ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-06-01 22:09:08 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

[PR #7538/938aec49 backport][stable-8] [keycloak_user_federation]: Adding option krbPrincipalAttribute (#7605)

Browse source 
[keycloak_user_federation]: Adding option krbPrincipalAttribute (#7538)

* keycloak_user_federation: Adding support for krbPrincipalAttribute

Signed-off-by: boolman <boolman@gmail.com>

* pr/7538 adding changelogs/fragment file

Signed-off-by: boolman <boolman@gmail.com>

* Update changelogs/fragments/7538-add-krbprincipalattribute-option.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user_federation.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_user_federation.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Signed-off-by: boolman <boolman@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 938aec492e)

Co-authored-by: Boolman <boolman@gmail.com>
This commit is contained in:
patchback[bot] 2023-11-26 17:35:45 +01:00 committed by GitHub
parent d5f6889f51
commit c82c375aef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
changelogs/fragments/7538-add-krbprincipalattribute-option.yml Normal file
View file

@ -0,0 +1,2 @@
minor_changes:
- keycloak_user_federation - add option for ``krbPrincipalAttribute`` (https://github.com/ansible-collections/community.general/pull/7538).

11
plugins/modules/keycloak_user_federation.py
View file

@ -342,6 +342,16 @@ options:
- Name of kerberos realm. - Name of kerberos realm.
type: str type: str
krbPrincipalAttribute:
description:
- Name of the LDAP attribute, which refers to Kerberos principal.
This is used to lookup appropriate LDAP user after successful Kerberos/SPNEGO authentication in Keycloak.
When this is empty, the LDAP user will be looked based on LDAP username corresponding
to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it will assume that LDAP username is V(john).
type: str
version_added: 8.1.0
serverPrincipal: serverPrincipal:
description: description:
- Full name of server principal for HTTP service including server and domain name. For - Full name of server principal for HTTP service including server and domain name. For
@ -764,6 +774,7 @@ def main():
readTimeout=dict(type='int'), readTimeout=dict(type='int'),
searchScope=dict(type='str', choices=['1', '2'], default='1'), searchScope=dict(type='str', choices=['1', '2'], default='1'),
serverPrincipal=dict(type='str'), serverPrincipal=dict(type='str'),
krbPrincipalAttribute=dict(type='str'),
startTls=dict(type='bool', default=False), startTls=dict(type='bool', default=False),
syncRegistrations=dict(type='bool', default=False), syncRegistrations=dict(type='bool', default=False),
trustEmail=dict(type='bool', default=False), trustEmail=dict(type='bool', default=False),

4
tests/unit/plugins/modules/test_keycloak_user_federation.py
View file

@ -326,6 +326,7 @@ class TestKeycloakUserFederation(ModuleTestCase):
'connectionPooling': True, 'connectionPooling': True,
'pagination': True, 'pagination': True,
'allowKerberosAuthentication': False, 'allowKerberosAuthentication': False,
'krbPrincipalAttribute': 'krbPrincipalName',
'debug': False, 'debug': False,
'useKerberosForPasswordAuthentication': False, 'useKerberosForPasswordAuthentication': False,
}, },
@ -374,6 +375,9 @@ class TestKeycloakUserFederation(ModuleTestCase):
"enabled": [ "enabled": [
"true" "true"
], ],
"krbPrincipalAttribute": [
"krb5PrincipalName"
],
"usernameLDAPAttribute": [ "usernameLDAPAttribute": [
"uid" "uid"
], ],