treydock
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 5 additions & 5 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎.sync.yml‎
Lines changed: 3 additions & 3 deletions b/‎.sync.yml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 26 additions & 6 deletions b/‎README.md‎
Lines changed: 26 additions & 6 deletions
diff --git a/‎data/os/Debian.yaml‎
Lines changed: 4 additions & 4 deletions b/‎data/os/Debian.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎data/os/Debian/11.yaml‎
Lines changed: 4 additions & 0 deletions b/‎data/os/Debian/11.yaml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎data/os/RedHat.yaml‎
Lines changed: 4 additions & 4 deletions b/‎data/os/RedHat.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎lib/puppet/provider/keycloak_flow/kcadm.rb‎
Lines changed: 6 additions & 32 deletions b/‎lib/puppet/provider/keycloak_flow/kcadm.rb‎
Lines changed: 6 additions & 32 deletions
diff --git a/‎lib/puppet/provider/keycloak_flow_execution/kcadm.rb‎
Lines changed: 7 additions & 33 deletions b/‎lib/puppet/provider/keycloak_flow_execution/kcadm.rb‎
Lines changed: 7 additions & 33 deletions
diff --git a/‎lib/puppet/type/keycloak_client.rb‎
Lines changed: 0 additions & 1 deletion b/‎lib/puppet/type/keycloak_client.rb‎
Lines changed: 0 additions & 1 deletion
@@ -16,11 +16,11 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - ruby: 2.7.7
+          - ruby: 2.7.8
             puppet: 7
             fixtures: .fixtures.yml
             allow_failure: false
-          - ruby: 3.2.2
+          - ruby: 3.2.3
             puppet: 8
             fixtures: .fixtures.yml
             allow_failure: false
@@ -65,17 +65,17 @@ jobs:
           - "puppet7"
           - "puppet8"
         keycloak_version:
-          - "24.0.5"
+          - "25.0.1"
         keycloak_full:
           - "no"
         include:
           - set: "el8"
             puppet: "puppet7"
-            keycloak_version: "24.0.5"
+            keycloak_version: "25.0.1"
             keycloak_full: "yes"
           - set: "el8"
             puppet: "puppet8"
-            keycloak_version: "24.0.5"
+            keycloak_version: "25.0.1"
             keycloak_full: "yes"
     env:
       BUNDLE_WITHOUT: development:release
 
@@ -25,16 +25,16 @@ Rakefile:
       - puppet7
       - puppet8
     keycloak_version:
-      - '24.0.5'
+      - '25.0.1'
     keycloak_full: ['no']
   acceptance_includes:
     - set: el8
       puppet: puppet7
-      keycloak_version: '24.0.5'
+      keycloak_version: '25.0.1'
       keycloak_full: 'yes'
     - set: el8
       puppet: puppet8
-      keycloak_version: '24.0.5'
+      keycloak_version: '25.0.1'
       keycloak_full: 'yes'
 .gitignore:
   paths:
 
@@ -6,6 +6,7 @@
 #### Table of Contents
 
 1. [Overview](#overview)
+    * [Upgrade to 12.x](#upgrade-to-12x)
     * [Upgrade to 8.x](#upgrade-to-8x)
         * [Changes to LDAP user provider IDs](#changes-to-ldap-user-provider-ids)
     * [Supported Versions of Keycloak](#supported-versions-of-keycloak)
@@ -35,6 +36,25 @@
 
 The keycloak module allows easy installation and management of Keycloak.
 
+### Upgrade to 12.x
+
+Version 12.x of this module had some major breaking changes to support Keycloak 25.x.
+
+The default Java version is now OpenJDK 21 except for Debian. The next major release will drop Debian support unless OpenJDK 21 is added to Debian repos.
+
+The `keycloak_flow` and `keycloak_flow_execution` types had their `index` property replaced by `priority`.  If you had executions with `index` 0,1,2 you'd need to set `priority` to something like 10,20,30.
+
+The configuration options switched to using Hostname v2 options.
+
+* `hostname` now accepts a URL
+* `hostname-url` is removed
+* `hostname-path` is removed
+* `hostname-port` is removed
+* `hostname-admin` now requires a URL
+* `hostname-admin-url` is removed
+* `hostname-strict-backchannel` is renamed to `hostname-backchannel-dynamic`
+* `hostname-strict-https` is removed
+
 ### Upgrade to 8.x
 
 This module underwent major changes in the 8.0.0 release to support Keycloak that uses Quarkus.
@@ -176,7 +196,7 @@ This module may work on earlier versions but this is the only version tested.
 | 19.x - 21.x      | 9.x                             |
 | 21.x             | 10.x                            |
 | 22.x - 24.x      | 11.x                            |
-| 24.x             | 12.x                            |
+| 25.x             | 12.x                            |
 | -----------------|---------------------------------|
 
