1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Keycloak: add sssd provider for user federation (#3780)

* add sssd provider

* add changelog fragment

* fix message

* add version

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Laurent Paumier 2021-11-25 13:02:29 +01:00 committed by GitHub
parent 9274de76c5
commit 1cc6938ae3
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 6 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- keycloak_user_federation - add sssd user federation support (https://github.com/ansible-collections/community.general/issues/3767).

View file

@ -64,6 +64,7 @@ options:
choices: choices:
- ldap - ldap
- kerberos - kerberos
- sssd
provider_type: provider_type:
description: description:
@ -83,9 +84,10 @@ options:
config: config:
description: description:
- Dict specifying the configuration options for the provider; the contents differ depending on - Dict specifying the configuration options for the provider; the contents differ depending on
the value of I(provider_id). Examples are given below for C(ldap) and C(kerberos). It is easiest the value of I(provider_id). Examples are given below for C(ldap), C(kerberos) and C(sssd).
to obtain valid config values by dumping an already-existing user federation configuration It is easiest to obtain valid config values by dumping an already-existing user federation
through check-mode in the I(existing) field. configuration through check-mode in the I(existing) field.
- The value C(sssd) has been supported since community.general 4.2.0.
type: dict type: dict
suboptions: suboptions:
enabled: enabled:
@ -531,6 +533,22 @@ EXAMPLES = '''
allowPasswordAuthentication: false allowPasswordAuthentication: false
updateProfileFirstLogin: false updateProfileFirstLogin: false
- name: Create sssd user federation
community.general.keycloak_user_federation:
auth_keycloak_url: https://keycloak.example.com/auth
auth_realm: master
auth_username: admin
auth_password: password
realm: my-realm
name: my-sssd
state: present
provider_id: sssd
provider_type: org.keycloak.storage.UserStorageProvider
config:
priority: 0
enabled: true
cachePolicy: DEFAULT
- name: Delete user federation - name: Delete user federation
community.general.keycloak_user_federation: community.general.keycloak_user_federation:
auth_keycloak_url: https://keycloak.example.com/auth auth_keycloak_url: https://keycloak.example.com/auth
@ -765,7 +783,7 @@ def main():
realm=dict(type='str', default='master'), realm=dict(type='str', default='master'),
id=dict(type='str'), id=dict(type='str'),
name=dict(type='str'), name=dict(type='str'),
provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos']), provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos', 'sssd']),
provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'), provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'),
parent_id=dict(type='str', aliases=['parentId']), parent_id=dict(type='str', aliases=['parentId']),
mappers=dict(type='list', elements='dict', options=mapper_spec), mappers=dict(type='list', elements='dict', options=mapper_spec),
@ -843,8 +861,8 @@ def main():
# special handling of mappers list to allow change detection # special handling of mappers list to allow change detection
if module.params.get('mappers') is not None: if module.params.get('mappers') is not None:
if module.params['provider_id'] == 'kerberos': if module.params['provider_id'] in ['kerberos', 'sssd']:
module.fail_json(msg='Cannot configure mappers for Kerberos federations.') module.fail_json(msg='Cannot configure mappers for {type} provider.'.format(type=module.params['provider_id']))
for change in module.params['mappers']: for change in module.params['mappers']:
change = dict((k, v) for k, v in change.items() if change[k] is not None) change = dict((k, v) for k, v in change.items() if change[k] is not None)
if change.get('id') is None and change.get('name') is None: if change.get('id') is None and change.get('name') is None: