mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #5750/6781dd19 backport][stable-5] bugfixing keycloak user federation failing when updating default mapper simultaneously (#5875)
bugfixing keycloak user federation failing when updating default mapper simultaneously (#5750)
* fix(modules/keycloak_user_federation): fixes ...
... user federation creation failing when also updating/changing default
mappers at the same time
* add changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 6781dd1918
)
Co-authored-by: morco <thegreatwiper@web.de>
This commit is contained in:
parent
2c92db98d5
commit
b022b87362
3 changed files with 97 additions and 0 deletions
|
@ -0,0 +1,7 @@
|
||||||
|
bugfixes:
|
||||||
|
- >-
|
||||||
|
keycloak_user_federation - fixes federation creation issue. When a new
|
||||||
|
federation was created and at the same time a default / standard mapper
|
||||||
|
was also changed / updated the creation process failed as a bad None
|
||||||
|
set variable led to a bad malformed url request
|
||||||
|
(https://github.com/ansible-collections/community.general/pull/5750).
|
|
@ -923,6 +923,8 @@ def main():
|
||||||
updated_mappers = desired_comp.pop('mappers', [])
|
updated_mappers = desired_comp.pop('mappers', [])
|
||||||
after_comp = kc.create_component(desired_comp, realm)
|
after_comp = kc.create_component(desired_comp, realm)
|
||||||
|
|
||||||
|
cid = after_comp['id']
|
||||||
|
|
||||||
for mapper in updated_mappers:
|
for mapper in updated_mappers:
|
||||||
found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm)
|
found = kc.get_components(urlencode(dict(parent=cid, name=mapper['name'])), realm)
|
||||||
if len(found) > 1:
|
if len(found) > 1:
|
||||||
|
|
|
@ -270,6 +270,14 @@
|
||||||
useKerberosForPasswordAuthentication: false
|
useKerberosForPasswordAuthentication: false
|
||||||
debug: false
|
debug: false
|
||||||
mappers:
|
mappers:
|
||||||
|
# overwrite / update pre existing default mapper
|
||||||
|
- name: "username"
|
||||||
|
providerId: "user-attribute-ldap-mapper"
|
||||||
|
config:
|
||||||
|
ldap.attribute: ldap_user
|
||||||
|
user.model.attribute: usr
|
||||||
|
read.only: true
|
||||||
|
# create new mapper
|
||||||
- name: "full name"
|
- name: "full name"
|
||||||
providerId: "full-name-ldap-mapper"
|
providerId: "full-name-ldap-mapper"
|
||||||
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
||||||
|
@ -335,3 +343,83 @@
|
||||||
- result is not changed
|
- result is not changed
|
||||||
- result.existing == {}
|
- result.existing == {}
|
||||||
- result.end_state == {}
|
- result.end_state == {}
|
||||||
|
|
||||||
|
- name: Create new user federation together with mappers
|
||||||
|
community.general.keycloak_user_federation:
|
||||||
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
auth_realm: "{{ admin_realm }}"
|
||||||
|
auth_username: "{{ admin_user }}"
|
||||||
|
auth_password: "{{ admin_password }}"
|
||||||
|
realm: "{{ realm }}"
|
||||||
|
name: "{{ federation }}"
|
||||||
|
state: present
|
||||||
|
provider_id: ldap
|
||||||
|
provider_type: org.keycloak.storage.UserStorageProvider
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
priority: 0
|
||||||
|
fullSyncPeriod: -1
|
||||||
|
changedSyncPeriod: -1
|
||||||
|
cachePolicy: DEFAULT
|
||||||
|
batchSizeForSync: 1000
|
||||||
|
editMode: READ_ONLY
|
||||||
|
importEnabled: true
|
||||||
|
syncRegistrations: false
|
||||||
|
vendor: other
|
||||||
|
usernameLDAPAttribute: uid
|
||||||
|
rdnLDAPAttribute: uid
|
||||||
|
uuidLDAPAttribute: entryUUID
|
||||||
|
userObjectClasses: "inetOrgPerson, organizationalPerson"
|
||||||
|
connectionUrl: "ldaps://ldap.example.com:636"
|
||||||
|
usersDn: "ou=Users,dc=example,dc=com"
|
||||||
|
authType: simple
|
||||||
|
bindDn: cn=directory reader
|
||||||
|
bindCredential: secret
|
||||||
|
searchScope: 1
|
||||||
|
validatePasswordPolicy: false
|
||||||
|
trustEmail: false
|
||||||
|
useTruststoreSpi: "ldapsOnly"
|
||||||
|
connectionPooling: true
|
||||||
|
pagination: true
|
||||||
|
allowKerberosAuthentication: false
|
||||||
|
useKerberosForPasswordAuthentication: false
|
||||||
|
debug: false
|
||||||
|
mappers:
|
||||||
|
# overwrite / update pre existing default mapper
|
||||||
|
- name: "username"
|
||||||
|
providerId: "user-attribute-ldap-mapper"
|
||||||
|
config:
|
||||||
|
ldap.attribute: ldap_user
|
||||||
|
user.model.attribute: usr
|
||||||
|
read.only: true
|
||||||
|
# create new mapper
|
||||||
|
- name: "full name"
|
||||||
|
providerId: "full-name-ldap-mapper"
|
||||||
|
providerType: "org.keycloak.storage.ldap.mappers.LDAPStorageMapper"
|
||||||
|
config:
|
||||||
|
ldap.full.name.attribute: cn
|
||||||
|
read.only: true
|
||||||
|
write.only: false
|
||||||
|
register: result
|
||||||
|
|
||||||
|
- name: Debug
|
||||||
|
debug:
|
||||||
|
var: result
|
||||||
|
|
||||||
|
- name: Assert user federation created
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- result is changed
|
||||||
|
- result.existing == {}
|
||||||
|
- result.end_state.name == "{{ federation }}"
|
||||||
|
|
||||||
|
## no point in retesting this, just doing it to clean up introduced server changes
|
||||||
|
- name: Delete absent user federation
|
||||||
|
community.general.keycloak_user_federation:
|
||||||
|
auth_keycloak_url: "{{ url }}"
|
||||||
|
auth_realm: "{{ admin_realm }}"
|
||||||
|
auth_username: "{{ admin_user }}"
|
||||||
|
auth_password: "{{ admin_password }}"
|
||||||
|
realm: "{{ realm }}"
|
||||||
|
name: "{{ federation }}"
|
||||||
|
state: absent
|
||||||
|
|
Loading…
Reference in a new issue