1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Bugfix/keycloak userfed idempotency (#5732)

* fix(modules/keycloak_user_federation): fixes ...

... federation read call not finding already existing federations
properly because of bad parametrisation

* fix(modules/keycloak_user_federation): added ...

... new integration test for module idempotency bugfix

* added changelog fragment for pr

Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
This commit is contained in:
morco 2023-01-22 17:27:57 +01:00 committed by GitHub
parent 098912c229
commit 0ca41dedce
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 116 additions and 2 deletions

View file

@ -0,0 +1,6 @@
bugfixes:
- >
keycloak_user_federation - fixes idempotency detection issues. In some
cases the module could fail to properly detect already existing user
federations because of a buggy seemingly superflous extra query parameter
(https://github.com/ansible-collections/community.general/pull/5732).

View file

@ -24,7 +24,7 @@ description:
to your needs and a user having the expected roles. to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the - The names of module options are snake_cased versions of the camelCase ones found in the
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html). Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
options: options:
@ -835,7 +835,7 @@ def main():
# See if it already exists in Keycloak # See if it already exists in Keycloak
if cid is None: if cid is None:
found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', parent=realm, name=name)), realm) found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', name=name)), realm)
if len(found) > 1: if len(found) > 1:
module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name)) module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name))
before_comp = next(iter(found), None) before_comp = next(iter(found), None)

View file

@ -66,6 +66,59 @@
- result.existing == {} - result.existing == {}
- result.end_state.name == "{{ federation }}" - result.end_state.name == "{{ federation }}"
- name: Create new user federation in admin realm
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ admin_realm }}"
name: "{{ federation }}"
state: present
provider_id: ldap
provider_type: org.keycloak.storage.UserStorageProvider
config:
enabled: true
priority: 0
fullSyncPeriod: -1
changedSyncPeriod: -1
cachePolicy: DEFAULT
batchSizeForSync: 1000
editMode: READ_ONLY
importEnabled: true
syncRegistrations: false
vendor: other
usernameLDAPAttribute: uid
rdnLDAPAttribute: uid
uuidLDAPAttribute: entryUUID
userObjectClasses: "inetOrgPerson, organizationalPerson"
connectionUrl: "ldaps://ldap.example.com:636"
usersDn: "ou=Users,dc=example,dc=com"
authType: simple
bindDn: cn=directory reader
bindCredential: secret
searchScope: 1
validatePasswordPolicy: false
trustEmail: false
useTruststoreSpi: "ldapsOnly"
connectionPooling: true
pagination: true
allowKerberosAuthentication: false
useKerberosForPasswordAuthentication: false
debug: false
register: result
- name: Debug
debug:
var: result
- name: Assert user federation created (admin realm)
assert:
that:
- result is changed
- result.existing == {}
- result.end_state.name == "{{ federation }}"
- name: Update existing user federation (no change) - name: Update existing user federation (no change)
community.general.keycloak_user_federation: community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}" auth_keycloak_url: "{{ url }}"
@ -121,6 +174,61 @@
- result.end_state != {} - result.end_state != {}
- result.end_state.name == "{{ federation }}" - result.end_state.name == "{{ federation }}"
- name: Update existing user federation (no change, admin realm)
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ admin_realm }}"
name: "{{ federation }}"
state: present
provider_id: ldap
provider_type: org.keycloak.storage.UserStorageProvider
config:
enabled: true
priority: 0
fullSyncPeriod: -1
changedSyncPeriod: -1
cachePolicy: DEFAULT
batchSizeForSync: 1000
editMode: READ_ONLY
importEnabled: true
syncRegistrations: false
vendor: other
usernameLDAPAttribute: uid
rdnLDAPAttribute: uid
uuidLDAPAttribute: entryUUID
userObjectClasses: "inetOrgPerson, organizationalPerson"
connectionUrl: "ldaps://ldap.example.com:636"
usersDn: "ou=Users,dc=example,dc=com"
authType: simple
bindDn: cn=directory reader
bindCredential: "**********"
searchScope: 1
validatePasswordPolicy: false
trustEmail: false
useTruststoreSpi: "ldapsOnly"
connectionPooling: true
pagination: true
allowKerberosAuthentication: false
useKerberosForPasswordAuthentication: false
debug: false
register: result
- name: Debug
debug:
var: result
- name: Assert user federation unchanged (admin realm)
assert:
that:
- result is not changed
- result.existing != {}
- result.existing.name == "{{ federation }}"
- result.end_state != {}
- result.end_state.name == "{{ federation }}"
- name: Update existing user federation (with change) - name: Update existing user federation (with change)
community.general.keycloak_user_federation: community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}" auth_keycloak_url: "{{ url }}"