mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #8651/529af498 backport][stable-9] keycloak_userprofile: new module (#8848)
keycloak_userprofile: new module (#8651)
keycloak_userprofile: new keycloak module to manage user profiles (#8651)
(cherry picked from commit 529af4984c
)
Co-authored-by: Eike Waldt <waldt@b1-systems.de>
This commit is contained in:
parent
23ac1b62c3
commit
5f7a3ac896
9 changed files with 2053 additions and 2 deletions
2
.github/BOTMETA.yml
vendored
2
.github/BOTMETA.yml
vendored
|
@ -809,6 +809,8 @@ files:
|
|||
maintainers: elfelip
|
||||
$modules/keycloak_user_federation.py:
|
||||
maintainers: laurpaum
|
||||
$modules/keycloak_userprofile.py:
|
||||
maintainers: yeoldegrove
|
||||
$modules/keycloak_component_info.py:
|
||||
maintainers: desand01
|
||||
$modules/keycloak_client_rolescope.py:
|
||||
|
|
732
plugins/modules/keycloak_userprofile.py
Normal file
732
plugins/modules/keycloak_userprofile.py
Normal file
|
@ -0,0 +1,732 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright (c) Ansible project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = '''
|
||||
---
|
||||
module: keycloak_userprofile
|
||||
|
||||
short_description: Allows managing Keycloak User Profiles
|
||||
|
||||
description:
|
||||
- This module allows you to create, update, or delete Keycloak User Profiles via Keycloak API. You can also customize the "Unmanaged Attributes" with it.
|
||||
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the
|
||||
Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/24.0.5/rest-api/index.html).
|
||||
For compatibility reasons, the module also accepts the camelCase versions of the options.
|
||||
|
||||
version_added: "9.4.0"
|
||||
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
diff_mode:
|
||||
support: full
|
||||
|
||||
options:
|
||||
state:
|
||||
description:
|
||||
- State of the User Profile provider.
|
||||
- On V(present), the User Profile provider will be created if it does not yet exist, or updated with
|
||||
the parameters you provide.
|
||||
- On V(absent), the User Profile provider will be removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
- present
|
||||
- absent
|
||||
|
||||
parent_id:
|
||||
description:
|
||||
- The parent ID of the realm key. In practice the ID (name) of the realm.
|
||||
aliases:
|
||||
- parentId
|
||||
- realm
|
||||
type: str
|
||||
required: true
|
||||
|
||||
provider_id:
|
||||
description:
|
||||
- The name of the provider ID for the key (supported value is V(declarative-user-profile)).
|
||||
aliases:
|
||||
- providerId
|
||||
choices: ['declarative-user-profile']
|
||||
default: 'declarative-user-profile'
|
||||
type: str
|
||||
|
||||
provider_type:
|
||||
description:
|
||||
- Component type for User Profile (only supported value is V(org.keycloak.userprofile.UserProfileProvider)).
|
||||
aliases:
|
||||
- providerType
|
||||
choices: ['org.keycloak.userprofile.UserProfileProvider']
|
||||
default: org.keycloak.userprofile.UserProfileProvider
|
||||
type: str
|
||||
|
||||
config:
|
||||
description:
|
||||
- The configuration of the User Profile Provider.
|
||||
type: dict
|
||||
required: false
|
||||
suboptions:
|
||||
kc_user_profile_config:
|
||||
description:
|
||||
- Define a declarative User Profile. See EXAMPLES for more context.
|
||||
aliases:
|
||||
- kcUserProfileConfig
|
||||
type: list
|
||||
elements: dict
|
||||
suboptions:
|
||||
attributes:
|
||||
description:
|
||||
- A list of attributes to be included in the User Profile.
|
||||
type: list
|
||||
elements: dict
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- The name of the attribute.
|
||||
type: str
|
||||
required: true
|
||||
|
||||
display_name:
|
||||
description:
|
||||
- The display name of the attribute.
|
||||
aliases:
|
||||
- displayName
|
||||
type: str
|
||||
required: true
|
||||
|
||||
validations:
|
||||
description:
|
||||
- The validations to be applied to the attribute.
|
||||
type: dict
|
||||
suboptions:
|
||||
length:
|
||||
description:
|
||||
- The length validation for the attribute.
|
||||
type: dict
|
||||
suboptions:
|
||||
min:
|
||||
description:
|
||||
- The minimum length of the attribute.
|
||||
type: int
|
||||
max:
|
||||
description:
|
||||
- The maximum length of the attribute.
|
||||
type: int
|
||||
required: true
|
||||
|
||||
email:
|
||||
description:
|
||||
- The email validation for the attribute.
|
||||
type: dict
|
||||
|
||||
username_prohibited_characters:
|
||||
description:
|
||||
- The prohibited characters validation for the username attribute.
|
||||
type: dict
|
||||
aliases:
|
||||
- usernameProhibitedCharacters
|
||||
|
||||
up_username_not_idn_homograph:
|
||||
description:
|
||||
- The validation to prevent IDN homograph attacks in usernames.
|
||||
type: dict
|
||||
aliases:
|
||||
- upUsernameNotIdnHomograph
|
||||
|
||||
person_name_prohibited_characters:
|
||||
description:
|
||||
- The prohibited characters validation for person name attributes.
|
||||
type: dict
|
||||
aliases:
|
||||
- personNameProhibitedCharacters
|
||||
|
||||
uri:
|
||||
description:
|
||||
- The URI validation for the attribute.
|
||||
type: dict
|
||||
|
||||
pattern:
|
||||
description:
|
||||
- The pattern validation for the attribute using regular expressions.
|
||||
type: dict
|
||||
|
||||
options:
|
||||
description:
|
||||
- Validation to ensure the attribute matches one of the provided options.
|
||||
type: dict
|
||||
|
||||
annotations:
|
||||
description:
|
||||
- Annotations for the attribute.
|
||||
type: dict
|
||||
|
||||
group:
|
||||
description:
|
||||
- Specifies the User Profile group where this attribute will be added.
|
||||
type: str
|
||||
|
||||
permissions:
|
||||
description:
|
||||
- The permissions for viewing and editing the attribute.
|
||||
type: dict
|
||||
suboptions:
|
||||
view:
|
||||
description:
|
||||
- The roles that can view the attribute.
|
||||
- Supported values are V(admin) and V(user).
|
||||
type: list
|
||||
elements: str
|
||||
default:
|
||||
- admin
|
||||
- user
|
||||
|
||||
edit:
|
||||
description:
|
||||
- The roles that can edit the attribute.
|
||||
- Supported values are V(admin) and V(user).
|
||||
type: list
|
||||
elements: str
|
||||
default:
|
||||
- admin
|
||||
- user
|
||||
|
||||
multivalued:
|
||||
description:
|
||||
- Whether the attribute can have multiple values.
|
||||
type: bool
|
||||
default: false
|
||||
|
||||
required:
|
||||
description:
|
||||
- The roles that require this attribute.
|
||||
type: dict
|
||||
suboptions:
|
||||
roles:
|
||||
description:
|
||||
- The roles for which this attribute is required.
|
||||
- Supported values are V(admin) and V(user).
|
||||
type: list
|
||||
elements: str
|
||||
default:
|
||||
- user
|
||||
|
||||
groups:
|
||||
description:
|
||||
- A list of attribute groups to be included in the User Profile.
|
||||
type: list
|
||||
elements: dict
|
||||
suboptions:
|
||||
name:
|
||||
description:
|
||||
- The name of the group.
|
||||
type: str
|
||||
required: true
|
||||
|
||||
display_header:
|
||||
description:
|
||||
- The display header for the group.
|
||||
aliases:
|
||||
- displayHeader
|
||||
type: str
|
||||
required: true
|
||||
|
||||
display_description:
|
||||
description:
|
||||
- The display description for the group.
|
||||
aliases:
|
||||
- displayDescription
|
||||
type: str
|
||||
required: false
|
||||
|
||||
annotations:
|
||||
description:
|
||||
- The annotations included in the group.
|
||||
type: dict
|
||||
required: false
|
||||
|
||||
unmanaged_attribute_policy:
|
||||
description:
|
||||
- Policy for unmanaged attributes.
|
||||
aliases:
|
||||
- unmanagedAttributePolicy
|
||||
type: str
|
||||
choices:
|
||||
- ENABLED
|
||||
- ADMIN_EDIT
|
||||
- ADMIN_VIEW
|
||||
|
||||
notes:
|
||||
- Currently, only a single V(declarative-user-profile) entry is supported for O(provider_id) (design of the Keyckoak API).
|
||||
However, there can be multiple O(config.kc_user_profile_config[].attributes[]) entries.
|
||||
|
||||
extends_documentation_fragment:
|
||||
- community.general.keycloak
|
||||
- community.general.attributes
|
||||
|
||||
author:
|
||||
- Eike Waldt (@yeoldegrove)
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
- name: Create a Declarative User Profile with default settings
|
||||
community.general.keycloak_userprofile:
|
||||
state: present
|
||||
parent_id: master
|
||||
config:
|
||||
kc_user_profile_config:
|
||||
- attributes:
|
||||
- name: username
|
||||
displayName: ${username}
|
||||
validations:
|
||||
length:
|
||||
min: 3
|
||||
max: 255
|
||||
username_prohibited_characters: {}
|
||||
up_username_not_idn_homograph: {}
|
||||
annotations: {}
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: email
|
||||
displayName: ${email}
|
||||
validations:
|
||||
email: {}
|
||||
length:
|
||||
max: 255
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: firstName
|
||||
displayName: ${firstName}
|
||||
validations:
|
||||
length:
|
||||
max: 255
|
||||
person_name_prohibited_characters: {}
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: lastName
|
||||
displayName: ${lastName}
|
||||
validations:
|
||||
length:
|
||||
max: 255
|
||||
person_name_prohibited_characters: {}
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
groups:
|
||||
- name: user-metadata
|
||||
displayHeader: User metadata
|
||||
displayDescription: Attributes, which refer to user metadata
|
||||
annotations: {}
|
||||
|
||||
- name: Delete a Keycloak User Profile Provider
|
||||
keycloak_userprofile:
|
||||
state: absent
|
||||
parent_id: master
|
||||
|
||||
# Unmanaged attributes are user attributes not explicitly defined in the User Profile
|
||||
# configuration. By default, unmanaged attributes are "Disabled" and are not
|
||||
# available from any context such as registration, account, and the
|
||||
# administration console. By setting "Enabled", unmanaged attributes are fully
|
||||
# recognized by the server and accessible through all contexts, useful if you are
|
||||
# starting migrating an existing realm to the declarative User Profile
|
||||
# and you don't have yet all user attributes defined in the User Profile configuration.
|
||||
- name: Enable Unmanaged Attributes
|
||||
community.general.keycloak_userprofile:
|
||||
state: present
|
||||
parent_id: master
|
||||
config:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ENABLED
|
||||
|
||||
# By setting "Only administrators can write", unmanaged attributes can be managed
|
||||
# only through the administration console and API, useful if you have already
|
||||
# defined any custom attribute that can be managed by users but you are unsure
|
||||
# about adding other attributes that should only be managed by administrators.
|
||||
- name: Enable ADMIN_EDIT on Unmanaged Attributes
|
||||
community.general.keycloak_userprofile:
|
||||
state: present
|
||||
parent_id: master
|
||||
config:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ADMIN_EDIT
|
||||
|
||||
# By setting `Only administrators can view`, unmanaged attributes are read-only
|
||||
# and only available through the administration console and API.
|
||||
- name: Enable ADMIN_VIEW on Unmanaged Attributes
|
||||
community.general.keycloak_userprofile:
|
||||
state: present
|
||||
parent_id: master
|
||||
config:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ADMIN_VIEW
|
||||
'''
|
||||
|
||||
RETURN = '''
|
||||
msg:
|
||||
description: The output message generated by the module.
|
||||
returned: always
|
||||
type: str
|
||||
sample: UserProfileProvider created successfully
|
||||
data:
|
||||
description: The data returned by the Keycloak API.
|
||||
returned: when state is present
|
||||
type: dict
|
||||
sample: {...}
|
||||
'''
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
keycloak_argument_spec, get_token, KeycloakError
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.six.moves.urllib.parse import urlencode
|
||||
from copy import deepcopy
|
||||
import json
|
||||
|
||||
|
||||
def remove_null_values(data):
|
||||
if isinstance(data, dict):
|
||||
# Recursively remove null values from dictionaries
|
||||
return {k: remove_null_values(v) for k, v in data.items() if v is not None}
|
||||
elif isinstance(data, list):
|
||||
# Recursively remove null values from lists
|
||||
return [remove_null_values(item) for item in data if item is not None]
|
||||
else:
|
||||
# Return the data if it's neither a dictionary nor a list
|
||||
return data
|
||||
|
||||
|
||||
def camel_recursive(data):
|
||||
if isinstance(data, dict):
|
||||
# Convert keys to camelCase and apply recursively
|
||||
return {camel(k): camel_recursive(v) for k, v in data.items()}
|
||||
elif isinstance(data, list):
|
||||
# Apply camelCase conversion to each item in the list
|
||||
return [camel_recursive(item) for item in data]
|
||||
else:
|
||||
# Return the data as is if it's not a dict or list
|
||||
return data
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = keycloak_argument_spec()
|
||||
|
||||
meta_args = dict(
|
||||
state=dict(type='str', choices=['present', 'absent'], default='present'),
|
||||
parent_id=dict(type='str', aliases=['parentId', 'realm'], required=True),
|
||||
provider_id=dict(type='str', aliases=['providerId'], default='declarative-user-profile', choices=['declarative-user-profile']),
|
||||
provider_type=dict(
|
||||
type='str',
|
||||
aliases=['providerType'],
|
||||
default='org.keycloak.userprofile.UserProfileProvider',
|
||||
choices=['org.keycloak.userprofile.UserProfileProvider']
|
||||
),
|
||||
config=dict(
|
||||
type='dict',
|
||||
required=False,
|
||||
options={
|
||||
'kc_user_profile_config': dict(
|
||||
type='list',
|
||||
aliases=['kcUserProfileConfig'],
|
||||
elements='dict',
|
||||
options={
|
||||
'attributes': dict(
|
||||
type='list',
|
||||
elements='dict',
|
||||
required=False,
|
||||
options={
|
||||
'name': dict(type='str', required=True),
|
||||
'display_name': dict(type='str', aliases=['displayName'], required=True),
|
||||
'validations': dict(
|
||||
type='dict',
|
||||
options={
|
||||
'length': dict(
|
||||
type='dict',
|
||||
options={
|
||||
'min': dict(type='int', required=False),
|
||||
'max': dict(type='int', required=True)
|
||||
}
|
||||
),
|
||||
'email': dict(type='dict', required=False),
|
||||
'username_prohibited_characters': dict(type='dict', aliases=['usernameProhibitedCharacters'], required=False),
|
||||
'up_username_not_idn_homograph': dict(type='dict', aliases=['upUsernameNotIdnHomograph'], required=False),
|
||||
'person_name_prohibited_characters': dict(type='dict', aliases=['personNameProhibitedCharacters'], required=False),
|
||||
'uri': dict(type='dict', required=False),
|
||||
'pattern': dict(type='dict', required=False),
|
||||
'options': dict(type='dict', required=False)
|
||||
}
|
||||
),
|
||||
'annotations': dict(type='dict'),
|
||||
'group': dict(type='str'),
|
||||
'permissions': dict(
|
||||
type='dict',
|
||||
options={
|
||||
'view': dict(type='list', elements='str', default=['admin', 'user']),
|
||||
'edit': dict(type='list', elements='str', default=['admin', 'user'])
|
||||
}
|
||||
),
|
||||
'multivalued': dict(type='bool', default=False),
|
||||
'required': dict(
|
||||
type='dict',
|
||||
options={
|
||||
'roles': dict(type='list', elements='str', default=['user'])
|
||||
}
|
||||
)
|
||||
}
|
||||
),
|
||||
'groups': dict(
|
||||
type='list',
|
||||
elements='dict',
|
||||
options={
|
||||
'name': dict(type='str', required=True),
|
||||
'display_header': dict(type='str', aliases=['displayHeader'], required=True),
|
||||
'display_description': dict(type='str', aliases=['displayDescription'], required=False),
|
||||
'annotations': dict(type='dict', required=False)
|
||||
}
|
||||
),
|
||||
'unmanaged_attribute_policy': dict(
|
||||
type='str',
|
||||
aliases=['unmanagedAttributePolicy'],
|
||||
choices=['ENABLED', 'ADMIN_EDIT', 'ADMIN_VIEW'],
|
||||
required=False
|
||||
)
|
||||
}
|
||||
)
|
||||
}
|
||||
)
|
||||
)
|
||||
|
||||
argument_spec.update(meta_args)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password']]),
|
||||
required_together=([['auth_realm', 'auth_username', 'auth_password']]))
|
||||
|
||||
# Initialize the result object. Only "changed" seems to have special
|
||||
# meaning for Ansible.
|
||||
result = dict(changed=False, msg='', end_state={}, diff=dict(before={}, after={}))
|
||||
|
||||
# This will include the current state of the realm userprofile if it is already
|
||||
# present. This is only used for diff-mode.
|
||||
before_realm_userprofile = {}
|
||||
before_realm_userprofile['config'] = {}
|
||||
|
||||
# Obtain access token, initialize API
|
||||
try:
|
||||
connection_header = get_token(module.params)
|
||||
except KeycloakError as e:
|
||||
module.fail_json(msg=str(e))
|
||||
|
||||
kc = KeycloakAPI(module, connection_header)
|
||||
|
||||
params_to_ignore = list(keycloak_argument_spec().keys()) + ["state"]
|
||||
|
||||
# Filter and map the parameters names that apply to the role
|
||||
component_params = [
|
||||
x
|
||||
for x in module.params
|
||||
if x not in params_to_ignore and module.params.get(x) is not None
|
||||
]
|
||||
|
||||
# Build a proposed changeset from parameters given to this module
|
||||
changeset = {}
|
||||
|
||||
# Build the changeset with proper JSON serialization for kc_user_profile_config
|
||||
config = module.params.get('config')
|
||||
changeset['config'] = {}
|
||||
|
||||
# Generate a JSON payload for Keycloak Admin API from the module
|
||||
# parameters. Parameters that do not belong to the JSON payload (e.g.
|
||||
# "state" or "auth_keycloal_url") have been filtered away earlier (see
|
||||
# above).
|
||||
#
|
||||
# This loop converts Ansible module parameters (snake-case) into
|
||||
# Keycloak-compatible format (camel-case). For example proider_id
|
||||
# becomes providerId. It also handles some special cases, e.g. aliases.
|
||||
for component_param in component_params:
|
||||
# realm/parent_id parameter
|
||||
if component_param == 'realm' or component_param == 'parent_id':
|
||||
changeset['parent_id'] = module.params.get(component_param)
|
||||
changeset.pop(component_param, None)
|
||||
# complex parameters in config suboptions
|
||||
elif component_param == 'config':
|
||||
for config_param in config:
|
||||
# special parameter kc_user_profile_config
|
||||
if config_param in ('kcUserProfileConfig', 'kc_user_profile_config'):
|
||||
config_param_org = config_param
|
||||
# rename parameter to be accepted by Keycloak API
|
||||
config_param = 'kc.user.profile.config'
|
||||
# make sure no null values are passed to Keycloak API
|
||||
kc_user_profile_config = remove_null_values(config[config_param_org])
|
||||
changeset[camel(component_param)][config_param] = []
|
||||
if len(kc_user_profile_config) > 0:
|
||||
# convert aliases to camelCase
|
||||
kc_user_profile_config = camel_recursive(kc_user_profile_config)
|
||||
# rename validations to be accepted by Keycloak API
|
||||
if 'attributes' in kc_user_profile_config[0]:
|
||||
for attribute in kc_user_profile_config[0]['attributes']:
|
||||
if 'validations' in attribute:
|
||||
if 'usernameProhibitedCharacters' in attribute['validations']:
|
||||
attribute['validations']['username-prohibited-characters'] = (
|
||||
attribute['validations'].pop('usernameProhibitedCharacters')
|
||||
)
|
||||
if 'upUsernameNotIdnHomograph' in attribute['validations']:
|
||||
attribute['validations']['up-username-not-idn-homograph'] = (
|
||||
attribute['validations'].pop('upUsernameNotIdnHomograph')
|
||||
)
|
||||
if 'personNameProhibitedCharacters' in attribute['validations']:
|
||||
attribute['validations']['person-name-prohibited-characters'] = (
|
||||
attribute['validations'].pop('personNameProhibitedCharacters')
|
||||
)
|
||||
# special JSON parsing for kc_user_profile_config
|
||||
value = json.dumps(kc_user_profile_config[0])
|
||||
changeset[camel(component_param)][config_param].append(value)
|
||||
# usual camelCase parameters
|
||||
else:
|
||||
changeset[camel(component_param)][camel(config_param)] = []
|
||||
raw_value = module.params.get(component_param)[config_param]
|
||||
if isinstance(raw_value, bool):
|
||||
value = str(raw_value).lower()
|
||||
else:
|
||||
value = raw_value # Directly use the raw value
|
||||
changeset[camel(component_param)][camel(config_param)].append(value)
|
||||
# usual parameters
|
||||
else:
|
||||
new_param_value = module.params.get(component_param)
|
||||
changeset[camel(component_param)] = new_param_value
|
||||
|
||||
# Make it easier to refer to current module parameters
|
||||
state = module.params.get('state')
|
||||
enabled = module.params.get('enabled')
|
||||
parent_id = module.params.get('parent_id')
|
||||
provider_type = module.params.get('provider_type')
|
||||
provider_id = module.params.get('provider_id')
|
||||
|
||||
# Make a deep copy of the changeset. This is use when determining
|
||||
# changes to the current state.
|
||||
changeset_copy = deepcopy(changeset)
|
||||
|
||||
# Get a list of all Keycloak components that are of userprofile provider type.
|
||||
realm_userprofiles = kc.get_components(urlencode(dict(type=provider_type, parent=parent_id)), parent_id)
|
||||
|
||||
# If this component is present get its userprofile ID. Confusingly the userprofile ID is
|
||||
# also known as the Provider ID.
|
||||
userprofile_id = None
|
||||
|
||||
# Track individual parameter changes
|
||||
changes = ""
|
||||
|
||||
# This tells Ansible whether the userprofile was changed (added, removed, modified)
|
||||
result['changed'] = False
|
||||
|
||||
# Loop through the list of components. If we encounter a component whose
|
||||
# name matches the value of the name parameter then assume the userprofile is
|
||||
# already present.
|
||||
for userprofile in realm_userprofiles:
|
||||
if provider_id == "declarative-user-profile":
|
||||
userprofile_id = userprofile['id']
|
||||
changeset['id'] = userprofile_id
|
||||
changeset_copy['id'] = userprofile_id
|
||||
|
||||
# Compare top-level parameters
|
||||
for param, value in changeset.items():
|
||||
before_realm_userprofile[param] = userprofile[param]
|
||||
|
||||
if changeset_copy[param] != userprofile[param] and param != 'config':
|
||||
changes += "%s: %s -> %s, " % (param, userprofile[param], changeset_copy[param])
|
||||
result['changed'] = True
|
||||
|
||||
# Compare parameters under the "config" userprofile
|
||||
for p, v in changeset_copy['config'].items():
|
||||
before_realm_userprofile['config'][p] = userprofile['config'][p]
|
||||
if changeset_copy['config'][p] != userprofile['config'][p]:
|
||||
changes += "config.%s: %s -> %s, " % (p, userprofile['config'][p], changeset_copy['config'][p])
|
||||
result['changed'] = True
|
||||
|
||||
# Check all the possible states of the resource and do what is needed to
|
||||
# converge current state with desired state (create, update or delete
|
||||
# the userprofile).
|
||||
if userprofile_id and state == 'present':
|
||||
if result['changed']:
|
||||
if module._diff:
|
||||
result['diff'] = dict(before=before_realm_userprofile, after=changeset_copy)
|
||||
|
||||
if module.check_mode:
|
||||
result['msg'] = "Userprofile %s would be changed: %s" % (provider_id, changes.strip(", "))
|
||||
else:
|
||||
kc.update_component(changeset, parent_id)
|
||||
result['msg'] = "Userprofile %s changed: %s" % (provider_id, changes.strip(", "))
|
||||
else:
|
||||
result['msg'] = "Userprofile %s was in sync" % (provider_id)
|
||||
|
||||
result['end_state'] = changeset_copy
|
||||
elif userprofile_id and state == 'absent':
|
||||
if module._diff:
|
||||
result['diff'] = dict(before=before_realm_userprofile, after={})
|
||||
|
||||
if module.check_mode:
|
||||
result['changed'] = True
|
||||
result['msg'] = "Userprofile %s would be deleted" % (provider_id)
|
||||
else:
|
||||
kc.delete_component(userprofile_id, parent_id)
|
||||
result['changed'] = True
|
||||
result['msg'] = "Userprofile %s deleted" % (provider_id)
|
||||
|
||||
result['end_state'] = {}
|
||||
elif not userprofile_id and state == 'present':
|
||||
if module._diff:
|
||||
result['diff'] = dict(before={}, after=changeset_copy)
|
||||
|
||||
if module.check_mode:
|
||||
result['changed'] = True
|
||||
result['msg'] = "Userprofile %s would be created" % (provider_id)
|
||||
else:
|
||||
kc.create_component(changeset, parent_id)
|
||||
result['changed'] = True
|
||||
result['msg'] = "Userprofile %s created" % (provider_id)
|
||||
|
||||
result['end_state'] = changeset_copy
|
||||
elif not userprofile_id and state == 'absent':
|
||||
result['changed'] = False
|
||||
result['msg'] = "Userprofile %s not present" % (provider_id)
|
||||
result['end_state'] = {}
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -10,8 +10,8 @@
|
|||
command: start-dev
|
||||
env:
|
||||
KC_HTTP_RELATIVE_PATH: /auth
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: password
|
||||
KEYCLOAK_ADMIN: "{{ admin_user }}"
|
||||
KEYCLOAK_ADMIN_PASSWORD: "{{ admin_password }}"
|
||||
ports:
|
||||
- "8080:8080"
|
||||
detach: true
|
||||
|
|
5
tests/integration/targets/keycloak_userprofile/aliases
Normal file
5
tests/integration/targets/keycloak_userprofile/aliases
Normal file
|
@ -0,0 +1,5 @@
|
|||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
unsupported
|
|
@ -0,0 +1,7 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
# dependencies:
|
||||
# - setup_docker
|
27
tests/integration/targets/keycloak_userprofile/readme.adoc
Normal file
27
tests/integration/targets/keycloak_userprofile/readme.adoc
Normal file
|
@ -0,0 +1,27 @@
|
|||
// Copyright (c) Ansible Project
|
||||
// GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
// SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
To be able to run these integration tests a keycloak server must be
|
||||
reachable under a specific url with a specific admin user and password.
