mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #5732/0ca41ded backport][stable-5] Bugfix/keycloak userfed idempotency (#5873)
Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ...
... federation read call not finding already existing federations
properly because of bad parametrisation
* fix(modules/keycloak_user_federation): added ...
... new integration test for module idempotency bugfix
* added changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 0ca41dedce
)
Co-authored-by: morco <thegreatwiper@web.de>
This commit is contained in:
parent
b66df6932e
commit
2c92db98d5
3 changed files with 116 additions and 2 deletions
|
@ -0,0 +1,6 @@
|
|||
bugfixes:
|
||||
- >
|
||||
keycloak_user_federation - fixes idempotency detection issues. In some
|
||||
cases the module could fail to properly detect already existing user
|
||||
federations because of a buggy seemingly superflous extra query parameter
|
||||
(https://github.com/ansible-collections/community.general/pull/5732).
|
|
@ -24,7 +24,7 @@ description:
|
|||
to your needs and a user having the expected roles.
|
||||
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the
|
||||
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html).
|
||||
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
|
||||
|
||||
|
||||
options:
|
||||
|
@ -835,7 +835,7 @@ def main():
|
|||
|
||||
# See if it already exists in Keycloak
|
||||
if cid is None:
|
||||
found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', parent=realm, name=name)), realm)
|
||||
found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', name=name)), realm)
|
||||
if len(found) > 1:
|
||||
module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name))
|
||||
before_comp = next(iter(found), None)
|
||||
|
|
|
@ -66,6 +66,59 @@
|
|||
- result.existing == {}
|
||||
- result.end_state.name == "{{ federation }}"
|
||||
|
||||
- name: Create new user federation in admin realm
|
||||
community.general.keycloak_user_federation:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ admin_realm }}"
|
||||
name: "{{ federation }}"
|
||||
state: present
|
||||
provider_id: ldap
|
||||
provider_type: org.keycloak.storage.UserStorageProvider
|
||||
config:
|
||||
enabled: true
|
||||
priority: 0
|
||||
fullSyncPeriod: -1
|
||||
changedSyncPeriod: -1
|
||||
cachePolicy: DEFAULT
|
||||
batchSizeForSync: 1000
|
||||
editMode: READ_ONLY
|
||||
importEnabled: true
|
||||
syncRegistrations: false
|
||||
vendor: other
|
||||
usernameLDAPAttribute: uid
|
||||
rdnLDAPAttribute: uid
|
||||
uuidLDAPAttribute: entryUUID
|
||||
userObjectClasses: "inetOrgPerson, organizationalPerson"
|
||||
connectionUrl: "ldaps://ldap.example.com:636"
|
||||
usersDn: "ou=Users,dc=example,dc=com"
|
||||
authType: simple
|
||||
bindDn: cn=directory reader
|
||||
bindCredential: secret
|
||||
searchScope: 1
|
||||
validatePasswordPolicy: false
|
||||
trustEmail: false
|
||||
useTruststoreSpi: "ldapsOnly"
|
||||
connectionPooling: true
|
||||
pagination: true
|
||||
allowKerberosAuthentication: false
|
||||
useKerberosForPasswordAuthentication: false
|
||||
debug: false
|
||||
register: result
|
||||
|
||||
- name: Debug
|
||||
debug:
|
||||
var: result
|
||||
|
||||
- name: Assert user federation created (admin realm)
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.existing == {}
|
||||
- result.end_state.name == "{{ federation }}"
|
||||
|
||||
- name: Update existing user federation (no change)
|
||||
community.general.keycloak_user_federation:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
|
@ -121,6 +174,61 @@
|
|||
- result.end_state != {}
|
||||
- result.end_state.name == "{{ federation }}"
|
||||
|
||||
- name: Update existing user federation (no change, admin realm)
|
||||
community.general.keycloak_user_federation:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ admin_realm }}"
|
||||
name: "{{ federation }}"
|
||||
state: present
|
||||
provider_id: ldap
|
||||
provider_type: org.keycloak.storage.UserStorageProvider
|
||||
config:
|
||||
enabled: true
|
||||
priority: 0
|
||||
fullSyncPeriod: -1
|
||||
changedSyncPeriod: -1
|
||||
cachePolicy: DEFAULT
|
||||
batchSizeForSync: 1000
|
||||
editMode: READ_ONLY
|
||||
importEnabled: true
|
||||
syncRegistrations: false
|
||||
vendor: other
|
||||
usernameLDAPAttribute: uid
|
||||
rdnLDAPAttribute: uid
|
||||
uuidLDAPAttribute: entryUUID
|
||||
userObjectClasses: "inetOrgPerson, organizationalPerson"
|
||||
connectionUrl: "ldaps://ldap.example.com:636"
|
||||
usersDn: "ou=Users,dc=example,dc=com"
|
||||
authType: simple
|
||||
bindDn: cn=directory reader
|
||||
bindCredential: "**********"
|
||||
searchScope: 1
|
||||
validatePasswordPolicy: false
|
||||
trustEmail: false
|
||||
useTruststoreSpi: "ldapsOnly"
|
||||
connectionPooling: true
|
||||
pagination: true
|
||||
allowKerberosAuthentication: false
|
||||
useKerberosForPasswordAuthentication: false
|
||||
debug: false
|
||||
register: result
|
||||
|
||||
- name: Debug
|
||||
debug:
|
||||
var: result
|
||||
|
||||
- name: Assert user federation unchanged (admin realm)
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.existing != {}
|
||||
- result.existing.name == "{{ federation }}"
|
||||
- result.end_state != {}
|
||||
- result.end_state.name == "{{ federation }}"
|
||||
|
||||
- name: Update existing user federation (with change)
|
||||
community.general.keycloak_user_federation:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
|
|
Loading…
Reference in a new issue