 ## Usage
@@ -523,27 +543,27 @@ keycloak_flow_execution { 'auth-cookie under browser-with-duo on test':
   ensure       => 'present',
   configurable => false,
   display_name => 'Cookie',
-  index        => 0,
+  priority     => 10,
   requirement  => 'ALTERNATIVE',
 }
 keycloak_flow_execution { 'identity-provider-redirector under browser-with-duo on test':
   ensure       => 'present',
   configurable => true,
   display_name => 'Identity Provider Redirector',
-  index        => 1,
+  priority     => 15,
   requirement  => 'ALTERNATIVE',
 }
 keycloak_flow { 'form-browser-with-duo under browser-with-duo on test':
   ensure      => 'present',
-  index       => 2,
+  priority    => 20,
   requirement => 'ALTERNATIVE',
   top_level   => false,
 }
 keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test':
   ensure       => 'present',
   configurable => false,
   display_name => 'Username Password Form',
-  index        => 0,
+  priority     => 10,
   requirement  => 'REQUIRED',
 }
 keycloak_flow_execution { 'duo-universal under form-browser-with-duo on test':
@@ -558,7 +578,7 @@ keycloak_flow_execution { 'duo-universal under form-browser-with-duo on test':
     "duoGroups"         => "duo"
   },
   requirement  => 'REQUIRED',
-  index        => 1,
+  priority     => 15,
 }
 ```
 
 
@@ -1,8 +1,8 @@
 ---
-keycloak::java_package: openjdk-17-jdk
-keycloak::java_home: /usr/lib/jvm/java-1.17.0-openjdk-amd64/
-keycloak::java_alternative_path: /usr/lib/jvm/java-1.17.0-openjdk-amd64/bin/java
-keycloak::java_alternative: java-1.17.0-openjdk-amd64
+keycloak::java_package: openjdk-21-jdk
+keycloak::java_home: /usr/lib/jvm/java-1.21.0-openjdk-amd64/
+keycloak::java_alternative_path: /usr/lib/jvm/java-1.21.0-openjdk-amd64/bin/java
+keycloak::java_alternative: java-1.21.0-openjdk-amd64
 keycloak::user_shell: '/usr/sbin/nologin'
 keycloak::libunix_dbus_java_build_dependencies:
   - 'zlib1g-dev'
 
@@ -1,3 +1,7 @@
 ---
 keycloak::java_package_dependencies:
   - ca-certificates-java
+keycloak::java_package: openjdk-17-jdk
+keycloak::java_home: /usr/lib/jvm/java-1.17.0-openjdk-amd64/
+keycloak::java_alternative_path: /usr/lib/jvm/java-1.17.0-openjdk-amd64/bin/java
+keycloak::java_alternative: java-1.17.0-openjdk-amd64
@@ -1,8 +1,8 @@
 ---
-keycloak::java_package: java-17-openjdk-devel
-keycloak::java_home: /usr/lib/jvm/java-17-openjdk/
-keycloak::java_alternative_path: /usr/lib/jvm/java-17-openjdk/bin/java
-keycloak::java_alternative: /usr/lib/jvm/java-17-openjdk/bin/java
+keycloak::java_package: java-21-openjdk-devel
+keycloak::java_home: /usr/lib/jvm/java-21-openjdk/
+keycloak::java_alternative_path: /usr/lib/jvm/java-21-openjdk/bin/java
+keycloak::java_alternative: /usr/lib/jvm/java-21-openjdk/bin/java
 keycloak::user_shell: '/sbin/nologin'
 keycloak::libunix_dbus_java_build_dependencies:
   - 'which'
 
@@ -62,7 +62,7 @@ def self.instances
           flow[:flow_alias] = d['alias']
           flow[:realm] = realm
           flow[:description] = e['description']
-          flow[:index] = e['index']
+          flow[:priority] = e['priority']
           flow[:display_name] = e['displayName']
           flow[:alias] = e['displayName']
           if e['level'] != 0
@@ -105,6 +105,7 @@ def create
       data[:provider] = resource[:type]
       data[:description] = resource[:description]
       data[:type] = resource[:provider_id]
+      data[:priority] = resource[:priority]
       url = "authentication/flows/#{resource[:flow_alias]}/executions/flow"
     end
     t = Tempfile.new('keycloak_flow')
@@ -134,7 +135,8 @@ def create
       unless execution_id.nil?
         update_data = {
           id: execution_id,
-          requirement: resource[:requirement]
+          requirement: resource[:requirement],
+          priority: resource[:priority]
         }
         t = Tempfile.new('keycloak_flow_execution')
         t.write(JSON.pretty_generate(update_data))
@@ -181,19 +183,6 @@ def initialize(value = {})
     end
   end
 
-  def current_priority
-    data = {}
-    begin
-      output = kcadm('get', "authentication/executions/#{id}", resource[:realm])
-      data = JSON.parse(output)
-    rescue Puppet::ExecutionFailure => e
-      Puppet.debug("kcadm get execution failed\nError message: #{e.message}")
-    rescue JSON::ParserError
-      Puppet.debug('Unable to parse output from kcadm get execution')
-    end
-    data['priority'] || resource[:index]
-  end
-
   def flush
     unless @property_flush.empty?
       data = {}
@@ -204,10 +193,11 @@ def flush
         data[:providerId] = resource[:provider_id]
         data[:topLevel] = true
         url = "authentication/flows/#{id}"
-      elsif @property_flush[:requirement]
+      elsif @property_flush[:requirement] || @property_flush[:priority]
         data[:id] = id
         data[:description] = resource[:description]
         data[:requirement] = resource[:requirement]
+        data[:priority] = resource[:priority]
         url = "authentication/flows/#{resource[:flow_alias]}/executions"
       end
       unless data.empty?
@@ -221,22 +211,6 @@ def flush
           raise Puppet::Error, "kcadm update flow failed\nError message: #{e.message}"
         end
       end
-      if resource[:top_level] == :false && @property_flush[:index]
-        index_difference = current_priority - @property_flush[:index]
-        if index_difference.zero?
-          Puppet.notice("Index difference for Keycloak_flow[#{resource[:name]}] is unchanged, skipping.")
-        elsif index_difference.negative?
-          incrementer = 1
-          action = 'lower-priority'
-        else
-          incrementer = -1
-          action = 'raise-priority'
-        end
-        while index_difference != 0
-          kcadm('create', "authentication/executions/#{id}/#{action}", resource[:realm])
-          index_difference += incrementer
-        end
-      end
     end
     # Collect the resources again once they've been changed (that way `puppet
     # resource` will show the correct values after changes have been made).
 
@@ -48,7 +48,7 @@ def self.instances
           execution[:configurable] = e['configurable'].to_s.to_sym if e.key?('configurable')
           execution[:flow_alias] = f['alias']
           execution[:realm] = realm
-          execution[:index] = e['index']
+          execution[:priority] = e['priority']
           execution[:display_name] = e['displayName'] if e.key?('displayName')
           if e['level'] != 0
             parent_level = levels.find { |k, _v| k == (e['level'] - 1) }
@@ -104,6 +104,7 @@ def create
     data[:displayName] = resource[:display_name] if resource[:display_name]
     data[:configurable] = convert_property_value(resource[:configurable]) if resource[:configurable]
     data[:alias] = resource[:alias] if resource[:alias]
+    data[:priority] = resource[:priority]
     t = Tempfile.new('keycloak_flow_execution')
     t.write(JSON.pretty_generate(data))
     t.close
@@ -117,7 +118,8 @@ def create
     if resource[:requirement] != 'DISABLED'
       update_data = {
         id: new_id.strip,
-        requirement: resource[:requirement]
+        requirement: resource[:requirement],
+        priority: resource[:priority]
       }
       tu = Tempfile.new('keycloak_flow_execution_update')
       tu.write(JSON.pretty_generate(update_data))
@@ -173,25 +175,13 @@ def initialize(value = {})
     end
   end
 
-  def current_priority
-    data = {}
-    begin
-      output = kcadm('get', "authentication/executions/#{id}", resource[:realm])
-      data = JSON.parse(output)
-    rescue Puppet::ExecutionFailure => e
-      Puppet.debug("kcadm get execution failed\nError message: #{e.message}")
-    rescue JSON::ParserError
-      Puppet.debug('Unable to parse output from kcadm get execution')
-    end
-    data['priority'] || resource[:index]
-  end
-
   def flush
     unless @property_flush.empty?
-      if @property_flush[:requirement]
+      if @property_flush[:requirement] || @property_flush[:priority]
         data = {}
         data[:id] = id
-        data[:requirement] = resource[:requirement] if @property_flush[:requirement]
+        data[:requirement] = resource[:requirement]
+        data[:priority] = resource[:priority]
         t = Tempfile.new('keycloak_flow_execution')
         t.write(JSON.pretty_generate(data))
         t.close
@@ -225,22 +215,6 @@ def flush
           raise Puppet::Error, "kcadm update flow execution config failed\nError message: #{e.message}"
         end
       end
-      if @property_flush[:index]
-        index_difference = current_priority - @property_flush[:index]
-        if index_difference.zero?
-          Puppet.notice("Index difference for Keycloak_flow_execution[#{resource[:name]}] is unchanged, skipping.")
-        elsif index_difference.negative?
-          incrementer = 1
-          action = 'lower-priority'
-        else
-          incrementer = -1
-          action = 'raise-priority'
-        end
-        while index_difference != 0
-          kcadm('create', "authentication/executions/#{id}/#{action}", resource[:realm])
-          index_difference += incrementer
-        end
-      end
     end
     # Collect the resources again once they've been changed (that way `puppet
     # resource` will show the correct values after changes have been made).
 
@@ -215,7 +215,6 @@ def insync?(is)
 
   newproperty(:web_origins, array_matching: :all, parent: PuppetX::Keycloak::ArrayProperty) do
     desc 'webOrigins'
-    defaultto []
   end
 
   newproperty(:login_theme) do