|
||||
The exact values expected for these parameters can be found in
|
||||
'vars/main.yml' file. A simple way to do this is to use the official
|
||||
keycloak docker images like this:
|
||||
|
||||
----
|
||||
docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH=<url-path> -e KEYCLOAK_ADMIN=<admin_user> -e KEYCLOAK_ADMIN_PASSWORD=<admin_password> quay.io/keycloak/keycloak:24.0.5 start-dev
|
||||
----
|
||||
|
||||
Example with concrete values inserted:
|
||||
|
||||
----
|
||||
docker run --name mykeycloak -p 8080:8080 -e KC_HTTP_RELATIVE_PATH=/auth -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=password quay.io/keycloak/keycloak:24.0.5 start-dev
|
||||
----
|
||||
|
||||
This test suite can run against a fresh unconfigured server instance
|
||||
(no preconfiguration required) and cleans up after itself (undoes all
|
||||
its config changes) as long as it runs through completely. While its active
|
||||
it changes the server configuration in the following ways:
|
||||
|
||||
* creating, modifying and deleting some keycloak userprofiles
|
||||
|
301
tests/integration/targets/keycloak_userprofile/tasks/main.yml
Normal file
301
tests/integration/targets/keycloak_userprofile/tasks/main.yml
Normal file
|
@ -0,0 +1,301 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
- name: Start container
|
||||
community.docker.docker_container:
|
||||
name: mykeycloak
|
||||
image: "quay.io/keycloak/keycloak:24.0.5"
|
||||
command: start-dev
|
||||
env:
|
||||
KC_HTTP_RELATIVE_PATH: /auth
|
||||
KEYCLOAK_ADMIN: admin
|
||||
KEYCLOAK_ADMIN_PASSWORD: password
|
||||
ports:
|
||||
- "8080:8080"
|
||||
detach: true
|
||||
auto_remove: true
|
||||
memory: 2200M
|
||||
|
||||
- name: Check default ports
|
||||
ansible.builtin.wait_for:
|
||||
host: "localhost"
|
||||
port: "8080"
|
||||
state: started # Port should be open
|
||||
delay: 30 # Wait before first check
|
||||
timeout: 50 # Stop checking after timeout (sec)
|
||||
|
||||
- name: Remove Keycloak test realm to avoid failures from previous failed runs
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: absent
|
||||
|
||||
- name: Create Keycloak test realm
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: present
|
||||
|
||||
- name: Create default User Profile (check mode)
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_default }}"
|
||||
check_mode: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile would be created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg == "Userprofile declarative-user-profile would be created"
|
||||
|
||||
- name: Create default User Profile
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_default }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg == "Userprofile declarative-user-profile created"
|
||||
|
||||
- name: Create default User Profile (test for idempotency)
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_default }}"
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was in sync
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg == "Userprofile declarative-user-profile was in sync"
|
||||
|
||||
- name: Update default User Profile (check mode)
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_updated }}"
|
||||
check_mode: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile would be changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg.startswith("Userprofile declarative-user-profile would be changed:")
|
||||
|
||||
- name: Update default User Profile
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_updated }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg.startswith("Userprofile declarative-user-profile changed:")
|
||||
|
||||
- name: Update default User Profile (test for idempotency)
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_updated }}"
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was in sync
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg == "Userprofile declarative-user-profile was in sync"
|
||||
|
||||
## No force implemented
|
||||
# - name: Force update default User Profile
|
||||
# community.general.keycloak_userprofile:
|
||||
# auth_keycloak_url: "{{ url }}"
|
||||
# auth_realm: "{{ admin_realm }}"
|
||||
# auth_username: "{{ admin_user }}"
|
||||
# auth_password: "{{ admin_password }}"
|
||||
# force: true
|
||||
# state: present
|
||||
# parent_id: "{{ realm }}"
|
||||
# config: "{{ config_updated }}"
|
||||
# register: result
|
||||
#
|
||||
# - name: Assert that forced update ran correctly
|
||||
# assert:
|
||||
# that:
|
||||
# - result is changed
|
||||
# - result.end_state != {}
|
||||
# - result.end_state.providerId == "declarative-user-profile"
|
||||
# - result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
# - result.msg == "Userprofile declarative-user-profile was forcibly updated"
|
||||
|
||||
- name: Remove default User Profile
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: absent
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_default }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was deleted
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state == {}
|
||||
- result.msg == "Userprofile declarative-user-profile deleted"
|
||||
|
||||
- name: Remove default User Profile (test for idempotency)
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: absent
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_default }}"
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile not present
|
||||
assert:
|
||||
that:
|
||||
- result is not changed
|
||||
- result.end_state == {}
|
||||
- result.msg == "Userprofile declarative-user-profile not present"
|
||||
|
||||
- name: Create User Profile with unmanaged attributes ENABLED
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_unmanaged_attributes_enabled }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was created
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg == "Userprofile declarative-user-profile created"
|
||||
|
||||
- name: Attempt to change the User Profile to unmanaged ADMIN_EDIT
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_unmanaged_attributes_admin_edit }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg.startswith("Userprofile declarative-user-profile changed:")
|
||||
|
||||
- name: Attempt to change the User Profile to unmanaged ADMIN_VIEW
|
||||
community.general.keycloak_userprofile:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
state: present
|
||||
parent_id: "{{ realm }}"
|
||||
config: "{{ config_unmanaged_attributes_admin_view }}"
|
||||
diff: true
|
||||
register: result
|
||||
|
||||
- name: Assert that User Profile was changed
|
||||
assert:
|
||||
that:
|
||||
- result is changed
|
||||
- result.end_state != {}
|
||||
- result.end_state.providerId == "declarative-user-profile"
|
||||
- result.end_state.providerType == "org.keycloak.userprofile.UserProfileProvider"
|
||||
- result.msg.startswith("Userprofile declarative-user-profile changed:")
|
||||
|
||||
- name: Remove Keycloak test realm
|
||||
community.general.keycloak_realm:
|
||||
auth_keycloak_url: "{{ url }}"
|
||||
auth_realm: "{{ admin_realm }}"
|
||||
auth_username: "{{ admin_user }}"
|
||||
auth_password: "{{ admin_password }}"
|
||||
realm: "{{ realm }}"
|
||||
id: "{{ realm }}"
|
||||
state: absent
|
111
tests/integration/targets/keycloak_userprofile/vars/main.yml
Normal file
111
tests/integration/targets/keycloak_userprofile/vars/main.yml
Normal file
|
@ -0,0 +1,111 @@
|
|||
---
|
||||
# Copyright (c) Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
url: http://localhost:8080/auth
|
||||
admin_realm: master
|
||||
admin_user: admin
|
||||
admin_password: password
|
||||
realm: realm_userprofile_test
|
||||
attributes_default:
|
||||
- name: username
|
||||
displayName: ${username}
|
||||
validations:
|
||||
length:
|
||||
min: 3
|
||||
max: 255
|
||||
usernameProhibitedCharacters: {}
|
||||
up_username_not_idn_homograph: {}
|
||||
annotations: {}
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: email
|
||||
displayName: ${email}
|
||||
validations:
|
||||
email: {}
|
||||
length:
|
||||
max: 255
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: firstName
|
||||
displayName: ${firstName}
|
||||
validations:
|
||||
length:
|
||||
max: 255
|
||||
personNameProhibitedCharacters: {}
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
- name: lastName
|
||||
displayName: ${lastName}
|
||||
validations:
|
||||
length:
|
||||
max: 255
|
||||
person_name_prohibited_characters: {}
|
||||
annotations: {}
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
attributes_additional:
|
||||
- name: additionalAttribute
|
||||
displayName: additionalAttribute
|
||||
group: user-metadata
|
||||
required:
|
||||
roles:
|
||||
- user
|
||||
permissions:
|
||||
view:
|
||||
- admin
|
||||
- user
|
||||
edit: []
|
||||
multivalued: false
|
||||
groups_default:
|
||||
- name: user-metadata
|
||||
displayHeader: User metadata
|
||||
displayDescription: Attributes, which refer to user metadata
|
||||
config_default:
|
||||
kc_user_profile_config:
|
||||
- attributes: "{{ attributes_default }}"
|
||||
groups: "{{ groups_default }}"
|
||||
config_updated:
|
||||
kc_user_profile_config:
|
||||
- attributes: "{{ attributes_default + attributes_additional }}"
|
||||
groups: "{{ groups_default }}"
|
||||
config_unmanaged_attributes_enabled:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ENABLED
|
||||
attributes: "{{ attributes_default }}"
|
||||
config_unmanaged_attributes_admin_edit:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ADMIN_EDIT
|
||||
attributes: "{{ attributes_default }}"
|
||||
config_unmanaged_attributes_admin_view:
|
||||
kc_user_profile_config:
|
||||
- unmanagedAttributePolicy: ADMIN_VIEW
|
||||
attributes: "{{ attributes_default }}"
|
866
tests/unit/plugins/modules/test_keycloak_userprofile.py
Normal file
866
tests/unit/plugins/modules/test_keycloak_userprofile.py
Normal file
|
@ -0,0 +1,866 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
|
||||
# Copyright (c) 2024, Ansible Project
|
||||
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
# SPDX-License-Identifier: GPL-3.0-or-later
|
||||
|
||||
from __future__ import absolute_import, division, print_function
|
||||
__metaclass__ = type
|
||||
|
||||
from contextlib import contextmanager
|
||||
|
||||
from ansible_collections.community.general.tests.unit.compat import unittest
|
||||
from ansible_collections.community.general.tests.unit.compat.mock import patch
|
||||
from ansible_collections.community.general.tests.unit.plugins.modules.utils import AnsibleExitJson, ModuleTestCase, set_module_args
|
||||
|
||||
from ansible_collections.community.general.plugins.modules import keycloak_userprofile
|
||||
|
||||
from itertools import count
|
||||
|
||||
from ansible.module_utils.six import StringIO
|
||||
|
||||
|
||||
@contextmanager
|
||||
def patch_keycloak_api(get_components=None, get_component=None, create_component=None, update_component=None, delete_component=None):
|
||||
"""Mock context manager for patching the methods in KeycloakAPI
|
||||
"""
|
||||
|
||||
obj = keycloak_userprofile.KeycloakAPI
|
||||
with patch.object(obj, 'get_components', side_effect=get_components) as mock_get_components:
|
||||
with patch.object(obj, 'get_component', side_effect=get_component) as mock_get_component:
|
||||
with patch.object(obj, 'create_component', side_effect=create_component) as mock_create_component:
|
||||
with patch.object(obj, 'update_component', side_effect=update_component) as mock_update_component:
|
||||
with patch.object(obj, 'delete_component', side_effect=delete_component) as mock_delete_component:
|
||||
yield mock_get_components, mock_get_component, mock_create_component, mock_update_component, mock_delete_component
|
||||
|
||||
|
||||
def get_response(object_with_future_response, method, get_id_call_count):
|
||||
if callable(object_with_future_response):
|
||||
return object_with_future_response()
|
||||
if isinstance(object_with_future_response, dict):
|
||||
return get_response(object_with_future_response[method], method, get_id_call_count)
|
||||
if isinstance(object_with_future_response, list):
|
||||
call_number = next(get_id_call_count)
|
||||
return get_response(object_with_future_response[call_number], method, get_id_call_count)
|
||||
return object_with_future_response
|
||||
|
||||
|
||||
def build_mocked_request(get_id_user_count, response_dict):
|
||||
def _mocked_requests(*args, **kwargs):
|
||||
url = args[0]
|
||||
method = kwargs['method']
|
||||
future_response = response_dict.get(url, None)
|
||||
return get_response(future_response, method, get_id_user_count)
|
||||
return _mocked_requests
|
||||
|
||||
|
||||
def create_wrapper(text_as_string):
|
||||
"""Allow to mock many times a call to one address.
