mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ... ... federation read call not finding already existing federations properly because of bad parametrisation * fix(modules/keycloak_user_federation): added ... ... new integration test for module idempotency bugfix * added changelog fragment for pr Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
This commit is contained in:
		
					parent
					
						
							
								098912c229
							
						
					
				
			
			
				commit
				
					
						0ca41dedce
					
				
			
		
					 3 changed files with 116 additions and 2 deletions
				
			
		|  | @ -0,0 +1,6 @@ | ||||||
|  | bugfixes: | ||||||
|  |   - > | ||||||
|  |     keycloak_user_federation - fixes idempotency detection issues. In some | ||||||
|  |     cases the module could fail to properly detect already existing user | ||||||
|  |     federations because of a buggy seemingly superflous extra query parameter | ||||||
|  |     (https://github.com/ansible-collections/community.general/pull/5732). | ||||||
|  | @ -24,7 +24,7 @@ description: | ||||||
|       to your needs and a user having the expected roles. |       to your needs and a user having the expected roles. | ||||||
| 
 | 
 | ||||||
|     - The names of module options are snake_cased versions of the camelCase ones found in the |     - The names of module options are snake_cased versions of the camelCase ones found in the | ||||||
|       Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html). |       Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). | ||||||
| 
 | 
 | ||||||
| 
 | 
 | ||||||
| options: | options: | ||||||
|  | @ -835,7 +835,7 @@ def main(): | ||||||
| 
 | 
 | ||||||
|     # See if it already exists in Keycloak |     # See if it already exists in Keycloak | ||||||
|     if cid is None: |     if cid is None: | ||||||
|         found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', parent=realm, name=name)), realm) |         found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', name=name)), realm) | ||||||
|         if len(found) > 1: |         if len(found) > 1: | ||||||
|             module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name)) |             module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name)) | ||||||
|         before_comp = next(iter(found), None) |         before_comp = next(iter(found), None) | ||||||
|  |  | ||||||
|  | @ -66,6 +66,59 @@ | ||||||
|       - result.existing == {} |       - result.existing == {} | ||||||
|       - result.end_state.name == "{{ federation }}" |       - result.end_state.name == "{{ federation }}" | ||||||
| 
 | 
 | ||||||
|  | - name: Create new user federation in admin realm | ||||||
|  |   community.general.keycloak_user_federation: | ||||||
|  |     auth_keycloak_url: "{{ url }}" | ||||||
|  |     auth_realm: "{{ admin_realm }}" | ||||||
|  |     auth_username: "{{ admin_user }}" | ||||||
|  |     auth_password: "{{ admin_password }}" | ||||||
|  |     realm: "{{ admin_realm }}" | ||||||
|  |     name: "{{ federation }}" | ||||||
|  |     state: present | ||||||
|  |     provider_id: ldap | ||||||
|  |     provider_type: org.keycloak.storage.UserStorageProvider | ||||||
|  |     config: | ||||||
|  |       enabled: true | ||||||
|  |       priority: 0 | ||||||
|  |       fullSyncPeriod: -1 | ||||||
|  |       changedSyncPeriod: -1 | ||||||
|  |       cachePolicy: DEFAULT | ||||||
|  |       batchSizeForSync: 1000 | ||||||
|  |       editMode: READ_ONLY | ||||||
|  |       importEnabled: true | ||||||
|  |       syncRegistrations: false | ||||||
|  |       vendor: other | ||||||
|  |       usernameLDAPAttribute: uid | ||||||
|  |       rdnLDAPAttribute: uid | ||||||
|  |       uuidLDAPAttribute: entryUUID | ||||||
|  |       userObjectClasses: "inetOrgPerson, organizationalPerson" | ||||||
|  |       connectionUrl: "ldaps://ldap.example.com:636" | ||||||
|  |       usersDn: "ou=Users,dc=example,dc=com" | ||||||
|  |       authType: simple | ||||||
|  |       bindDn: cn=directory reader | ||||||
|  |       bindCredential: secret | ||||||
|  |       searchScope: 1 | ||||||
