ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-09-30 21:43:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Inspq keycloak role composites (#6469)

Browse source 
* Add composites to keycloak_role module

* Add composites support for realm role in keycloak module_utils

* Clean f.write from keycloak_role module

* keycloak_role support state for realm role composites

* Add support for composites in client role for keycloak_role module

* Add changelog fragment for keycloak role composites PR

* Fix pep8 and validate-modules tests errors

* Update changelogs/fragments/6469-add-composites-support-for-keycloak-role.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

I will try it

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix test_keycloak_role assertion

* Fix role composite compare before update in keycloak_role module

* Fix realm problem with update_role_composites in keycloak.py module_utils

* Add units tests for composites and client roles in keycloak_role module

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Change try in is_struct_included and add unit tests for keycloak.py module_utils

* Add integration tests for composites roles and fix bug with non master roles in keycloak_role module

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* is_struct_included refactor

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Philippe Gauthier 2023-06-15 00:57:30 -04:00 committed by GitHub
commit 9395df1c6f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 860 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tests/integration/targets/keycloak_role/README.md Normal file
View file

@ -0,0 +1,20 @@
<!--
Copyright (c) Ansible Project
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
-->
# Running keycloak_user module integration test
To run Keycloak user module's integration test, start a keycloak server using Docker or Podman:
podman|docker run -d --rm --name mykeycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:latest start-dev --http-relative-path /auth
Source Ansible env-setup from ansible github repository
Run integration tests:
ansible-test integration keycloak_role --python 3.10 --allow-unsupported
Cleanup:
podman|docker stop mykeycloak

233
tests/integration/targets/keycloak_role/tasks/main.yml
View file

@ -248,3 +248,236 @@
that:
- result is not changed
- result.end_state == {}
- name: Create realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert realm role is created with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 3
- name: Change realm role with composites no change
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert realm role with composites have not changed
assert:
that:
- result is not changed
- result.end_state.composites | length == 3
- name: Remove composite from realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites_with_absent }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert composite was removed from realm role with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 2
- name: Delete realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert realm role deleted
assert:
that:
- result is changed
- result.end_state == {}
- name: Delete absent realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert not changed and realm role absent
assert:
that:
- result is not changed
- result.end_state == {}
- name: Create client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert client role is created with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 3
- name: Change client role with composites no change
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert client role with composites have not changed
assert:
that:
- result is not changed
- result.end_state.composites | length == 3
- name: Remove composite from client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites_with_absent }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert composite was removed from client role with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 2
- name: Delete client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert client role deleted
assert:
that:
- result is changed
- result.end_state == {}
- name: Delete absent client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert not changed and client role absent
assert:
that:
- result is not changed
- result.end_state == {}

27
tests/integration/targets/keycloak_role/vars/main.yml
View file

@ -12,3 +12,30 @@ client_id: myclient
role: myrole
description_1: desc 1
description_2: desc 2
keycloak_role_name: test
keycloak_role_description: test
keycloak_role_composite: true
keycloak_role_composites:
- name: view-clients
client_id: "realm-management"
state: present
- name: query-clients
client_id: "realm-management"
state: present
- name: offline_access
state: present
keycloak_client_id: test-client
keycloak_client_name: test-client
keycloak_client_description: This is a client for testing purpose
role_state: present
keycloak_role_composites_with_absent:
- name: view-clients
client_id: "realm-management"
state: present
- name: query-clients
client_id: "realm-management"
state: present
- name: offline_access
state: absent