|
||||
Without this function, the StringIO is empty for the second call.
|
||||
"""
|
||||
def _create_wrapper():
|
||||
return StringIO(text_as_string)
|
||||
return _create_wrapper
|
||||
|
||||
|
||||
def mock_good_connection():
|
||||
token_response = {
|
||||
'http://keycloak.url/auth/realms/master/protocol/openid-connect/token': create_wrapper('{"access_token": "alongtoken"}'),
|
||||
}
|
||||
return patch(
|
||||
'ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak.open_url',
|
||||
side_effect=build_mocked_request(count(), token_response),
|
||||
autospec=True
|
||||
)
|
||||
|
||||
|
||||
class TestKeycloakUserprofile(ModuleTestCase):
|
||||
def setUp(self):
|
||||
super(TestKeycloakUserprofile, self).setUp()
|
||||
self.module = keycloak_userprofile
|
||||
|
||||
def test_create_when_absent(self):
|
||||
"""Add a new userprofile"""
|
||||
|
||||
module_args = {
|
||||
"auth_keycloak_url": "http://keycloak.url/auth",
|
||||
"auth_realm": "master",
|
||||
"auth_username": "admin",
|
||||
"auth_password": "admin",
|
||||
"parent_id": "realm-name",
|
||||
"state": "present",
|
||||
"provider_id": "declarative-user-profile",
|
||||
"config": {
|
||||
"kc_user_profile_config": [
|
||||
{
|
||||
"attributes": [
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${username}",
|
||||
"multivalued": False,
|
||||
"name": "username",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": None,
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255,
|
||||
"min": 3
|
||||
},
|
||||
"up_username_not_idn_homograph": {},
|
||||
"username_prohibited_characters": {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${email}",
|
||||
"multivalued": False,
|
||||
"name": "email",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"email": {},
|
||||
"length": {
|
||||
"max": 255
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${firstName}",
|
||||
"multivalued": False,
|
||||
"name": "firstName",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person_name_prohibited_characters": {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${lastName}",
|
||||
"multivalued": False,
|
||||
"name": "lastName",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person_name_prohibited_characters": {}
|
||||
}
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"displayDescription": "Attributes, which refer to user metadata",
|
||||
"displayHeader": "User metadata",
|
||||
"name": "user-metadata"
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
return_value_component_create = [
|
||||
{
|
||||
"id": "4ba43451-6bb4-4b50-969f-e890539f15e3",
|
||||
"parentId": "realm-name",
|
||||
"providerId": "declarative-user-profile",
|
||||
"providerType": "org.keycloak.userprofile.UserProfileProvider",
|
||||
"config": {
|
||||
"kc.user.profile.config": [
|
||||
{
|
||||
"attributes": [
|
||||
{
|
||||
"name": "username",
|
||||
"displayName": "${username}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"min": 3,
|
||||
"max": 255
|
||||
},
|
||||
"username-prohibited-characters": {},
|
||||
"up-username-not-idn-homograph": {}
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {},
|
||||
"required": None
|
||||
},
|
||||
{
|
||||
"name": "email",
|
||||
"displayName": "${email}",
|
||||
"validations": {
|
||||
"email": {},
|
||||
"length": {
|
||||
"max": 255
|
||||
}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "firstName",
|
||||
"displayName": "${firstName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "lastName",
|
||||
"displayName": "${lastName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
|
||||
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"name": "user-metadata",
|
||||
"displayHeader": "User metadata",
|
||||
"displayDescription": "Attributes, which refer to user metadata",
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
]
|
||||
return_value_get_components_get = [
|
||||
[], []
|
||||
]
|
||||
changed = True
|
||||
|
||||
set_module_args(module_args)
|
||||
|
||||
# Run the module
|
||||
|
||||
with mock_good_connection():
|
||||
with patch_keycloak_api(get_components=return_value_get_components_get, create_component=return_value_component_create) as (
|
||||
mock_get_components, mock_get_component, mock_create_component, mock_update_component, mock_delete_component):
|
||||
with self.assertRaises(AnsibleExitJson) as exec_info:
|
||||
self.module.main()
|
||||
|
||||
self.assertEqual(len(mock_get_components.mock_calls), 1)
|
||||
self.assertEqual(len(mock_get_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_create_component.mock_calls), 1)
|
||||
self.assertEqual(len(mock_update_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_delete_component.mock_calls), 0)
|
||||
|
||||
# Verify that the module's changed status matches what is expected
|
||||
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
||||
|
||||
def test_create_when_present(self):
|
||||
"""Update existing userprofile"""
|
||||
|
||||
module_args = {
|
||||
"auth_keycloak_url": "http://keycloak.url/auth",
|
||||
"auth_realm": "master",
|
||||
"auth_username": "admin",
|
||||
"auth_password": "admin",
|
||||
"parent_id": "realm-name",
|
||||
"state": "present",
|
||||
"provider_id": "declarative-user-profile",
|
||||
"config": {
|
||||
"kc_user_profile_config": [
|
||||
{
|
||||
"attributes": [
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${username}",
|
||||
"multivalued": False,
|
||||
"name": "username",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": None,
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255,
|
||||
"min": 3
|
||||
},
|
||||
"up_username_not_idn_homograph": {},
|
||||
"username_prohibited_characters": {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${email}",
|
||||
"multivalued": False,
|
||||
"name": "email",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"email": {},
|
||||
"length": {
|
||||
"max": 255
|
||||
}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${firstName}",
|
||||
"multivalued": False,
|
||||
"name": "firstName",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person_name_prohibited_characters": {}
|
||||
}
|
||||
},
|
||||
{
|
||||
"annotations": {},
|
||||
"displayName": "${lastName}",
|
||||
"multivalued": False,
|
||||
"name": "lastName",
|
||||
"permissions": {
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person_name_prohibited_characters": {}
|
||||
}
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"displayDescription": "Attributes, which refer to user metadata",
|
||||
"displayHeader": "User metadata",
|
||||
"name": "user-metadata"
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
return_value_get_components_get = [
|
||||
[
|
||||
{
|
||||
"id": "4ba43451-6bb4-4b50-969f-e890539f15e3",
|
||||
"parentId": "realm-1",
|
||||
