search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
818 stars 1.5k forks source link

keycloak_user : clientConsents not updated #7519

Open sylvainmetayer opened 10 months ago

sylvainmetayer commented 10 months ago

Summary

When I define clientConsents in my keycloak_user module, the value is not updated in Keycloak, even though it appear in the proposed output.

Issue Type

Bug Report

Component Name

keycloak_user

Ansible Version

$ ansible --version
ansible [core 2.15.4]
  config file = /home/s.metayer/Documents/git/pole-edition/yap/yap-deploy/keycloak_configuration/ansible.cfg
  configured module search path = ['/home/s.metayer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/s.metayer/.local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/s.metayer/Documents/git/pole-edition/yap/yap-deploy/keycloak_configuration/collections
  executable location = /home/s.metayer/.local/bin/ansible
  python version = 3.11.6 (main, Oct  3 2023, 00:00:00) [GCC 12.3.1 20230508 (Red Hat 12.3.1-1)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
Collection        Version
----------------- -------
community.general 8.0.2

Configuration

$ ansible-config dump --only-changed
ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
COLLECTIONS_PATHS(/my/path/ansible.cfg) = ['/my/path/collections']
CONFIG_FILE() = /my/path/ansible.cfg
DEFAULT_HOST_LIST(/my/path/ansible.cfg) = ['/my/path/inventory.ini']
DEFAULT_ROLES_PATH(/my/path/ansible.cfg) = ['/my/path/galaxy_roles', '/my/path/roles']
DEFAULT_STDOUT_CALLBACK(/my/path/ansible.cfg) = debug
EDITOR(env: EDITOR) = /usr/bin/vim
INVENTORY_ENABLED(/my/path/ansible.cfg) = ['ini']

OS / Environment

Fedora 37

Keycloak server 21.1.1

Steps to Reproduce

- name: "Create User {{ user_config_username }}"
  community.general.keycloak_user:
    state: present
    auth_client_id: "{{ auth_client_id }}"
    auth_keycloak_url: "{{ auth_keycloak_url }}"
    auth_realm: "{{ auth_realm }}"
    auth_username: "{{ auth_username }}"
    auth_password: "{{ auth_password }}"

    realm: "{{ user_config_realm }}"
    username: "{{ user_config_username }}"
    firstName: "{{ user_config_firstname }}"
    lastName: "{{ user_config_lastname }}"
    email: "{{ user_config_email | default(omit) }}"
    clientConsents: "{{ user_config_client_roles }}" 
    enabled: true
    emailVerified: false
    credentials:
      - type: password
        value: "{{ user_config_password }}"
        temporary: false
  register: user

- name: Debug updated user
  debug:
    var: user

where user_config_client_roles equals 

[
    {
        "client_id": "realm-management",
        "roles": [
            "manage-users",
            "query-groups"
        ]
    }
]

run playbook

Expected Results

changed: [localhost] => {
    "changed": true,
    "diff": {},
    "end_state": {
    # [...]
    },
    "existing": {
        "access": {
            "impersonate": true,
            "manage": true,
            "manageGroupMembership": true,
            "mapRoles": true,
            "view": true
        },
        "createdTimestamp": 1699966478251,
        "disableableCredentialTypes": [],
        "emailVerified": false,
        "enabled": true,
        "firstName": "my-project",
        "id": "redacted",
        "lastName": "Ref",
        "notBefore": 0,
        "requiredActions": [],
        "totp": false,
        "username": "my-project_user"
    },
    "invocation": {
        "module_args": {
            "access": null,
            "attributes": null,
            "auth_client_id": "admin-cli",
            "auth_client_secret": null,
            "auth_keycloak_url": "https://my-keycloak.com/auth",
            "auth_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "auth_realm": "master",
            "auth_username": "admin",
            "clientConsents": [
                {
                    "client_id": "realm-management",
                    "roles": [
                        "manage-users",
                        "query-groups"
                    ]
                }
            ],
            "client_consents": [
                {
                    "client_id": "realm-management",
                    "roles": [
                        "manage-users",
                        "query-groups"
                    ]
                }
            ],
            "connection_timeout": 10,
            "credentials": [
                {
                    "temporary": false,
                    "type": "password",
                    "value": "redacted"
                }
            ],
            "disableable_credential_types": [],
            "email": "",
            "emailVerified": false,
            "email_verified": false,
            "enabled": true,
            "federated_identities": [],
            "federation_link": null,
            "firstName": "my-project",
            "first_name": "my-project",
            "force": false,
            "groups": [],
            "http_agent": "Ansible",
            "id": null,
            "lastName": "user",
            "last_name": "user",
            "origin": null,
            "realm": "my-project",
            "required_actions": [],
            "self": null,
            "service_account_client_id": null,
            "state": "present",
            "token": null,
            "username": "my-project_user",
            "validate_certs": true
        }
    },
    "proposed": {
        "clientConsents": [
            {
                "client_id": "realm-management",
                "roles": [
                    "manage-users",
                    "query-groups"
                ]
            }
        ],
        "credentials": [
            {
                "temporary": false,
                "type": "password",
                "value": "password"
            }
        ],
        "disableableCredentialTypes": [],
        "email": "",
        "emailVerified": false,
        "federatedIdentities": [],
        "firstName": "my-project",
        "lastName": "Ref",
        "requiredActions": []
    }
}

MSG:

User my-project_user updated

As stated by the output (proposed field), I expect my user to have a change on the clientConsents property and have its clients roles updated.

Actual Results

The output above, but with client roles updated on the keycloak user.

Code of Conduct

ansibullbot commented 10 months ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 10 months ago

cc @eikef @elfelip @mattock @ndclt click here for bot help

ansibullbot commented 2 months ago

cc @thomasbach-dev click here for bot help