|  |       validatePasswordPolicy: false | ||||||
|  |       trustEmail: false | ||||||
|  |       useTruststoreSpi: "ldapsOnly" | ||||||
|  |       connectionPooling: true | ||||||
|  |       pagination: true | ||||||
|  |       allowKerberosAuthentication: false | ||||||
|  |       useKerberosForPasswordAuthentication: false | ||||||
|  |       debug: false | ||||||
|  |   register: result | ||||||
|  | 
 | ||||||
|  | - name: Debug | ||||||
|  |   debug: | ||||||
|  |     var: result | ||||||
|  | 
 | ||||||
|  | - name: Assert user federation created (admin realm) | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - result is changed | ||||||
|  |       - result.existing == {} | ||||||
|  |       - result.end_state.name == "{{ federation }}" | ||||||
|  | 
 | ||||||
| - name: Update existing user federation (no change) | - name: Update existing user federation (no change) | ||||||
|   community.general.keycloak_user_federation: |   community.general.keycloak_user_federation: | ||||||
|     auth_keycloak_url: "{{ url }}" |     auth_keycloak_url: "{{ url }}" | ||||||
|  | @ -121,6 +174,61 @@ | ||||||
|       - result.end_state != {} |       - result.end_state != {} | ||||||
|       - result.end_state.name == "{{ federation }}" |       - result.end_state.name == "{{ federation }}" | ||||||
| 
 | 
 | ||||||
|  | - name: Update existing user federation (no change, admin realm) | ||||||
|  |   community.general.keycloak_user_federation: | ||||||
|  |     auth_keycloak_url: "{{ url }}" | ||||||
|  |     auth_realm: "{{ admin_realm }}" | ||||||
|  |     auth_username: "{{ admin_user }}" | ||||||
|  |     auth_password: "{{ admin_password }}" | ||||||
|  |     realm: "{{ admin_realm }}" | ||||||
|  |     name: "{{ federation }}" | ||||||
|  |     state: present | ||||||
|  |     provider_id: ldap | ||||||
|  |     provider_type: org.keycloak.storage.UserStorageProvider | ||||||
|  |     config: | ||||||
|  |       enabled: true | ||||||
|  |       priority: 0 | ||||||
|  |       fullSyncPeriod: -1 | ||||||
|  |       changedSyncPeriod: -1 | ||||||
|  |       cachePolicy: DEFAULT | ||||||
|  |       batchSizeForSync: 1000 | ||||||
|  |       editMode: READ_ONLY | ||||||
|  |       importEnabled: true | ||||||
|  |       syncRegistrations: false | ||||||
|  |       vendor: other | ||||||
|  |       usernameLDAPAttribute: uid | ||||||
|  |       rdnLDAPAttribute: uid | ||||||
|  |       uuidLDAPAttribute: entryUUID | ||||||
|  |       userObjectClasses: "inetOrgPerson, organizationalPerson" | ||||||
|  |       connectionUrl: "ldaps://ldap.example.com:636" | ||||||
|  |       usersDn: "ou=Users,dc=example,dc=com" | ||||||
|  |       authType: simple | ||||||
|  |       bindDn: cn=directory reader | ||||||
|  |       bindCredential: "**********" | ||||||
|  |       searchScope: 1 | ||||||
|  |       validatePasswordPolicy: false | ||||||
|  |       trustEmail: false | ||||||
|  |       useTruststoreSpi: "ldapsOnly" | ||||||
|  |       connectionPooling: true | ||||||
|  |       pagination: true | ||||||
|  |       allowKerberosAuthentication: false | ||||||
|  |       useKerberosForPasswordAuthentication: false | ||||||
|  |       debug: false | ||||||
|  |   register: result | ||||||
|  | 
 | ||||||
|  | - name: Debug | ||||||
|  |   debug: | ||||||
|  |     var: result | ||||||
|  | 
 | ||||||
|  | - name: Assert user federation unchanged (admin realm) | ||||||
|  |   assert: | ||||||
|  |     that: | ||||||
|  |       - result is not changed | ||||||
|  |       - result.existing != {} | ||||||
|  |       - result.existing.name == "{{ federation }}" | ||||||
|  |       - result.end_state != {} | ||||||
|  |       - result.end_state.name == "{{ federation }}" | ||||||
|  | 
 | ||||||
| - name: Update existing user federation (with change) | - name: Update existing user federation (with change) | ||||||
|   community.general.keycloak_user_federation: |   community.general.keycloak_user_federation: | ||||||
|     auth_keycloak_url: "{{ url }}" |     auth_keycloak_url: "{{ url }}" | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue