Page MenuHomeSoftware Heritage
Files F9696027

No OneTemporary
Actions

View Options

diff --git a/CHANGELOG.md b/CHANGELOG.md
index afb3f93..8889809 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,606 +1,615 @@
# Change log
All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
+## [v6.19.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.19.0) (2020-10-07)
+
+[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.18.0...v6.19.0)
+
+### Added
+
+- Enable roles management at realm and client level [\#164](https://github.com/treydock/puppet-module-keycloak/pull/164) ([anlambert](https://github.com/anlambert))
+- Add more realm login related properties [\#163](https://github.com/treydock/puppet-module-keycloak/pull/163) ([anlambert](https://github.com/anlambert))
+
## [v6.18.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.18.0) (2020-09-25)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.17.0...v6.18.0)
### Added
- Support flow overrides on clients [\#161](https://github.com/treydock/puppet-module-keycloak/pull/161) ([treydock](https://github.com/treydock))
- Add registration\_allowed to keycloak\_realm [\#160](https://github.com/treydock/puppet-module-keycloak/pull/160) ([anlambert](https://github.com/anlambert))
- Have realms and identity providers auto require their configured flows [\#159](https://github.com/treydock/puppet-module-keycloak/pull/159) ([treydock](https://github.com/treydock))
### Fixed
- Realm can not depend on flow that depends on realm [\#162](https://github.com/treydock/puppet-module-keycloak/pull/162) ([treydock](https://github.com/treydock))
## [v6.17.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.17.0) (2020-09-24)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.16.0...v6.17.0)
### Added
- Improved unit and acceptance tests for recent changes [\#158](https://github.com/treydock/puppet-module-keycloak/pull/158) ([treydock](https://github.com/treydock))
- add bruteForceProtected [\#157](https://github.com/treydock/puppet-module-keycloak/pull/157) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- add trustEmail [\#156](https://github.com/treydock/puppet-module-keycloak/pull/156) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- add keycloak-oidc providerid and other new parameters [\#155](https://github.com/treydock/puppet-module-keycloak/pull/155) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
## [v6.16.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.16.0) (2020-08-21)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.15.0...v6.16.0)
### Added
- Added a parameter to control if the managed user is a system user [\#152](https://github.com/treydock/puppet-module-keycloak/pull/152) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.15.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.15.0) (2020-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.14.0...v6.15.0)
### Added
- add resources [\#151](https://github.com/treydock/puppet-module-keycloak/pull/151) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
## [v6.14.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.14.0) (2020-08-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.1...v6.14.0)
### Added
- add proxy-address-forwarding for https-listener [\#149](https://github.com/treydock/puppet-module-keycloak/pull/149) ([aba-rechsteiner](https://github.com/aba-rechsteiner))
- Add support for required actions [\#148](https://github.com/treydock/puppet-module-keycloak/pull/148) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.13.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.1) (2020-08-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.13.0...v6.13.1)
### Fixed
- Explicitly specifies what user to use with the admin generation script [\#146](https://github.com/treydock/puppet-module-keycloak/pull/146) ([ZloeSabo](https://github.com/ZloeSabo))
## [v6.13.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.13.0) (2020-07-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.12.0...v6.13.0)
### Added
- Concat custom code fragment to config.cli [\#145](https://github.com/treydock/puppet-module-keycloak/pull/145) ([danifr](https://github.com/danifr))
- Update usage of deprecated function postgresql\_password [\#143](https://github.com/treydock/puppet-module-keycloak/pull/143) ([Karlinde](https://github.com/Karlinde))
## [v6.12.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.12.0) (2020-07-02)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.11.0...v6.12.0)
### Added
- Emit warning if configured theme does not exist [\#140](https://github.com/treydock/puppet-module-keycloak/pull/140) ([treydock](https://github.com/treydock))
- Add support for JGroups JDBC\_PING mode in clustered mode [\#139](https://github.com/treydock/puppet-module-keycloak/pull/139) ([danifr](https://github.com/danifr))
### UNCATEGORIZED PRS; GO LABEL THEM
- Remove outdated line in class documentation [\#137](https://github.com/treydock/puppet-module-keycloak/pull/137) ([danifr](https://github.com/danifr))
## [v6.11.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.11.0) (2020-05-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.10.0...v6.11.0)
### Added
- PDK update and test Keycloak 10.0.1 [\#133](https://github.com/treydock/puppet-module-keycloak/pull/133) ([treydock](https://github.com/treydock))
### UNCATEGORIZED PRS; GO LABEL THEM
- Add support for defining smtpServer from realms [\#131](https://github.com/treydock/puppet-module-keycloak/pull/131) ([mattock](https://github.com/mattock))
- Allow enabling/disabling client authorization services [\#127](https://github.com/treydock/puppet-module-keycloak/pull/127) ([mattock](https://github.com/mattock))
## [v6.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.10.0) (2020-03-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.9.0...v6.10.0)
### Added
- Add support and tests for Keycloak 9.0.0 [\#128](https://github.com/treydock/puppet-module-keycloak/pull/128) ([treydock](https://github.com/treydock))
## [v6.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.9.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.8.0...v6.9.0)
### Added
- Add access\_token\_lifespan to keycloak\_realm [\#126](https://github.com/treydock/puppet-module-keycloak/pull/126) ([treydock](https://github.com/treydock))
## [v6.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.8.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.7.0...v6.8.0)
### Added
- Add access\_code\_lifespan to keycloak\_realm [\#125](https://github.com/treydock/puppet-module-keycloak/pull/125) ([treydock](https://github.com/treydock))
## [v6.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.7.0) (2020-02-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.6.0...v6.7.0)
### Added
- Add sso\_session\_idle\_timeout and sso\_session\_max\_lifespan to keycloak\_realm [\#124](https://github.com/treydock/puppet-module-keycloak/pull/124) ([treydock](https://github.com/treydock))
## [v6.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.6.0) (2020-02-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.5.0...v6.6.0)
### Added
- Support oidc-audience-mapper protocol mapper [\#122](https://github.com/treydock/puppet-module-keycloak/pull/122) ([treydock](https://github.com/treydock))
## [v6.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.5.0) (2020-02-07)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.1...v6.5.0)
### Added
- Add root\_url and base\_url properties to keycloak\_client [\#121](https://github.com/treydock/puppet-module-keycloak/pull/121) ([treydock](https://github.com/treydock))
- Allow enabling/disabling realm internationalization [\#119](https://github.com/treydock/puppet-module-keycloak/pull/119) ([mattock](https://github.com/mattock))
## [v6.4.1](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.1) (2020-02-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.4.0...v6.4.1)
### Fixed
- type/keycloak\_api: Set install\_dir default on /opt/keycloak [\#120](https://github.com/treydock/puppet-module-keycloak/pull/120) ([tcassaert](https://github.com/tcassaert))
## [v6.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.4.0) (2020-02-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.3.0...v6.4.0)
### Added
- Support oidc-group-membership-mapper protocol mapper type [\#118](https://github.com/treydock/puppet-module-keycloak/pull/118) ([treydock](https://github.com/treydock))
## [v6.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.3.0) (2020-01-16)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.2.0...v6.3.0)
### Added
- Add client\_auth\_method property to keycloak\_identity\_provider [\#117](https://github.com/treydock/puppet-module-keycloak/pull/117) ([treydock](https://github.com/treydock))
## [v6.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.2.0) (2020-01-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.1.0...v6.2.0)
### Added
- Support managing authentication flows [\#115](https://github.com/treydock/puppet-module-keycloak/pull/115) ([treydock](https://github.com/treydock))
- Support disabling the user cache [\#114](https://github.com/treydock/puppet-module-keycloak/pull/114) ([treydock](https://github.com/treydock))
- Support Keycloak SPI deployments [\#113](https://github.com/treydock/puppet-module-keycloak/pull/113) ([treydock](https://github.com/treydock))
- Add content\_security\_policy to keycloak\_realm [\#112](https://github.com/treydock/puppet-module-keycloak/pull/112) ([treydock](https://github.com/treydock))
- Improve handling of realm flow assignment to avoid errors [\#111](https://github.com/treydock/puppet-module-keycloak/pull/111) ([treydock](https://github.com/treydock))
- Support managing realm flow properties [\#110](https://github.com/treydock/puppet-module-keycloak/pull/110) ([treydock](https://github.com/treydock))
-- Add support for access.token.lifespan client attribute [\#109](https://github.com/treydock/puppet-module-keycloak/pull/109) ([mattock](https://github.com/mattock))
### Fixed
- Fix bug in flow parsing [\#116](https://github.com/treydock/puppet-module-keycloak/pull/116) ([treydock](https://github.com/treydock))
## [v6.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.1.0) (2019-12-31)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v6.0.0...v6.1.0)
### Added
+- Add support for access.token.lifespan client attribute [\#109](https://github.com/treydock/puppet-module-keycloak/pull/109) ([mattock](https://github.com/mattock))
- Add two new realm properties [\#108](https://github.com/treydock/puppet-module-keycloak/pull/108) ([mattock](https://github.com/mattock))
## [v6.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v6.0.0) (2019-12-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.10.0...v6.0.0)
### Changed
- Change default Keycloak version to 8.0.1 [\#106](https://github.com/treydock/puppet-module-keycloak/pull/106) ([treydock](https://github.com/treydock))
- Change JAVA\_OPTS behavior for Keycloak [\#105](https://github.com/treydock/puppet-module-keycloak/pull/105) ([treydock](https://github.com/treydock))
- Change how install\_dir is defined, default behavior remains the same [\#90](https://github.com/treydock/puppet-module-keycloak/pull/90) ([treydock](https://github.com/treydock))
## [v5.10.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.10.0) (2019-12-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.9.0...v5.10.0)
### Added
- Allow defining supported locales for the realm [\#103](https://github.com/treydock/puppet-module-keycloak/pull/103) ([mattock](https://github.com/mattock))
## [v5.9.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.9.0) (2019-12-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.8.0...v5.9.0)
### Added
- Support Debian 10 [\#102](https://github.com/treydock/puppet-module-keycloak/pull/102) ([treydock](https://github.com/treydock))
## [v5.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.8.0) (2019-12-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.7.0...v5.8.0)
### Added
- Test against Keycloak 8.0.1 [\#100](https://github.com/treydock/puppet-module-keycloak/pull/100) ([treydock](https://github.com/treydock))
- Add option to enable tech preview features [\#99](https://github.com/treydock/puppet-module-keycloak/pull/99) ([treydock](https://github.com/treydock))
- Add login\_theme property to keycloak\_client [\#98](https://github.com/treydock/puppet-module-keycloak/pull/98) ([treydock](https://github.com/treydock))
- Add support for more client switches [\#96](https://github.com/treydock/puppet-module-keycloak/pull/96) ([mattock](https://github.com/mattock))
- Add option to enable tech preview features [\#95](https://github.com/treydock/puppet-module-keycloak/pull/95) ([danifr](https://github.com/danifr))
### Fixed
- Fix config.cli to be able to change datasource values [\#101](https://github.com/treydock/puppet-module-keycloak/pull/101) ([treydock](https://github.com/treydock))
## [v5.7.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.7.0) (2019-10-29)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.6.0...v5.7.0)
### Added
- Make JDBC xa-datasource-class name configurable [\#93](https://github.com/treydock/puppet-module-keycloak/pull/93) ([danifr](https://github.com/danifr))
## [v5.6.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.6.0) (2019-10-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.5.0...v5.6.0)
### Added
- Support EL8 [\#91](https://github.com/treydock/puppet-module-keycloak/pull/91) ([treydock](https://github.com/treydock))
## [v5.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.5.0) (2019-09-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.4.0...v5.5.0)
### Added
- Allow managing Keycloak installation from outside this module [\#87](https://github.com/treydock/puppet-module-keycloak/pull/87) ([mattock](https://github.com/mattock))
- Enable passing extra options to Keycloak in the systemd unit file [\#86](https://github.com/treydock/puppet-module-keycloak/pull/86) ([mattock](https://github.com/mattock))
- Enable defining bind address for the Keycloak systemd service [\#85](https://github.com/treydock/puppet-module-keycloak/pull/85) ([mattock](https://github.com/mattock))
## [v5.4.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.4.0) (2019-09-05)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.2...v5.4.0)
### Added
- Support Ubuntu 18.04 [\#84](https://github.com/treydock/puppet-module-keycloak/pull/84) ([treydock](https://github.com/treydock))
- Vagrant: add Ubuntu 1804 box [\#83](https://github.com/treydock/puppet-module-keycloak/pull/83) ([mattock](https://github.com/mattock))
## [v5.3.2](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.2) (2019-09-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.1...v5.3.2)
### Fixed
- Fix acceptance tests for SAML attribute name format [\#82](https://github.com/treydock/puppet-module-keycloak/pull/82) ([treydock](https://github.com/treydock))
## [v5.3.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.1) (2019-09-03)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.3.0...v5.3.1)
### Fixed
- Fix URI mapping for protocol mappers [\#81](https://github.com/treydock/puppet-module-keycloak/pull/81) ([treydock](https://github.com/treydock))
## [v5.3.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.3.0) (2019-08-30)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.2.0...v5.3.0)
### Added
- Fix \#78. Add clustered mode support [\#79](https://github.com/treydock/puppet-module-keycloak/pull/79) ([danifr](https://github.com/danifr))
## [v5.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.2.0) (2019-08-29)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.1.0...v5.2.0)
### Added
- Test against Keycloak 7.0.0 [\#77](https://github.com/treydock/puppet-module-keycloak/pull/77) ([treydock](https://github.com/treydock))
## [v5.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.1.0) (2019-08-28)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.1...v5.1.0)
### Added
- Support merging Hiera defined resources [\#75](https://github.com/treydock/puppet-module-keycloak/pull/75) ([treydock](https://github.com/treydock))
## [v5.0.1](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.1) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v5.0.0...v5.0.1)
### Fixed
- Should be no default for keycloak\_client\_scope consent\_screen\_text property [\#74](https://github.com/treydock/puppet-module-keycloak/pull/74) ([treydock](https://github.com/treydock))
## [v5.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v5.0.0) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.2.0...v5.0.0)
### Changed
- Remove keycloak::client\_template [\#71](https://github.com/treydock/puppet-module-keycloak/pull/71) ([treydock](https://github.com/treydock))
## [v4.2.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.2.0) (2019-08-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.1...v4.2.0)
### Added
- Support group-ldap-mapper and role-ldap-mapper [\#73](https://github.com/treydock/puppet-module-keycloak/pull/73) ([treydock](https://github.com/treydock))
- Support saml-javascript-mapper for keycloak\_client\_protocol\_mapper [\#72](https://github.com/treydock/puppet-module-keycloak/pull/72) ([treydock](https://github.com/treydock))
## [v4.1.1](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.1) (2019-08-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.1.0...v4.1.1)
### Fixed
- Fix default for keycloak\_identity\_provider prompt [\#70](https://github.com/treydock/puppet-module-keycloak/pull/70) ([treydock](https://github.com/treydock))
## [v4.1.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.1.0) (2019-08-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v4.0.0...v4.1.0)
### Added
- Add clients parameter [\#69](https://github.com/treydock/puppet-module-keycloak/pull/69) ([treydock](https://github.com/treydock))
- Simplify how keycloak\_client\_protocol\_mapper and keycloak\_protcol\_mapper are queried during prefetch [\#68](https://github.com/treydock/puppet-module-keycloak/pull/68) ([treydock](https://github.com/treydock))
- Support managing protocl mapper saml-javascript-mapper [\#67](https://github.com/treydock/puppet-module-keycloak/pull/67) ([treydock](https://github.com/treydock))
- Update module dependency version requirements [\#66](https://github.com/treydock/puppet-module-keycloak/pull/66) ([treydock](https://github.com/treydock))
- Use iteration and added parameters to define resources [\#65](https://github.com/treydock/puppet-module-keycloak/pull/65) ([treydock](https://github.com/treydock))
- Add keycloak\_identity\_provider type [\#64](https://github.com/treydock/puppet-module-keycloak/pull/64) ([treydock](https://github.com/treydock))
## [v4.0.0](https://github.com/treydock/puppet-module-keycloak/tree/v4.0.0) (2019-06-12)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v3.8.0...v4.0.0)
### Changed
- Simplify and consolidate datasource parameters [\#63](https://github.com/treydock/puppet-module-keycloak/pull/63) ([treydock](https://github.com/treydock))
- Set default Keycloak version to 6.0.1 [\#61](https://github.com/treydock/puppet-module-keycloak/pull/61) ([treydock](https://github.com/treydock))
### Added
- Use hiera v5 module data [\#62](https://github.com/treydock/puppet-module-keycloak/pull/62) ([treydock](https://github.com/treydock))
## [v3.8.0](https://github.com/treydock/puppet-module-keycloak/tree/v3.8.0) (2019-05-23)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.7.0...v3.8.0)
### Added
- Expand postgresql support to behave more like mysql support, simplified a bit [\#60](https://github.com/treydock/puppet-module-keycloak/pull/60) ([treydock](https://github.com/treydock))
- Use PDK [\#58](https://github.com/treydock/puppet-module-keycloak/pull/58) ([treydock](https://github.com/treydock))
## [3.7.0](https://github.com/treydock/puppet-module-keycloak/tree/3.7.0) (2019-05-20)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.1...3.7.0)
### Added
- Postgresql support [\#59](https://github.com/treydock/puppet-module-keycloak/pull/59) ([verrydtj](https://github.com/verrydtj))
## [3.6.1](https://github.com/treydock/puppet-module-keycloak/tree/3.6.1) (2019-05-13)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.6.0...3.6.1)
### Fixed
- Fix handling of events config during updates [\#56](https://github.com/treydock/puppet-module-keycloak/pull/56) ([treydock](https://github.com/treydock))
## [3.6.0](https://github.com/treydock/puppet-module-keycloak/tree/3.6.0) (2019-05-06)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.5.0...3.6.0)
### Added
- Support managing realm's events config [\#55](https://github.com/treydock/puppet-module-keycloak/pull/55) ([treydock](https://github.com/treydock))
- Test against Keycloak 6 [\#54](https://github.com/treydock/puppet-module-keycloak/pull/54) ([treydock](https://github.com/treydock))
## [3.5.0](https://github.com/treydock/puppet-module-keycloak/tree/3.5.0) (2019-04-09)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.4.0...3.5.0)
### Added
- manage user support [\#53](https://github.com/treydock/puppet-module-keycloak/pull/53) ([cborisa](https://github.com/cborisa))
## [3.4.0](https://github.com/treydock/puppet-module-keycloak/tree/3.4.0) (2019-02-25)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.3.0...3.4.0)
### Added
- JAVA\_OPTS via systemd unit Environment variable [\#51](https://github.com/treydock/puppet-module-keycloak/pull/51) ([danifr](https://github.com/danifr))
- Add option for service environment file [\#50](https://github.com/treydock/puppet-module-keycloak/pull/50) ([asieraguado](https://github.com/asieraguado))
