mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 13:34:01 -07:00 
			
		
		
		
	[PR #8898/3b109abe backport][stable-9] keycloak_user_federation: add module argument that allows excluding bindCredential from update check (#8999)
		
	keycloak_user_federation: add module argument that allows excluding `bindCredential` from update check (#8898)
* add module argument that allows excluding `bindCredential` from update check
* add changelog fragment
* change option name to `bind_credential_update_mode` and change type to str
(cherry picked from commit 3b109abe18)
Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
	
	
This commit is contained in:
		
					parent
					
						
							
								e2513b318e
							
						
					
				
			
			
				commit
				
					
						acdf19c9e6
					
				
			
		
					 2 changed files with 32 additions and 3 deletions
				
			
		|  | @ -0,0 +1,2 @@ | ||||||
|  | bugfixes: | ||||||
|  |   - keycloak_user_federation - add module argument allowing users to configure the update mode for the parameter ``bindCredential`` (https://github.com/ansible-collections/community.general/pull/8898). | ||||||
|  | @ -93,6 +93,24 @@ options: | ||||||
|         default: true |         default: true | ||||||
|         version_added: 9.4.0 |         version_added: 9.4.0 | ||||||
| 
 | 
 | ||||||
|  |     bind_credential_update_mode: | ||||||
|  |         description: | ||||||
|  |             - The value of the config parameter O(config.bindCredential) is redacted in the Keycloak responses. | ||||||
|  |               Comparing the redacted value with the desired value always evaluates to not equal. This means | ||||||
|  |               the before and desired states are never equal if the parameter is set. | ||||||
|  |             - Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. | ||||||
|  |               Because of the redacted value returned by Keycloak the module will always detect a change | ||||||
|  |               and make an update if a O(config.bindCredential) value is set. | ||||||
|  |             - Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the | ||||||
|  |               desired state. The value of O(config.bindCredential) will only be updated if there are other changes | ||||||
|  |               to the user federation that require an update. | ||||||
|  |         type: str | ||||||
|  |         default: always | ||||||
|  |         choices: | ||||||
|  |             - always | ||||||
|  |             - only_indirect | ||||||
|  |         version_added: 9.5.0 | ||||||
|  | 
 | ||||||
|     config: |     config: | ||||||
|         description: |         description: | ||||||
|             - Dict specifying the configuration options for the provider; the contents differ depending on |             - Dict specifying the configuration options for the provider; the contents differ depending on | ||||||
|  | @ -837,6 +855,7 @@ def main(): | ||||||
|         provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'), |         provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'), | ||||||
|         parent_id=dict(type='str', aliases=['parentId']), |         parent_id=dict(type='str', aliases=['parentId']), | ||||||
|         remove_unspecified_mappers=dict(type='bool', default=True), |         remove_unspecified_mappers=dict(type='bool', default=True), | ||||||
|  |         bind_credential_update_mode=dict(type='str', default='always', choices=['always', 'only_indirect']), | ||||||
|         mappers=dict(type='list', elements='dict', options=mapper_spec), |         mappers=dict(type='list', elements='dict', options=mapper_spec), | ||||||
|     ) |     ) | ||||||
| 
 | 
 | ||||||
|  | @ -884,8 +903,9 @@ def main(): | ||||||
| 
 | 
 | ||||||
|     # Filter and map the parameters names that apply |     # Filter and map the parameters names that apply | ||||||
|     comp_params = [x for x in module.params |     comp_params = [x for x in module.params | ||||||
|                    if x not in list(keycloak_argument_spec().keys()) + ['state', 'realm', 'mappers', 'remove_unspecified_mappers'] and |                    if x not in list(keycloak_argument_spec().keys()) | ||||||
|                    module.params.get(x) is not None] |                    + ['state', 'realm', 'mappers', 'remove_unspecified_mappers', 'bind_credential_update_mode'] | ||||||
|  |                    and module.params.get(x) is not None] | ||||||
| 
 | 
 | ||||||
|     # See if it already exists in Keycloak |     # See if it already exists in Keycloak | ||||||
|     if cid is None: |     if cid is None: | ||||||
|  | @ -1027,8 +1047,15 @@ def main(): | ||||||
|         if state == 'present': |         if state == 'present': | ||||||
|             # Process an update |             # Process an update | ||||||
| 
 | 
 | ||||||
|  |             desired_copy = deepcopy(desired_comp) | ||||||
|  |             before_copy = deepcopy(before_comp) | ||||||
|  |             # exclude bindCredential when checking wether an update is required, therefore | ||||||
|  |             # updating it only if there are other changes | ||||||
|  |             if module.params['bind_credential_update_mode'] == 'only_indirect': | ||||||
|  |                 desired_copy.get('config', []).pop('bindCredential', None) | ||||||
|  |                 before_copy.get('config', []).pop('bindCredential', None) | ||||||
|             # no changes |             # no changes | ||||||
|             if desired_comp == before_comp: |             if desired_copy == before_copy: | ||||||
|                 result['changed'] = False |                 result['changed'] = False | ||||||
|                 result['end_state'] = sanitize(desired_comp) |                 result['end_state'] = sanitize(desired_comp) | ||||||
|                 result['msg'] = "No changes required to user federation {id}.".format(id=cid) |                 result['msg'] = "No changes required to user federation {id}.".format(id=cid) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue