From 090701b6009360680eb8ecb2056b5ff67697c8e5 Mon Sep 17 00:00:00 2001
From: Helmut Wolf <helmut.wolf@world-direct.at>
Date: Tue, 14 May 2024 20:05:14 +0200
Subject: [PATCH] #226: CR changes

---
 roles/keycloak_quarkus/tasks/prereqs.yml          | 7 +++++++
 roles/keycloak_quarkus/templates/keycloak.conf.j2 | 4 ++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/roles/keycloak_quarkus/tasks/prereqs.yml b/roles/keycloak_quarkus/tasks/prereqs.yml
index e0a76d56..bc18b4cc 100644
--- a/roles/keycloak_quarkus/tasks/prereqs.yml
+++ b/roles/keycloak_quarkus/tasks/prereqs.yml
@@ -65,3 +65,10 @@
     quiet: true
     fail_msg: "Providers definition is incorrect; `id` and one of `spi` or `url` are mandatory. `key` and `value` are mandatory for each property"
   loop: "{{ keycloak_quarkus_providers }}"
+
+- name: "Validate proxy-headers"
+  ansible.builtin.assert:
+    that:
+      - keycloak_quarkus_proxy_headers | lower in ['', 'forwarded', 'xforwarded']
+    quiet: true
+    fail_msg: "keycloak_quarkus_proxy_headers must be either '', 'forwarded' or 'xforwarded'"
diff --git a/roles/keycloak_quarkus/templates/keycloak.conf.j2 b/roles/keycloak_quarkus/templates/keycloak.conf.j2
index 6291b385..cb21484c 100644
--- a/roles/keycloak_quarkus/templates/keycloak.conf.j2
+++ b/roles/keycloak_quarkus/templates/keycloak.conf.j2
@@ -69,9 +69,9 @@ cache-config-file=cache-ispn.xml
 {% endif %}
 {% endif %}
 
-{% if keycloak_quarkus_proxy_headers is defined and keycloak_quarkus_proxy_headers != "none" %}
+{% if keycloak_quarkus_proxy_headers | length > 0 %}
 # Proxy
-proxy-headers={{ keycloak_quarkus_proxy_headers }}
+proxy-headers={{ keycloak_quarkus_proxy_headers | lower }}
 {% elif keycloak_quarkus_proxy_mode is defined and keycloak_quarkus_proxy_mode != "none" %}
 # Deprecated Proxy configuration
 proxy={{ keycloak_quarkus_proxy_mode }}