mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-31 09:01:23 -07:00
[PR #7127/9a7a7a96 backport][stable-7] Add keycloak_realm_key module (#7291)
Add keycloak_realm_key module (#7127)
* Add keycloak_realm_key module
* keycloak_realm_key: make "ansible-test sanity" happy
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
* keycloak_realm_key: support check_mode
* keycloak_realm_key: add integration tests
* keycloak_realm_key: remove FIXME comment
* keycloak_realm_key: fix EOL in integration test variables
* keycloak_realm_key: remove unused import
* keycloak_realm_key: remove integration test realm at the end of test suite
* keycloak_realm_key: add version_added metadata
* keycloak_realm_key: add documentation for end_state
* keycloak_realm_key: support the "certificate" parameter
As with "private_key" changing the certificate after creation is not possible
because we can't compare the current value to the desired value.
* keycloak_realm_key: document default for certificate parameter
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
* keycloak_realm_key: implement diff mode
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm_key: remove note about literal linefeeds
* keycloak_realm_key: remove defaults from priority and certificate
* keycloak_realm_key: mark diff and check modes as partially supported
* keycloak_realm_key: implement "force" parameter
This ensures that the desired state is always enforced on keys that should be,
and are, present.
* keycloak_realm_key: fix yaml parsing error in documentation
* keycloak_realm_key: document why check_mode support is partial
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm_key: documentation and metadata fixes
* keycloak_realm_key: small documentation fix
* keycloak_realm_key: change version_added to 7.5.0
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 9a7a7a9658)
Co-authored-by: Samuli Seppänen <samuli.seppanen@gmail.com>
This commit is contained in:
patchback[bot]
GitHub
parent
4381ac1bf3
commit
24b6441580
6 changed files with 912 additions and 0 deletions
373
tests/integration/targets/keycloak_realm_key/tasks/main.yml
Normal file
373
tests/integration/targets/keycloak_realm_key/tasks/main.yml
Normal file
|
|
@ -0,0 +1,373 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- name: Remove Keycloak test realm to avoid failures from previous failed runs
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: absent
|
||||
|
||||
- name: Create Keycloak test realm
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: present
|
||||
|
||||
- name: Create custom realm key (check mode)
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 150
|
||||
check_mode: true
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["150"]
|
||||
- result.msg == "Realm key testkey would be created"
|
||||
|
||||
- name: Create custom realm key
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 150
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that realm key was created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["150"]
|
||||
- result.msg == "Realm key testkey created"
|
||||
|
||||
- name: Create custom realm key (test for idempotency)
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 150
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["150"]
|
||||
- result.msg == "Realm key testkey was in sync"
|
||||
|
||||
- name: Update custom realm key (check mode)
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 140
|
||||
check_mode: true
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["140"]
|
||||
- result.msg == "Realm key testkey would be changed: config.priority ['150'] -> ['140']"
|
||||
|
||||
- name: Update custom realm key
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 140
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that realm key was updated
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["140"]
|
||||
- result.msg == "Realm key testkey changed: config.priority ['150'] -> ['140']"
|
||||
|
||||
- name: Update custom realm key (test for idempotency)
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 140
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["140"]
|
||||
- result.msg == "Realm key testkey was in sync"
|
||||
|
||||
- name: Force update custom realm key
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
force: true
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key_2 }}"
|
||||
certificate: ""
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 140
|
||||
register: result
|
||||
|
||||
- name: Assert that forced update ran correctly
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["140"]
|
||||
- result.msg == "Realm key testkey was forcibly updated"
|
||||
|
||||
- name: Remove custom realm key
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: absent
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
priority: 140
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that realm key was deleted
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state == {}
|
||||
- result.msg == "Realm key testkey deleted"
|
||||
|
||||
- name: Remove custom realm key (test for idempotency)
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey
|
||||
state: absent
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: ""
|
||||
priority: 140
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state == {}
|
||||
- result.msg == "Realm key testkey not present"
|
||||
|
||||
- name: Create custom realm key with a custom certificate
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey_with_certificate
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "{{ realm_private_key }}"
|
||||
certificate: "{{ realm_certificate }}"
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 150
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that realm key with custom certificate was created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey_with_certificate"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["150"]
|
||||
- result.msg == "Realm key testkey_with_certificate created"
|
||||
|
||||
- name: Attempt to change the private key and the certificate
|
||||
community.general.keycloak_realm_key:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
name: testkey_with_certificate
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config:
|
||||
private_key: "a different private key string"
|
||||
certificate: "a different certificate string"
|
||||
enabled: true
|
||||
active: true
|
||||
priority: 150
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that nothing has changed
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "testkey_with_certificate"
|
||||
- result.end_state.parentId == "realm_key_test"
|
||||
- result.end_state.providerId == "rsa"
|
||||
- result.end_state.providerType == "org.keycloak.keys.KeyProvider"
|
||||
- result.end_state.config.active == ["true"]
|
||||
- result.end_state.config.enabled == ["true"]
|
||||
- result.end_state.config.algorithm == ["RS256"]
|
||||
- result.end_state.config.priority == ["150"]
|
||||
- result.msg == "Realm key testkey_with_certificate was in sync"
|
||||
|
||||
- name: Remove Keycloak test realm
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: absent
|
||||
Loading…
Add table
Add a link
Reference in a new issue