a-c-m
/
community.general
mirror of https://github.com/ansible-collections/community.general.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[PR #9263/2682ec47 backport][stable-10] keycloak_authentication: Fix priority attribute during execution updates (#9292) 

keycloak_authentication: Fix priority attribute during execution updates (#9263)

keycloak_authentication: Fix priority attribute during execution updates.

(cherry picked from commit 2682ec47d9)

Co-authored-by: Florian Apolloner <florian@apolloner.eu>
pull/9300/head
patchback[bot] 2024-12-20 23:06:31 +01:00 committed by GitHub
parent 910fb933a7
commit 5ab43f0ff1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
changelogs/fragments/9263-kc_authentication-api-priority.yaml Normal file
View File

@ -0,0 +1,2 @@
security_fixes:
- keycloak_authentication - API calls did not properly set the ``priority`` during update resulting in incorrectly sorted authentication flows. This apparently only affects Keycloak 25 or newer (https://github.com/ansible-collections/community.general/pull/9263).

11
plugins/modules/keycloak_authentication.py
View File

@ -257,6 +257,7 @@ def create_or_update_executions(kc, config, realm='master'):
changed = False
after = ""
before = ""
execution = None
if "authenticationExecutions" in config:
# Get existing executions on the Keycloak server for this alias
existing_executions = kc.get_executions_representation(config, realm=realm)
@ -283,27 +284,27 @@ def create_or_update_executions(kc, config, realm='master'):
if new_exec['index'] is None:
new_exec_index = exec_index
before += str(existing_executions[exec_index]) + '\n'
id_to_update = existing_executions[exec_index]["id"]
execution = existing_executions[exec_index].copy()
# Remove exec from list in case 2 exec with same name
existing_executions[exec_index].clear()
elif new_exec["providerId"] is not None:
kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm)
execution = kc.get_executions_representation(config, realm=realm)[exec_index]
exec_found = True
exec_index = new_exec_index
id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"]
after += str(new_exec) + '\n'
elif new_exec["displayName"] is not None:
kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec["subFlowType"])
execution = kc.get_executions_representation(config, realm=realm)[exec_index]
exec_found = True
exec_index = new_exec_index
id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"]
after += str(new_exec) + '\n'
if exec_found:
changed = True
if exec_index != -1:
# Update the existing execution
updated_exec = {
"id": id_to_update
"id": execution["id"]
}
# add the execution configuration
if new_exec["authenticationConfig"] is not None:
@ -313,6 +314,8 @@ def create_or_update_executions(kc, config, realm='master'):
if key not in ("flowAlias", "authenticationConfig", "subFlowType"):
updated_exec[key] = new_exec[key]
if new_exec["requirement"] is not None:
if "priority" in execution:
updated_exec["priority"] = execution["priority"]
kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm)
diff = exec_index - new_exec_index
kc.change_execution_priority(updated_exec["id"], diff, realm=realm)