mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Keycloak: add sssd provider for user federation (#3780)
* add sssd provider * add changelog fragment * fix message * add version Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
9274de76c5
commit
1cc6938ae3
2 changed files with 26 additions and 6 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- keycloak_user_federation - add sssd user federation support (https://github.com/ansible-collections/community.general/issues/3767).
|
|
@ -64,6 +64,7 @@ options:
|
||||||
choices:
|
choices:
|
||||||
- ldap
|
- ldap
|
||||||
- kerberos
|
- kerberos
|
||||||
|
- sssd
|
||||||
|
|
||||||
provider_type:
|
provider_type:
|
||||||
description:
|
description:
|
||||||
|
@ -83,9 +84,10 @@ options:
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the provider; the contents differ depending on
|
- Dict specifying the configuration options for the provider; the contents differ depending on
|
||||||
the value of I(provider_id). Examples are given below for C(ldap) and C(kerberos). It is easiest
|
the value of I(provider_id). Examples are given below for C(ldap), C(kerberos) and C(sssd).
|
||||||
to obtain valid config values by dumping an already-existing user federation configuration
|
It is easiest to obtain valid config values by dumping an already-existing user federation
|
||||||
through check-mode in the I(existing) field.
|
configuration through check-mode in the I(existing) field.
|
||||||
|
- The value C(sssd) has been supported since community.general 4.2.0.
|
||||||
type: dict
|
type: dict
|
||||||
suboptions:
|
suboptions:
|
||||||
enabled:
|
enabled:
|
||||||
|
@ -531,6 +533,22 @@ EXAMPLES = '''
|
||||||
allowPasswordAuthentication: false
|
allowPasswordAuthentication: false
|
||||||
updateProfileFirstLogin: false
|
updateProfileFirstLogin: false
|
||||||
|
|
||||||
|
- name: Create sssd user federation
|
||||||
|
community.general.keycloak_user_federation:
|
||||||
|
auth_keycloak_url: https://keycloak.example.com/auth
|
||||||
|
auth_realm: master
|
||||||
|
auth_username: admin
|
||||||
|
auth_password: password
|
||||||
|
realm: my-realm
|
||||||
|
name: my-sssd
|
||||||
|
state: present
|
||||||
|
provider_id: sssd
|
||||||
|
provider_type: org.keycloak.storage.UserStorageProvider
|
||||||
|
config:
|
||||||
|
priority: 0
|
||||||
|
enabled: true
|
||||||
|
cachePolicy: DEFAULT
|
||||||
|
|
||||||
- name: Delete user federation
|
- name: Delete user federation
|
||||||
community.general.keycloak_user_federation:
|
community.general.keycloak_user_federation:
|
||||||
auth_keycloak_url: https://keycloak.example.com/auth
|
auth_keycloak_url: https://keycloak.example.com/auth
|
||||||
|
@ -765,7 +783,7 @@ def main():
|
||||||
realm=dict(type='str', default='master'),
|
realm=dict(type='str', default='master'),
|
||||||
id=dict(type='str'),
|
id=dict(type='str'),
|
||||||
name=dict(type='str'),
|
name=dict(type='str'),
|
||||||
provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos']),
|
provider_id=dict(type='str', aliases=['providerId'], choices=['ldap', 'kerberos', 'sssd']),
|
||||||
provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'),
|
provider_type=dict(type='str', aliases=['providerType'], default='org.keycloak.storage.UserStorageProvider'),
|
||||||
parent_id=dict(type='str', aliases=['parentId']),
|
parent_id=dict(type='str', aliases=['parentId']),
|
||||||
mappers=dict(type='list', elements='dict', options=mapper_spec),
|
mappers=dict(type='list', elements='dict', options=mapper_spec),
|
||||||
|
@ -843,8 +861,8 @@ def main():
|
||||||
|
|
||||||
# special handling of mappers list to allow change detection
|
# special handling of mappers list to allow change detection
|
||||||
if module.params.get('mappers') is not None:
|
if module.params.get('mappers') is not None:
|
||||||
if module.params['provider_id'] == 'kerberos':
|
if module.params['provider_id'] in ['kerberos', 'sssd']:
|
||||||
module.fail_json(msg='Cannot configure mappers for Kerberos federations.')
|
module.fail_json(msg='Cannot configure mappers for {type} provider.'.format(type=module.params['provider_id']))
|
||||||
for change in module.params['mappers']:
|
for change in module.params['mappers']:
|
||||||
change = dict((k, v) for k, v in change.items() if change[k] is not None)
|
change = dict((k, v) for k, v in change.items() if change[k] is not None)
|
||||||
if change.get('id') is None and change.get('name') is None:
|
if change.get('id') is None and change.get('name') is None:
|
||||||
|
|
Loading…
Reference in a new issue