mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 21:44:00 -07:00 
			
		
		
		
	[PR #9263/2682ec47 backport][stable-9] keycloak_authentication: Fix priority attribute during execution updates (#9291)
keycloak_authentication: Fix priority attribute during execution updates (#9263)
keycloak_authentication: Fix priority attribute during execution updates.
(cherry picked from commit 2682ec47d9)
Co-authored-by: Florian Apolloner <florian@apolloner.eu>
	
	
This commit is contained in:
		
					parent
					
						
							
								988d760372
							
						
					
				
			
			
				commit
				
					
						aa3a43cfa8
					
				
			
		
					 2 changed files with 9 additions and 4 deletions
				
			
		|  | @ -0,0 +1,2 @@ | ||||||
|  | security_fixes: | ||||||
|  |   - keycloak_authentication - API calls did not properly set the ``priority`` during update resulting in incorrectly sorted authentication flows. This apparently only affects Keycloak 25 or newer (https://github.com/ansible-collections/community.general/pull/9263). | ||||||
|  | @ -257,6 +257,7 @@ def create_or_update_executions(kc, config, realm='master'): | ||||||
|         changed = False |         changed = False | ||||||
|         after = "" |         after = "" | ||||||
|         before = "" |         before = "" | ||||||
|  |         execution = None | ||||||
|         if "authenticationExecutions" in config: |         if "authenticationExecutions" in config: | ||||||
|             # Get existing executions on the Keycloak server for this alias |             # Get existing executions on the Keycloak server for this alias | ||||||
|             existing_executions = kc.get_executions_representation(config, realm=realm) |             existing_executions = kc.get_executions_representation(config, realm=realm) | ||||||
|  | @ -283,27 +284,27 @@ def create_or_update_executions(kc, config, realm='master'): | ||||||
|                         if new_exec['index'] is None: |                         if new_exec['index'] is None: | ||||||
|                             new_exec_index = exec_index |                             new_exec_index = exec_index | ||||||
|                         before += str(existing_executions[exec_index]) + '\n' |                         before += str(existing_executions[exec_index]) + '\n' | ||||||
|                     id_to_update = existing_executions[exec_index]["id"] |                     execution = existing_executions[exec_index].copy() | ||||||
|                     # Remove exec from list in case 2 exec with same name |                     # Remove exec from list in case 2 exec with same name | ||||||
|                     existing_executions[exec_index].clear() |                     existing_executions[exec_index].clear() | ||||||
|                 elif new_exec["providerId"] is not None: |                 elif new_exec["providerId"] is not None: | ||||||
|                     kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm) |                     kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm) | ||||||
|  |                     execution = kc.get_executions_representation(config, realm=realm)[exec_index] | ||||||
|                     exec_found = True |                     exec_found = True | ||||||
|                     exec_index = new_exec_index |                     exec_index = new_exec_index | ||||||
|                     id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] |  | ||||||
|                     after += str(new_exec) + '\n' |                     after += str(new_exec) + '\n' | ||||||
|                 elif new_exec["displayName"] is not None: |                 elif new_exec["displayName"] is not None: | ||||||
|                     kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec["subFlowType"]) |                     kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec["subFlowType"]) | ||||||
|  |                     execution = kc.get_executions_representation(config, realm=realm)[exec_index] | ||||||
|                     exec_found = True |                     exec_found = True | ||||||
|                     exec_index = new_exec_index |                     exec_index = new_exec_index | ||||||
|                     id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] |  | ||||||
|                     after += str(new_exec) + '\n' |                     after += str(new_exec) + '\n' | ||||||
|                 if exec_found: |                 if exec_found: | ||||||
|                     changed = True |                     changed = True | ||||||
|                     if exec_index != -1: |                     if exec_index != -1: | ||||||
|                         # Update the existing execution |                         # Update the existing execution | ||||||
|                         updated_exec = { |                         updated_exec = { | ||||||
|                             "id": id_to_update |                             "id": execution["id"] | ||||||
|                         } |                         } | ||||||
|                         # add the execution configuration |                         # add the execution configuration | ||||||
|                         if new_exec["authenticationConfig"] is not None: |                         if new_exec["authenticationConfig"] is not None: | ||||||
|  | @ -313,6 +314,8 @@ def create_or_update_executions(kc, config, realm='master'): | ||||||
|                             if key not in ("flowAlias", "authenticationConfig", "subFlowType"): |                             if key not in ("flowAlias", "authenticationConfig", "subFlowType"): | ||||||
|                                 updated_exec[key] = new_exec[key] |                                 updated_exec[key] = new_exec[key] | ||||||
|                         if new_exec["requirement"] is not None: |                         if new_exec["requirement"] is not None: | ||||||
|  |                             if "priority" in execution: | ||||||
|  |                                 updated_exec["priority"] = execution["priority"] | ||||||
|                             kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm) |                             kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm) | ||||||
|                         diff = exec_index - new_exec_index |                         diff = exec_index - new_exec_index | ||||||
|                         kc.change_execution_priority(updated_exec["id"], diff, realm=realm) |                         kc.change_execution_priority(updated_exec["id"], diff, realm=realm) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue