1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/keycloak_client_rolescope/tasks/main.yml
patchback[bot] aa384be6fe
[PR #8252/a5697da2 backport][stable-8] Keycloak client role scope (#8266)
Keycloak client role scope (#8252)

* first commit

* minor update

* fixe Copyright

* fixe sanity

* Update plugins/modules/keycloak_client_rolescope.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* fixe sanity 2

* Update plugins/modules/keycloak_client_rolescope.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit a5697da29c)

Co-authored-by: desand01 <desrosiers.a@hotmail.com>
2024-04-21 20:39:47 +02:00

317 lines
No EOL
8.7 KiB
YAML

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Wait for Keycloak
uri:
url: "{{ url }}/admin/"
status_code: 200
validate_certs: no
register: result
until: result.status == 200
retries: 10
delay: 10
- name: Delete realm if exists
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
state: absent
- name: Create realm
community.general.keycloak_realm:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
id: "{{ realm }}"
realm: "{{ realm }}"
state: present
- name: Create a Keycloak realm role
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ item }}"
realm: "{{ realm }}"
with_items:
- "{{ realm_role_admin }}"
- "{{ realm_role_user }}"
- name: Client private
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_private }}"
state: present
redirect_uris:
- "https://my-backend-api.c.org/"
fullScopeAllowed: True
attributes: '{{client_attributes1}}'
public_client: False
- name: Create a Keycloak client role
community.general.keycloak_role:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
name: "{{ item }}"
realm: "{{ realm }}"
client_id: "{{ client_name_private }}"
with_items:
- "{{ client_role_admin }}"
- "{{ client_role_user }}"
- name: Client public
community.general.keycloak_client:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
redirect_uris:
- "https://my-onepage-app-frontend.c.org/"
attributes: '{{client_attributes1}}'
full_scope_allowed: False
public_client: True
- name: Map roles to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
client_scope_id: "{{ client_name_private }}"
role_names:
- "{{ client_role_admin }}"
- "{{ client_role_user }}"
register: result
- name: Assert mapping created
assert:
that:
- result is changed
- result.end_state | length == 2
- name: remap role user to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
client_scope_id: "{{ client_name_private }}"
role_names:
- "{{ client_role_user }}"
register: result
- name: Assert mapping created
assert:
that:
- result is not changed
- result.end_state | length == 2
- name: Remove Map role admin to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
client_scope_id: "{{ client_name_private }}"
role_names:
- "{{ client_role_admin }}"
state: absent
register: result
- name: Assert mapping deleted
assert:
that:
- result is changed
- result.end_state | length == 1
- result.end_state[0].name == client_role_user
- name: Map missing roles to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
client_scope_id: "{{ client_name_private }}"
role_names:
- "{{ client_role_admin }}"
- "{{ client_role_not_exists }}"
ignore_errors: true
register: result
- name: Assert failed mapping missing role
assert:
that:
- result is failed
- name: Map roles duplicate
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
client_scope_id: "{{ client_name_private }}"
role_names:
- "{{ client_role_admin }}"
- "{{ client_role_admin }}"
register: result
- name: Assert result
assert:
that:
- result is changed
- result.end_state | length == 2
- name: Map roles to private client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_private }}"
role_names:
- "{{ realm_role_admin }}"
ignore_errors: true
register: result
- name: Assert failed mapping role to full scope client
assert:
that:
- result is failed
- name: Map realm role to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names:
- "{{ realm_role_admin }}"
register: result
- name: Assert result
assert:
that:
- result is changed
- result.end_state | length == 1
- name: Map two realm roles to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names:
- "{{ realm_role_admin }}"
- "{{ realm_role_user }}"
register: result
- name: Assert result
assert:
that:
- result is changed
- result.end_state | length == 2
- name: Unmap all realm roles to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names:
- "{{ realm_role_admin }}"
- "{{ realm_role_user }}"
state: absent
register: result
- name: Assert result
assert:
that:
- result is changed
- result.end_state | length == 0
- name: Map missing realm role to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names:
- "{{ realm_role_not_exists }}"
ignore_errors: true
register: result
- name: Assert failed mapping missing realm role
assert:
that:
- result is failed
- name: Check-mode try to Map realm roles to public client
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names:
- "{{ realm_role_admin }}"
- "{{ realm_role_user }}"
check_mode: true
register: result
- name: Assert result
assert:
that:
- result is changed
- result.end_state | length == 2
- name: Check-mode step two, check if change where applied
community.general.keycloak_client_rolescope:
auth_keycloak_url: "{{ url }}"
auth_realm: "{{ admin_realm }}"
auth_username: "{{ admin_user }}"
auth_password: "{{ admin_password }}"
realm: "{{ realm }}"
client_id: "{{ client_name_public }}"
role_names: []
register: result
- name: Assert result
assert:
that:
- result is not changed
- result.end_state | length == 0