Fixes for keycloak_user_federation (#4212)

* keycloak: fix creating a user federation w/ idempotent id Creating a user federation while specifying an id (that doesn't exist yet) will fail with a 404. This commits fix this behavior. * keycloak: fix user federation mapper duplication This commit fixes a bug where mappers are duplicated instead of configured when creating a user federation. When creating a user federation, some mappers are autogenerated by keycloak. This commit lets the keycloak_user_federation module recompute mappers final values after the user federation is created so that the module can try to merge them by their name. * add missing fragment for pr #4212
2025-05-31 21:39:10 -07:00 · 2022-02-22 09:23:44 +01:00 · 2022-02-22 09:23:44 +01:00 · c1485b885d
commit c1485b885d
parent 06705348e3
3 changed files with 27 additions and 8 deletions
--- a/plugins/modules/identity/keycloak/keycloak_user_federation.py
+++ b/plugins/modules/identity/keycloak/keycloak_user_federation.py
@ -845,7 +845,7 @@ def main():
        before_comp = {}

    # if user federation exists, get associated mappers
-    if cid is not None:
+    if cid is not None and before_comp:
        before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name'))

    # Build a proposed changeset from parameters given to this module
@ -921,12 +921,23 @@ def main():
        after_comp = kc.create_component(desired_comp, realm)

        for mapper in updated_mappers:
-            if mapper.get('id') is not None:
-                kc.update_component(mapper, realm)
+            found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm)
+            if len(found) > 1:
+                module.fail_json(msg='Found multiple mappers with name `{name}`. Cannot continue.'.format(name=mapper['name']))
+            if len(found) == 1:
+                old_mapper = found[0]
            else:
-                if mapper.get('parentId') is None:
-                    mapper['parentId'] = after_comp['id']
-                mapper = kc.create_component(mapper, realm)
+                old_mapper = {}
+
+            new_mapper = old_mapper.copy()
+            new_mapper.update(mapper)
+
+            if new_mapper.get('id') is not None:
+                kc.update_component(new_mapper, realm)
+            else:
+                if new_mapper.get('parentId') is None:
+                    new_mapper['parentId'] = after_comp['id']
+                mapper = kc.create_component(new_mapper, realm)

        after_comp['mappers'] = updated_mappers
        result['end_state'] = sanitize(after_comp)