Bump keycloak operator + enable auto-updates (#525)

* Bump keycloak operator + enable auto-updates * Enable master realm to work without TLS * Bokeh example is not maintained
azimuth-cloud · Jun 13, 2024 · eee3c24 · eee3c24
1 parent 8b66b56
commit eee3c24
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 25 deletions.
diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml
@@ -115,6 +115,12 @@ jobs:
             repository: k3s-io/k3s
             version_jsonpath: k3s_version
 
+          - key: keycloak-operator
+            path: ./roles/keycloak/defaults/main.yml
+            repository: keycloak/keycloak-k8s-resources
+            tags: "yes"
+            version_jsonpath: keycloak_operator_version
+
           - key: kustomize
             path: ./roles/kustomize/defaults/main.yml
             repository: kubernetes-sigs/kustomize
@@ -152,6 +158,7 @@ jobs:
         with:
           repository: ${{ matrix.repository }}
           prereleases: ${{ matrix.prereleases || 'no' }}
+          tags: ${{ matrix.tags || 'no' }}
 
       - name: Update dependency key
         uses: stackhpc/github-actions/config-update@master

diff --git a/roles/generate_tests/defaults/main.yml b/roles/generate_tests/defaults/main.yml
@@ -98,7 +98,7 @@ generate_tests_caas_test_case_slurm_service_monitoring_expected_title: Grafana
 # Configuration for the repo2docker test case, if enabled
 #   The repository to use to build the image
 #   We pick a repository that has some meat but is relatively quick to build
-generate_tests_caas_test_case_repo2docker_param_cluster_repository: https://github.com/binder-examples/bokeh.git
+generate_tests_caas_test_case_repo2docker_param_cluster_repository: https://github.com/binder-examples/demo-julia.git
 #   Expected titles for the repo2docker services
 generate_tests_caas_test_case_repo2docker_service_repo2docker_expected_title: JupyterLab
 generate_tests_caas_test_case_repo2docker_service_monitoring_expected_title: Grafana

diff --git a/roles/keycloak/defaults/main.yml b/roles/keycloak/defaults/main.yml
@@ -175,7 +175,7 @@ keycloak_ingress_spec: >-
   }}
 
 # The version of the Keycloak operator to install
-keycloak_operator_version: 20.0.1
+keycloak_operator_version: 24.0.4
 # The base URL for the Keycloak operator manifests
 keycloak_operator_base_url: https://raw.githubusercontent.com/keycloak/keycloak-k8s-resources
 

diff --git a/roles/keycloak/tasks/main.yml b/roles/keycloak/tasks/main.yml
@@ -217,31 +217,31 @@
           }}
   when: keycloak_admin_creds_secret_cmd.rc != 0
 
-- name: Update Keycloak admin password
-  block:
-    - name: Get Keycloak admin token
-      uri:
-        url: "{{ keycloak_base_url }}/realms/master/protocol/openid-connect/token"
-        method: POST
-        body_format: form-urlencoded
-        body:
-          grant_type: password
-          client_id: admin-cli
-          username: "{{ keycloak_admin_username }}"
-          password: "{{ keycloak_admin_password_current }}"
-        ca_path: "{{ keycloak_ca_path or omit }}"
-        validate_certs: "{{ keycloak_validate_certs }}"
-      register: keycloak_admin_token_req
-      # This is the first task that tries to access the Keycloak API, so retry when
-      # there is an SSL error (reported as -1)
-      retries: 60
-      delay: 10
-      until: keycloak_admin_token_req.status != -1
+- name: Get Keycloak admin token
+  uri:
+    url: "{{ keycloak_base_url }}/realms/master/protocol/openid-connect/token"
+    method: POST
+    body_format: form-urlencoded
+    body:
+      grant_type: password
+      client_id: admin-cli
+      username: "{{ keycloak_admin_username }}"
+      password: "{{ keycloak_admin_password_current }}"
+    ca_path: "{{ keycloak_ca_path or omit }}"
+    validate_certs: "{{ keycloak_validate_certs }}"
+  register: keycloak_admin_token_req
+  # This is the first task that tries to access the Keycloak API, so retry when
+  # there is an SSL error (reported as -1)
+  retries: 60
+  delay: 10
+  until: keycloak_admin_token_req.status != -1
 
-    - name: Set Keycloak admin token fact
-      set_fact:
-        keycloak_admin_token: "{{ keycloak_admin_token_req.json.access_token }}"
+- name: Set Keycloak admin token fact
+  set_fact:
+    keycloak_admin_token: "{{ keycloak_admin_token_req.json.access_token }}"
 
+- name: Update Keycloak admin password
+  block:
     - name: Get Keycloak master realm users
       uri:
         url: "{{ keycloak_base_url }}/admin/realms/master/users"
@@ -293,3 +293,16 @@
             username: "{{ keycloak_admin_username }}"
             password: "{{ keycloak_admin_password }}"
   when: keycloak_admin_password != keycloak_admin_password_current
+
+- name: Configure SSL requirement for master realm
+  uri:
+    url: "{{ keycloak_base_url }}/admin/realms/master"
+    method: PUT
+    headers:
+      authorization: "Bearer {{ keycloak_admin_token }}"
+    body_format: json
+    body:
+      sslRequired: "{{ 'external' if keycloak_ingress_tls_enabled else 'none' }}"
+    ca_path: "{{ keycloak_ca_path or omit }}"
+    validate_certs: "{{ keycloak_validate_certs }}"
+    status_code: [204]