From ac302eb77d82f5ed87cf8b037297c3482622247d Mon Sep 17 00:00:00 2001 From: fgruenbauer Date: Sat, 21 Sep 2024 09:30:40 +0200 Subject: [PATCH] keycloak_user_federation: set `krbPrincipalAttribute` to `''` if unset in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein --------- Co-authored-by: Felix Fontein --- ...cipalAttribute-to-empty-string-if-missing.yaml | 2 ++ plugins/modules/keycloak_user_federation.py | 15 ++++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml diff --git a/changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml b/changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml new file mode 100644 index 00000000000..c8a6ff752a5 --- /dev/null +++ b/changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785). \ No newline at end of file diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py index 6034aa8b845..06283a025e4 100644 --- a/plugins/modules/keycloak_user_federation.py +++ b/plugins/modules/keycloak_user_federation.py @@ -721,15 +721,20 @@ from copy import deepcopy +def normalize_kc_comp(comp): + # kc completely removes the parameter `krbPrincipalAttribute` if it is set to `''`; the unset kc parameter is equivalent to `''`; + # to make change detection and diff more accurate we set it again in the kc responses + if 'config' in comp: + if 'krbPrincipalAttribute' not in comp['config']: + comp['config']['krbPrincipalAttribute'] = [''] + + def sanitize(comp): compcopy = deepcopy(comp) if 'config' in compcopy: compcopy['config'] = {k: v[0] for k, v in compcopy['config'].items()} if 'bindCredential' in compcopy['config']: compcopy['config']['bindCredential'] = '**********' - # an empty string is valid for krbPrincipalAttribute but is filtered out in diff - if 'krbPrincipalAttribute' not in compcopy['config']: - compcopy['config']['krbPrincipalAttribute'] = '' if 'mappers' in compcopy: for mapper in compcopy['mappers']: if 'config' in mapper: @@ -885,6 +890,8 @@ def main(): if cid is not None and before_comp: before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') + normalize_kc_comp(before_comp) + # Build a proposed changeset from parameters given to this module changeset = {} @@ -994,6 +1001,7 @@ def main(): kc.delete_component(default_mapper['id'], realm) after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm) + normalize_kc_comp(after_comp) if module._diff: result['diff'] = dict(before='', after=sanitize(after_comp)) result['end_state'] = sanitize(after_comp) @@ -1041,6 +1049,7 @@ def main(): after_comp = kc.get_component(cid, realm) after_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '') + normalize_kc_comp(after_comp) after_comp_sanitized = sanitize(after_comp) before_comp_sanitized = sanitize(before_comp) result['end_state'] = after_comp_sanitized