## [3.3.0](https://github.com/treydock/puppet-module-keycloak/tree/3.3.0) (2019-01-28)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.2.0...3.3.0)
### Added
- Better ID handling [\#47](https://github.com/treydock/puppet-module-keycloak/pull/47) ([treydock](https://github.com/treydock))
- Test against Keycloak 4.8.1.Final and document version handling and upgrade [\#43](https://github.com/treydock/puppet-module-keycloak/pull/43) ([treydock](https://github.com/treydock))
### Fixed
- Fix keycloak\_ldap\_mapper id handling and write\_only property [\#46](https://github.com/treydock/puppet-module-keycloak/pull/46) ([treydock](https://github.com/treydock))
- Fix PuppetX usage for keycloak\_ldap\_mapper [\#45](https://github.com/treydock/puppet-module-keycloak/pull/45) ([treydock](https://github.com/treydock))
## [3.2.0](https://github.com/treydock/puppet-module-keycloak/tree/3.2.0) (2018-12-21)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.1.0...3.2.0)
### Added
- Support SSSD User Provider [\#42](https://github.com/treydock/puppet-module-keycloak/pull/42) ([treydock](https://github.com/treydock))
- Add enabled property to keycloak\_ldap\_user\_provider [\#41](https://github.com/treydock/puppet-module-keycloak/pull/41) ([treydock](https://github.com/treydock))
## [3.1.0](https://github.com/treydock/puppet-module-keycloak/tree/3.1.0) (2018-12-13)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/3.0.0...3.1.0)
### Added
- Bump dependency ranges for stdlib and mysql [\#40](https://github.com/treydock/puppet-module-keycloak/pull/40) ([treydock](https://github.com/treydock))
- Support Puppet 6 and drop support for Puppet 4 [\#39](https://github.com/treydock/puppet-module-keycloak/pull/39) ([treydock](https://github.com/treydock))
- Use beaker 4.x [\#37](https://github.com/treydock/puppet-module-keycloak/pull/37) ([treydock](https://github.com/treydock))
### Fixed
- Fix keycloak\_ldap\_user\_provider bind\_credential property to be idempotent [\#38](https://github.com/treydock/puppet-module-keycloak/pull/38) ([treydock](https://github.com/treydock))
## [3.0.0](https://github.com/treydock/puppet-module-keycloak/tree/3.0.0) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.1...3.0.0)
### Added
- Update module dependency version ranges [\#35](https://github.com/treydock/puppet-module-keycloak/pull/35) ([treydock](https://github.com/treydock))
## [2.7.1](https://github.com/treydock/puppet-module-keycloak/tree/2.7.1) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.7.0...2.7.1)
### Fixed
- Update reference [\#36](https://github.com/treydock/puppet-module-keycloak/pull/36) ([treydock](https://github.com/treydock))
## [2.7.0](https://github.com/treydock/puppet-module-keycloak/tree/2.7.0) (2018-08-14)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.6.0...2.7.0)
### Added
- Oracle support [\#33](https://github.com/treydock/puppet-module-keycloak/pull/33) ([cborisa](https://github.com/cborisa))
## [2.6.0](https://github.com/treydock/puppet-module-keycloak/tree/2.6.0) (2018-07-20)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.5.0...2.6.0)
### Added
- Use puppet-strings for documentation [\#30](https://github.com/treydock/puppet-module-keycloak/pull/30) ([treydock](https://github.com/treydock))
- Add search\_scope and custom\_user\_search\_filter properties to keycloak\_ldap\_user\_provider type [\#29](https://github.com/treydock/puppet-module-keycloak/pull/29) ([treydock](https://github.com/treydock))
-- Explicitly define all type properties [\#27](https://github.com/treydock/puppet-module-keycloak/pull/27) ([treydock](https://github.com/treydock))
- Improve acceptance tests [\#26](https://github.com/treydock/puppet-module-keycloak/pull/26) ([treydock](https://github.com/treydock))
### Fixed
- Fix for keycloak\_protocol\_mapper type property and type unit test improvements [\#28](https://github.com/treydock/puppet-module-keycloak/pull/28) ([treydock](https://github.com/treydock))
## [2.5.0](https://github.com/treydock/puppet-module-keycloak/tree/2.5.0) (2018-07-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.4.0...2.5.0)
### Added
+- Explicitly define all type properties [\#27](https://github.com/treydock/puppet-module-keycloak/pull/27) ([treydock](https://github.com/treydock))
- Support setting auth\_type=simple related properties for keycloak\_ldap\_user\_provider type [\#24](https://github.com/treydock/puppet-module-keycloak/pull/24) ([treydock](https://github.com/treydock))
## [2.4.0](https://github.com/treydock/puppet-module-keycloak/tree/2.4.0) (2018-06-04)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.1...2.4.0)
### Added
- Add keycloak\_api configuration type [\#22](https://github.com/treydock/puppet-module-keycloak/pull/22) ([treydock](https://github.com/treydock))
## [2.3.1](https://github.com/treydock/puppet-module-keycloak/tree/2.3.1) (2018-03-10)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.3.0...2.3.1)
### Fixed
- Fix title patterns that use procs are not supported [\#21](https://github.com/treydock/puppet-module-keycloak/pull/21) ([alexjfisher](https://github.com/alexjfisher))
## [2.3.0](https://github.com/treydock/puppet-module-keycloak/tree/2.3.0) (2018-03-08)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.1...2.3.0)
### Added
- Allow keycloak\_protocol\_mapper attribute\_nameformat to be simpler values [\#18](https://github.com/treydock/puppet-module-keycloak/pull/18) ([treydock](https://github.com/treydock))
- Add SAML username protocol mapper to keycloak::client\_template [\#17](https://github.com/treydock/puppet-module-keycloak/pull/17) ([treydock](https://github.com/treydock))
- Support SAML role list protocol mapper [\#16](https://github.com/treydock/puppet-module-keycloak/pull/16) ([treydock](https://github.com/treydock))
- Add SAML support to keycloak\_protocol\_mapper and keycloak::client\_template [\#15](https://github.com/treydock/puppet-module-keycloak/pull/15) ([treydock](https://github.com/treydock))
### Fixed
- Fix SAML username protocol mapper to match keycloak code [\#19](https://github.com/treydock/puppet-module-keycloak/pull/19) ([treydock](https://github.com/treydock))
## [2.2.1](https://github.com/treydock/puppet-module-keycloak/tree/2.2.1) (2018-02-27)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.2.0...2.2.1)
### Fixed
- Do not show diff of files that may contain passwords [\#14](https://github.com/treydock/puppet-module-keycloak/pull/14) ([treydock](https://github.com/treydock))
## [2.2.0](https://github.com/treydock/puppet-module-keycloak/tree/2.2.0) (2018-02-26)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.1.0...2.2.0)
### Added
- Make management of the MySQL database optional [\#13](https://github.com/treydock/puppet-module-keycloak/pull/13) ([treydock](https://github.com/treydock))
## [2.1.0](https://github.com/treydock/puppet-module-keycloak/tree/2.1.0) (2018-02-22)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.1...2.1.0)
### Added
- Increase minimum java dependency to 2.2.0 to to support Debian 9. Update unit tests to test all supported OSes [\#12](https://github.com/treydock/puppet-module-keycloak/pull/12) ([treydock](https://github.com/treydock))
- Symlink instead of copy mysql connector. puppetlabs/mysql 5 compatibility [\#11](https://github.com/treydock/puppet-module-keycloak/pull/11) ([NITEMAN](https://github.com/NITEMAN))
- Add support for http port configuration [\#9](https://github.com/treydock/puppet-module-keycloak/pull/9) ([NITEMAN](https://github.com/NITEMAN))
- Add Debian 9 support [\#8](https://github.com/treydock/puppet-module-keycloak/pull/8) ([NITEMAN](https://github.com/NITEMAN))
### Fixed
- Fix ownership of install dir [\#10](https://github.com/treydock/puppet-module-keycloak/pull/10) ([NITEMAN](https://github.com/NITEMAN))
## [2.0.1](https://github.com/treydock/puppet-module-keycloak/tree/2.0.1) (2017-12-18)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/2.0.0...2.0.1)
### Fixed
- Fix configuration order when proxy\_https is true [\#7](https://github.com/treydock/puppet-module-keycloak/pull/7) ([treydock](https://github.com/treydock))
## [2.0.0](https://github.com/treydock/puppet-module-keycloak/tree/2.0.0) (2017-12-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/1.0.0...2.0.0)
### Changed
- BREAKING: Remove deprecated defined types [\#6](https://github.com/treydock/puppet-module-keycloak/pull/6) ([treydock](https://github.com/treydock))
- BREAKING: Set default version to 3.4.1.Final [\#4](https://github.com/treydock/puppet-module-keycloak/pull/4) ([treydock](https://github.com/treydock))
- BREAKING: Drop Puppet 3 support [\#3](https://github.com/treydock/puppet-module-keycloak/pull/3) ([treydock](https://github.com/treydock))
### Added
- Add always\_read\_value\_from\_ldap property to keycloak\_ldap\_mapper [\#5](https://github.com/treydock/puppet-module-keycloak/pull/5) ([treydock](https://github.com/treydock))
## [1.0.0](https://github.com/treydock/puppet-module-keycloak/tree/1.0.0) (2017-09-05)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/0.0.1...1.0.0)
### Added
- New types [\#1](https://github.com/treydock/puppet-module-keycloak/pull/1) ([treydock](https://github.com/treydock))
## [0.0.1](https://github.com/treydock/puppet-module-keycloak/tree/0.0.1) (2017-08-11)
[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/7af5fcb032534265eac261fc7a723cb7b27007f4...0.0.1)
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
diff --git a/REFERENCE.md b/REFERENCE.md
index 44df63a..3f86aa8 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,3087 +1,3087 @@
# Reference
<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
## Table of Contents
**Classes**
_Public Classes_
* [`keycloak`](#keycloak): Manage Keycloak
* [`keycloak::config`](#keycloakconfig): Private class.
* [`keycloak::datasource::h2`](#keycloakdatasourceh2): Private class.
* [`keycloak::install`](#keycloakinstall): Private class.
* [`keycloak::service`](#keycloakservice): Private class.
* [`keycloak::sssd`](#keycloaksssd): Private class.
_Private Classes_
* `keycloak::datasource::mysql`: Manage MySQL datasource
* `keycloak::datasource::oracle`: Manage Oracle datasource
* `keycloak::datasource::postgresql`: Manage postgresql datasource
* `keycloak::resources`: Define Keycloak resources
**Defined types**
* [`keycloak::client_scope::oidc`](#keycloakclient_scopeoidc): Manage Keycloak OpenID Connect client scope using built-in mappers
* [`keycloak::client_scope::saml`](#keycloakclient_scopesaml): Manage Keycloak SAML client scope using built-in mappers
* [`keycloak::spi_deployment`](#keycloakspi_deployment): Manage Keycloak SPI deployment
* [`keycloak::truststore::host`](#keycloaktruststorehost): Add host to Keycloak truststore
**Resource types**
* [`keycloak_api`](#keycloak_api): Type that configures API connection parameters for other keycloak types that use the Keycloak API.
* [`keycloak_client`](#keycloak_client): Manage Keycloak clients
* [`keycloak_client_protocol_mapper`](#keycloak_client_protocol_mapper): Manage Keycloak protocol mappers
* [`keycloak_client_scope`](#keycloak_client_scope): Manage Keycloak client scopes
* [`keycloak_conn_validator`](#keycloak_conn_validator): Verify that a connection can be successfully established between a node and the keycloak server. Its primary use is as a precondition to pre
* [`keycloak_flow`](#keycloak_flow): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of `flow_alias` if `top_level=fals
* [`keycloak_flow_execution`](#keycloak_flow_execution): Manage a Keycloak flow **Autorequires** * `keycloak_realm` defined for `realm` parameter * `keycloak_flow` of value defined for `flow_alias`
* [`keycloak_identity_provider`](#keycloak_identity_provider): Manage Keycloak identity providers
* [`keycloak_ldap_mapper`](#keycloak_ldap_mapper): Manage Keycloak LDAP attribute mappers
* [`keycloak_ldap_user_provider`](#keycloak_ldap_user_provider): Manage Keycloak LDAP user providers
* [`keycloak_protocol_mapper`](#keycloak_protocol_mapper): Manage Keycloak client scope protocol mappers
* [`keycloak_realm`](#keycloak_realm): Manage Keycloak realms
* [`keycloak_required_action`](#keycloak_required_action): Manage Keycloak required actions
* [`keycloak_resource_validator`](#keycloak_resource_validator): Verify that a specific Keycloak resource is available
* [`keycloak_sssd_user_provider`](#keycloak_sssd_user_provider): Manage Keycloak SSSD user providers
## Classes
### keycloak
Manage Keycloak
#### Examples
#####
```puppet
include ::keycloak
```
#### Parameters
The following parameters are available in the `keycloak` class.
##### `manage_install`
Data type: `Boolean`
Install Keycloak from upstream Keycloak tarball.
Set to false to manage installation of Keycloak outside
this module and set $install_dir to match.
Defaults to true.
Default value: `true`
##### `version`
Data type: `String`
Version of Keycloak to install and manage.
Default value: '8.0.1'
##### `package_url`
Data type: `Optional[Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]]`
URL of the Keycloak download.
Default is based on version.
Default value: `undef`
##### `install_dir`
Data type: `Optional[Stdlib::Absolutepath]`
The directory of where to install Keycloak.
Default is `/opt/keycloak-${version}`.
Default value: `undef`
##### `service_name`
Data type: `String`
Keycloak service name.
Default is `keycloak`.
Default value: 'keycloak'
##### `service_ensure`
Data type: `String`
Keycloak service ensure property.
Default is `running`.
Default value: 'running'
##### `service_enable`
Data type: `Boolean`
Keycloak service enable property.
Default is `true`.
Default value: `true`
##### `service_hasstatus`
Data type: `Boolean`
Keycloak service hasstatus parameter.
Default is `true`.
Default value: `true`
##### `service_hasrestart`
Data type: `Boolean`
Keycloak service hasrestart parameter.
Default is `true`.
Default value: `true`
##### `service_bind_address`
Data type: `Stdlib::IP::Address`
Bind address for Keycloak service.
Default is '0.0.0.0'.
Default value: '0.0.0.0'
##### `java_opts`
Data type: `Optional[Variant[String, Array]]`
Sets additional options to Java virtual machine environment variable.
Default value: `undef`
##### `java_opts_append`
Data type: `Boolean`
Determine if $JAVA_OPTS should be appended to when setting `java_opts` parameter
Default value: `true`
##### `service_extra_opts`
Data type: `Optional[String]`
Additional options added to the end of the service command-line.
Default value: `undef`
##### `manage_user`
Data type: `Boolean`
Defines if the module should manage the Linux user for Keycloak installation
Default value: `true`
##### `user`
Data type: `String`
Keycloak user name.
Default is `keycloak`.
Default value: 'keycloak'
##### `user_shell`
Data type: `Stdlib::Absolutepath`
Keycloak user shell.
Default value: '/sbin/nologin'
##### `group`
Data type: `String`
Keycloak user group name.
Default is `keycloak`.
Default value: 'keycloak'
##### `user_uid`
Data type: `Optional[Integer]`
Keycloak user UID.
Default is `undef`.
Default value: `undef`
##### `group_gid`
Data type: `Optional[Integer]`
Keycloak user group GID.
Default is `undef`.
Default value: `undef`
##### `system_user`
Data type: `Boolean`
If keycloak user should be a system user with lower uid and gid.
Default is `true`
Default value: `true`
##### `admin_user`
Data type: `String`
Keycloak administrative username.
Default is `admin`.
Default value: 'admin'
##### `admin_user_password`
Data type: `String`
Keycloak administrative user password.
Default is `changeme`.
Default value: 'changeme'
##### `manage_datasource`
Data type: `Boolean`
Boolean that determines if configured datasource will be managed.
Default is `true`.
Default value: `true`
##### `datasource_driver`
Data type: `Enum['h2', 'mysql', 'oracle', 'postgresql']`
Datasource driver to use for Keycloak.
Valid values are `h2`, `mysql`, 'oracle' and 'postgresql'
Default is `h2`.
Default value: 'h2'
##### `datasource_host`
Data type: `Optional[String]`
Datasource host.
Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
Default is `localhost` for MySQL.
Default value: `undef`
##### `datasource_port`
Data type: `Optional[Integer]`
Datasource port.
Only used when datasource_driver is `mysql`, 'oracle' or 'postgresql'
Default is `3306` for MySQL.
Default value: `undef`
##### `datasource_url`
Data type: `Optional[String]`
Datasource url.
Default datasource URLs are defined in init class.
Default value: `undef`
##### `datasource_dbname`
Data type: `String`
Datasource database name.
Default is `keycloak`.
Default value: 'keycloak'
##### `datasource_username`
Data type: `String`
Datasource user name.
Default is `sa`.
Default value: 'sa'
##### `datasource_password`
Data type: `String`
Datasource user password.
Default is `sa`.
Default value: 'sa'
##### `datasource_package`
Data type: `Optional[String]`
Package to add specified datasource support
Default value: `undef`
##### `datasource_jar_source`
Data type: `Optional[String]`
Source for datasource JDBC driver - could be puppet link or local file on the node.
Default is dependent on value for `datasource_driver`.
This parameter is required if `datasource_driver` is `oracle`.
Default value: `undef`
##### `datasource_module_source`
Data type: `Optional[String]`
Source for datasource module.xml. Default depends on `datasource_driver`.
Default value: `undef`
##### `datasource_xa_class`
Data type: `Optional[String]`
MySQL Connector/J JDBC driver xa-datasource class name
Default value: `undef`
##### `proxy_https`
Data type: `Boolean`
Boolean that sets if HTTPS proxy should be enabled.
Set to `true` if proxying traffic through Apache.
Default is `false`.
Default value: `false`
##### `truststore`
Data type: `Boolean`
Boolean that sets if truststore should be used.
Default is `false`.
Default value: `false`
##### `truststore_hosts`
Data type: `Hash`
Hash that is used to define `keycloak::turststore::host` resources.
Default is `{}`.
Default value: {}
##### `truststore_password`
Data type: `String`
Truststore password.
Default is `keycloak`.
Default value: 'keycloak'
##### `truststore_hostname_verification_policy`
Data type: `Enum['WILDCARD', 'STRICT', 'ANY']`
Valid values are `WILDCARD`, `STRICT`, and `ANY`.
Default is `WILDCARD`.
Default value: 'WILDCARD'
##### `http_port`
Data type: `Integer`
HTTP port used by Keycloak.
Default is `8080`.
Default value: 8080
##### `theme_static_max_age`
Data type: `Integer`
Max cache age in seconds of static content.
Default is `2592000`.
Default value: 2592000
##### `theme_cache_themes`
Data type: `Boolean`
Boolean that sets if themes should be cached.
Default is `true`.
Default value: `true`
##### `theme_cache_templates`
Data type: `Boolean`
Boolean that sets if templates should be cached.
Default is `true`.
Default value: `true`
##### `realms`
Data type: `Hash`
Hash that is used to define keycloak_realm resources.
Default is `{}`.
Default value: {}
##### `realms_merge`
Data type: `Boolean`
Boolean that sets if `realms` should be merged from Hiera.
Default value: `false`
##### `oidc_client_scopes`
Data type: `Hash`
Hash that is used to define keycloak::client_scope::oidc resources.
Default is `{}`.
Default value: {}
##### `oidc_client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `oidc_client_scopes` should be merged from Hiera.
Default value: `false`
##### `saml_client_scopes`
Data type: `Hash`
Hash that is used to define keycloak::client_scope::saml resources.
Default is `{}`.
Default value: {}
##### `saml_client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `saml_client_scopes` should be merged from Hiera.
Default value: `false`
##### `identity_providers`
Data type: `Hash`
Hash that is used to define keycloak_identity_provider resources.
Default value: {}
##### `identity_providers_merge`
Data type: `Boolean`
Boolean that sets if `identity_providers` should be merged from Hiera.
Default value: `false`
##### `client_scopes`
Data type: `Hash`
Hash that is used to define keycloak_client_scope resources.
Default value: {}
##### `client_scopes_merge`
Data type: `Boolean`
Boolean that sets if `client_scopes` should be merged from Hiera.
Default value: `false`
##### `protocol_mappers`
Data type: `Hash`
Hash that is used to define keycloak_protocol_mapper resources.
Default value: {}
##### `protocol_mappers_merge`
Data type: `Boolean`
Boolean that sets if `protocol_mappers` should be merged from Hiera.
Default value: `false`
##### `clients`
Data type: `Hash`
Hash that is used to define keycloak_client resources.
Default value: {}
##### `clients_merge`
Data type: `Boolean`
Boolean that sets if `clients` should be merged from Hiera.
Default value: `false`
##### `flows`
Data type: `Hash`
Hash taht is used to define keycloak_flow resources.
Default value: {}
##### `flows_merge`
Data type: `Boolean`
Boolean that sets if `flows` should be merged from Hiera.
Default value: `false`
##### `flow_executions`
Data type: `Hash`
Hash taht is used to define keycloak_flow resources.
Default value: {}
##### `flow_executions_merge`
Data type: `Boolean`
Boolean that sets if `flows` should be merged from Hiera.
Default value: `false`
##### `required_actions`
Data type: `Hash`
Hash that is used to define keycloak_required_action resources.
Default value: {}
##### `required_actions_merge`
Data type: `Boolean`
Boolean that sets if `required_actions` should be merged from Hiera.
Default value: `false`
##### `ldap_mappers`
Data type: `Hash`
Hash that is used to define keycloak_ldap_mapper resources.
Default value: {}
##### `ldap_mappers_merge`
Data type: `Boolean`
Boolean that sets if `ldap_mappers` should be merged from Hiera.
Default value: `false`
##### `ldap_user_providers`
Data type: `Hash`
Hash that is used to define keycloak_ldap_user_provider resources.
Default value: {}
##### `ldap_user_providers_merge`
Data type: `Boolean`
Boolean that sets if `ldap_user_providers` should be merged from Hiera.
Default value: `false`
##### `with_sssd_support`
Data type: `Boolean`
Boolean that determines if SSSD user provider support should be available
Default value: `false`
##### `libunix_dbus_java_source`
Data type: `Variant[Stdlib::HTTPUrl, Stdlib::HTTPSUrl]`
Source URL of libunix-dbus-java
Default value: 'https://github.com/keycloak/libunix-dbus-java/archive/libunix-dbus-java-0.8.0.tar.gz'
##### `install_libunix_dbus_java_build_dependencies`
Data type: `Boolean`
Boolean that determines of libunix-dbus-java build dependencies are managed by this module
Default value: `true`
##### `libunix_dbus_java_build_dependencies`
Data type: `Array`
Packages needed to build libunix-dbus-java
Default value: []
##### `libunix_dbus_java_libdir`
Data type: `Stdlib::Absolutepath`
Path to directory to install libunix-dbus-java libraries
Default value: '/usr/lib64'
##### `jna_package_name`
Data type: `String`
Package name for jna
Default value: 'jna'
##### `manage_sssd_config`
Data type: `Boolean`
Boolean that determines if SSSD ifp config for Keycloak is managed
Default value: `true`
##### `sssd_ifp_user_attributes`
Data type: `Array`
user_attributes to define for SSSD ifp service
Default value: []
##### `restart_sssd`
Data type: `Boolean`
Boolean that determines if SSSD should be restarted
Default value: `true`
##### `service_environment_file`
Data type: `Optional[Stdlib::Absolutepath]`
Path to the file with environment variables for the systemd service
Default value: `undef`
##### `operating_mode`
Data type: `Enum['standalone', 'clustered']`
Keycloak operating mode deployment
Default value: 'standalone'
##### `enable_jdbc_ping`
Data type: `Boolean`
Use JDBC_PING to discover the nodes and manage the replication of data
More info: http://jgroups.org/manual/#_jdbc_ping
Only applies when `operating_mode` is `clustered`
JDBC_PING uses port 7600 to ensure cluster members are discoverable by each other
This module does not manage firewall changes
Default value: `false`
##### `jboss_bind_public_address`
Data type: `Stdlib::IP::Address`
JBoss bind public IP address
Default value: $facts['networking']['ip']
##### `jboss_bind_private_address`
Data type: `Stdlib::IP::Address`
JBoss bind private IP address
Default value: $facts['networking']['ip']
##### `user_cache`
Data type: `Boolean`
Boolean that determines if userCache is enabled
Default value: `true`
##### `tech_preview_features`
Data type: `Array`
List of technology Preview features to enable
Default value: []
##### `auto_deploy_exploded`
Data type: `Boolean`
Set if exploded deployements will be auto deployed
Default value: `false`
##### `auto_deploy_zipped`
Data type: `Boolean`
Set if zipped deployments will be auto deployed
Default value: `true`
##### `spi_deployments`
Data type: `Hash`
Hash used to define keycloak::spi_deployment resources
Default value: {}
##### `custom_config_content`
Data type: `Optional[String]`
Custom configuration content to be added to config.cli
Default value: `undef`
##### `custom_config_source`
Data type: `Optional[Variant[String, Array]]`
Custom configuration source file to be added to config.cli
Default value: `undef`
### keycloak::config
Private class.
### keycloak::datasource::h2
Private class.
### keycloak::install
Private class.
### keycloak::service
Private class.
### keycloak::sssd
Private class.
## Defined types
### keycloak::client_scope::oidc
Manage Keycloak OpenID Connect client scope using built-in mappers
#### Examples
#####
```puppet
keycloak::client_scope::oidc { 'oidc-clients':
realm => 'test',
}
```
#### Parameters
The following parameters are available in the `keycloak::client_scope::oidc` defined type.
##### `realm`
Data type: `String`
Realm of the client scope.
##### `resource_name`
Data type: `String`
Name of the client scope resource
Default value: $name
### keycloak::client_scope::saml
Manage Keycloak SAML client scope using built-in mappers
#### Examples
#####
```puppet
keycloak::client_scope::saml { 'saml-clients':
realm => 'test',
}
```
#### Parameters
The following parameters are available in the `keycloak::client_scope::saml` defined type.
##### `realm`
Data type: `String`
Realm of the client scope.
##### `resource_name`
Data type: `String`
Name of the client scope resource
Default value: $name
### keycloak::spi_deployment
}
#### Examples
##### Add Duo SPI
```puppet
keycloak::spi_deployment { 'duo-spi':
ensure => 'present',
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar',
}
```
##### Add Duo SPI and check API for existance of resources before going onto dependenct resources
```puppet
keycloak::spi_deployment { 'duo-spi':
deployed_name => 'keycloak-duo-spi-jar-with-dependencies.jar',
source => 'file:///path/to/source/keycloak-duo-spi-jar-with-dependencies.jar',
test_url => 'authentication/authenticator-providers',
test_key => 'id',
test_value => 'duo-mfa-authenticator',
test_realm => 'test',
before => Keycloak_flow_execution['duo-mfa-authenticator under form-browser-with-duo on test'],
```
#### Parameters
The following parameters are available in the `keycloak::spi_deployment` defined type.
##### `ensure`
Data type: `Enum['present', 'absent']`
State of the deployment
Default value: 'present'
##### `deployed_name`
Data type: `String[1]`
Name of the file to be deployed. Defaults to `$name`.
Default value: $name
##### `source`
Data type: `Variant[Stdlib::Filesource, Stdlib::HTTPSUrl]`
Source of the deployment, supports 'file://', 'puppet://', 'https://' or 'http://'
##### `test_url`
Data type: `Optional[String]`
URL to test for existance of resources created by this SPI
Default value: `undef`
##### `test_key`
Data type: `Optional[String]`
Key of resource when testing for resource created by this SPI
Default value: `undef`
##### `test_value`
Data type: `Optional[String]`
Value of the `test_key` when testing for resources created by this SPI
Default value: `undef`
##### `test_realm`
Data type: `Optional[String]`
Realm to query when looking for resources created by this SPI
Default value: `undef`
### keycloak::truststore::host
Add host to Keycloak truststore
#### Examples
#####
```puppet
keycloak::truststore::host { 'ldap1.example.com':
certificate => '/etc/openldap/certs/0a00000.0',
}
```
#### Parameters
The following parameters are available in the `keycloak::truststore::host` defined type.
##### `certificate`
Data type: `String`
Path to host certificate
##### `ensure`
Data type: `Enum['latest', 'present', 'absent']`
Host ensure value passed to `java_ks` resource.
Default value: 'latest'
## Resource types
### keycloak_api
Type that configures API connection parameters for other keycloak types that use the Keycloak API.
#### Examples
##### Define API access
```puppet
keycloak_api { 'keycloak'
install_dir => '/opt/keycloak',
server => 'http://localhost:8080/auth',
realm => 'master',
user => 'admin',
password => 'changeme',
}
```
#### Parameters
The following parameters are available in the `keycloak_api` type.
##### `name`
namevar
Keycloak API config
##### `install_dir`
Install location of Keycloak
Default value: /opt/keycloak
##### `server`
Auth URL for Keycloak server
Default value: http://localhost:8080/auth
##### `realm`
Realm for authentication
Default value: master
##### `user`
User for authentication
Default value: admin
##### `password`
Password for authentication
Default value: changeme
##### `use_wrapper`
Valid values: `true`, `false`
Boolean that determines if kcadm_wrapper.sh should be used
Default value: `false`
### keycloak_client
Manage Keycloak clients
#### Examples
##### Add a OpenID Connect client
```puppet
keycloak_client { 'www.example.com':
ensure => 'present',
realm => 'test',
redirect_uris => [
"https://www.example.com/oidc",
"https://www.example.com",
],
default_client_scopes => ['profile','email'],
secret => 'supersecret',
}
```
#### Properties
The following properties are available in the `keycloak_client` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `protocol`
Valid values: openid-connect, saml
protocol
Default value: openid-connect
##### `client_authenticator_type`
clientAuthenticatorType
Default value: client-secret
##### `default_client_scopes`
defaultClientScopes
Default value: []
##### `optional_client_scopes`
optionalClientScopes
Default value: []
##### `full_scope_allowed`
Valid values: `true`, `false`
fullScopeAllowed
Default value: true
##### `enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `standard_flow_enabled`
Valid values: `true`, `false`
standardFlowEnabled
Default value: true
##### `implicit_flow_enabled`
Valid values: `true`, `false`
implicitFlowEnabled
Default value: false
##### `direct_access_grants_enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `service_accounts_enabled`
Valid values: `true`, `false`
serviceAccountsEnabled
Default value: false
##### `authorization_services_enabled`
Valid values: `true`, `false`
authorizationServicesEnabled
Default value: false
##### `public_client`
Valid values: `true`, `false`
enabled
Default value: false
##### `root_url`
rootUrl
##### `redirect_uris`
redirectUris
Default value: []
##### `base_url`
baseUrl
##### `web_origins`
webOrigins
Default value: []
##### `login_theme`
login_theme
Default value: absent
##### `access_token_lifespan`
access.token.lifespan
##### `browser_flow`
authenticationFlowBindingOverrides.browser (Use flow alias, not ID)
Default value: absent
##### `direct_grant_flow`
authenticationFlowBindingOverrides.direct_grant (Use flow alias, not ID)
Default value: absent
##### `roles`
-List of non composite client roles to define.
+roles
Default value: []
#### Parameters
The following parameters are available in the `keycloak_client` type.
##### `name`
namevar
The client name
##### `client_id`
clientId. Defaults to `name`.
##### `id`
Id. Defaults to `client_id`
##### `realm`
realm
##### `secret`
secret
### keycloak_client_protocol_mapper
Manage Keycloak protocol mappers
#### Examples
##### Add email protocol mapper to test.example.com client in realm test
```puppet
keycloak_client_protocol_mapper { "email for test.example.com on test":
claim_name => 'email',
user_attribute => 'email',
}
```
#### Properties
The following properties are available in the `keycloak_client_protocol_mapper` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `protocol`
Valid values: openid-connect, saml
protocol
Default value: openid-connect
##### `user_attribute`
user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper`
##### `json_type_label`
json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`.
##### `full_path`
Valid values: `true`, `false`
full.path. Default to `false` for `type` `oidc-group-membership-mapper`.
##### `friendly_name`
friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `attribute_name`
attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `claim_name`
claim.name
##### `id_token_claim`
Valid values: `true`, `false`
id.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `access_token_claim`
Valid values: `true`, `false`
access.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `userinfo_token_claim`
Valid values: `true`, `false`
userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`.
##### `attribute_nameformat`
attribute.nameformat
##### `single`
Valid values: `true`, `false`
single. Default to `false` for `type` `saml-role-list-mapper`.
##### `script`
Script, only valid for `type` of `saml-javascript-mapper`'
Array values will be joined with newlines. Strings will be kept unchanged.
##### `included_client_audience`
included.client.audience Required for `type` of `oidc-audience-mapper`
#### Parameters
The following parameters are available in the `keycloak_client_protocol_mapper` type.
##### `name`
namevar
The protocol mapper name
##### `id`
Id.
##### `resource_name`
The protocol mapper name. Defaults to `name`.
##### `client`
client
##### `realm`
realm
##### `type`
Valid values: oidc-usermodel-property-mapper, oidc-full-name-mapper, oidc-group-membership-mapper, oidc-audience-mapper, saml-user-property-mapper, saml-role-list-mapper
protocolMapper.
Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
`saml-user-property-mapper` for `protocol` `saml`.
### keycloak_client_scope
Manage Keycloak client scopes
#### Examples
##### Define a OpenID Connect client scope in the test realm
```puppet
keycloak_client_scope { 'email on test':
protocol => 'openid-connect',
}
```
#### Properties
The following properties are available in the `keycloak_client_scope` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `protocol`
Valid values: openid-connect, saml
protocol
Default value: openid-connect
##### `consent_screen_text`
consent.screen.text
##### `display_on_consent_screen`
Valid values: `true`, `false`
display.on.consent.screen
Default value: true
#### Parameters
The following parameters are available in the `keycloak_client_scope` type.
##### `name`
namevar
The client scope name
##### `resource_name`
The client scope name. Defaults to `name`.
##### `id`
Id. Defaults to `resource_name`.
##### `realm`
realm
### keycloak_conn_validator
Verify that a connection can be successfully established between a node
and the keycloak server. Its primary use is as a precondition to
prevent configuration changes from being applied if the keycloak
server cannot be reached, but it could potentially be used for other
purposes such as monitoring.
#### Properties
The following properties are available in the `keycloak_conn_validator` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
#### Parameters
The following parameters are available in the `keycloak_conn_validator` type.
##### `name`
namevar
An arbitrary name used as the identity of the resource.
##### `keycloak_server`
The DNS name or IP address of the server where keycloak should be running.
Default value: localhost
##### `keycloak_port`
The port that the keycloak server should be listening on.
Default value: 8080
##### `use_ssl`
Whether the connection will be attemped using https
Default value: `false`
##### `test_url`
URL to use for testing if the Keycloak database is up
Default value: /auth/admin/serverinfo
##### `timeout`
The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; defaults to 15 seconds.
Default value: 30
### keycloak_flow
Manage a Keycloak flow
**Autorequires**
* `keycloak_realm` defined for `realm` parameter
* `keycloak_flow` of `flow_alias` if `top_level=false`
* `keycloak_flow` of `flow_alias` if other `index` is lower and if `top_level=false`
* `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower and if `top_level=false`
#### Examples
##### Add custom flow
```puppet
keycloak_flow { 'browser-with-duo':
ensure => 'present',
realm => 'test',
}
```
##### Add a flow execution to existing browser-with-duo flow
```puppet
keycloak_flow { 'form-browser-with-duo under browser-with-duo on test':
ensure => 'present',
index => 2,
requirement => 'ALTERNATIVE',
top_level => false,
}
```
#### Properties
The following properties are available in the `keycloak_flow` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `index`
execution index, only applied to top_level=false, required for top_level=false
##### `description`
description
##### `requirement`
Valid values: DISABLED, ALTERNATIVE, REQUIRED, CONDITIONAL, disabled, alternative, required, conditional
requirement, only applied to top_level=false and defaults to DISABLED
#### Parameters
The following parameters are available in the `keycloak_flow` type.
##### `name`
namevar
The flow name
##### `id`
Id. Default to `$alias-$realm` when top_level is true. Only applies to top_level=true
##### `alias`
Alias. Default to `name`.
##### `flow_alias`
flowAlias, required for top_level=false
##### `realm`
realm
##### `provider_id`
Valid values: basic-flow, form-flow
providerId
Default value: basic-flow
##### `type`
sub-flow execution provider, default to `registration-page-form` for top_level=false and does not apply to top_level=true
##### `top_level`
Valid values: `true`, `false`
topLevel
Default value: `true`
### keycloak_flow_execution
Manage a Keycloak flow
**Autorequires**
* `keycloak_realm` defined for `realm` parameter
* `keycloak_flow` of value defined for `flow_alias`
* `keycloak_flow` if they share same `flow_alias` value and the other resource `index` is lower
* `keycloak_flow_execution` if `flow_alias` is the same and other `index` is lower
#### Examples
##### Add an execution to a flow
```puppet
keycloak_flow_execution { 'auth-cookie under browser-with-duo on test':
ensure => 'present',
configurable => false,
display_name => 'Cookie',
index => 0,
requirement => 'ALTERNATIVE',
}
```
##### Add an execution to a execution flow that is one level deeper than top level
```puppet
keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test':
ensure => 'present',
configurable => false,
display_name => 'Username Password Form',
index => 0,
requirement => 'REQUIRED',
}
```
##### Add an execution with a configuration
```puppet
keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo on test':
ensure => 'present',
configurable => true,
display_name => 'Duo MFA',
alias => 'Duo',
config => {
"duomfa.akey" => "foo-akey",
"duomfa.apihost" => "api-foo.duosecurity.com",
"duomfa.skey" => "secret",
"duomfa.ikey" => "foo-ikey",
"duomfa.groups" => "duo"
},
requirement => 'REQUIRED',
index => 1,
}
```
#### Properties
The following properties are available in the `keycloak_flow_execution` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `index`
execution index
##### `configurable`
Valid values: `true`, `false`
configurable
##### `requirement`
Valid values: DISABLED, ALTERNATIVE, REQUIRED, CONDITIONAL, disabled, alternative, required, conditional
requirement
Default value: DISABLED
##### `config`
execution config
#### Parameters
The following parameters are available in the `keycloak_flow_execution` type.
##### `name`
namevar
The flow execution name
##### `id`
read-only Id
##### `provider_id`
provider
##### `flow_alias`
flowAlias
##### `realm`
realm
##### `display_name`
displayName
##### `alias`
alias
##### `config_id`
read-only config ID
### keycloak_identity_provider
Manage Keycloak identity providers
#### Examples
##### Add CILogon identity provider to test realm
```puppet
keycloak_identity_provider { 'cilogon on test':
ensure => 'present',
display_name => 'CILogon',
provider_id => 'oidc',
first_broker_login_flow_alias => 'browser',
client_id => 'cilogon:/client_id/foobar',
client_secret => 'supersecret',
user_info_url => 'https://cilogon.org/oauth2/userinfo',
token_url => 'https://cilogon.org/oauth2/token',
authorization_url => 'https://cilogon.org/authorize',
}
```
#### Properties
The following properties are available in the `keycloak_identity_provider` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `display_name`
displayName
##### `enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `update_profile_first_login_mode`
Valid values: on, off
updateProfileFirstLoginMode
Default value: on
##### `trust_email`
Valid values: `true`, `false`
trustEmail
Default value: false
##### `store_token`
Valid values: `true`, `false`
storeToken
Default value: false
##### `add_read_token_role_on_create`
Valid values: `true`, `false`
addReadTokenRoleOnCreate
Default value: false
##### `authenticate_by_default`
Valid values: `true`, `false`
authenticateByDefault
Default value: false
##### `link_only`
Valid values: `true`, `false`
linkOnly
Default value: false
##### `gui_order`
guiOrder
##### `first_broker_login_flow_alias`
firstBrokerLoginFlowAlias
Default value: first broker login
##### `post_broker_login_flow_alias`
postBrokerLoginFlowAlias
##### `sync_mode`
Valid values: IMPORT, LEGACY, FORCE
syncMode
Default value: IMPORT
##### `hide_on_login_page`
Valid values: `true`, `false`
hideOnLoginPage
Default value: false
##### `user_info_url`
userInfoUrl
##### `validate_signature`
Valid values: `true`, `false`
validateSignature
Default value: false
##### `client_id`
clientId
##### `client_secret`
clientSecret
##### `client_auth_method`
Valid values: client_secret_post, client_secret_basic, client_secret_jwt, private_key_jwt
clientAuthMethod
Default value: client_secret_post
##### `token_url`
tokenUrl
##### `ui_locales`
Valid values: `true`, `false`
uiLocales
Default value: false
##### `backchannel_supported`
Valid values: `true`, `false`
backchannelSupported
Default value: false
##### `use_jwks_url`
Valid values: `true`, `false`
useJwksUrl
Default value: true
##### `jwks_url`
jwksUrl
##### `login_hint`
Valid values: `true`, `false`
loginHint
Default value: false
##### `authorization_url`
authorizationUrl
##### `disable_user_info`
Valid values: `true`, `false`
disableUserInfo
Default value: false
##### `logout_url`
logoutUrl
##### `issuer`
issuer
##### `default_scope`
default_scope
##### `prompt`
Valid values: none, consent, login, select_account
prompt
##### `allowed_clock_skew`
allowedClockSkew
##### `forward_parameters`
forwardParameters
#### Parameters
The following parameters are available in the `keycloak_identity_provider` type.
##### `name`
namevar
The identity provider name
##### `alias`
The identity provider name. Defaults to `name`.
##### `internal_id`
internalId. Defaults to "`alias`-`realm`"
##### `realm`
realm
##### `provider_id`
Valid values: oidc, keycloak-oidc
providerId
Default value: oidc
### keycloak_ldap_mapper
Manage Keycloak LDAP attribute mappers
#### Examples
##### Add full name attribute mapping
```puppet
keycloak_ldap_mapper { 'full name for LDAP-test on test:
ensure => 'present',
type => 'full-name-ldap-mapper',
ldap_attribute => 'gecos',
}
```
#### Properties
The following properties are available in the `keycloak_ldap_mapper` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `ldap_attribute`
ldap.attribute
##### `user_model_attribute`
user.model.attribute
##### `is_mandatory_in_ldap`
is.mandatory.in.ldap. Defaults to `false` unless `type` is `full-name-ldap-mapper`.
##### `always_read_value_from_ldap`
Valid values: `true`, `false`
always.read.value.from.ldap. Defaults to `true` if `type` is `user-attribute-ldap-mapper`.
##### `read_only`
Valid values: `true`, `false`
read.only
##### `write_only`
Valid values: `true`, `false`
write.only. Defaults to `false` if `type` is `full-name-ldap-mapper`.
##### `mode`
Valid values: READ_ONLY, LDAP_ONLY
mode, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `membership_attribute_type`
Valid values: DN, UID
membership.attribute.type, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `user_roles_retrieve_strategy`
Valid values: LOAD_GROUPS_BY_MEMBER_ATTRIBUTE, GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE, LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY, LOAD_ROLES_BY_MEMBER_ATTRIBUTE, GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE, LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY
user.roles.retrieve.strategy, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `group_name_ldap_attribute`
group.name.ldap.attribute, only for `type` of `group-ldap-mapper`
##### `ignore_missing_groups`
Valid values: `true`, `false`
ignore.missing.groups, only for `type` of `group-ldap-mapper`
##### `membership_user_ldap_attribute`
membership.user.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `membership_ldap_attribute`
membership.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `preserve_group_inheritance`
Valid values: `true`, `false`
preserve.group.inheritance, only for `type` of `group-ldap-mapper`
##### `groups_dn`
groups.dn, only for `type` of `group-ldap-mapper`
##### `mapped_group_attributes`
mapped.group.attributes, only for `type` of `group-ldap-mapper`
##### `groups_ldap_filter`
groups.ldap.filter, only for `type` of `group-ldap-mapper`
##### `memberof_ldap_attribute`
memberof.ldap.attribute, only for `type` of `group-ldap-mapper` and `role-ldap-mapper`
##### `group_object_classes`
group.object.classes, only for `type` of `group-ldap-mapper`
##### `drop_non_existing_groups_during_sync`
Valid values: `true`, `false`
drop.non.existing.groups.during.sync, only for `type` of `group-ldap-mapper`
##### `roles_dn`
roles.dn, only for `type` of `role-ldap-mapper`
##### `role_name_ldap_attribute`
role.name.ldap.attribute, only for `type` of `role-ldap-mapper`
##### `role_object_classes`
role.object.classes, only for `type` of `role-ldap-mapper`
##### `roles_ldap_filter`
roles.ldap.filter, only for `type` of `role-ldap-mapper`
##### `use_realm_roles_mapping`
Valid values: `true`, `false`
use.realm.roles.mapping, only for `type` of `role-ldap-mapper`
##### `client_id`
client.id, only for `type` of `role-ldap-mapper`
#### Parameters
The following parameters are available in the `keycloak_ldap_mapper` type.
##### `name`
namevar
The LDAP mapper name
##### `id`
Id.
##### `resource_name`
The LDAP mapper name. Defaults to `name`
##### `type`
Valid values: user-attribute-ldap-mapper, full-name-ldap-mapper, group-ldap-mapper, role-ldap-mapper
providerId
Default value: user-attribute-ldap-mapper
##### `realm`
realm
##### `ldap`
parentId
### keycloak_ldap_user_provider
Manage Keycloak LDAP user providers
#### Examples
##### Add LDAP user provider to test realm
```puppet
keycloak_ldap_user_provider { 'LDAP on test':
ensure => 'present',
users_dn => 'ou=People,dc=example,dc=com',
connection_url => 'ldaps://ldap1.example.com:636 ldaps://ldap2.example.com:636',
import_enabled => false,
use_truststore_spi => 'never',
}
```
#### Properties
The following properties are available in the `keycloak_ldap_user_provider` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `auth_type`
Valid values: none, simple
authType
Default value: none
##### `edit_mode`
Valid values: READ_ONLY, WRITABLE, UNSYNCED
editMode
Default value: READ_ONLY
##### `vendor`
Valid values: ad, rhds, tivoli, eDirectory, other
vendor
Default value: other
##### `use_truststore_spi`
Valid values: always, ldapsOnly, never
useTruststoreSpi
Default value: ldapsOnly
##### `users_dn`
usersDn
##### `connection_url`
connectionUrl
##### `priority`
priority
Default value: 0
##### `batch_size_for_sync`
batchSizeForSync
Default value: 1000
##### `username_ldap_attribute`
usernameLdapAttribute
Default value: uid
##### `rdn_ldap_attribute`
rdnLdapAttribute
Default value: uid
##### `uuid_ldap_attribute`
uuidLdapAttribute
Default value: entryUUID
##### `bind_dn`
bindDn
##### `bind_credential`
bindCredential
##### `import_enabled`
Valid values: `true`, `false`
importEnabled
Default value: true
##### `use_kerberos_for_password_authentication`
Valid values: `true`, `false`
useKerberosForPasswordAuthentication
##### `user_object_classes`
userObjectClasses
Default value: ['inetOrgPerson', 'organizationalPerson']
##### `search_scope`
Valid values: one, one_level, subtree, 1, 2, 1, 2
searchScope
##### `custom_user_search_filter`
Valid values: %r{.*}, absent
customUserSearchFilter
Default value: absent
##### `trust_email`
Valid values: `true`, `false`
trustEmail
Default value: false
##### `full_sync_period`
fullSyncPeriod
Default value: -1
##### `changed_sync_period`
changedSyncPeriod
Default value: -1
#### Parameters
The following parameters are available in the `keycloak_ldap_user_provider` type.
##### `name`
namevar
The LDAP user provider name
##### `resource_name`
The LDAP user provider name. Defaults to `name`.
##### `id`
Id. Defaults to "`resource_name`-`realm`"
##### `realm`
parentId
### keycloak_protocol_mapper
Manage Keycloak client scope protocol mappers
#### Examples
##### Add email protocol mapper to oidc-client client scope in realm test
```puppet
keycloak_protocol_mapper { "email for oidc-clients on test":
claim_name => 'email',
user_attribute => 'email',
}
```
#### Properties
The following properties are available in the `keycloak_protocol_mapper` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `protocol`
Valid values: openid-connect, saml
protocol
Default value: openid-connect
##### `user_attribute`
user.attribute. Default to `resource_name` for `type` `oidc-usermodel-property-mapper` or `saml-user-property-mapper`
##### `json_type_label`
json.type.label. Default to `String` for `type` `oidc-usermodel-property-mapper` and `oidc-group-membership-mapper`.
##### `full_path`
Valid values: `true`, `false`
full.path. Default to `false` for `type` `oidc-group-membership-mapper`.
##### `friendly_name`
friendly.name. Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `attribute_name`
attribute.name Default to `resource_name` for `type` `saml-user-property-mapper`.
##### `claim_name`
claim.name
##### `id_token_claim`
Valid values: `true`, `false`
id.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `access_token_claim`
Valid values: `true`, `false`
access.token.claim. Default to `true` for `protocol` `openid-connect`.
##### `userinfo_token_claim`
Valid values: `true`, `false`
userinfo.token.claim. Default to `true` for `protocol` `openid-connect` except `type` of `oidc-audience-mapper`.
##### `attribute_nameformat`
attribute.nameformat
##### `single`
Valid values: `true`, `false`
single. Default to `false` for `type` `saml-role-list-mapper` or `saml-javascript-mapper`.
##### `script`
Script, only valid for `type` of `saml-javascript-mapper`'
Array values will be joined with newlines. Strings will be kept unchanged.
##### `included_client_audience`
included.client.audience Required for `type` of `oidc-audience-mapper`
#### Parameters
The following parameters are available in the `keycloak_protocol_mapper` type.
##### `name`
namevar
The protocol mapper name
##### `id`
Id.
##### `resource_name`
The protocol mapper name. Defaults to `name`.
##### `client_scope`
client scope
##### `realm`
realm
##### `type`
Valid values: oidc-usermodel-property-mapper, oidc-full-name-mapper, oidc-group-membership-mapper, oidc-audience-mapper, saml-user-property-mapper, saml-role-list-mapper
protocolMapper.
Default is `oidc-usermodel-property-mapper` for `protocol` `openid-connect` and
`saml-user-property-mapper` for `protocol` `saml`.
### keycloak_realm
Manage Keycloak realms
#### Examples
##### Add a realm with a custom theme
```puppet
keycloak_realm { 'test':
ensure => 'present',
remember_me => true,
login_with_email_allowed => false,
login_theme => 'my_theme',
}
```
#### Properties
The following properties are available in the `keycloak_realm` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `display_name`
displayName
##### `display_name_html`
displayNameHtml
##### `login_theme`
loginTheme
Default value: keycloak
##### `account_theme`
accountTheme
Default value: keycloak
##### `admin_theme`
adminTheme
Default value: keycloak
##### `email_theme`
emailTheme
Default value: keycloak
##### `internationalization_enabled`
Valid values: `true`, `false`
internationalizationEnabled
Default value: false
##### `sso_session_idle_timeout`
ssoSessionIdleTimeout
##### `sso_session_max_lifespan`
ssoSessionMaxLifespan
##### `access_code_lifespan`
accessCodeLifespan
##### `access_code_lifespan_user_action`
accessCodeLifespanUserAction
##### `access_token_lifespan`
accessTokenLifespan
##### `access_token_lifespan_for_implicit_flow`
accessTokenLifespanForImplicitFlow
##### `enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `remember_me`
Valid values: `true`, `false`
rememberMe
Default value: false
##### `registration_allowed`
Valid values: `true`, `false`
registrationAllowed
Default value: false
##### `login_with_email_allowed`
Valid values: `true`, `false`
loginWithEmailAllowed
Default value: true
##### `reset_password_allowed`
Valid values: `true`, `false`
resetPasswordAllowed
Default value: false
##### `verify_email`
Valid values: `true`, `false`
verifyEmail
Default value: false
##### `browser_flow`
browserFlow
Default value: browser
##### `registration_flow`
registrationFlow
Default value: registration
##### `direct_grant_flow`
directGrantFlow
Default value: direct grant
##### `reset_credentials_flow`
resetCredentialsFlow
Default value: reset credentials
##### `client_authentication_flow`
clientAuthenticationFlow
Default value: clients
##### `docker_authentication_flow`
dockerAuthenticationFlow
Default value: docker auth
##### `default_client_scopes`
Default Client Scopes
##### `optional_client_scopes`
Optional Client Scopes
##### `supported_locales`
Supported Locales
##### `content_security_policy`
contentSecurityPolicy
Default value: frame-src 'self'; frame-ancestors 'self'; object-src 'none';
##### `events_enabled`
Valid values: `true`, `false`
eventsEnabled
Default value: false
##### `events_expiration`
eventsExpiration
##### `events_listeners`
eventsListeners
Default value: ['jboss-logging']
##### `admin_events_enabled`
Valid values: `true`, `false`
adminEventsEnabled
Default value: false
##### `admin_events_details_enabled`
Valid values: `true`, `false`
adminEventsDetailsEnabled
Default value: false
##### `smtp_server_user`
smtpServer user
##### `smtp_server_password`
smtpServer password
##### `smtp_server_host`
smtpServer host
##### `smtp_server_port`
smtpServer port
##### `smtp_server_auth`
Valid values: `true`, `false`
smtpServer auth
##### `smtp_server_starttls`
Valid values: `true`, `false`
smtpServer starttls
##### `smtp_server_ssl`
Valid values: `true`, `false`
smtpServer ssl
##### `smtp_server_from`
smtpServer from
##### `smtp_server_envelope_from`
smtpServer envelope_from
##### `smtp_server_from_display_name`
smtpServer fromDisplayName
##### `smtp_server_reply_to`
smtpServer replyto
##### `smtp_server_reply_to_display_name`
smtpServer replyToDisplayName
##### `brute_force_protected`
Valid values: `true`, `false`
bruteForceProtected
##### `roles`
-List of non composite realm roles to define.
+roles
Default value: ['offline_access', 'uma_authorization']
#### Parameters
The following parameters are available in the `keycloak_realm` type.
##### `name`
namevar
The realm name
##### `id`
Id. Default to `name`.
### keycloak_required_action
Manage Keycloak required actions
#### Examples
##### Enable Webauthn Register and make it default
```puppet
keycloak_required_action { 'webauthn-register on master':
ensure => present,
provider_id => 'webauthn-register',
display_name => 'Webauthn Register',
default => true,
enabled => true,
priority => 1,
config => {
'something' => 'true', # keep in mind that keycloak only supports strings for both keys and values
'smth else' => '1',
},
alias => 'webauthn',
}
@example Minimal example to enable email verification without making it default
keycloak_required_action { 'VERIFY_EMAIL on master':
ensure => present,
provider_id => 'webauthn-register',
}
```
#### Properties
The following properties are available in the `keycloak_required_action` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `display_name`
Displayed name. Default to `provider_id`
##### `enabled`
Valid values: `true`, `false`
If the required action is enabled. Default to true.
Default value: true
##### `alias`
Alias. Default to `provider_id`.
##### `default`
Valid values: `true`, `false`
If the required action is a default one. Default to false
Default value: false
##### `priority`
Required action priority
##### `config`
Required action config
#### Parameters
The following parameters are available in the `keycloak_required_action` type.
##### `name`
namevar
The required action name
##### `realm`
realm
##### `provider_id`
providerId of the required action
### keycloak_resource_validator
Verify that a specific Keycloak resource is available
#### Properties
The following properties are available in the `keycloak_resource_validator` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
#### Parameters
The following parameters are available in the `keycloak_resource_validator` type.
##### `name`
namevar
An arbitrary name used as the identity of the resource.
##### `test_url`
URL to use for testing if the Keycloak database is up
##### `test_key`
Key to lookup
##### `test_value`
Value to lookup
##### `realm`
Realm to query
##### `timeout`
The max number of seconds that the validator should wait before giving up and deciding that keycloak is not running; defaults to 15 seconds.
Default value: 30
### keycloak_sssd_user_provider
Manage Keycloak SSSD user providers
#### Examples
##### Add SSSD user provider to test realm
```puppet
keycloak_sssd_user_provider { 'SSSD on test':
ensure => 'present',
}
```
#### Properties
The following properties are available in the `keycloak_sssd_user_provider` type.
##### `ensure`
Valid values: present, absent
The basic property that the resource should be in.
Default value: present
##### `enabled`
Valid values: `true`, `false`
enabled
Default value: true
##### `priority`
priority
Default value: 0
##### `cache_policy`
Valid values: DEFAULT, EVICT_DAILY, EVICT_WEEKLY, MAX_LIFESPAN, NO_CACHE
cachePolicy
Default value: DEFAULT
##### `eviction_day`
evictionDay
##### `eviction_hour`
evictionHour
##### `eviction_minute`
evictionMinute
##### `max_lifespan`
maxLifespan
#### Parameters
The following parameters are available in the `keycloak_sssd_user_provider` type.
##### `name`
namevar
The SSSD user provider name
##### `resource_name`
The SSSD user provider name. Defaults to `name`.
##### `id`
Id. Defaults to "`resource_name`-`realm`"
##### `realm`
parentId
diff --git a/metadata.json b/metadata.json
index 6c72ad2..bc086d0 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,85 +1,85 @@
{
"name": "treydock-keycloak",
- "version": "6.18.0",
+ "version": "6.19.0",
"author": "treydock",
"summary": "Keycloak Puppet module",
"license": "Apache-2.0",
"source": "https://github.com/treydock/puppet-module-keycloak",
"project_page": "https://github.com/treydock/puppet-module-keycloak",
"issues_url": "https://github.com/treydock/puppet-module-keycloak/issues",
"dependencies": [
{
"name": "puppetlabs/stdlib",
"version_requirement": ">= 4.25.0 <7.0.0"
},
{
"name": "puppetlabs/mysql",
"version_requirement": ">= 10.2.0 <11.0.0"
},
{
"name": "puppetlabs/postgresql",
"version_requirement": ">= 6.4.0 <7.0.0"
},
{
"name": "puppetlabs/java",
"version_requirement": ">= 5.0.0 <7.0.0"
},
{
"name": "puppetlabs/java_ks",
"version_requirement": ">= 1.0.0 <4.0.0"
},
{
"name": "puppet/archive",
"version_requirement": ">= 0.5.1 <5.0.0"
},
{
"name": "camptocamp/systemd",
"version_requirement": ">= 0.4.0 <3.0.0"
}
],
"operatingsystem_support": [
{
"operatingsystem": "RedHat",
"operatingsystemrelease": [
"7",
"8"
]
},
{
"operatingsystem": "CentOS",
"operatingsystemrelease": [
"7",
"8"
]
},
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
"7",
"8"
]
},
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
"9",
"10"
]
},
{
"operatingsystem": "Ubuntu",
"operatingsystemrelease": [
"18.04"
]
}
],
"requirements": [
{
"name": "puppet",
"version_requirement": ">= 5.0.0 < 7.0.0"
}
],
"pdk-version": "1.17.0",
"template-url": "https://github.com/treydock/pdk-templates.git#master",
"template-ref": "heads/master-0-g58023b5"
}

File Metadata

Mime Type
text/x-diff
Expires
Mon, Aug 18, 6:40 PM (1 w, 3 d ago)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
3310084

Event Timeline

About · Developer information · Legal