Keycloak: add sssd provider for user federation (#3780)

* add sssd provider * add changelog fragment * fix message * add version Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
2024-09-14 20:13:21 +02:00 · 2021-11-25 13:02:29 +01:00 · 2021-11-25 13:02:29 +01:00 · 1cc6938ae3
commit 1cc6938ae3
parent 9274de76c5
2 changed files with 26 additions and 6 deletions
--- a/changelogs/fragments/3780-add-keycloak-sssd-user-federation.yml
+++ b/changelogs/fragments/3780-add-keycloak-sssd-user-federation.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - keycloak_user_federation - add sssd user federation support (https://github.com/ansible-collections/community.general/issues/3767).
--- a/plugins/modules/identity/keycloak/keycloak_user_federation.py
+++ b/plugins/modules/identity/keycloak/keycloak_user_federation.py
@ -64,6 +64,7 @@ options:
        choices:
            - ldap
            - kerberos
+            - sssd

    provider_type:
        description:
@ -83,9 +84,10 @@ options:
    config:
        description:
            - Dict specifying the configuration options for the provider; the contents differ depending on
-              the value of I(provider_id). Examples are given below for C(ldap) and C(kerberos). It is easiest
-              to obtain valid config values by dumping an already-existing user federation configuration
-              through check-mode in the I(existing) field.
+              the value of I(provider_id). Examples are given below for C(ldap), C(kerberos) and C(sssd).
+              It is easiest to obtain valid config values by dumping an already-existing user federation
+              configuration through check-mode in the I(existing) field.
+            - The value C(sssd) has been supported since community.general 4.2.0.
        type: dict
        suboptions:
            enabled:
@ -531,6 +533,22 @@ EXAMPLES = '''
        allowPasswordAuthentication: false
        updateProfileFirstLogin: false

+  - name: Create sssd user federation
+    community.general.keycloak_user_federation:
+      auth_keycloak_url: https://keycloak.example.com/auth
+      auth_realm: master
+      auth_username: admin
+      auth_password: password
+      realm: my-realm
+      name: my-sssd
+      state: present
+      provider_id: sssd
+      provider_type: org.keycloak.storage.UserStorageProvider
+      config:
+        priority: 0
+        enabled: true
+        cachePolicy: DEFAULT
+
  - name: Delete user federation
    community.general.keycloak_user_federation:
      auth_keycloak_url: https://keycloak.example.com/auth
@ -765,7 +783,7 @@ def main():
        realm=dict(type='str', default='master'),
        id=dict(type='str'),
        name=dict(type='str'),
-        provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos']),
+        provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos', 'sssd']),
        provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'),
        parent_id=dict(type='str', aliases=['parentId']),
        mappers=dict(type='list', elements='dict', options=mapper_spec),
@ -843,8 +861,8 @@ def main():

    # special handling of mappers list to allow change detection
    if module.params.get('mappers') is not None:
-        if module.params['provider_id'] == 'kerberos':
-            module.fail_json(msg='Cannot configure mappers for Kerberos federations.')
+        if module.params['provider_id'] in ['kerberos', 'sssd']:
+            module.fail_json(msg='Cannot configure mappers for {type} provider.'.format(type=module.params['provider_id']))
        for change in module.params['mappers']:
            change = dict((k, v) for k, v in change.items() if change[k] is not None)
            if change.get('id') is None and change.get('name') is None: