ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-29 08:01:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Inspq keycloak role composites (#6469)

Browse source 
* Add composites to keycloak_role module

* Add composites support for realm role in keycloak module_utils

* Clean f.write from keycloak_role module

* keycloak_role support state for realm role composites

* Add support for composites in client role for keycloak_role module

* Add changelog fragment for keycloak role composites PR

* Fix pep8 and validate-modules tests errors

* Update changelogs/fragments/6469-add-composites-support-for-keycloak-role.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

I will try it

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix test_keycloak_role assertion

* Fix role composite compare before update in keycloak_role module

* Fix realm problem with update_role_composites in keycloak.py module_utils

* Add units tests for composites and client roles in keycloak_role module

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Change try in is_struct_included and add unit tests for keycloak.py module_utils

* Add integration tests for composites roles and fix bug with non master roles in keycloak_role module

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_role.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/module_utils/identity/keycloak/keycloak.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* is_struct_included refactor

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Philippe Gauthier 2023-06-15 00:57:30 -04:00 committed by GitHub
commit 9395df1c6f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 860 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

20
tests/integration/targets/keycloak_role/README.md Normal file
View file

@ -0,0 +1,20 @@
<!--
Copyright (c) Ansible Project
GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
SPDX-License-Identifier: GPL-3.0-or-later
-->
# Running keycloak_user module integration test
To run Keycloak user module's integration test, start a keycloak server using Docker or Podman:
podman|docker run -d --rm --name mykeycloak -p 8080:8080 -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:latest start-dev --http-relative-path /auth
Source Ansible env-setup from ansible github repository
Run integration tests:
ansible-test integration keycloak_role --python 3.10 --allow-unsupported
Cleanup:
podman|docker stop mykeycloak

233
tests/integration/targets/keycloak_role/tasks/main.yml
View file

@ -248,3 +248,236 @@
that:
- result is not changed
- result.end_state == {}
- name: Create realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert realm role is created with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 3
- name: Change realm role with composites no change
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert realm role with composites have not changed
assert:
that:
- result is not changed
- result.end_state.composites | length == 3
- name: Remove composite from realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites_with_absent }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert composite was removed from realm role with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 2
- name: Delete realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert realm role deleted
assert:
that:
- result is changed
- result.end_state == {}
- name: Delete absent realm role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert not changed and realm role absent
assert:
that:
- result is not changed
- result.end_state == {}
- name: Create client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert client role is created with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 3
- name: Change client role with composites no change
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert client role with composites have not changed
assert:
that:
- result is not changed
- result.end_state.composites | length == 3
- name: Remove composite from client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
realm: "{{ realm }}"
description: "{{ keycloak_role_description }}"
composite: "{{ keycloak_role_composite }}"
composites: "{{ keycloak_role_composites_with_absent }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Assert composite was removed from client role with composites
assert:
that:
- result is changed
- result.end_state.composites | length == 2
- name: Delete client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert client role deleted
assert:
that:
- result is changed
- result.end_state == {}
- name: Delete absent client role with composites
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ keycloak_role_name }}"
client_id: "{{ client_id }}"
state: absent
register: result
- name: Debug
debug:
var: result
- name: Assert not changed and client role absent
assert:
that:
- result is not changed
- result.end_state == {}

27
tests/integration/targets/keycloak_role/vars/main.yml
View file

@ -12,3 +12,30 @@ client_id: myclient
role: myrole
description_1: desc 1
description_2: desc 2
keycloak_role_name: test
keycloak_role_description: test
keycloak_role_composite: true
keycloak_role_composites:
- name: view-clients
client_id: "realm-management"
state: present
- name: query-clients
client_id: "realm-management"
state: present
- name: offline_access
state: present
keycloak_client_id: test-client
keycloak_client_name: test-client
keycloak_client_description: This is a client for testing purpose
role_state: present
keycloak_role_composites_with_absent:
- name: view-clients
client_id: "realm-management"
state: present
- name: query-clients
client_id: "realm-management"
state: present
- name: offline_access
state: absent