Remove kcmadm login session when Keycloak service restarts unless usi…

…ng persistent sessions
treydock · Nov 18, 2024 · ac65098 · ac65098
1 parent f291300
commit ac65098
Show file tree

Hide file tree

Showing 4 changed files with 7 additions and 2 deletions.
diff --git a/files/kcadm-wrapper.sh b/files/kcadm-wrapper.sh
@@ -3,7 +3,7 @@
 # shellcheck source=/dev/null
 . /opt/keycloak/conf/kcadm-wrapper.conf
 
-EXPIRES=$(/usr/bin/sed  -n -r 's|.*"refreshExpiresAt" : ([0-9]*).*|\1|p' "$CONFIG" || echo "0")
+EXPIRES=$(/usr/bin/sed  -n -r 's|.*"refreshExpiresAt" : ([0-9]*).*|\1|p' "$CONFIG" 2>/dev/null || echo "0")
 NOW=$(/usr/bin/date +%s%3N)
 
 if [ ! -f "$CONFIG" ] || [ "$EXPIRES" -lt "$NOW" ]; then

diff --git a/manifests/config.pp b/manifests/config.pp
@@ -11,7 +11,7 @@
 
   $wrapper_conf = {
     'KCADM'      => "${keycloak::install_base}/bin/kcadm.sh",
-    'CONFIG'     => "${keycloak::conf_dir}/kcadm.config",
+    'CONFIG'     => $keycloak::login_config,
     'SERVER'     => $keycloak::wrapper_server,
     'REALM'      => 'master',
     'ADMIN_USER' => $keycloak::admin_user,

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -331,6 +331,7 @@
   $providers_dir = "${install_base}/providers"
   $wrapper_path = "${keycloak::install_base}/bin/kcadm-wrapper.sh"
   $wrapper_conf = "${conf_dir}/kcadm-wrapper.conf"
+  $login_config = "${conf_dir}/kcadm.config"
 
   $default_config = {
     'hostname' => $hostname,

diff --git a/templates/keycloak.service.erb b/templates/keycloak.service.erb
@@ -21,6 +21,10 @@ Environment='JAVA_HOME=<%= scope['keycloak::java_home'] %>'
 User=<%= scope['keycloak::user'] %>
 Group=<%= scope['keycloak::group'] %>
 ExecStart=<%= scope['keycloak::service_start_cmd'] %>
+# TODO: remove once upgraded from Keycloak 25 to 26
+<% unless (scope['keycloak::features'] || []).include?('persistent-user-sessions') -%>
+ExecStartPost=-/usr/bin/rm -f <%= scope['keycloak::login_config'] %>
+<% end -%>
 TimeoutStartSec=600
 TimeoutStopSec=600
 SuccessExitStatus=0 143