370
tests/unit/plugins/modules/test_keycloak_role.py
View file

@ -21,7 +21,9 @@ from ansible.module_utils.six import StringIO
@contextmanager
def patch_keycloak_api(get_realm_role, create_realm_role=None, update_realm_role=None, delete_realm_role=None):
def patch_keycloak_api(get_realm_role=None, create_realm_role=None, update_realm_role=None, delete_realm_role=None,
get_client_role=None, create_client_role=None, update_client_role=None, delete_client_role=None,
get_client_by_id=None, get_role_composites=None):
"""Mock context manager for patching the methods in PwPolicyIPAClient that contact the IPA server
Patches the `login` and `_post_json` methods
@ -41,7 +43,15 @@ def patch_keycloak_api(get_realm_role, create_realm_role=None, update_realm_role
with patch.object(obj, 'create_realm_role', side_effect=create_realm_role) as mock_create_realm_role:
with patch.object(obj, 'update_realm_role', side_effect=update_realm_role) as mock_update_realm_role:
with patch.object(obj, 'delete_realm_role', side_effect=delete_realm_role) as mock_delete_realm_role:
yield mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role
with patch.object(obj, 'get_client_role', side_effect=get_client_role) as mock_get_client_role:
with patch.object(obj, 'create_client_role', side_effect=create_client_role) as mock_create_client_role:
with patch.object(obj, 'update_client_role', side_effect=update_client_role) as mock_update_client_role:
with patch.object(obj, 'delete_client_role', side_effect=delete_client_role) as mock_delete_client_role:
with patch.object(obj, 'get_client_by_id', side_effect=get_client_by_id) as mock_get_client_by_id:
with patch.object(obj, 'get_role_composites', side_effect=get_role_composites) as mock_get_role_composites:
yield mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role, \
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role, \
mock_get_client_by_id, mock_get_role_composites
def get_response(object_with_future_response, method, get_id_call_count):
@ -125,7 +135,9 @@ class TestKeycloakRealmRole(ModuleTestCase):
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_absent, create_realm_role=return_value_created) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role):
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
@ -179,7 +191,9 @@ class TestKeycloakRealmRole(ModuleTestCase):
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_present, update_realm_role=return_value_updated) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role):
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
@ -233,7 +247,9 @@ class TestKeycloakRealmRole(ModuleTestCase):
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_present, update_realm_role=return_value_updated) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role):
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
@ -244,6 +260,140 @@ class TestKeycloakRealmRole(ModuleTestCase):
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_create_with_composites_when_present_no_change(self):
"""Update without change a realm role"""
module_args = {
'auth_keycloak_url': 'http://keycloak.url/auth',
'auth_password': 'admin',
'auth_realm': 'master',
'auth_username': 'admin',
'auth_client_id': 'admin-cli',
'validate_certs': True,
'realm': 'realm-name',
'name': 'role-name',
'description': 'role-description',
'composite': True,
'composites': [
{
'client_id': 'client_1',
'name': 'client-role1'
},
{
'name': 'realm-role-1'
}
]
}
return_value_present = [
{
"attributes": {},
"clientRole": False,
"composite": True,
"containerId": "realm-name",
"description": "role-description",
"id": "90f1cdb6-be88-496e-89c6-da1fb6bc6966",
"name": "role-name",
},
{
"attributes": {},
"clientRole": False,
"composite": True,
"containerId": "realm-name",
"description": "role-description",
"id": "90f1cdb6-be88-496e-89c6-da1fb6bc6966",
"name": "role-name",
}
]
return_value_updated = [None]
return_get_role_composites = [
[
{
'clientRole': True,
'containerId': 'c4367fac-f427-11ed-8e2f-aff070d20f0e',
'name': 'client-role1'
},
{
'clientRole': False,
'containerId': 'realm-name',
'name': 'realm-role-1'
}
]
]
return_get_client_by_client_id = [
{
"id": "de152444-f126-4a7a-8273-4ee1544133ad",
"clientId": "client_1",
"name": "client_1",
"description": "client_1",
"surrogateAuthRequired": False,
"enabled": True,
"alwaysDisplayInConsole": False,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://localhost:8080/*",
],
"webOrigins": [
"*"
],
"notBefore": 0,
"bearerOnly": False,
"consentRequired": False,
"standardFlowEnabled": True,
"implicitFlowEnabled": False,
"directAccessGrantsEnabled": False,
"serviceAccountsEnabled": False,
"publicClient": False,
"frontchannelLogout": False,
"protocol": "openid-connect",
"attributes": {
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": True,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
]
changed = False
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_present, update_realm_role=return_value_updated,
get_client_by_id=return_get_client_by_client_id,
get_role_composites=return_get_role_composites) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_realm_role.mock_calls), 1)
self.assertEqual(len(mock_create_realm_role.mock_calls), 0)
self.assertEqual(len(mock_update_realm_role.mock_calls), 0)
self.assertEqual(len(mock_get_client_by_client_id.mock_calls), 1)
self.assertEqual(len(mock_get_role_composites.mock_calls), 1)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_delete_when_absent(self):