"providerId": "declarative-user-profile",
|
||||
"providerType": "org.keycloak.userprofile.UserProfileProvider",
|
||||
"config": {
|
||||
"kc.user.profile.config": [
|
||||
{
|
||||
"attributes": [
|
||||
{
|
||||
"name": "username",
|
||||
"displayName": "${username}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"min": 3,
|
||||
"max": 255
|
||||
},
|
||||
"username-prohibited-characters": {},
|
||||
"up-username-not-idn-homograph": {}
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {},
|
||||
"required": None
|
||||
},
|
||||
{
|
||||
"name": "email",
|
||||
"displayName": "${email}",
|
||||
"validations": {
|
||||
"email": {},
|
||||
"length": {
|
||||
"max": 255
|
||||
}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "firstName",
|
||||
"displayName": "${firstName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "lastName",
|
||||
"displayName": "${lastName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"name": "user-metadata",
|
||||
"displayHeader": "User metadata",
|
||||
"displayDescription": "Attributes, which refer to user metadata",
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
[]
|
||||
]
|
||||
return_value_component_update = [
|
||||
None
|
||||
]
|
||||
changed = True
|
||||
|
||||
set_module_args(module_args)
|
||||
|
||||
# Run the module
|
||||
|
||||
with mock_good_connection():
|
||||
with patch_keycloak_api(get_components=return_value_get_components_get,
|
||||
update_component=return_value_component_update) as (
|
||||
mock_get_components, mock_get_component, mock_create_component, mock_update_component, mock_delete_component):
|
||||
with self.assertRaises(AnsibleExitJson) as exec_info:
|
||||
self.module.main()
|
||||
|
||||
self.assertEqual(len(mock_get_components.mock_calls), 1)
|
||||
self.assertEqual(len(mock_get_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_create_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_update_component.mock_calls), 1)
|
||||
self.assertEqual(len(mock_delete_component.mock_calls), 0)
|
||||
|
||||
# Verify that the module's changed status matches what is expected
|
||||
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
||||
|
||||
def test_delete_when_absent(self):
|
||||
"""Remove an absent userprofile"""
|
||||
|
||||
module_args = {
|
||||
'auth_keycloak_url': 'http://keycloak.url/auth',
|
||||
'auth_realm': 'master',
|
||||
'auth_username': 'admin',
|
||||
'auth_password': 'admin',
|
||||
'parent_id': 'realm-name',
|
||||
'provider_id': 'declarative-user-profile',
|
||||
'state': 'absent',
|
||||
}
|
||||
return_value_get_components_get = [
|
||||
[]
|
||||
]
|
||||
changed = False
|
||||
|
||||
set_module_args(module_args)
|
||||
|
||||
# Run the module
|
||||
|
||||
with mock_good_connection():
|
||||
with patch_keycloak_api(get_components=return_value_get_components_get) as (
|
||||
mock_get_components, mock_get_component, mock_create_component, mock_update_component, mock_delete_component):
|
||||
with self.assertRaises(AnsibleExitJson) as exec_info:
|
||||
self.module.main()
|
||||
|
||||
self.assertEqual(len(mock_get_components.mock_calls), 1)
|
||||
self.assertEqual(len(mock_get_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_create_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_update_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_delete_component.mock_calls), 0)
|
||||
|
||||
# Verify that the module's changed status matches what is expected
|
||||
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
||||
|
||||
def test_delete_when_present(self):
|
||||
"""Remove an existing userprofile"""
|
||||
|
||||
module_args = {
|
||||
'auth_keycloak_url': 'http://keycloak.url/auth',
|
||||
'auth_realm': 'master',
|
||||
'auth_username': 'admin',
|
||||
'auth_password': 'admin',
|
||||
'parent_id': 'realm-name',
|
||||
'provider_id': 'declarative-user-profile',
|
||||
'state': 'absent',
|
||||
}
|
||||
return_value_get_components_get = [
|
||||
[
|
||||
{
|
||||
"id": "4ba43451-6bb4-4b50-969f-e890539f15e3",
|
||||
"parentId": "realm-1",
|
||||
"providerId": "declarative-user-profile",
|
||||
"providerType": "org.keycloak.userprofile.UserProfileProvider",
|
||||
"config": {
|
||||
"kc.user.profile.config": [
|
||||
{
|
||||
"attributes": [
|
||||
{
|
||||
"name": "username",
|
||||
"displayName": "${username}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"min": 3,
|
||||
"max": 255
|
||||
},
|
||||
"username-prohibited-characters": {},
|
||||
"up-username-not-idn-homograph": {}
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {},
|
||||
"required": None
|
||||
},
|
||||
{
|
||||
"name": "email",
|
||||
"displayName": "${email}",
|
||||
"validations": {
|
||||
"email": {},
|
||||
"length": {
|
||||
"max": 255
|
||||
}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "firstName",
|
||||
"displayName": "${firstName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
},
|
||||
{
|
||||
"name": "lastName",
|
||||
"displayName": "${lastName}",
|
||||
"validations": {
|
||||
"length": {
|
||||
"max": 255
|
||||
},
|
||||
"person-name-prohibited-characters": {}
|
||||
},
|
||||
"required": {
|
||||
"roles": [
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"permissions": {
|
||||
"view": [
|
||||
"admin",
|
||||
"user"
|
||||
],
|
||||
"edit": [
|
||||
"admin",
|
||||
"user"
|
||||
]
|
||||
},
|
||||
"multivalued": False,
|
||||
"annotations": {}
|
||||
}
|
||||
],
|
||||
"groups": [
|
||||
{
|
||||
"name": "user-metadata",
|
||||
"displayHeader": "User metadata",
|
||||
"displayDescription": "Attributes, which refer to user metadata",
|
||||
}
|
||||
],
|
||||
}
|
||||
]
|
||||
}
|
||||
}
|
||||
],
|
||||
[]
|
||||
]
|
||||
return_value_component_delete = [
|
||||
None
|
||||
]
|
||||
changed = True
|
||||
|
||||
set_module_args(module_args)
|
||||
|
||||
# Run the module
|
||||
|
||||
with mock_good_connection():
|
||||
with patch_keycloak_api(get_components=return_value_get_components_get, delete_component=return_value_component_delete) as (
|
||||
mock_get_components, mock_get_component, mock_create_component, mock_update_component, mock_delete_component):
|
||||
with self.assertRaises(AnsibleExitJson) as exec_info:
|
||||
self.module.main()
|
||||
|
||||
self.assertEqual(len(mock_get_components.mock_calls), 1)
|
||||
self.assertEqual(len(mock_get_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_create_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_update_component.mock_calls), 0)
|
||||
self.assertEqual(len(mock_delete_component.mock_calls), 1)
|
||||
|
||||
# Verify that the module's changed status matches what is expected
|
||||
self.assertIs(exec_info.exception.args[0]['changed'], changed)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
unittest.main()
|
Loading…
Reference in a new issue