community.general/tests/integration/targets/keycloak_user_federation/tasks/main.yml

---
- name: Create realm
  community.general.keycloak_realm:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    id: "{{ realm }}"
    realm: "{{ realm }}"
    state: present

- name: Create new user federation
  community.general.keycloak_user_federation:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ federation }}"
    state: present
    provider_id: ldap
    provider_type: org.keycloak.storage.UserStorageProvider
    config:
      enabled: true
      priority: 0
      fullSyncPeriod: -1
      changedSyncPeriod: -1
      cachePolicy: DEFAULT
      batchSizeForSync: 1000
      editMode: READ_ONLY
      importEnabled: true
      syncRegistrations: false
      vendor: other
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
      userObjectClasses: "inetOrgPerson, organizationalPerson"
      connectionUrl: "ldaps://ldap.example.com:636"
      usersDn: "ou=Users,dc=example,dc=com"
      authType: simple
      bindDn: cn=directory reader
      bindCredential: secret
      searchScope: 1
      validatePasswordPolicy: false
      trustEmail: false
      useTruststoreSpi: "ldapsOnly"
      connectionPooling: true
      pagination: true
      allowKerberosAuthentication: false
      useKerberosForPasswordAuthentication: false
      debug: false
  register: result

- name: Debug
  debug:
    var: result

- name: Assert user federation created
  assert:
    that:
      - result is changed
      - result.existing == {}
      - result.end_state.name == "{{ federation }}"

- name: Update existing user federation (no change)
  community.general.keycloak_user_federation:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ federation }}"
    state: present
    provider_id: ldap
    provider_type: org.keycloak.storage.UserStorageProvider
    config:
      enabled: true
      priority: 0
      fullSyncPeriod: -1
      changedSyncPeriod: -1
      cachePolicy: DEFAULT
      batchSizeForSync: 1000
      editMode: READ_ONLY
      importEnabled: true
      syncRegistrations: false
      vendor: other
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
      userObjectClasses: "inetOrgPerson, organizationalPerson"
      connectionUrl: "ldaps://ldap.example.com:636"
      usersDn: "ou=Users,dc=example,dc=com"
      authType: simple
      bindDn: cn=directory reader
      bindCredential: "**********"
      searchScope: 1
      validatePasswordPolicy: false
      trustEmail: false
      useTruststoreSpi: "ldapsOnly"
      connectionPooling: true
      pagination: true
      allowKerberosAuthentication: false
      useKerberosForPasswordAuthentication: false
      debug: false
  register: result

- name: Debug
  debug:
    var: result

- name: Assert user federation unchanged
  assert:
    that:
      - result is not changed
      - result.existing != {}
      - result.existing.name == "{{ federation }}"
      - result.end_state != {}
      - result.end_state.name == "{{ federation }}"

- name: Update existing user federation (with change)
  community.general.keycloak_user_federation:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ federation }}"
    state: present
    provider_id: ldap
    provider_type: org.keycloak.storage.UserStorageProvider
    config:
      enabled: true
      priority: 0
      fullSyncPeriod: -1
      changedSyncPeriod: -1
      cachePolicy: DEFAULT
      batchSizeForSync: 1000
      editMode: READ_ONLY
      importEnabled: true
      syncRegistrations: false
      vendor: other
      usernameLDAPAttribute: uid
      rdnLDAPAttribute: uid
      uuidLDAPAttribute: entryUUID
      userObjectClasses: "inetOrgPerson, organizationalPerson"
      connectionUrl: "ldaps://ldap.example.com:636"
      usersDn: "ou=Users,dc=example,dc=com"
      authType: simple
      bindDn: cn=directory reader
      bindCredential: "**********"
      searchScope: 1
      validatePasswordPolicy: false
      trustEmail: false
      useTruststoreSpi: "ldapsOnly"
      connectionPooling: true
      pagination: true
      allowKerberosAuthentication: false
      useKerberosForPasswordAuthentication: false
      debug: false
    mappers:
      - name: "full name"
        providerId: "full-name-ldap-mapper"
        providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
        config:
          ldap.full.name.attribute: cn
          read.only: true
          write.only: false
  register: result

