)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"b1d53548f930a556b749e9e7509e7669f75c8410","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":8,"id":"7d8f3c22_aac091bf","updated":"2024-01-24 22:23:45.000000000","message":"I\u0027ve left a note about the password trouble I had inline. Additionally we need to fix the testinfra testcase. To do that we need to drop the `auth/` portion of the path from these two lines: https://opendev.org/opendev/system-config/src/branch/master/testinfra/test_keycloak.py#L29 and https://opendev.org/opendev/system-config/src/branch/master/testinfra/test_keycloak.py#L31\n\nCorvus mentioned we may need to figure out how to keep these realm paths aligned with production. However, I half expect that the auth/ path is simply gone and we just need to point consumers at the new path now? As an alternative we could do webserver url rewrites? Something to think about but one step at a time here.","commit_id":"916ba538db3022b4d4511f9c3562498f51a86e06"}],"playbooks/roles/keycloak/templates/docker-compose.yaml.j2":[{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"b1d53548f930a556b749e9e7509e7669f75c8410","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    restart: always"},{"line_number":10,"context_line":"    environment:"},{"line_number":11,"context_line":"      - KEYCLOAK_ADMIN\u003dadmin"},{"line_number":12,"context_line":"      - KEYCLOAK_ADMIN_PASSWORD\u003d\"{{ keycloak_admin_password }}\""},{"line_number":13,"context_line":"    command:"},{"line_number":14,"context_line":"      - \u0027start-dev\u0027"},{"line_number":15,"context_line":"      - \u0027--hostname-strict\u003dfalse\u0027"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"c0d96018_79e6cd72","line":12,"updated":"2024-01-24 22:23:45.000000000","message":"The reason I couldn\u0027t get this password to work is that the `\"`\u0027s are being included in the password literally. We probably want to test the existing deployment to see if we need to include the literal `\"`\u0027s and if so update the values in private yaml to include the quotes. Then at the same time we can update this template file to drop the `\"`\u0027s. Also, as a first step to avoid further confusion maybe add a comment here indicating `\"`\u0027s should be included literally?","commit_id":"916ba538db3022b4d4511f9c3562498f51a86e06"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"b204f34fe0e37bb90d6e9e3aa198b11f5434e1cf","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    restart: always"},{"line_number":10,"context_line":"    environment:"},{"line_number":11,"context_line":"      - KEYCLOAK_ADMIN\u003dadmin"},{"line_number":12,"context_line":"      - KEYCLOAK_ADMIN_PASSWORD\u003d\"{{ keycloak_admin_password }}\""},{"line_number":13,"context_line":"    command:"},{"line_number":14,"context_line":"      - \u0027start-dev\u0027"},{"line_number":15,"context_line":"      - \u0027--hostname-strict\u003dfalse\u0027"}],"source_content_type":"text/x-jinja2","patch_set":8,"id":"c3377a88_6a3b8bc7","line":12,"in_reply_to":"c0d96018_79e6cd72","updated":"2024-01-25 18:40:21.000000000","message":"Done","commit_id":"916ba538db3022b4d4511f9c3562498f51a86e06"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"b204f34fe0e37bb90d6e9e3aa198b11f5434e1cf","unresolved":true,"context_lines":[{"line_number":9,"context_line":"    restart: always"},{"line_number":10,"context_line":"    environment:"},{"line_number":11,"context_line":"      KEYCLOAK_ADMIN: admin"},{"line_number":12,"context_line":"      KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}"},{"line_number":13,"context_line":"    command:"},{"line_number":14,"context_line":"      - \u0027start\u0027"},{"line_number":15,"context_line":"      - \u0027--hostname-strict\u003dfalse\u0027"}],"source_content_type":"text/x-jinja2","patch_set":9,"id":"a9f3f7c9_ab1ca10d","line":12,"updated":"2024-01-25 18:40:21.000000000","message":"Now that this is a proper yaml datastructure we can keep the quotes and that might prevent yaml interpretation problems later depending on the password content. For safety maybe go ahead and readd the quotes?","commit_id":"4d3d5477d6ca093e2c4bfadc0203cf509caa7733"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"2b6a82f9c403c0611ae37f3b630f967b19af6411","unresolved":false,"context_lines":[{"line_number":9,"context_line":"    restart: always"},{"line_number":10,"context_line":"    environment:"},{"line_number":11,"context_line":"      KEYCLOAK_ADMIN: admin"},{"line_number":12,"context_line":"      KEYCLOAK_ADMIN_PASSWORD: {{ keycloak_admin_password }}"},{"line_number":13,"context_line":"    command:"},{"line_number":14,"context_line":"      - \u0027start\u0027"},{"line_number":15,"context_line":"      - \u0027--hostname-strict\u003dfalse\u0027"}],"source_content_type":"text/x-jinja2","patch_set":9,"id":"bdd96cef_480d836c","line":12,"in_reply_to":"a9f3f7c9_ab1ca10d","updated":"2024-01-26 00:21:41.000000000","message":"Done","commit_id":"4d3d5477d6ca093e2c4bfadc0203cf509caa7733"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"2b6a82f9c403c0611ae37f3b630f967b19af6411","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"services:"},{"line_number":6,"context_line":"  keycloak:"},{"line_number":7,"context_line":"    image: quay.io/keycloak/keycloak:19.0"},{"line_number":8,"context_line":"    network_mode: host"},{"line_number":9,"context_line":"    restart: always"},{"line_number":10,"context_line":"    environment:"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"273d58c7_8e8f8b09","line":7,"updated":"2024-01-26 00:21:41.000000000","message":"I double checked the image running in prod is the legacy image which maps to the 19.0.3 version running on wildfly. This 19.0 version maps to 19.0.3 running quarkus. I think these are about as equivalent as they can be given the differing runtimes.","commit_id":"fb47277a56df671bbab389ce10a89d976308d232"},{"author":{"_account_id":4146,"name":"Clark Boylan","email":"cboylan@sapwetik.org","username":"cboylan"},"change_message_id":"2b6a82f9c403c0611ae37f3b630f967b19af6411","unresolved":true,"context_lines":[{"line_number":14,"context_line":"      - \u0027start\u0027"},{"line_number":15,"context_line":"      - \u0027--hostname-strict\u003dfalse\u0027"},{"line_number":16,"context_line":"      - \u0027--http-enabled\u003dtrue\u0027"},{"line_number":17,"context_line":"      - \u0027--http-host\u003d127.0.0.1\u0027"},{"line_number":18,"context_line":"      - \u0027--proxy\u003dedge\u0027"},{"line_number":19,"context_line":"    volumes:"},{"line_number":20,"context_line":"      - /var/keycloak/data:/opt/jboss/keycloak/standalone/data"}],"source_content_type":"text/x-jinja2","patch_set":11,"id":"e99deee2_6361e96f","line":17,"updated":"2024-01-26 00:21:41.000000000","message":"I do notice that keycloak seems to listen on 0.0.0.0 on a high port that our firewall will block. The existing deployment does this too. Not sure why that is, but considering it isn\u0027t a regression I don\u0027t think we need to solve it here.","commit_id":"fb47277a56df671bbab389ce10a89d976308d232"}]}