mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 13:04:00 -07:00 
			
		
		
		
	keycloak_user_federation: set krbPrincipalAttribute to '' if unset in kc responses (#8785)
		
	* set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
		
					parent
					
						
							
								27cb0c9090
							
						
					
				
			
			
				commit
				
					
						ac302eb77d
					
				
			
		
					 2 changed files with 14 additions and 3 deletions
				
			
		|  | @ -0,0 +1,2 @@ | |||
| bugfixes: | ||||
|   - keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785). | ||||
|  | @ -721,15 +721,20 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode | |||
| from copy import deepcopy | ||||
| 
 | ||||
| 
 | ||||
| def normalize_kc_comp(comp): | ||||
|     # kc completely removes the parameter `krbPrincipalAttribute` if it is set to `''`; the unset kc parameter is equivalent to `''`; | ||||
|     # to make change detection and diff more accurate we set it again in the kc responses | ||||
|     if 'config' in comp: | ||||
|         if 'krbPrincipalAttribute' not in comp['config']: | ||||
|             comp['config']['krbPrincipalAttribute'] = [''] | ||||
| 
 | ||||
| 
 | ||||
| def sanitize(comp): | ||||
|     compcopy = deepcopy(comp) | ||||
|     if 'config' in compcopy: | ||||
|         compcopy['config'] = {k: v[0] for k, v in compcopy['config'].items()} | ||||
|         if 'bindCredential' in compcopy['config']: | ||||
|             compcopy['config']['bindCredential'] = '**********' | ||||
|         # an empty string is valid for krbPrincipalAttribute but is filtered out in diff | ||||
|         if 'krbPrincipalAttribute' not in compcopy['config']: | ||||
|             compcopy['config']['krbPrincipalAttribute'] = '' | ||||
|     if 'mappers' in compcopy: | ||||
|         for mapper in compcopy['mappers']: | ||||
|             if 'config' in mapper: | ||||
|  | @ -885,6 +890,8 @@ def main(): | |||
|     if cid is not None and before_comp: | ||||
|         before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') | ||||
| 
 | ||||
|     normalize_kc_comp(before_comp) | ||||
| 
 | ||||
|     # Build a proposed changeset from parameters given to this module | ||||
|     changeset = {} | ||||
| 
 | ||||
|  | @ -994,6 +1001,7 @@ def main(): | |||
|                     kc.delete_component(default_mapper['id'], realm) | ||||
| 
 | ||||
|         after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm) | ||||
|         normalize_kc_comp(after_comp) | ||||
|         if module._diff: | ||||
|             result['diff'] = dict(before='', after=sanitize(after_comp)) | ||||
|         result['end_state'] = sanitize(after_comp) | ||||
|  | @ -1041,6 +1049,7 @@ def main(): | |||
| 
 | ||||
|             after_comp = kc.get_component(cid, realm) | ||||
|             after_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') | ||||
|             normalize_kc_comp(after_comp) | ||||
|             after_comp_sanitized = sanitize(after_comp) | ||||
|             before_comp_sanitized = sanitize(before_comp) | ||||
|             result['end_state'] = after_comp_sanitized | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue