mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ... ... federation read call not finding already existing federations properly because of bad parametrisation * fix(modules/keycloak_user_federation): added ... ... new integration test for module idempotency bugfix * added changelog fragment for pr Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
This commit is contained in:
parent
098912c229
commit
0ca41dedce
3 changed files with 116 additions and 2 deletions
|
@ -0,0 +1,6 @@
|
||||||
|
bugfixes:
|
||||||
|
- >
|
||||||
|
keycloak_user_federation - fixes idempotency detection issues. In some
|
||||||
|
cases the module could fail to properly detect already existing user
|
||||||
|
federations because of a buggy seemingly superflous extra query parameter
|
||||||
|
(https://github.com/ansible-collections/community.general/pull/5732).
|
|
@ -24,7 +24,7 @@ description:
|
||||||
to your needs and a user having the expected roles.
|
to your needs and a user having the expected roles.
|
||||||
|
|
||||||
- The names of module options are snake_cased versions of the camelCase ones found in the
|
- The names of module options are snake_cased versions of the camelCase ones found in the
|
||||||
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html).
|
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
|
||||||
|
|
||||||
|
|
||||||
options:
|
options:
|
||||||
|
@ -835,7 +835,7 @@ def main():
|
||||||
|
|
||||||
# See if it already exists in Keycloak
|
# See if it already exists in Keycloak
|
||||||
if cid is None:
|
if cid is None:
|
||||||
found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', parent=realm, name=name)), realm)
|
found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', name=name)), realm)
|
||||||
if len(found) > 1:
|
if len(found) > 1:
|
||||||
module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name))
|
module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name))
|
||||||
before_comp = next(iter(found), None)
|
before_comp = next(iter(found), None)
|
||||||
|
|
|
@ -66,6 +66,59 @@
|
||||||
- result.existing == {}
|
- result.existing == {}
|
||||||
- result.end_state.name == "{{ federation }}"
|
- result.end_state.name == "{{ federation }}"
|
||||||
|
|
||||||
|
- name: Create new user federation in admin realm
|
||||||
|
community.general.keycloak_user_federation:
|
||||||
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
auth_realm: "{{ admin_realm }}"
|
||||||
|
auth_username: "{{ admin_user }}"
|
||||||
|
auth_password: "{{ admin_password }}"
|
||||||
|
realm: "{{ admin_realm }}"
|
||||||
|
name: "{{ federation }}"
|
||||||
|
state: present
|
||||||
|
provider_id: ldap
|
||||||
|
provider_type: org.keycloak.storage.UserStorageProvider
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
priority: 0
|
||||||
|
fullSyncPeriod: -1
|
||||||
|
changedSyncPeriod: -1
|
||||||
|
cachePolicy: DEFAULT
|
||||||
|
batchSizeForSync: 1000
|
||||||
|
editMode: READ_ONLY
|
||||||
|
importEnabled: true
|
||||||
|
syncRegistrations: false
|
||||||
|
vendor: other
|
||||||
|
usernameLDAPAttribute: uid
|
||||||
|
rdnLDAPAttribute: uid
|
||||||
|
uuidLDAPAttribute: entryUUID
|
||||||
|
userObjectClasses: "inetOrgPerson, organizationalPerson"
|
||||||
|
connectionUrl: "ldaps://ldap.example.com:636"
|
||||||
|
usersDn: "ou=Users,dc=example,dc=com"
|
||||||
|
authType: simple
|
||||||
|
bindDn: cn=directory reader
|
||||||
|
bindCredential: secret
|
||||||
|
searchScope: 1
|
||||||
|
validatePasswordPolicy: false
|
||||||
|
trustEmail: false
|
||||||
|
useTruststoreSpi: "ldapsOnly"
|
||||||
|
connectionPooling: true
|
||||||
|
pagination: true
|
||||||
|
allowKerberosAuthentication: false
|
||||||
|
useKerberosForPasswordAuthentication: false
|
||||||
|
debug: false
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Debug
|
||||||
|
debug:
|
||||||
|
var: result
|
||||||
|
|
||||||
|
- name: Assert user federation created (admin realm)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
- result.existing == {}
|
||||||
|
- result.end_state.name == "{{ federation }}"
|
||||||
|
|
||||||
- name: Update existing user federation (no change)
|
- name: Update existing user federation (no change)
|
||||||
community.general.keycloak_user_federation:
|
community.general.keycloak_user_federation:
|
||||||
auth_keycloak_url: "{{ url }}"
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
@ -121,6 +174,61 @@
|
||||||
- result.end_state != {}
|
- result.end_state != {}
|
||||||
- result.end_state.name == "{{ federation }}"
|
- result.end_state.name == "{{ federation }}"
|
||||||
|
|
||||||
|
- name: Update existing user federation (no change, admin realm)
|
||||||
|
community.general.keycloak_user_federation:
|
||||||
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
auth_realm: "{{ admin_realm }}"
|
||||||
|
auth_username: "{{ admin_user }}"
|
||||||
|
auth_password: "{{ admin_password }}"
|
||||||
|
realm: "{{ admin_realm }}"
|
||||||
|
name: "{{ federation }}"
|
||||||
|
state: present
|
||||||
|
provider_id: ldap
|
||||||
|
provider_type: org.keycloak.storage.UserStorageProvider
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
priority: 0
|
||||||
|
fullSyncPeriod: -1
|
||||||
|
changedSyncPeriod: -1
|
||||||
|
cachePolicy: DEFAULT
|
||||||
|
batchSizeForSync: 1000
|
||||||
|
editMode: READ_ONLY
|
||||||
|
importEnabled: true
|
||||||
|
syncRegistrations: false
|
||||||
|
vendor: other
|
||||||
|
usernameLDAPAttribute: uid
|
||||||
|
rdnLDAPAttribute: uid
|
||||||
|
uuidLDAPAttribute: entryUUID
|
||||||
|
userObjectClasses: "inetOrgPerson, organizationalPerson"
|
||||||
|
connectionUrl: "ldaps://ldap.example.com:636"
|
||||||
|
usersDn: "ou=Users,dc=example,dc=com"
|
||||||
|
authType: simple
|
||||||
|
bindDn: cn=directory reader
|
||||||
|
bindCredential: "**********"
|
||||||
|
searchScope: 1
|
||||||
|
validatePasswordPolicy: false
|
||||||
|
trustEmail: false
|
||||||
|
useTruststoreSpi: "ldapsOnly"
|
||||||
|
connectionPooling: true
|
||||||
|
pagination: true
|
||||||
|
allowKerberosAuthentication: false
|
||||||
|
useKerberosForPasswordAuthentication: false
|
||||||
|
debug: false
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Debug
|
||||||
|
debug:
|
||||||
|
var: result
|
||||||
|
|
||||||
|
- name: Assert user federation unchanged (admin realm)
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is not changed
|
||||||
|
- result.existing != {}
|
||||||
|
- result.existing.name == "{{ federation }}"
|
||||||
|
- result.end_state != {}
|
||||||
|
- result.end_state.name == "{{ federation }}"
|
||||||
|
|
||||||
- name: Update existing user federation (with change)
|
- name: Update existing user federation (with change)
|
||||||
community.general.keycloak_user_federation:
|
community.general.keycloak_user_federation:
|
||||||
auth_keycloak_url: "{{ url }}"
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
|
Loading…
Reference in a new issue