ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
842 stars 1.54k forks source link

keycloak_user : clientConsents not updated #7519

Open sylvainmetayer opened 1 year ago

sylvainmetayer commented 1 year ago

Summary

When I define clientConsents in my keycloak_user module, the value is not updated in Keycloak, even though it appear in the proposed output.

Issue Type

Bug Report

Component Name

keycloak_user

Ansible Version

$ ansible --version
ansible [core 2.15.4]
  config file = /home/s.metayer/Documents/git/pole-edition/yap/yap-deploy/keycloak_configuration/ansible.cfg
  configured module search path = ['/home/s.metayer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/s.metayer/.local/lib/python3.11/site-packages/ansible
  ansible collection location = /home/s.metayer/Documents/git/pole-edition/yap/yap-deploy/keycloak_configuration/collections
  executable location = /home/s.metayer/.local/bin/ansible
  python version = 3.11.6 (main, Oct  3 2023, 00:00:00) [GCC 12.3.1 20230508 (Red Hat 12.3.1-1)] (/usr/bin/python3)
  jinja version = 3.1.2
  libyaml = True

Community.general Version

$ ansible-galaxy collection list community.general
Collection        Version
----------------- -------
community.general 8.0.2  

Configuration

$ ansible-config dump --only-changed
ANSIBLE_NOCOWS(env: ANSIBLE_NOCOWS) = True
COLLECTIONS_PATHS(/my/path/ansible.cfg) = ['/my/path/collections']
CONFIG_FILE() = /my/path/ansible.cfg
DEFAULT_HOST_LIST(/my/path/ansible.cfg) = ['/my/path/inventory.ini']
DEFAULT_ROLES_PATH(/my/path/ansible.cfg) = ['/my/path/galaxy_roles', '/my/path/roles']
DEFAULT_STDOUT_CALLBACK(/my/path/ansible.cfg) = debug
EDITOR(env: EDITOR) = /usr/bin/vim
INVENTORY_ENABLED(/my/path/ansible.cfg) = ['ini']

OS / Environment

Fedora 37

Keycloak server 21.1.1

Steps to Reproduce

- name: "Create User {{ user_config_username }}"
  community.general.keycloak_user:
    state: present
    auth_client_id: "{{ auth_client_id }}"
    auth_keycloak_url: "{{ auth_keycloak_url }}"
    auth_realm: "{{ auth_realm }}"
    auth_username: "{{ auth_username }}"
    auth_password: "{{ auth_password }}"

    realm: "{{ user_config_realm }}"
    username: "{{ user_config_username }}"
    firstName: "{{ user_config_firstname }}"
    lastName: "{{ user_config_lastname }}"
    email: "{{ user_config_email | default(omit) }}"
    clientConsents: "{{ user_config_client_roles }}" 
    enabled: true
    emailVerified: false
    credentials:
      - type: password
        value: "{{ user_config_password }}"
        temporary: false
  register: user

- name: Debug updated user
  debug:
    var: user

where user_config_client_roles equals

[
    {
        "client_id": "realm-management",
        "roles": [
            "manage-users",
            "query-groups"
        ]
    }
]

run playbook

Expected Results

changed: [localhost] => {
    "changed": true,
    "diff": {},
    "end_state": {
    # [...]
    },
    "existing": {
        "access": {
            "impersonate": true,
            "manage": true,
            "manageGroupMembership": true,
            "mapRoles": true,
            "view": true
        },
        "createdTimestamp": 1699966478251,
        "disableableCredentialTypes": [],
        "emailVerified": false,
        "enabled": true,
        "firstName": "my-project",
        "id": "redacted",
        "lastName": "Ref",
        "notBefore": 0,
        "requiredActions": [],
        "totp": false,
        "username": "my-project_user"
    },
    "invocation": {
        "module_args": {
            "access": null,
            "attributes": null,
            "auth_client_id": "admin-cli",
            "auth_client_secret": null,
            "auth_keycloak_url": "https://my-keycloak.com/auth",
            "auth_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
            "auth_realm": "master",
            "auth_username": "admin",
            "clientConsents": [
                {
                    "client_id": "realm-management",
                    "roles": [
                        "manage-users",
                        "query-groups"
                    ]
                }
            ],
            "client_consents": [
                {
                    "client_id": "realm-management",
                    "roles": [
                        "manage-users",
                        "query-groups"
                    ]
                }
            ],
            "connection_timeout": 10,
            "credentials": [
                {
                    "temporary": false,
                    "type": "password",
                    "value": "redacted"
                }
            ],
            "disableable_credential_types": [],
            "email": "",
            "emailVerified": false,
            "email_verified": false,
            "enabled": true,
            "federated_identities": [],
            "federation_link": null,
            "firstName": "my-project",
            "first_name": "my-project",
            "force": false,
            "groups": [],
            "http_agent": "Ansible",
            "id": null,
            "lastName": "user",
            "last_name": "user",
            "origin": null,
            "realm": "my-project",
            "required_actions": [],
            "self": null,
            "service_account_client_id": null,
            "state": "present",
            "token": null,
            "username": "my-project_user",
            "validate_certs": true
        }
    },
    "proposed": {
        "clientConsents": [
            {
                "client_id": "realm-management",
                "roles": [
                    "manage-users",
                    "query-groups"
                ]
            }
        ],
        "credentials": [
            {
                "temporary": false,
                "type": "password",
                "value": "password"
            }
        ],
        "disableableCredentialTypes": [],
        "email": "",
        "emailVerified": false,
        "federatedIdentities": [],
        "firstName": "my-project",
        "lastName": "Ref",
        "requiredActions": []
    }
}

MSG:

User my-project_user updated

As stated by the output (proposed field), I expect my user to have a change on the clientConsents property and have its clients roles updated.

Actual Results

The output above, but with client roles updated on the keycloak user.

Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @eikef @elfelip @mattock @ndclt click here for bot help

ansibullbot commented 4 months ago

cc @thomasbach-dev click here for bot help