[PR #8785/ac302eb7 backport][stable-9] keycloak_user_federation: set `krbPrincipalAttribute` to `''` if unset in kc responses (#8892)

keycloak_user_federation: set `krbPrincipalAttribute` to `''` if unset in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit ac302eb77d) Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
2024-09-21 10:42:43 +03:00 · 2024-09-21 10:42:43 +03:00 · 8152cb3e1f
parent eae0c4f92b
commit 8152cb3e1f
2 changed files with 14 additions and 3 deletions
--- a/changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml
+++ b/changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml
@ -0,0 +1,2 @@
 bugfixes:
  - keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785).
--- a/plugins/modules/keycloak_user_federation.py
+++ b/plugins/modules/keycloak_user_federation.py
@ -721,15 +721,20 @@ from ansible.module_utils.six.moves.urllib.parse import urlencode
 from copy import deepcopy
 def normalize_kc_comp(comp):
    # kc completely removes the parameter `krbPrincipalAttribute` if it is set to `''`; the unset kc parameter is equivalent to `''`;
    # to make change detection and diff more accurate we set it again in the kc responses
    if 'config' in comp:
        if 'krbPrincipalAttribute' not in comp['config']:
            comp['config']['krbPrincipalAttribute'] = ['']
 def sanitize(comp):
    compcopy = deepcopy(comp)
    if 'config' in compcopy:
        compcopy['config'] = {k: v[0] for k, v in compcopy['config'].items()}
        if 'bindCredential' in compcopy['config']:
            compcopy['config']['bindCredential'] = '**********'
        # an empty string is valid for krbPrincipalAttribute but is filtered out in diff
        if 'krbPrincipalAttribute' not in compcopy['config']:
            compcopy['config']['krbPrincipalAttribute'] = ''
    if 'mappers' in compcopy:
        for mapper in compcopy['mappers']:
            if 'config' in mapper:
@ -885,6 +890,8 @@ def main():
    if cid is not None and before_comp:
        before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '')
    normalize_kc_comp(before_comp)
    # Build a proposed changeset from parameters given to this module
    changeset = {}
@ -994,6 +1001,7 @@ def main():
                    kc.delete_component(default_mapper['id'], realm)
        after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm)
        normalize_kc_comp(after_comp)
        if module._diff:
            result['diff'] = dict(before='', after=sanitize(after_comp))
        result['end_state'] = sanitize(after_comp)
@ -1041,6 +1049,7 @@ def main():
            after_comp = kc.get_component(cid, realm)
            after_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '')
            normalize_kc_comp(after_comp)
            after_comp_sanitized = sanitize(after_comp)
            before_comp_sanitized = sanitize(before_comp)
            result['end_state'] = after_comp_sanitized
		`@ -0,0 +1,2 @@`
							`bugfixes:`
							- keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785).