search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
814 stars 1.49k forks source link

keycloak_user_federation shows changed because of "lastSync" value #5842

Open FAUSheppy opened 1 year ago

FAUSheppy commented 1 year ago

Summary

With Keycloak 19.0.1, if you create a LDAP-storage provider with this module, then go to the Keycloak interface -> User Federation -> Provider -> Actions (top right) -> Sync, Keycloak sets a value called "lastSync" containing the timestamp of the latest synchronization.

On subsequent ansible runs, the task will always show as changed:

      ...
     "enabled": "true",
     "fullSyncPeriod": "600",
     "importEnabled": "true",
-    "lastSync": "1673767845",
     "pagination": "true",
     "priority": "0",
     "rdnLDAPAttribute": "uid",
      ...

The value cannot be overwritten or removed, repeated runs do not fix this problem, the task remains listed as changed with the above diff.

Issue Type

Bug Report

Component Name

community.general.keycloak_user_federation

Ansible Version

$ ansible --version
ansible 2.10.8
  config file = None
  configured module search path = ['/root/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3/dist-packages/ansible
  executable location = /usr/bin/ansible
  python version = 3.9.2 (default, Feb 28 2021, 17:03:44) [GCC 10.2.1 20210110]

Community.general Version

$ ansible-galaxy collection list community.general
# /usr/lib/python3/dist-packages/ansible_collections
Collection        Version
----------------- -------
community.general 1.3.6  

# /root/.ansible/collections/ansible_collections
Collection        Version
----------------- -------
community.general 6.2.0

Configuration

$ ansible-config dump --only-changed

OS / Environment

Debian 11 Bullseye

Steps to Reproduce

Expected Results

Task should no show changed OR subsequent runs should overwrite the value.

Actual Results

Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @eikef @laurpaum @ndclt click here for bot help

ansibullbot commented 1 year ago

cc @mattock click here for bot help

ansibullbot commented 1 month ago

cc @thomasbach-dev click here for bot help

FAUSheppy commented 1 month ago

Just FYI this Problem persists, last checked on keyclock 25.0.1

fgruenbauer commented 3 weeks ago

I can create a PR to fix this. Just need some input on how the module should behave.

The value seems to be used to time the period syncs, so I don't know if changing it is a good idea. The API i think allows it, but there's no option in the web GUI.

The simplest solution would probably be to just ignore it and remove it from the kc responses.

Another option might be to check whether there was a successful sync after a provided timestamp. But that would be more complex and require an additional meta argument. I also don't know it that's a relevant use case since kc already offers periodic sync settings.

fgruenbauer commented 1 week ago

@FAUSheppy - i created a PR https://github.com/ansible-collections/community.general/pull/8812 that just removes the parameter from all keycloak reponses, which should solve the issue. Could you take a look at it?