Bugfix/keycloak userfed idempotency (#5732)

* fix(modules/keycloak_user_federation): fixes ...

... federation read call not finding already existing federations
properly because of bad parametrisation

* fix(modules/keycloak_user_federation): added ...

... new integration test for module idempotency bugfix

* added changelog fragment for pr

Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
This commit is contained in:
morco 2023-01-22 17:27:57 +01:00 committed by GitHub
commit 0ca41dedce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 116 additions and 2 deletions

View file

@ -66,6 +66,59 @@
- result.existing == {}
- result.end_state.name == "{{ federation }}"
- name: Create new user federation in admin realm
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ admin_realm }}"
name: "{{ federation }}"
state: present
provider_id: ldap
provider_type: org.keycloak.storage.UserStorageProvider
config:
enabled: true
priority: 0
fullSyncPeriod: -1
changedSyncPeriod: -1
cachePolicy: DEFAULT
batchSizeForSync: 1000
editMode: READ_ONLY
importEnabled: true
syncRegistrations: false
vendor: other
usernameLDAPAttribute: uid
rdnLDAPAttribute: uid
uuidLDAPAttribute: entryUUID
userObjectClasses: "inetOrgPerson, organizationalPerson"
connectionUrl: "ldaps://ldap.example.com:636"
usersDn: "ou=Users,dc=example,dc=com"
authType: simple
bindDn: cn=directory reader
bindCredential: secret
searchScope: 1
validatePasswordPolicy: false
trustEmail: false
useTruststoreSpi: "ldapsOnly"
connectionPooling: true
pagination: true
allowKerberosAuthentication: false
useKerberosForPasswordAuthentication: false
debug: false
register: result
- name: Debug
debug:
var: result
- name: Assert user federation created (admin realm)
assert:
that:
- result is changed
- result.existing == {}
- result.end_state.name == "{{ federation }}"
- name: Update existing user federation (no change)
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
@ -121,6 +174,61 @@
- result.end_state != {}
- result.end_state.name == "{{ federation }}"
- name: Update existing user federation (no change, admin realm)
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ admin_realm }}"
name: "{{ federation }}"
state: present
provider_id: ldap
provider_type: org.keycloak.storage.UserStorageProvider
config:
enabled: true
priority: 0
fullSyncPeriod: -1
changedSyncPeriod: -1
cachePolicy: DEFAULT
batchSizeForSync: 1000
editMode: READ_ONLY
importEnabled: true
syncRegistrations: false
vendor: other
usernameLDAPAttribute: uid
rdnLDAPAttribute: uid
uuidLDAPAttribute: entryUUID
userObjectClasses: "inetOrgPerson, organizationalPerson"
connectionUrl: "ldaps://ldap.example.com:636"
usersDn: "ou=Users,dc=example,dc=com"
authType: simple
bindDn: cn=directory reader
bindCredential: "**********"
searchScope: 1
validatePasswordPolicy: false
trustEmail: false
useTruststoreSpi: "ldapsOnly"
connectionPooling: true
pagination: true
allowKerberosAuthentication: false
useKerberosForPasswordAuthentication: false
debug: false
register: result
- name: Debug
debug:
var: result
- name: Assert user federation unchanged (admin realm)
assert:
that:
- result is not changed
- result.existing != {}
- result.existing.name == "{{ federation }}"
- result.end_state != {}
- result.end_state.name == "{{ federation }}"
- name: Update existing user federation (with change)
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"