mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
f7bc6964be
* Add keycloak_realm_rolemapping module to map realm roles to groups * Whitespace * Description in plain English * Casing * Update error reporting as per #7645 * Add agross as maintainer of keycloak_realm_rolemapping module * cid and client_id are not used here * Credit other authors * mhuysamen submitted #7645 * Gaetan2907 authored keycloak_client_rolemapping.py which I took as a basis * Add integration tests * With Keycloak 23 realmRoles are only returned if assigned * Remove debug statement * Add test verifying that unmap works when no realm roles are assigned * Add license to readme * Change version number this module was added * Document which versions of the docker images have been tested * Downgrade version_added Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
160 lines
4.2 KiB
YAML
160 lines
4.2 KiB
YAML
# Copyright (c) 2023, Alexander Groß (@agross)
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: Create realm
|
|
community.general.keycloak_realm:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
id: "{{ realm }}"
|
|
realm: "{{ realm }}"
|
|
state: present
|
|
|
|
- name: Create realm roles
|
|
community.general.keycloak_role:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
name: "{{ item }}"
|
|
state: present
|
|
loop:
|
|
- "{{ role_1 }}"
|
|
- "{{ role_2 }}"
|
|
|
|
- name: Create group
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
name: "{{ group }}"
|
|
state: present
|
|
|
|
- name: Map realm roles to group
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_1 }}"
|
|
- name: "{{ role_2 }}"
|
|
state: present
|
|
register: result
|
|
|
|
- name: Assert realm roles are assigned to group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state | count == 2
|
|
|
|
- name: Map realm roles to group again (idempotency)
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_1 }}"
|
|
- name: "{{ role_2 }}"
|
|
state: present
|
|
register: result
|
|
|
|
- name: Assert realm roles stay assigned to group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: Unmap realm role 1 from group
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_1 }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert realm role 1 is unassigned from group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state | count == 1
|
|
- result.end_state[0] == role_2
|
|
|
|
- name: Unmap realm role 1 from group again (idempotency)
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_1 }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert realm role 1 stays unassigned from group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: Unmap realm role 2 from group
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_2 }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert no realm roles are assigned to group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.end_state | count == 0
|
|
|
|
- name: Unmap realm role 2 from group again (idempotency)
|
|
community.general.keycloak_realm_rolemapping:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
|
|
realm: "{{ realm }}"
|
|
group_name: "{{ group }}"
|
|
roles:
|
|
- name: "{{ role_2 }}"
|
|
state: absent
|
|
register: result
|
|
|
|
- name: Assert no realm roles are assigned to group
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is not changed
|
|
- result.end_state | count == 0
|