLoginFlowAlias +Valid values: `present`, `absent` -Default value: first broker login +The basic property that the resource should be in. -##### `post_broker_login_flow_alias` +Default value: `present` -postBrokerLoginFlowAlias +##### `first_broker_login_flow_alias` -##### `sync_mode` +firstBrokerLoginFlowAlias -Valid values: IMPORT, LEGACY, FORCE +Default value: `first broker login` -syncMode +##### `forward_parameters` + +forwardParameters + +##### `gui_order` -Default value: IMPORT +guiOrder ##### `hide_on_login_page` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` hideOnLoginPage -Default value: false +Default value: `false` -##### `user_info_url` +##### `issuer` -userInfoUrl +issuer -##### `validate_signature` +##### `jwks_url` -Valid values: `true`, `false` +jwksUrl -validateSignature +##### `link_only` -Default value: false +Valid values: ``true``, ``false`` -##### `client_id` +linkOnly -clientId +Default value: `false` -##### `client_secret` +##### `login_hint` -clientSecret +Valid values: ``true``, ``false`` -##### `client_auth_method` +loginHint -Valid values: client_secret_post, client_secret_basic, client_secret_jwt, private_key_jwt +Default value: `false` -clientAuthMethod +##### `logout_url` -Default value: client_secret_post +logoutUrl -##### `token_url` +##### `post_broker_login_flow_alias` -tokenUrl +postBrokerLoginFlowAlias -##### `ui_locales` +##### `prompt` -Valid values: `true`, `false` +Valid values: `none`, `consent`, `login`, `select_account` -uiLocales +prompt -Default value: false +##### `store_token` -##### `backchannel_supported` +Valid values: ``true``, ``false`` -Valid values: `true`, `false` +storeToken -backchannelSupported +Default value: `false` -Default value: false +##### `sync_mode` -##### `use_jwks_url` +Valid values: `IMPORT`, `LEGACY`, `FORCE` -Valid values: `true`, `false` +syncMode -useJwksUrl +Default value: `IMPORT` -Default value: true +##### `token_url` -##### `jwks_url` +tokenUrl -jwksUrl +##### `trust_email` -##### `login_hint` +Valid values: ``true``, ``false`` -Valid values: `true`, `false` +trustEmail -loginHint +Default value: `false` -Default value: false +##### `ui_locales` -##### `authorization_url` +Valid values: ``true``, ``false`` -authorizationUrl +uiLocales -##### `disable_user_info` +Default value: `false` -Valid values: `true`, `false` +##### `update_profile_first_login_mode` -disableUserInfo +Valid values: `on`, `off` -Default value: false +updateProfileFirstLoginMode -##### `logout_url` +Default value: `on` -logoutUrl +##### `use_jwks_url` -##### `issuer` +Valid values: ``true``, ``false`` -issuer +useJwksUrl -##### `default_scope` +Default value: `true` -default_scope +##### `user_info_url` -##### `prompt` +userInfoUrl -Valid values: none, consent, login, select_account +##### `validate_signature` -prompt +Valid values: ``true``, ``false`` -##### `allowed_clock_skew` - -allowedClockSkew - -##### `forward_parameters` +validateSignature -forwardParameters +Default value: `false` #### Parameters The following parameters are available in the `keycloak_identity_provider` type. -##### `name` - -namevar - -The identity provider name - ##### `alias` The identity provider name. Defaults to `name`. ##### `internal_id` internalId. Defaults to "`alias`-`realm`" -##### `realm` +##### `name` -realm +namevar + +The identity provider name + +##### `provider` + +The specific backend to use for this `keycloak_identity_provider` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. ##### `provider_id` -Valid values: oidc, keycloak-oidc +Valid values: `oidc`, `keycloak-oidc` providerId -Default value: oidc +Default value: `oidc` -### keycloak_ldap_mapper +##### `realm` + +realm + +### `keycloak_ldap_mapper` Manage Keycloak LDAP attribute mappers #### Examples ##### Add full name attribute mapping ```puppet keycloak_ldap_mapper { 'full name for LDAP-test on test: ensure => 'present', type => 'full-name-ldap-mapper', ldap_attribute => 'gecos', } ``` #### Properties The following properties are available in the `keycloak_ldap_mapper` type. -##### `ensure` - -Valid values: present, absent - -The basic property that the resource should be in. - -Default value: present - -##### `ldap_attribute` - -ldap.attribute - -##### `user_model_attribute` - -user.model.attribute - -##### `is_mandatory_in_ldap` - -is.mandatory.in.ldap. Defaults to `false` unless `type` is `full-name-ldap-mapper`. - ##### `always_read_value_from_ldap` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` always.read.value.from.ldap. Defaults to `true` if `type` is `user-attribute-ldap-mapper`. -##### `read_only` +##### `client_id` -Valid values: `true`, `false` +client.id, only for `type` of `role-ldap-mapper` -read.only +##### `drop_non_existing_groups_during_sync` -##### `write_only` +Valid values: ``true``, ``false`` -Valid values: `true`, `false` +drop.non.existing.groups.during.sync, only for `type` of `group-ldap-mapper` -write.only. Defaults to `false` if `type` is `full-name-ldap-mapper`. +##### `ensure` -##### `mode` +Valid values: `present`, `absent` -Valid values: READ_ONLY, LDAP_ONLY +The basic property that the resource should be in. -mode, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +Default value: `present` -##### `membership_attribute_type` +##### `group_name_ldap_attribute` -Valid values: DN, UID +group.name.ldap.attribute, only for `type` of `group-ldap-mapper` -membership.attribute.type, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +##### `group_object_classes` -##### `user_roles_retrieve_strategy` +group.object.classes, only for `type` of `group-ldap-mapper` -Valid values: LOAD_GROUPS_BY_MEMBER_ATTRIBUTE, GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE, LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY, LOAD_ROLES_BY_MEMBER_ATTRIBUTE, GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE, LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY +##### `groups_dn` -user.roles.retrieve.strategy, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +groups.dn, only for `type` of `group-ldap-mapper` -##### `group_name_ldap_attribute` +##### `groups_ldap_filter` -group.name.ldap.attribute, only for `type` of `group-ldap-mapper` +groups.ldap.filter, only for `type` of `group-ldap-mapper` ##### `ignore_missing_groups` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` ignore.missing.groups, only for `type` of `group-ldap-mapper` -##### `membership_user_ldap_attribute` +##### `is_mandatory_in_ldap` -membership.user.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +is.mandatory.in.ldap. Defaults to `false` unless `type` is `full-name-ldap-mapper`. -##### `membership_ldap_attribute` +##### `ldap_attribute` -membership.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +ldap.attribute -##### `preserve_group_inheritance` +##### `mapped_group_attributes` -Valid values: `true`, `false` +mapped.group.attributes, only for `type` of `group-ldap-mapper` -preserve.group.inheritance, only for `type` of `group-ldap-mapper` +##### `memberof_ldap_attribute` -##### `groups_dn` +memberof.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` -groups.dn, only for `type` of `group-ldap-mapper` +##### `membership_attribute_type` -##### `mapped_group_attributes` +Valid values: `DN`, `UID` -mapped.group.attributes, only for `type` of `group-ldap-mapper` +membership.attribute.type, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` -##### `groups_ldap_filter` +##### `membership_ldap_attribute` -groups.ldap.filter, only for `type` of `group-ldap-mapper` +membership.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` -##### `memberof_ldap_attribute` +##### `membership_user_ldap_attribute` -memberof.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` +membership.user.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` -##### `group_object_classes` +##### `mode` -group.object.classes, only for `type` of `group-ldap-mapper` +Valid values: `READ_ONLY`, `LDAP_ONLY` -##### `drop_non_existing_groups_during_sync` +mode, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` -Valid values: `true`, `false` +##### `preserve_group_inheritance` -drop.non.existing.groups.during.sync, only for `type` of `group-ldap-mapper` +Valid values: ``true``, ``false`` -##### `roles_dn` +preserve.group.inheritance, only for `type` of `group-ldap-mapper` -roles.dn, only for `type` of `role-ldap-mapper` +##### `read_only` + +Valid values: ``true``, ``false`` + +read.only ##### `role_name_ldap_attribute` role.name.ldap.attribute, only for `type` of `role-ldap-mapper` ##### `role_object_classes` role.object.classes, only for `type` of `role-ldap-mapper` +##### `roles_dn` + +roles.dn, only for `type` of `role-ldap-mapper` + ##### `roles_ldap_filter` roles.ldap.filter, only for `type` of `role-ldap-mapper` ##### `use_realm_roles_mapping` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` use.realm.roles.mapping, only for `type` of `role-ldap-mapper` -##### `client_id` +##### `user_model_attribute` -client.id, only for `type` of `role-ldap-mapper` +user.model.attribute + +##### `user_roles_retrieve_strategy` + +Valid values: `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`, `LOAD_ROLES_BY_MEMBER_ATTRIBUTE`, `GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE`, `LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY` + +user.roles.retrieve.strategy, only for `type` of `group-ldap-mapper` and `role-ldap-mapper` + +##### `write_only` + +Valid values: ``true``, ``false`` + +write.only. Defaults to `false` if `type` is `full-name-ldap-mapper`. #### Parameters The following parameters are available in the `keycloak_ldap_mapper` type. +##### `id` + +Id. + +##### `ldap` + +parentId + ##### `name` namevar The LDAP mapper name -##### `id` +##### `provider` -Id. +The specific backend to use for this `keycloak_ldap_mapper` resource. You will seldom need to specify this --- Puppet +will usually discover the appropriate provider for your platform. + +##### `realm` + +realm ##### `resource_name` The LDAP mapper name. Defaults to `name` ##### `type` -Valid values: user-attribute-ldap-mapper, full-name-ldap-mapper, group-ldap-mapper, role-ldap-mapper +Valid values: `user-attribute-ldap-mapper`, `full-name-ldap-mapper`, `group-ldap-mapper`, `role-ldap-mapper` providerId -Default value: user-attribute-ldap-mapper - -##### `realm` - -realm - -##### `ldap` +Default value: `user-attribute-ldap-mapper` -parentId - -### keycloak_ldap_user_provider +### `keycloak_ldap_user_provider` Manage Keycloak LDAP user providers #### Examples ##### Add LDAP user provider to test realm ```puppet keycloak_ldap_user_provider { 'LDAP on test': ensure => 'present', users_dn => 'ou=People,dc=example,dc=com', connection_url => 'ldaps://ldap1.example.com:636 ldaps://ldap2.example.com:636', import_enabled => false, use_truststore_spi => 'never', } ``` #### Properties The following properties are available in the `keycloak_ldap_user_provider` type. -##### `ensure` +##### `auth_type` -Valid values: present, absent +Valid values: `none`, `simple` -The basic property that the resource should be in. +authType -Default value: present +Default value: `none` -##### `enabled` +##### `batch_size_for_sync` -Valid values: `true`, `false` +batchSizeForSync -enabled +Default value: `1000` -Default value: true +##### `bind_credential` -##### `auth_type` +bindCredential -Valid values: none, simple +##### `bind_dn` -authType +bindDn -Default value: none +##### `changed_sync_period` -##### `edit_mode` +changedSyncPeriod -Valid values: READ_ONLY, WRITABLE, UNSYNCED +Default value: `-1` -editMode +##### `connection_url` -Default value: READ_ONLY +connectionUrl -##### `vendor` +##### `custom_user_search_filter` -Valid values: ad, rhds, tivoli, eDirectory, other +Valid values: `%r{.*}`, `absent` -vendor +customUserSearchFilter -Default value: other +Default value: `absent` -##### `use_truststore_spi` +##### `edit_mode` -Valid values: always, ldapsOnly, never +Valid values: `READ_ONLY`, `WRITABLE`, `UNSYNCED` -useTruststoreSpi +editMode -Default value: ldapsOnly +Default value: `READ_ONLY` -##### `users_dn` +##### `enabled` -usersDn +Valid values: ``true``, ``false`` -##### `connection_url` +enabled -connectionUrl +Default value: `true` -##### `priority` +##### `ensure` -priority +Valid values: `present`, `absent` -Default value: 0 +The basic property that the resource should be in. -##### `batch_size_for_sync` +Default value: `present` -batchSizeForSync +##### `full_sync_period` -Default value: 1000 +fullSyncPeriod -##### `username_ldap_attribute` +Default value: `-1` -usernameLdapAttribute +##### `import_enabled` -Default value: uid +Valid values: ``true``, ``false`` -##### `rdn_ldap_attribute` +importEnabled -rdnLdapAttribute +Default value: `true` -Default value: uid +##### `priority` -##### `uuid_ldap_attribute` +priority -uuidLdapAttribute +Default value: `0` -Default value: entryUUID +##### `rdn_ldap_attribute` -##### `bind_dn` +rdnLdapAttribute -bindDn +Default value: `uid` -##### `bind_credential` +##### `search_scope` -bindCredential +Valid values: `one`, `one_level`, `subtree`, `1`, `2`, `1`, `2` -##### `import_enabled` +searchScope -Valid values: `true`, `false` +##### `trust_email` -importEnabled +Valid values: ``true``, ``false`` -Default value: true +trustEmail + +Default value: `false` ##### `use_kerberos_for_password_authentication` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` useKerberosForPasswordAuthentication -##### `user_object_classes` - -userObjectClasses +##### `use_truststore_spi` -Default value: ['inetOrgPerson', 'organizationalPerson'] +Valid values: `always`, `ldapsOnly`, `never` -##### `search_scope` +useTruststoreSpi -Valid values: one, one_level, subtree, 1, 2, 1, 2 +Default value: `ldapsOnly` -searchScope +##### `user_object_classes` -##### `custom_user_search_filter` +userObjectClasses -Valid values: %r{.*}, absent +Default value: `['inetOrgPerson', 'organizationalPerson']` -customUserSearchFilter +##### `username_ldap_attribute` -Default value: absent +usernameLdapAttribute -##### `trust_email` +Default value: `uid` -Valid values: `true`, `false` +##### `users_dn` -trustEmail +usersDn -Default value: false +##### `uuid_ldap_attribute` -##### `full_sync_period` +uuidLdapAttribute -fullSyncPeriod +Default value: `entryUUID` -Default value: -1 +##### `vendor` -##### `changed_sync_period` +Valid values: `ad`, `rhds`, `tivoli`, `eDirectory`, `other` -changedSyncPeriod +vendor -Default value: -1 +Default value: `other` #### Parameters The following parameters are available in the `keycloak_ldap_user_provider` type. +##### `id` + +Id. Defaults to "`resource_name`-`realm`" + ##### `name` namevar The LDAP user provider name -##### `resource_name` - -The LDAP user provider name. Defaults to `name`. - -##### `id` +##### `provider` -Id. Defaults to "`resource_name`-`realm`" +The specific backend to use for this `keycloak_ldap_user_provider` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. ##### `realm` parentId -### keycloak_protocol_mapper +##### `resource_name` + +The LDAP user provider name. Defaults to `name`. + +### `keycloak_protocol_mapper` Manage Keycloak client scope protocol mappers #### Examples ##### Add email protocol mapper to oidc-client client scope in realm test ```puppet keycloak_protocol_mapper { "email for oidc-clients on test": claim_name => 'email', user_attribute => 'email', } ``` #### Properties The following properties are available in the `keycloak_protocol_mapper` type. -##### `ensure` - -Valid values: present, absent - -The basic property that the resource should be in. +##### `access_token_claim` -Default value: present +Valid values: ``true``, ``false`` -##### `protocol` +access.token.claim. Default to `true` for `protocol` `openid-connect`. -Valid values: openid-connect, saml +##### `attribute_name` -protocol +attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`. -Default value: openid-connect +##### `attribute_nameformat` -##### `user_attribute` +attribute.nameformat -user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper` +##### `claim_name` -##### `json_type_label` +claim.name -json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`. +##### `ensure` -##### `full_path` +Valid values: `present`, `absent` -Valid values: `true`, `false` +The basic property that the resource should be in. -full.path. Default to `false` for `type` `oidc-group-membership-mapper`. +Default value: `present` ##### `friendly_name` friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`. -##### `attribute_name` - -attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`. +##### `full_path` -##### `claim_name` +Valid values: ``true``, ``false`` -claim.name +full.path. Default to `false` for `type` `oidc-group-membership-mapper`. ##### `id_token_claim` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` id.token.claim. Default to `true` for `protocol` `openid-connect`. -##### `access_token_claim` +##### `included_client_audience` -Valid values: `true`, `false` +included.client.audience Required for `type` of `oidc-audience-mapper` -access.token.claim. Default to `true` for `protocol` `openid-connect`. +##### `json_type_label` -##### `userinfo_token_claim` +json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`. -Valid values: `true`, `false` +##### `protocol` -userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`. +Valid values: `openid-connect`, `saml` -##### `attribute_nameformat` +protocol -attribute.nameformat +Default value: `openid-connect` + +##### `script` + +Script, only valid for `type` of `saml-javascript-mapper`' + +Array values will be joined with newlines. Strings will be kept unchanged. ##### `single` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` single. Default to `false` for `type` `saml-role-list-mapper` or `saml-javascript-mapper`. -##### `script` +##### `user_attribute` -Script, only valid for `type` of `saml-javascript-mapper`' +user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper` -Array values will be joined with newlines. Strings will be kept unchanged. +##### `userinfo_token_claim` -##### `included_client_audience` +Valid values: ``true``, ``false`` -included.client.audience Required for `type` of `oidc-audience-mapper` +userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`. #### Parameters The following parameters are available in the `keycloak_protocol_mapper` type. -##### `name` - -namevar +##### `client_scope` -The protocol mapper name +client scope ##### `id` Id. -##### `resource_name` +##### `name` -The protocol mapper name. Defaults to `name`. +namevar -##### `client_scope` +The protocol mapper name -client scope +##### `provider` + +The specific backend to use for this `keycloak_protocol_mapper` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. ##### `realm` realm +##### `resource_name` + +The protocol mapper name. Defaults to `name`. + ##### `type` -Valid values: oidc-usermodel-property-mapper, oidc-usermodel-attribute-mapper, oidc-full-name-mapper, oidc-group-membership-mapper, oidc-audience-mapper, saml-group-membership-mapper, saml-user-property-mapper, saml-role-list-mapper +Valid values: `oidc-usermodel-property-mapper`, `oidc-usermodel-attribute-mapper`, `oidc-full-name-mapper`, `oidc-group-membership-mapper`, `oidc-audience-mapper`, `saml-group-membership-mapper`, `saml-user-property-mapper`, `saml-role-list-mapper` protocolMapper. Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and `saml-user-property-mapper` for `protocol` `saml`. -### keycloak_realm +### `keycloak_realm` Manage Keycloak realms #### Examples ##### Add a realm with a custom theme ```puppet keycloak_realm { 'test': ensure => 'present', remember_me => true, login_with_email_allowed => false, login_theme => 'my_theme', } ``` #### Properties The following properties are available in the `keycloak_realm` type. -##### `ensure` - -Valid values: present, absent - -The basic property that the resource should be in. - -Default value: present +##### `access_code_lifespan` -##### `display_name` +accessCodeLifespan -displayName +##### `access_code_lifespan_user_action` -##### `display_name_html` +accessCodeLifespanUserAction -displayNameHtml +##### `access_token_lifespan` -##### `login_theme` +accessTokenLifespan -loginTheme +##### `access_token_lifespan_for_implicit_flow` -Default value: keycloak +accessTokenLifespanForImplicitFlow ##### `account_theme` accountTheme -Default value: keycloak - -##### `admin_theme` - -adminTheme - -Default value: keycloak +Default value: `keycloak` -##### `email_theme` - -emailTheme +##### `admin_events_details_enabled` -Default value: keycloak +Valid values: ``true``, ``false`` -##### `internationalization_enabled` +adminEventsDetailsEnabled -Valid values: `true`, `false` +Default value: `false` -internationalizationEnabled +##### `admin_events_enabled` -Default value: false +Valid values: ``true``, ``false`` -##### `sso_session_idle_timeout_remember_me` +adminEventsEnabled -ssoSessionIdleTimeoutRememberMe +Default value: `false` -##### `sso_session_max_lifespan_remember_me` +##### `admin_theme` -ssoSessionMaxLifespanRememberMe +adminTheme -##### `sso_session_idle_timeout` +Default value: `keycloak` -ssoSessionIdleTimeout +##### `browser_flow` -##### `sso_session_max_lifespan` +browserFlow -ssoSessionMaxLifespan +Default value: `browser` -##### `access_code_lifespan` +##### `brute_force_protected` -accessCodeLifespan +Valid values: ``true``, ``false`` -##### `access_code_lifespan_user_action` +bruteForceProtected -accessCodeLifespanUserAction +##### `client_authentication_flow` -##### `access_token_lifespan` +clientAuthenticationFlow -accessTokenLifespan +Default value: `clients` -##### `access_token_lifespan_for_implicit_flow` +##### `content_security_policy` -accessTokenLifespanForImplicitFlow +contentSecurityPolicy -##### `enabled` +Default value: `frame-src 'self'; frame-ancestors 'self'; object-src 'none';` -Valid values: `true`, `false` +##### `default_client_scopes` -enabled +Default Client Scopes -Default value: true +##### `direct_grant_flow` -##### `remember_me` +directGrantFlow -Valid values: `true`, `false` +Default value: `direct grant` -rememberMe +##### `display_name` -Default value: false +displayName -##### `registration_allowed` +##### `display_name_html` -Valid values: `true`, `false` +displayNameHtml -registrationAllowed +##### `docker_authentication_flow` -Default value: false +dockerAuthenticationFlow -##### `login_with_email_allowed` +Default value: `docker auth` -Valid values: `true`, `false` +##### `email_theme` -loginWithEmailAllowed +emailTheme -Default value: true +Default value: `keycloak` -##### `reset_password_allowed` +##### `enabled` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -resetPasswordAllowed +enabled -Default value: false +Default value: `true` -##### `verify_email` +##### `ensure` -Valid values: `true`, `false` +Valid values: `present`, `absent` -verifyEmail +The basic property that the resource should be in. -Default value: false +Default value: `present` -##### `browser_flow` +##### `events_enabled` -browserFlow +Valid values: ``true``, ``false`` -Default value: browser +eventsEnabled -##### `registration_flow` +Default value: `false` -registrationFlow +##### `events_expiration` -Default value: registration +eventsExpiration -##### `direct_grant_flow` +##### `events_listeners` -directGrantFlow +eventsListeners -Default value: direct grant +Default value: `['jboss-logging']` -##### `reset_credentials_flow` +##### `internationalization_enabled` -resetCredentialsFlow +Valid values: ``true``, ``false`` -Default value: reset credentials +internationalizationEnabled -##### `client_authentication_flow` +Default value: `false` -clientAuthenticationFlow +##### `login_theme` -Default value: clients +loginTheme -##### `docker_authentication_flow` +Default value: `keycloak` -dockerAuthenticationFlow +##### `login_with_email_allowed` -Default value: docker auth +Valid values: ``true``, ``false`` -##### `default_client_scopes` +loginWithEmailAllowed -Default Client Scopes +Default value: `true` ##### `optional_client_scopes` Optional Client Scopes -##### `supported_locales` +##### `registration_allowed` -Supported Locales +Valid values: ``true``, ``false`` -##### `content_security_policy` +registrationAllowed -contentSecurityPolicy +Default value: `false` -Default value: frame-src 'self'; frame-ancestors 'self'; object-src 'none'; +##### `registration_flow` -##### `events_enabled` +registrationFlow -Valid values: `true`, `false` +Default value: `registration` -eventsEnabled +##### `remember_me` -Default value: false +Valid values: ``true``, ``false`` -##### `events_expiration` +rememberMe -eventsExpiration +Default value: `false` -##### `events_listeners` +##### `reset_credentials_flow` -eventsListeners +resetCredentialsFlow -Default value: ['jboss-logging'] +Default value: `reset credentials` -##### `admin_events_enabled` +##### `reset_password_allowed` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` -adminEventsEnabled +resetPasswordAllowed -Default value: false +Default value: `false` -##### `admin_events_details_enabled` +##### `roles` -Valid values: `true`, `false` +roles -adminEventsDetailsEnabled +Default value: `['offline_access', 'uma_authorization']` -Default value: false +##### `smtp_server_auth` -##### `smtp_server_user` +Valid values: ``true``, ``false`` -smtpServer user +smtpServer auth -##### `smtp_server_password` +##### `smtp_server_envelope_from` -smtpServer password +smtpServer envelope_from + +##### `smtp_server_from` + +smtpServer from + +##### `smtp_server_from_display_name` + +smtpServer fromDisplayName ##### `smtp_server_host` smtpServer host -##### `smtp_server_port` +##### `smtp_server_password` -smtpServer port +smtpServer password -##### `smtp_server_auth` +##### `smtp_server_port` -Valid values: `true`, `false` +smtpServer port -smtpServer auth +##### `smtp_server_reply_to` -##### `smtp_server_starttls` +smtpServer replyto -Valid values: `true`, `false` +##### `smtp_server_reply_to_display_name` -smtpServer starttls +smtpServer replyToDisplayName ##### `smtp_server_ssl` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` smtpServer ssl -##### `smtp_server_from` +##### `smtp_server_starttls` -smtpServer from +Valid values: ``true``, ``false`` -##### `smtp_server_envelope_from` +smtpServer starttls -smtpServer envelope_from +##### `smtp_server_user` -##### `smtp_server_from_display_name` +smtpServer user -smtpServer fromDisplayName +##### `sso_session_idle_timeout` -##### `smtp_server_reply_to` +ssoSessionIdleTimeout -smtpServer replyto +##### `sso_session_idle_timeout_remember_me` -##### `smtp_server_reply_to_display_name` +ssoSessionIdleTimeoutRememberMe -smtpServer replyToDisplayName +##### `sso_session_max_lifespan` -##### `brute_force_protected` +ssoSessionMaxLifespan -Valid values: `true`, `false` +##### `sso_session_max_lifespan_remember_me` -bruteForceProtected +ssoSessionMaxLifespanRememberMe -##### `roles` +##### `supported_locales` -roles +Supported Locales + +##### `verify_email` + +Valid values: ``true``, ``false`` -Default value: ['offline_access', 'uma_authorization'] +verifyEmail + +Default value: `false` #### Parameters The following parameters are available in the `keycloak_realm` type. +##### `id` + +Id. Default to `name`. + ##### `name` namevar The realm name -##### `id` +##### `provider` -Id. Default to `name`. +The specific backend to use for this `keycloak_realm` resource. You will seldom need to specify this --- Puppet will +usually discover the appropriate provider for your platform. -### keycloak_required_action +### `keycloak_required_action` Manage Keycloak required actions #### Examples ##### Enable Webauthn Register and make it default ```puppet keycloak_required_action { 'webauthn-register on master': ensure => present, provider_id => 'webauthn-register', display_name => 'Webauthn Register', default => true, enabled => true, priority => 1, config => { 'something' => 'true', # keep in mind that keycloak only supports strings for both keys and values 'smth else' => '1', }, alias => 'webauthn', } @example Minimal example to enable email verification without making it default keycloak_required_action { 'VERIFY_EMAIL on master': ensure => present, provider_id => 'webauthn-register', } ``` #### Properties The following properties are available in the `keycloak_required_action` type. -##### `ensure` +##### `alias` + +Alias. Default to `provider_id`. -Valid values: present, absent +##### `config` -The basic property that the resource should be in. +Required action config -Default value: present +##### `default` + +Valid values: ``true``, ``false`` + +If the required action is a default one. Default to false + +Default value: `false` ##### `display_name` Displayed name. Default to `provider_id` ##### `enabled` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` If the required action is enabled. Default to true. -Default value: true - -##### `alias` - -Alias. Default to `provider_id`. +Default value: `true` -##### `default` +##### `ensure` -Valid values: `true`, `false` +Valid values: `present`, `absent` -If the required action is a default one. Default to false +The basic property that the resource should be in. -Default value: false +Default value: `present` ##### `priority` Required action priority -##### `config` - -Required action config - #### Parameters The following parameters are available in the `keycloak_required_action` type. ##### `name` namevar The required action name -##### `realm` +##### `provider` -realm +The specific backend to use for this `keycloak_required_action` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. ##### `provider_id` providerId of the required action -### keycloak_resource_validator +##### `realm` + +realm + +### `keycloak_resource_validator` Verify that a specific Keycloak resource is available #### Properties The following properties are available in the `keycloak_resource_validator` type. ##### `ensure` -Valid values: present, absent +Valid values: `present`, `absent` The basic property that the resource should be in. -Default value: present +Default value: `present` #### Parameters The following parameters are available in the `keycloak_resource_validator` type. ##### `name` namevar An arbitrary name used as the identity of the resource. -##### `test_url` +##### `provider` -URL to use for testing if the Keycloak database is up +The specific backend to use for this `keycloak_resource_validator` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. + +##### `realm` + +Realm to query ##### `test_key` Key to lookup -##### `test_value` +##### `test_url` -Value to lookup +URL to use for testing if the Keycloak database is up -##### `realm` +##### `test_value` -Realm to query +Value to lookup ##### `timeout` -The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; defaults to 15 seconds. +The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; +defaults to 15 seconds. -Default value: 30 +Default value: `30` -### keycloak_sssd_user_provider +### `keycloak_sssd_user_provider` Manage Keycloak SSSD user providers #### Examples ##### Add SSSD user provider to test realm ```puppet keycloak_sssd_user_provider { 'SSSD on test': ensure => 'present', } ``` #### Properties The following properties are available in the `keycloak_sssd_user_provider` type. -##### `ensure` +##### `cache_policy` -Valid values: present, absent +Valid values: `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, `NO_CACHE` -The basic property that the resource should be in. +cachePolicy -Default value: present +Default value: `DEFAULT` ##### `enabled` -Valid values: `true`, `false` +Valid values: ``true``, ``false`` enabled -Default value: true - -##### `priority` - -priority - -Default value: 0 +Default value: `true` -##### `cache_policy` +##### `ensure` -Valid values: DEFAULT, EVICT_DAILY, EVICT_WEEKLY, MAX_LIFESPAN, NO_CACHE +Valid values: `present`, `absent` -cachePolicy +The basic property that the resource should be in. -Default value: DEFAULT +Default value: `present` ##### `eviction_day` evictionDay ##### `eviction_hour` evictionHour ##### `eviction_minute` evictionMinute ##### `max_lifespan` maxLifespan +##### `priority` + +priority + +Default value: `0` + #### Parameters The following parameters are available in the `keycloak_sssd_user_provider` type. +##### `id` + +Id. Defaults to "`resource_name`-`realm`" + ##### `name` namevar The SSSD user provider name -##### `resource_name` - -The SSSD user provider name. Defaults to `name`. - -##### `id` +##### `provider` -Id. Defaults to "`resource_name`-`realm`" +The specific backend to use for this `keycloak_sssd_user_provider` resource. You will seldom need to specify this --- +Puppet will usually discover the appropriate provider for your platform. ##### `realm` parentId +##### `resource_name` + +The SSSD user provider name. Defaults to `name`. + diff --git a/metadata.json b/metadata.json index 88e4c39..daa4b86 100644 --- a/metadata.json +++ b/metadata.json @@ -1,85 +1,85 @@ { "name": "treydock-keycloak", - "version": "6.24.0", + "version": "6.25.0", "author": "treydock", "summary": "Keycloak Puppet module", "license": "Apache-2.0", "source": "https://github.com/treydock/puppet-module-keycloak", "project_page": "https://github.com/treydock/puppet-module-keycloak", "issues_url": "https://github.com/treydock/puppet-module-keycloak/issues", "dependencies": [ { "name": "puppetlabs/stdlib", "version_requirement": ">= 4.25.0 <7.0.0" }, { "name": "puppetlabs/mysql", "version_requirement": ">= 10.2.0 <11.0.0" }, { "name": "puppetlabs/postgresql", "version_requirement": ">= 6.4.0 <7.0.0" }, { "name": "puppetlabs/java", "version_requirement": ">= 5.0.0 <7.0.0" }, { "name": "puppetlabs/java_ks", "version_requirement": ">= 1.0.0 <4.0.0" }, { "name": "puppet/archive", "version_requirement": ">= 0.5.1 <5.0.0" }, { "name": "camptocamp/systemd", "version_requirement": ">= 0.4.0 <3.0.0" } ], "operatingsystem_support": [ { "operatingsystem": "RedHat", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Scientific", "operatingsystemrelease": [ "7", "8" ] }, { "operatingsystem": "Debian", "operatingsystemrelease": [ "9", "10" ] }, { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "18.04" ] } ], "requirements": [ { "name": "puppet", "version_requirement": ">= 5.0.0 < 7.0.0" } ], "pdk-version": "1.17.0", "template-url": "https://github.com/treydock/pdk-templates.git#master", "template-ref": "heads/master-0-g1f52e6d" }