keycloak_user_federation: set krbPrincipalAttribute to '' if unset in kc responses
#8785
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibullbot
added
WIP
felixfontein
added
check-before-release
ansibullbot
added
needs_rebase
|
@fgruenbauer this PR contains the following merge commits: Please rebase your branch to remove these commits. |
ansibullbot
added
merge_commit
fgruenbauer
force-pushed
the
keycloak-user-federation-normalize-krbPrincipalAttribute-in-kc-responses
branch
from
5964005
to
5ea8a2d
Compare
ansibullbot
removed
WIP
|
Please remember to add a changelog fragment. Thanks! |
|
Sry - Done. |
...ents/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml
Outdated
Show resolved
Hide resolved
…cipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]>
|
If nobody objects I'll merge this by the end of the week. |
felixfontein
removed
the
check-before-release
Backport to stable-8: 💚 backport PR created✅ Backport PR branch: Backported as #8891 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Sep 21, 2024
…t in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit ac302eb)
Backport to stable-9: 💚 backport PR created✅ Backport PR branch: Backported as #8892 🤖 @patchback |
|
@fgruenbauer thanks for fixing this! |
patchback bot
pushed a commit
that referenced
this pull request
Sep 21, 2024
…t in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit ac302eb)
felixfontein
pushed a commit
that referenced
this pull request
Sep 21, 2024
…`krbPrincipalAttribute` to `''` if unset in kc responses (#8891) keycloak_user_federation: set `krbPrincipalAttribute` to `''` if unset in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit ac302eb) Co-authored-by: fgruenbauer <[email protected]>
felixfontein
pushed a commit
that referenced
this pull request
Sep 21, 2024
…`krbPrincipalAttribute` to `''` if unset in kc responses (#8892) keycloak_user_federation: set `krbPrincipalAttribute` to `''` if unset in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit ac302eb) Co-authored-by: fgruenbauer <[email protected]>
aioue
pushed a commit
to aioue/community.general
that referenced
this pull request
Oct 1, 2024
…t in kc responses (ansible-collections#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Issue:
The
keycloak_user_federationmodule always detects a change in check mode if the parameterkrbPrincipalAttributeis set to''. The empty string is a valid value:community.general/plugins/modules/keycloak_user_federation.py
Line 354 in 96d5e6e
Keycloak completely removes the parameter
krbPrincipalAttributeif it is set to''. So subsequent check runs always detect a change. In a normal run the module would always make an update (its the same change check), but compare the before and after responses afterwards, in both of which the parameter is not present. In the check diff this is already fixed by setting''in the sanitize function if the parameter is not present (see 8320).Proposed solution:
Normalize the keycloak responses (before and after) by setting
krbPrincipalAttribute = ''if the parameter is not present in the response.ISSUE TYPE
COMPONENT NAME
keycloak_user_federation
ADDITIONAL INFORMATION
krbPrincipalAttribute = ''for the module