"""Remove an absent realm role"""
@ -268,7 +418,9 @@ class TestKeycloakRealmRole(ModuleTestCase):
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_absent, delete_realm_role=return_value_deleted) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role):
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
@ -312,7 +464,9 @@ class TestKeycloakRealmRole(ModuleTestCase):
with mock_good_connection():
with patch_keycloak_api(get_realm_role=return_value_absent, delete_realm_role=return_value_deleted) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role):
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
@ -323,5 +477,207 @@ class TestKeycloakRealmRole(ModuleTestCase):
self.assertIs(exec_info.exception.args[0]['changed'], changed)
class TestKeycloakClientRole(ModuleTestCase):
def setUp(self):
super(TestKeycloakClientRole, self).setUp()
self.module = keycloak_role
def test_create_client_role_with_composites_when_absent(self):
"""Update with change a realm role"""
module_args = {
'auth_keycloak_url': 'http://keycloak.url/auth',
'auth_password': 'admin',
'auth_realm': 'master',
'auth_username': 'admin',
'auth_client_id': 'admin-cli',
'validate_certs': True,
'realm': 'realm-name',
'client_id': 'client-name',
'name': 'role-name',
'description': 'role-description',
'composite': True,
'composites': [
{
'client_id': 'client_1',
'name': 'client-role1'
},
{
'name': 'realm-role-1'
}
]
}
return_get_client_role = [
None,
{
"attributes": {},
"clientRole": True,
"composite": True,
"composites": [
{
'client': {
'client1': ['client-role1']
}
},
{
'realm': ['realm-role-1']
}
],
"containerId": "9ae25ec2-f40a-11ed-9261-b3bacf720f69",
"description": "role-description",
"id": "90f1cdb6-be88-496e-89c6-da1fb6bc6966",
"name": "role-name",
}
]
changed = True
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_client_role=return_get_client_role) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_realm_role.mock_calls), 0)
self.assertEqual(len(mock_create_realm_role.mock_calls), 0)
self.assertEqual(len(mock_update_realm_role.mock_calls), 0)
self.assertEqual(len(mock_get_client_role.mock_calls), 2)
self.assertEqual(len(mock_create_client_role.mock_calls), 1)
self.assertEqual(len(mock_update_client_role.mock_calls), 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
def test_create_client_role_with_composites_when_present_no_change(self):
"""Update with change a realm role"""
module_args = {
'auth_keycloak_url': 'http://keycloak.url/auth',
'auth_password': 'admin',
'auth_realm': 'master',
'auth_username': 'admin',
'auth_client_id': 'admin-cli',
'validate_certs': True,
'realm': 'realm-name',
'client_id': 'client-name',
'name': 'role-name',
'description': 'role-description',
'composite': True,
'composites': [
{
'client_id': 'client_1',
'name': 'client-role1'
},
{
'name': 'realm-role-1'
}
]
}
return_get_client_role = [
{
"attributes": {},
"clientRole": True,
"composite": True,
"containerId": "9ae25ec2-f40a-11ed-9261-b3bacf720f69",
"description": "role-description",
"id": "90f1cdb6-be88-496e-89c6-da1fb6bc6966",
"name": "role-name",
}
]
return_get_role_composites = [
[
{
'clientRole': True,
'containerId': 'c4367fac-f427-11ed-8e2f-aff070d20f0e',
'name': 'client-role1'
},
{
'clientRole': False,
'containerId': 'realm-name',
'name': 'realm-role-1'
}
]
]
return_get_client_by_client_id = [
{
"id": "de152444-f126-4a7a-8273-4ee1544133ad",
"clientId": "client_1",
"name": "client_1",
"description": "client_1",
"surrogateAuthRequired": False,
"enabled": True,
"alwaysDisplayInConsole": False,
"clientAuthenticatorType": "client-secret",
"redirectUris": [
"http://localhost:8080/*",
],
"webOrigins": [
"*"
],
"notBefore": 0,
"bearerOnly": False,
"consentRequired": False,
"standardFlowEnabled": True,
"implicitFlowEnabled": False,
"directAccessGrantsEnabled": False,
"serviceAccountsEnabled": False,
"publicClient": False,
"frontchannelLogout": False,
"protocol": "openid-connect",
"attributes": {
"backchannel.logout.session.required": "true",
"backchannel.logout.revoke.offline.tokens": "false"
},
"authenticationFlowBindingOverrides": {},
"fullScopeAllowed": True,
"nodeReRegistrationTimeout": -1,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"roles",
"email"
],
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"microprofile-jwt"
]
}
]
changed = False
set_module_args(module_args)
# Run the module
with mock_good_connection():
with patch_keycloak_api(get_client_role=return_get_client_role, get_client_by_id=return_get_client_by_client_id,
get_role_composites=return_get_role_composites) \
as (mock_get_realm_role, mock_create_realm_role, mock_update_realm_role, mock_delete_realm_role,
mock_get_client_role, mock_create_client_role, mock_update_client_role, mock_delete_client_role,
mock_get_client_by_client_id, mock_get_role_composites):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_realm_role.mock_calls), 0)
self.assertEqual(len(mock_create_realm_role.mock_calls), 0)
self.assertEqual(len(mock_update_realm_role.mock_calls), 0)
self.assertEqual(len(mock_get_client_role.mock_calls), 1)
self.assertEqual(len(mock_create_client_role.mock_calls), 0)
self.assertEqual(len(mock_update_client_role.mock_calls), 0)
self.assertEqual(len(mock_get_client_by_client_id.mock_calls), 1)
self.assertEqual(len(mock_get_role_composites.mock_calls), 1)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]['changed'], changed)
if __name__ == '__main__':
unittest.main()