commit 2e5a63ad3f5ea0f28c4592316de0bcf274e5e7ff
author Mohammed Naser <mnaser@vexxhost.com> Wed Feb 05 15:25:25 2025 -0500
committer Mohammed Naser <mnaser@vexxhost.com> Wed Feb 05 21:35:01 2025 -0500
tree eb1f6451f07bb9feb564faef0a247f9ebfa1ae38
parent 561eb3e0cb9ebb146ddd19ceda4bd33f7524af49

Add extra Keycloak realm options

Change-Id: Ia9862dc6b58a9870de76fbf37eb8faa0e06cd017

releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml

diff --git a/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml b/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml
new file mode 100644
index 0000000..4a7a43b
--- /dev/null
+++ b/releasenotes/notes/add-extra-keycloak-realm-options-a8b14740bd999ebb.yaml
@@ -0,0 +1,5 @@
+---
+features:
+  - The Keystone role now supports additional parameters when creating the
+    Keycloak realm to allow for the configuration of options such as password
+    policy, brute force protection, and more.

roles/keystone/defaults/main.yml

diff --git a/roles/keystone/defaults/main.yml b/roles/keystone/defaults/main.yml
index cdc541f..5b5c5e9 100644
--- a/roles/keystone/defaults/main.yml
+++ b/roles/keystone/defaults/main.yml
@@ -37,6 +37,15 @@
 keystone_keycloak_admin_password: "{{ keycloak_admin_password }}"
 keystone_keycloak_realm: atmosphere
 keystone_keycloak_realm_name: Atmosphere
+# keystone_keycloak_realm_default_password_policy:
+# keystone_keycloak_realm_default_brute_force_protected:
+# keystone_keycloak_realm_default_brute_force_failure_factor:
+# keystone_keycloak_realm_default_brute_force_wait_increment_seconds:
+# keystone_keycloak_realm_default_brute_force_max_failure_wait_seconds:
+# keystone_keycloak_realm_default_brute_force_max_delta_time_seconds:
+# keystone_keycloak_realm_default_minimum_quick_login_wait_seconds:
+# keystone_keycloak_realm_default_quick_login_check_milli_seconds:
+
 keystone_keycloak_client_id: keystone
 # keystone_keycloak_client_secret:
 keystone_keycloak_scopes: "openid email profile"

roles/keystone/tasks/main.yml

diff --git a/roles/keystone/tasks/main.yml b/roles/keystone/tasks/main.yml
index a62ae89..f17c68e 100644
--- a/roles/keystone/tasks/main.yml
+++ b/roles/keystone/tasks/main.yml
@@ -29,6 +29,14 @@
     realm: "{{ item.keycloak_realm }}"
     display_name: "{{ item.label }}"
     enabled: true
+    password_policy: "{{ item.keycloak_password_policy | default(keystone_keycloak_realm_default_password_policy | default(omit)) }}"
+    brute_force_protected: "{{ item.keycloak_brute_force_protected | default(keystone_keycloak_realm_default_brute_force_protected | default(omit)) }}"
+    failure_factor: "{{ item.keycloak_brute_force_failure_factor | default(keystone_keycloak_realm_default_brute_force_failure_factor | default(omit)) }}"
+    wait_increment_seconds: "{{ item.keycloak_brute_force_wait_increment_seconds | default(keystone_keycloak_realm_default_brute_force_wait_increment_seconds | default(omit)) }}"
+    max_failure_wait_seconds: "{{ item.keycloak_brute_force_max_failure_wait_seconds | default(keystone_keycloak_realm_default_brute_force_max_failure_wait_seconds | default(omit)) }}"
+    max_delta_time_seconds: "{{ item.keycloak_brute_force_max_delta_time_seconds | default(keystone_keycloak_realm_default_brute_force_max_delta_time_seconds | default(omit)) }}"
+    minimum_quick_login_wait_seconds: "{{ item.keycloak_minimum_quick_login_wait_seconds | default(keystone_keycloak_realm_default_minimum_quick_login_wait_seconds | default(omit)) }}"
+    quick_login_check_milli_seconds: "{{ item.keycloak_quick_login_check_milli_seconds | default(keystone_keycloak_realm_default_quick_login_check_milli_seconds | default(omit)) }}"
   loop: "{{ keystone_domains }}"
   loop_control:
     label: "{{ item.name }}"