ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-28 07:31:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

keycloak: add support for client_credentials authentication (#10231)
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
Details
nox / Run extra sanity tests (push) Waiting to run
Details

Browse source 
* add client_credentials authentication for keycloak tasks incl. test case

* support client credentials in all keycloak modules

* Add changelog fragment

* fix typos in required list

* Update changelogs/fragments/10231-keycloak-add-client-credentials-authentication.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* revert keycloak url in test environment

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
divinity666 2025-06-18 07:40:46 +02:00 committed by GitHub
commit f44ca23d7a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
27 changed files with 190 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

99
tests/integration/targets/keycloak_modules_authentication/tasks/main.yml
View file

@ -3,6 +3,19 @@
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Reset public login in master admin-cli (if potentially previous test failed)
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
client_id: "admin-cli"
secret: "{{ client_secret }}"
public_client: true
state: present
- name: Create realm
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
@ -201,6 +214,89 @@
debug:
var: result
- name: PREPARE - Temporarily disable public login in master admin-cli
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
client_id: "admin-cli"
secret: "{{ client_secret }}"
public_client: false
service_accounts_enabled: true
client_authenticator_type: "client-secret"
state: present
- name: PREPARE - Get admin role id
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
name: "admin"
register: admin_role
- name: PREPARE - Assign admin role to admin-cli in master
community.general.keycloak_user_rolemapping:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
realm: "master"
roles:
- name: "admin"
service_account_user_client_id: "admin-cli"
- name: Create new realm role with valid client_id and client_secret
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
realm: "{{ realm }}"
name: "{{ role }}"
description: "{{ keycloak_role_description }}"
state: present
register: result
- name: Debug
debug:
var: result
- name: Reset temporarily disabled public login in master admin-cli
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
auth_client_id: "admin-cli"
auth_client_secret: "{{ client_secret }}"
client_id: "admin-cli"
secret: "{{ client_secret }}"
public_client: true
state: present
- name: Remove created realm role
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ role }}"
state: absent
register: result
- name: Debug
debug:
var: result
### Unhappy path tests
- name: Fail to create new realm role with invalid username/password
@ -215,7 +311,6 @@
state: present
register: result
failed_when: >
(result.exception is not defined) or
("HTTP Error 401: Unauthorized" not in result.msg)
- name: Fail to create new realm role with invalid auth token
@ -228,7 +323,6 @@
state: present
register: result
failed_when: >
(result.exception is not defined) or
("HTTP Error 401: Unauthorized" not in result.msg)
- name: Fail to create new realm role with invalid auth and refresh tokens, and invalid username/password
@ -245,5 +339,4 @@
state: present
register: result
failed_when: >
(result.exception is not defined) or
("HTTP Error 401: Unauthorized" not in result.msg)

1
tests/integration/targets/keycloak_modules_authentication/vars/main.yml
View file

@ -9,6 +9,7 @@ admin_user: admin
admin_password: password
realm: myrealm
client_id: myclient
client_secret: myclientsecret
role: myrole
keycloak_role_name: test