ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-09-30 21:43:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Inspq keycloak user module (#6476)

Browse source 
* Add Keycloak User Module

* keycloak_user refactoring

* Add changelog fragment for breaking changes

* Fix Copyright for keycloak_user module

* Add keycloak_user module to BOTMETA

* Remove ANSIBLE_METADATA and override aliases for auth_username argument spec

* Update plugins/modules/keycloak_user.py

Updated short description

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Fix keycloak_user module description

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Dedent and use FQCN's for examples in keycloak_user module

* Fix examples in keycloak_user module documentation

* keycloak_user refactoring

* Add changelog fragment for breaking changes

* Remove ANSIBLE_METADATA and override aliases for auth_username argument spec

* Fix merge error on keycloak_user module changelogs fragment

* Add integration test for keycloak_user module

* Fix yamllint errors in keycloak_user integration tests

* Add README.md and fix integration tests for keycloak_user module

* Add Copyright and license in README.md integration tests keycloak_user module

* Update changelogs/fragments/6476-new-keycloak-user.module.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix argument_spec auth_username aliases for keycloak_user module

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add units tests for keycloak_user module

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove default value for keycloak_user enabled module parameter

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* keycloak_user refactoring

* Remove ANSIBLE_METADATA and override aliases for auth_username argument spec

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Dedent and use FQCN's for examples in keycloak_user module

* Fix examples in keycloak_user module documentation

* keycloak_user refactoring

* Add changelog fragment for breaking changes

* Remove ANSIBLE_METADATA and override aliases for auth_username argument spec

* Fix merge error on keycloak_user module changelogs fragment

* Update changelogs/fragments/6476-new-keycloak-user.module.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix argument_spec auth_username aliases for keycloak_user module

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove github Workflow

* Remove bugfix from changelog fragment

* Fix indentation in examples for keycloak_user module

* Fix examples in documentation for keycloak_user module

* Remove PR 6476 changelog fragment

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Restore ansible-test.yml

* Add msg output and RETURN documentation for keycloak_user module

* Fix RETURN documentation for keycloak_user module

* Fix msg for keycloak_user module

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Philippe Gauthier 2023-06-09 00:17:44 -04:00 committed by GitHub
commit 07a5f07eaa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
8 changed files with 1334 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

21
tests/integration/targets/keycloak_user/README.md Normal file
View file

@ -0,0 +1,21 @@
<!--
Copyright (c) Ansible Project
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
-->
# Running keycloak_user module integration test
To run Keycloak user module's integration test, start a keycloak server using Docker or Podman:
podman|docker run -d --rm --name mykeycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:latest start-dev --http-relative-path /auth
Source Ansible env-setup from ansible github repository
Run integration tests:
ansible-test integration keycloak_user --python 3.10 --allow-unsupported
Cleanup:
podman|docker stop mykeycloak

4
tests/integration/targets/keycloak_user/aliases Normal file
View file

@ -0,0 +1,4 @@
# Copyright (c) 2023, INSPQ Philippe Gauthier (@elfelip)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
unsupported

114
tests/integration/targets/keycloak_user/tasks/main.yml Normal file
View file

@ -0,0 +1,114 @@
# Copyright (c) 2022, Dušan Marković (@bratwurzt)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create realm
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
id: "{{ realm }}"
realm: "{{ realm }}"
state: present
- name: Create new realm role
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ role }}"
description: "{{ description_1 }}"
state: present
- name: Create client
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_id }}"
service_accounts_enabled: true
state: present
register: client
- name: Create new client role
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_id }}"
name: "{{ keycloak_client_role }}"
description: "{{ description_1 }}"
state: present
- name: Create new groups
community.general.keycloak_group:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ item.name }}"
state: present
with_items: "{{ keycloak_user_groups }}"
- name: Create user
community.general.keycloak_user:
auth_keycloak_url: "{{ url }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_realm: "{{ admin_realm }}"
username: "{{ keycloak_username }}"
realm: "{{ realm }}"
first_name: Ceciestes
last_name: Untestes
email: ceciestuntestes@test.com
groups: "{{ keycloak_user_groups }}"
attributes: "{{ keycloak_user_attributes }}"
state: present
register: create_result
- name: debug
debug:
var: create_result
- name: Assert user is created
assert:
that:
- create_result.changed
- create_result.end_state.username == 'test'
- create_result.end_state.attributes | length == 3
- create_result.end_state.groups | length == 2
- name: Delete User
community.general.keycloak_user:
auth_keycloak_url: "{{ url }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_realm: "{{ admin_realm }}"
username: "{{ keycloak_username }}"
realm: "{{ realm }}"
first_name: Ceciestes
last_name: Untestes
email: ceciestuntestes@test.com
groups: "{{ keycloak_user_groups }}"
attributes: "{{ keycloak_user_attributes }}"
state: absent
register: delete_result
- name: debug
debug:
var: delete_result
- name: Assert user is deleted
assert:
that:
- delete_result.changed
- delete_result.end_state | length == 0

46
tests/integration/targets/keycloak_user/vars/main.yml Normal file
View file

@ -0,0 +1,46 @@
---
# Copyright (c) 2022, Dušan Marković (@bratwurzt)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
url: http://localhost:8080/auth
admin_realm: master
admin_user: admin
admin_password: password
realm: myrealm
client_id: myclient
role: myrole
description_1: desc 1
description_2: desc 2
keycloak_username: test
keycloak_service_account_client_id: "{{ client_id }}"
keycloak_user_realm_roles:
- name: offline_access
- name: "{{ role }}"
keycloak_client_role: test
keycloak_user_client_roles:
- client_id: "{{ client_id }}"
roles:
- name: "{{ keycloak_client_role }}"
- client_id: "{{ realm }}-realm"
roles:
- name: view-users
- name: query-users
keycloak_user_attributes:
- name: attr1
values:
- value1s
state: present
- name: attr2
values:
- value2s
state: present
- name: attr3
values:
- value3s
state: present
keycloak_user_groups:
- name: test
state: present
- name: test2

354
tests/unit/plugins/modules/test_keycloak_user.py Normal file
View file

@ -0,0 +1,354 @@
# -*- coding: utf-8 -*-
# Copyright (c) 2021, Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import absolute_import, division, print_function
__metaclass__ = type
from contextlib import contextmanager
from ansible_collections.community.general.tests.unit.compat import unittest
from ansible_collections.community.general.tests.unit.compat.mock import patch
from ansible_collections.community.general.tests.unit.plugins.modules.utils import AnsibleExitJson, ModuleTestCase, set_module_args
from ansible_collections.community.general.plugins.modules import keycloak_user
from itertools import count
from ansible.module_utils.six import StringIO
@contextmanager
def patch_keycloak_api(get_user_by_username=None,
create_user=None,
update_user_groups_membership=None,
get_user_groups=None,
delete_user=None,
update_user=None):
"""Mock context manager for patching the methods in KeycloakAPI that contact the Keycloak server
Patches the `get_user_by_username` and `create_user` methods
"""
obj = keycloak_user.KeycloakAPI
with patch.object(obj, 'get_user_by_username', side_effect=get_user_by_username) as mock_get_user_by_username:
with patch.object(obj, 'create_user', side_effect=create_user) as mock_create_user:
with patch.object(obj, 'update_user_groups_membership', side_effect=update_user_groups_membership) as mock_update_user_groups_membership:
with patch.object(obj, 'get_user_groups', side_effect=get_user_groups) as mock_get_user_groups:
with patch.object(obj, 'delete_user', side_effect=delete_user) as mock_delete_user:
with patch.object(obj, 'update_user', side_effect=update_user) as mock_update_user:
yield mock_get_user_by_username, mock_create_user, mock_update_user_groups_membership,\
mock_get_user_groups, mock_delete_user, mock_update_user
def get_response(object_with_future_response, method, get_id_call_count):
if callable(object_with_future_response):
return object_with_future_response()
if isinstance(object_with_future_response, dict):
return get_response(
object_with_future_response[method], method, get_id_call_count)
if isinstance(object_with_future_response, list):
call_number = next(get_id_call_count)
return get_response(
object_with_future_response[call_number], method, get_id_call_count)
return object_with_future_response
def build_mocked_request(get_id_user_count, response_dict):
def _mocked_requests(*args, **kwargs):
url = args[0]
method = kwargs['method']
future_response = response_dict.get(url, None)
return get_response(future_response, method, get_id_user_count)
return _mocked_requests
def create_wrapper(text_as_string):
"""Allow to mock many times a call to one address.
Without this function, the StringIO is empty for the second call.
"""
def _create_wrapper():
return StringIO(text_as_string)
return _create_wrapper
def mock_good_connection():
token_response = {
'http://keycloak.url/auth/realms/master/protocol/openid-connect/token': create_wrapper(
'{"access_token": "alongtoken"}'), }
return patch(
'ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak.open_url',
side_effect=build_mocked_request(count(), token_response),
autospec=True
)
class TestKeycloakUser(ModuleTestCase):
def setUp(self):
super(TestKeycloakUser, self).setUp()
self.module = keycloak_user
def test_add_new_user(self):
"""Add a new user"""
module_args = {
'auth_keycloak_url': 'https: // auth.example.com / auth',
'token': '{{ access_token }}',
'state': 'present',
'realm': 'master',
'username': 'test',
'groups': []
}
return_value_get_user_by_username = [None]
return_value_update_user_groups_membership = [False]
return_get_user_groups = [[]]
return_create_user = [{'id': '123eqwdawer24qwdqw4'}]
return_delete_user = None
return_update_user = None
changed = True
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_user_by_username=return_value_get_user_by_username,
create_user=return_create_user,
update_user_groups_membership=return_value_update_user_groups_membership,
get_user_groups=return_get_user_groups,
update_user=return_update_user,
delete_user=return_delete_user) \
as (mock_get_user_by_username,
mock_create_user,
mock_update_user_groups_membership,
mock_get_user_groups,
mock_delete_user,
mock_update_user):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(mock_get_user_by_username.call_count, 1)
self.assertEqual(mock_create_user.call_count, 1)
self.assertEqual(mock_update_user_groups_membership.call_count, 1)
self.assertEqual(mock_get_user_groups.call_count, 1)
self.assertEqual(mock_update_user.call_count, 0)
self.assertEqual(mock_delete_user.call_count, 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_add_exiting_user_no_change(self):
"""Add a new user"""
module_args = {
'auth_keycloak_url': 'https: // auth.example.com / auth',
'token': '{{ access_token }}',
'state': 'present',
'realm': 'master',
'username': 'test',
'groups': []
}
return_value_get_user_by_username = [
{
'id': '123eqwdawer24qwdqw4',
'username': 'test',
'groups': [],
'enabled': True,
'emailVerified': False,
'disableableCredentialTypes': [],
'requiredActions': [],
'credentials': [],
'federatedIdentities': [],
'clientConsents': []
}
]
return_value_update_user_groups_membership = [False]
return_get_user_groups = [[]]
return_create_user = None
return_delete_user = None
return_update_user = None
changed = False
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_user_by_username=return_value_get_user_by_username,
create_user=return_create_user,
update_user_groups_membership=return_value_update_user_groups_membership,
get_user_groups=return_get_user_groups,
update_user=return_update_user,
delete_user=return_delete_user) \
as (mock_get_user_by_username,
mock_create_user,
mock_update_user_groups_membership,
mock_get_user_groups,
mock_delete_user,
mock_update_user):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(mock_get_user_by_username.call_count, 1)
self.assertEqual(mock_create_user.call_count, 0)
self.assertEqual(mock_update_user_groups_membership.call_count, 1)
self.assertEqual(mock_get_user_groups.call_count, 1)
self.assertEqual(mock_update_user.call_count, 0)
self.assertEqual(mock_delete_user.call_count, 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_update_user_with_group_changes(self):
"""Update groups for a user"""
module_args = {
'auth_keycloak_url': 'https: // auth.example.com / auth',
'token': '{{ access_token }}',
'state': 'present',
'realm': 'master',
'username': 'test',
'first_name': 'test',
'last_name': 'user',
'groups': [{
'name': 'group1',
'state': 'present'
}]
}
return_value_get_user_by_username = [
{
'id': '123eqwdawer24qwdqw4',
'username': 'test',
'groups': [],
'enabled': True,
'emailVerified': False,
'disableableCredentialTypes': [],
'requiredActions': [],
'credentials': [],
'federatedIdentities': [],
'clientConsents': []
}
]
return_value_update_user_groups_membership = [True]
return_get_user_groups = [['group1']]
return_create_user = None
return_delete_user = None
return_update_user = [
{
'id': '123eqwdawer24qwdqw4',
'username': 'test',
'first_name': 'test',
'last_name': 'user',
'enabled': True,
'emailVerified': False,
'disableableCredentialTypes': [],
'requiredActions': [],
'credentials': [],
'federatedIdentities': [],
'clientConsents': []
}
]
changed = True
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_user_by_username=return_value_get_user_by_username,
create_user=return_create_user,
update_user_groups_membership=return_value_update_user_groups_membership,
get_user_groups=return_get_user_groups,
update_user=return_update_user,
delete_user=return_delete_user) \
as (mock_get_user_by_username,
mock_create_user,
mock_update_user_groups_membership,
mock_get_user_groups,
mock_delete_user,
mock_update_user):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(mock_get_user_by_username.call_count, 1)
self.assertEqual(mock_create_user.call_count, 0)
self.assertEqual(mock_update_user_groups_membership.call_count, 1)
self.assertEqual(mock_get_user_groups.call_count, 1)
self.assertEqual(mock_update_user.call_count, 1)
self.assertEqual(mock_delete_user.call_count, 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_delete_user(self):
"""Delete a user"""
module_args = {
'auth_keycloak_url': 'https: // auth.example.com / auth',
'token': '{{ access_token }}',
'state': 'absent',
'realm': 'master',
'username': 'test',
'groups': []
}
return_value_get_user_by_username = [
{
'id': '123eqwdawer24qwdqw4',
'username': 'test',
'groups': [],
'enabled': True,
'emailVerified': False,
'disableableCredentialTypes': [],
'requiredActions': [],
'credentials': [],
'federatedIdentities': [],
'clientConsents': []
}
]
return_value_update_user_groups_membership = None
return_get_user_groups = None
return_create_user = None
return_delete_user = None
return_update_user = None
changed = True
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_user_by_username=return_value_get_user_by_username,
create_user=return_create_user,
update_user_groups_membership=return_value_update_user_groups_membership,
get_user_groups=return_get_user_groups,
update_user=return_update_user,
delete_user=return_delete_user) \
as (mock_get_user_by_username,
mock_create_user,
mock_update_user_groups_membership,
mock_get_user_groups,
mock_delete_user,
mock_update_user):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(mock_get_user_by_username.call_count, 1)
self.assertEqual(mock_create_user.call_count, 0)
self.assertEqual(mock_update_user_groups_membership.call_count, 0)
self.assertEqual(mock_get_user_groups.call_count, 0)
self.assertEqual(mock_update_user.call_count, 0)
self.assertEqual(mock_delete_user.call_count, 1)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
if __name__ == '__main__':
unittest.main()