search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
814 stars 1.49k forks source link

keycloak_realm - need to be able to append values in addition to overwriting them #5456

Open wdower opened 1 year ago

wdower commented 1 year ago

Summary

If I want to adjust a field like passwordPolicy using keycloak_realm, right now I can only do so by overwriting the existing policy.

- name: Set password policy
  community.general.keycloak_realm:
    auth_keycloak_url: "{{ keycloak_server_address }}"
    auth_client_id: "{{ keycloak_client_id }}"
    realm: "{{ keycloak_realm }}"
    auth_realm: "{{ keycloak_realm }}"
    auth_username: "{{ keycloak_admin_user }}"
    auth_password: "{{ keycloak_admin_password }}"
    state: present
    password_policy: "{{ password_policy_string }}" #overwrites whatever was already set

This handles most cases, but sometimes I want to add to the list of password policies, not remove it (like if I am trying to harden an existing server to a security baseline).

Right now, if I want to do this, I need to use a workaround by first running a task solely to register the output so that I get a variable to manipulate:

-name: Append to current passwordPolicy
  block:
  - name: Collect current realm information
    community.general.keycloak_realm:
      auth_keycloak_url: "{{ keycloak_server_address }}"
      auth_client_id: "{{ keycloak_client_id }}"
      realm: "{{ keycloak_realm }}"
      auth_realm: "{{ keycloak_realm }}"
      auth_username: "{{ keycloak_admin_user }}"
      auth_password: "{{ keycloak_admin_password }}"
    register: realm_config

  - name: Append minimum character length to password_policy
    ansible.builtin.set_fact:
      password_policy_string: "{{ realm_config.password_policy + ' and length(15)' }}"

  - name: Set password policy
    community.general.keycloak_realm:
      auth_keycloak_url: "{{ keycloak_server_address }}"
      auth_client_id: "{{ keycloak_client_id }}"
      realm: "{{ keycloak_realm }}"
      auth_realm: "{{ keycloak_realm }}"
      auth_username: "{{ keycloak_admin_user }}"
      auth_password: "{{ keycloak_admin_password }}"
      state: present
      password_policy: "{{ password_policy_string }}" # wonky append

It would be much simpler and les error-prone to have an append option for any realm config field that can have multiple options set (append, enabled_event_types, enabled_event_listeners, etc.):

  - name: Set password policy
    community.general.keycloak_realm:
      auth_keycloak_url: "{{ keycloak_server_address }}"
      auth_client_id: "{{ keycloak_client_id }}"
      realm: "{{ keycloak_realm }}"
      auth_realm: "{{ keycloak_realm }}"
      auth_username: "{{ keycloak_admin_user }}"
      auth_password: "{{ keycloak_admin_password }}"
      state: present
      password_policy: "length(15)"
      append: true

Issue Type

Feature Idea

Component Name

keycloak_realm

Additional Information

Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @eikef @kris2kris @ndclt click here for bot help

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @mattock click here for bot help

ansibullbot commented 1 month ago

cc @thomasbach-dev click here for bot help