- name: Debug
  debug:
    var: result

- name: Assert user federation created
  assert:
    that:
      - result is changed
      - result.existing != {}
      - result.existing.name == "{{ federation }}"
      - result.end_state != {}
      - result.end_state.name == "{{ federation }}"

- name: Delete existing user federation
  community.general.keycloak_user_federation:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ federation }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert user federation deleted
  assert:
    that:
      - result is changed
      - result.existing != {}
      - result.end_state == {}

- name: Delete absent user federation
  community.general.keycloak_user_federation:
    auth_keycloak_url: "{{ url }}"
    auth_realm: "{{ admin_realm }}"
    auth_username: "{{ admin_user }}"
    auth_password: "{{ admin_password }}"
    realm: "{{ realm }}"
    name: "{{ federation }}"
    state: absent
  register: result

- name: Debug
  debug:
    var: result

- name: Assert user federation unchanged
  assert:
    that:
      - result is not changed
      - result.existing == {}
      - result.end_state == {}
Add keycloak_user_federation module (#3340) * new module * fix unit tests * fix documentation * more fixes * fix linefeeds * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * use true/false instead of True/False * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * fix result content + rename variable * urlencode parameters Co-authored-by: Felix Fontein <felix@fontein.de> 2021-09-20 19:19:42 +02:00			`---`
			`- name: Create realm`
			`community.general.keycloak_realm:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`id: "{{ realm }}"`
			`realm: "{{ realm }}"`
			`state: present`

			`- name: Create new user federation`
			`community.general.keycloak_user_federation:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`realm: "{{ realm }}"`
			`name: "{{ federation }}"`
			`state: present`
			`provider_id: ldap`
			`provider_type: org.keycloak.storage.UserStorageProvider`
			`config:`
			`enabled: true`
			`priority: 0`
			`fullSyncPeriod: -1`
			`changedSyncPeriod: -1`
			`cachePolicy: DEFAULT`
			`batchSizeForSync: 1000`
			`editMode: READ_ONLY`
			`importEnabled: true`
			`syncRegistrations: false`
			`vendor: other`
			`usernameLDAPAttribute: uid`
			`rdnLDAPAttribute: uid`
			`uuidLDAPAttribute: entryUUID`
			`userObjectClasses: "inetOrgPerson, organizationalPerson"`
			`connectionUrl: "ldaps://ldap.example.com:636"`
			`usersDn: "ou=Users,dc=example,dc=com"`
			`authType: simple`
			`bindDn: cn=directory reader`
			`bindCredential: secret`
			`searchScope: 1`
			`validatePasswordPolicy: false`
			`trustEmail: false`
			`useTruststoreSpi: "ldapsOnly"`
			`connectionPooling: true`
			`pagination: true`
			`allowKerberosAuthentication: false`
			`useKerberosForPasswordAuthentication: false`
			`debug: false`
			`register: result`

			`- name: Debug`
			`debug:`
			`var: result`

			`- name: Assert user federation created`
			`assert:`
			`that:`
			`- result is changed`
			`- result.existing == {}`
			`- result.end_state.name == "{{ federation }}"`

			`- name: Update existing user federation (no change)`
			`community.general.keycloak_user_federation:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`realm: "{{ realm }}"`
			`name: "{{ federation }}"`
			`state: present`
			`provider_id: ldap`
			`provider_type: org.keycloak.storage.UserStorageProvider`
			`config:`
			`enabled: true`
			`priority: 0`
			`fullSyncPeriod: -1`
			`changedSyncPeriod: -1`
			`cachePolicy: DEFAULT`
			`batchSizeForSync: 1000`
			`editMode: READ_ONLY`
			`importEnabled: true`
			`syncRegistrations: false`
			`vendor: other`
			`usernameLDAPAttribute: uid`
			`rdnLDAPAttribute: uid`
			`uuidLDAPAttribute: entryUUID`
			`userObjectClasses: "inetOrgPerson, organizationalPerson"`
			`connectionUrl: "ldaps://ldap.example.com:636"`
			`usersDn: "ou=Users,dc=example,dc=com"`
			`authType: simple`
			`bindDn: cn=directory reader`
			`bindCredential: "**********"`
			`searchScope: 1`
			`validatePasswordPolicy: false`
			`trustEmail: false`
			`useTruststoreSpi: "ldapsOnly"`
			`connectionPooling: true`
			`pagination: true`
			`allowKerberosAuthentication: false`
			`useKerberosForPasswordAuthentication: false`
			`debug: false`
			`register: result`

			`- name: Debug`
			`debug:`
			`var: result`

			`- name: Assert user federation unchanged`
			`assert:`
			`that:`
			`- result is not changed`
			`- result.existing != {}`
			`- result.existing.name == "{{ federation }}"`
			`- result.end_state != {}`
			`- result.end_state.name == "{{ federation }}"`

			`- name: Update existing user federation (with change)`
			`community.general.keycloak_user_federation:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`realm: "{{ realm }}"`
			`name: "{{ federation }}"`
			`state: present`
			`provider_id: ldap`
			`provider_type: org.keycloak.storage.UserStorageProvider`
			`config:`
			`enabled: true`
			`priority: 0`
			`fullSyncPeriod: -1`
			`changedSyncPeriod: -1`
			`cachePolicy: DEFAULT`
			`batchSizeForSync: 1000`
			`editMode: READ_ONLY`
			`importEnabled: true`
			`syncRegistrations: false`
			`vendor: other`
			`usernameLDAPAttribute: uid`
			`rdnLDAPAttribute: uid`
			`uuidLDAPAttribute: entryUUID`
			`userObjectClasses: "inetOrgPerson, organizationalPerson"`
			`connectionUrl: "ldaps://ldap.example.com:636"`
			`usersDn: "ou=Users,dc=example,dc=com"`
			`authType: simple`
			`bindDn: cn=directory reader`
			`bindCredential: "**********"`
			`searchScope: 1`
			`validatePasswordPolicy: false`
			`trustEmail: false`
			`useTruststoreSpi: "ldapsOnly"`
			`connectionPooling: true`
			`pagination: true`
			`allowKerberosAuthentication: false`
			`useKerberosForPasswordAuthentication: false`
			`debug: false`
			`mappers:`
			`- name: "full name"`
			`providerId: "full-name-ldap-mapper"`
			`providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"`
			`config:`
			`ldap.full.name.attribute: cn`
			`read.only: true`
			`write.only: false`
			`register: result`

			`- name: Debug`
			`debug:`
			`var: result`

			`- name: Assert user federation created`
			`assert:`
			`that:`
			`- result is changed`
			`- result.existing != {}`
			`- result.existing.name == "{{ federation }}"`
			`- result.end_state != {}`
			`- result.end_state.name == "{{ federation }}"`

			`- name: Delete existing user federation`
			`community.general.keycloak_user_federation:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`realm: "{{ realm }}"`
			`name: "{{ federation }}"`
			`state: absent`
			`register: result`

			`- name: Debug`
			`debug:`
			`var: result`

			`- name: Assert user federation deleted`
			`assert:`
			`that:`
			`- result is changed`
			`- result.existing != {}`
			`- result.end_state == {}`

			`- name: Delete absent user federation`
			`community.general.keycloak_user_federation:`
			`auth_keycloak_url: "{{ url }}"`
			`auth_realm: "{{ admin_realm }}"`
			`auth_username: "{{ admin_user }}"`
			`auth_password: "{{ admin_password }}"`
			`realm: "{{ realm }}"`
			`name: "{{ federation }}"`
			`state: absent`
			`register: result`

			`- name: Debug`
			`debug:`
			`var: result`

			`- name: Assert user federation unchanged`
			`assert:`
			`that:`
			`- result is not changed`
			`- result.existing == {}`
			`- result.end_state == {}`