1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #5750/6781dd19 backport][stable-5] bugfixing keycloak user federation failing when updating default mapper simultaneously (#5875)

bugfixing keycloak user federation failing when updating default mapper simultaneously (#5750)

* fix(modules/keycloak_user_federation): fixes ...

... user federation creation failing when also updating/changing default
mappers at the same time

* add changelog fragment for pr

Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 6781dd1918)

Co-authored-by: morco <thegreatwiper@web.de>
This commit is contained in:
patchback[bot] 2023-01-22 17:44:49 +01:00 committed by GitHub
parent 2c92db98d5
commit b022b87362
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 97 additions and 0 deletions

View file

@ -0,0 +1,7 @@
bugfixes:
- >-
keycloak_user_federation - fixes federation creation issue. When a new
federation was created and at the same time a default / standard mapper
was also changed / updated the creation process failed as a bad None
set variable led to a bad malformed url request
(https://github.com/ansible-collections/community.general/pull/5750).

View file

@ -923,6 +923,8 @@ def main():
updated_mappers = desired_comp.pop('mappers', []) updated_mappers = desired_comp.pop('mappers', [])
after_comp = kc.create_component(desired_comp, realm) after_comp = kc.create_component(desired_comp, realm)
cid = after_comp['id']
for mapper in updated_mappers: for mapper in updated_mappers:
found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm) found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm)
if len(found) > 1: if len(found) > 1:

View file

@ -270,6 +270,14 @@
useKerberosForPasswordAuthentication: false useKerberosForPasswordAuthentication: false
debug: false debug: false
mappers: mappers:
# overwrite / update pre existing default mapper
- name: "username"
providerId: "user-attribute-ldap-mapper"
config:
ldap.attribute: ldap_user
user.model.attribute: usr
read.only: true
# create new mapper
- name: "full name" - name: "full name"
providerId: "full-name-ldap-mapper" providerId: "full-name-ldap-mapper"
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper" providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
@ -335,3 +343,83 @@
- result is not changed - result is not changed
- result.existing == {} - result.existing == {}
- result.end_state == {} - result.end_state == {}
- name: Create new user federation together with mappers
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ federation }}"
state: present
provider_id: ldap
provider_type: org.keycloak.storage.UserStorageProvider
config:
enabled: true
priority: 0
fullSyncPeriod: -1
changedSyncPeriod: -1
cachePolicy: DEFAULT
batchSizeForSync: 1000
editMode: READ_ONLY
importEnabled: true
syncRegistrations: false
vendor: other
usernameLDAPAttribute: uid
rdnLDAPAttribute: uid
uuidLDAPAttribute: entryUUID
userObjectClasses: "inetOrgPerson, organizationalPerson"
connectionUrl: "ldaps://ldap.example.com:636"
usersDn: "ou=Users,dc=example,dc=com"
authType: simple
bindDn: cn=directory reader
bindCredential: secret
searchScope: 1
validatePasswordPolicy: false
trustEmail: false
useTruststoreSpi: "ldapsOnly"
connectionPooling: true
pagination: true
allowKerberosAuthentication: false
useKerberosForPasswordAuthentication: false
debug: false
mappers:
# overwrite / update pre existing default mapper
- name: "username"
providerId: "user-attribute-ldap-mapper"
config:
ldap.attribute: ldap_user
user.model.attribute: usr
read.only: true
# create new mapper
- name: "full name"
providerId: "full-name-ldap-mapper"
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
config:
ldap.full.name.attribute: cn
read.only: true
write.only: false
register: result
- name: Debug
debug:
var: result
- name: Assert user federation created
assert:
that:
- result is changed
- result.existing == {}
- result.end_state.name == "{{ federation }}"
## no point in retesting this, just doing it to clean up introduced server changes
- name: Delete absent user federation
community.general.keycloak_user_federation:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
name: "{{ federation }}"
state: absent