community.general
community.general copied to clipboard
Published
20 hours ago •
ansible-collections
ansible-collections
community.general.keycloak_client default_role adding doesn't work
Summary
Using ansible task trying to create a Keycloak client with some predefined client's roles. Client is being created, but there are no roles in there.
Issue Type
Bug Report
Component Name
plugins/modules/keycloak_client.py
Ansible Version
$ ansible --version
ansible [core 2.15.1]
config file = None
configured module search path = ['/home/yser/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/user/.local/lib/python3.10/site-packages/ansible
ansible collection location = /home/user/.ansible/collections:/usr/share/ansible/collections
executable location = /usr/bin/ansible
python version = 3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0] (/usr/bin/python3)
jinja version = 3.1.2
libyaml = True
Community.general Version
$ ansible-galaxy collection list community.general
community.general
# /home/user/.ansible/collections/ansible_collections
Collection Version
----------------- -------
community.general 8.1.0
# /usr/lib/python3/dist-packages/ansible_collections
Collection Version
----------------- -------
community.general 1.3.6
Configuration
$ ansible-config dump --only-changed
CONFIG_FILE() = None
OS / Environment
Ubuntu 22.04 LTS Keycloak 23.0.3
Steps to Reproduce
---
- hosts: localhost
connection: local
vars:
password: password
tasks:
- name: Add a new business client to test realm
community.general.keycloak_client:
auth_keycloak_url: https://keycloak.domain.org
auth_realm: test
auth_username: supervisor
auth_password: "{{ password }}"
client_id: test-ansible-add-client
realm: test
name: this_is_a_test
description: Name of the Client
root_url: https://www.example.com/
admin_url: https://www.example.com/admin_url
base_url: https://www.example.com/
enabled: true
redirect_uris:
- https://www.example.com/*
- http://localhost:8888/
web_origins:
- https://www.example.com/*
standard_flow_enabled: true
bearer_only: false
consent_required: false
direct_access_grants_enabled: false
service_accounts_enabled: false
authorization_services_enabled: false
public_client: true
frontchannel_logout: true
protocol: openid-connect
full_scope_allowed: false
always_display_in_console: false
default_roles:
- role_1
- role_2
protocol_mappers:
- config:
consentRequired: false
access.token.claim: true
id.token.claim: false
userinfo.token.claim: true
introspection.token.claim: false
claim.name: personal_id
jsonType.label: String
user.attribute: personal_id
name: client-name-environment-personal-id-mapper
protocol: openid-connect
protocolMapper: oidc-usermodel-attribute-mapper
state: present
delegate_to: localhost
Where adding roles is:
...
default_roles:
- role_1
- role_2
Expected Results
Client test-ansible-add-client is being created with roles in it: - role_1 - role_2
Actual Results
Client test-ansible-add-client is being created with no roles in it. But mapper is there.
changed: [localhost] => {
"changed": true,
"diff": {},
"end_state": {
"access": {
"configure": true,
"manage": true,
"view": true
},
"adminUrl": "https://www.example.com/admin_url",
"alwaysDisplayInConsole": false,
"attributes": [
"backchannel.logout.revoke.offline.tokens",
"backchannel.logout.session.required"
],
"authenticationFlowBindingOverrides": {},
"baseUrl": "https://www.example.com/",
"bearerOnly": false,
"clientAuthenticatorType": "client-secret",
"clientId": "test-ansible-add-client",
"consentRequired": false,
"defaultClientScopes": [
"web-origins",
"acr",
"profile",
"email"
],
"description": "Name of the Client",
"directAccessGrantsEnabled": false,
"enabled": true,
"frontchannelLogout": true,
"fullScopeAllowed": false,
"id": "735de845-209c-4a71-af61-2839a1f8f93d",
"implicitFlowEnabled": false,
"name": "this_is_a_test",
"nodeReRegistrationTimeout": -1,
"notBefore": 0,
"optionalClientScopes": [
"address",
"phone",
"offline_access",
"roles",
"microprofile-jwt"
],
"protocol": "openid-connect",
"protocolMappers": [
{
"config": {
"access.token.claim": "true",
"claim.name": "personal_id",
"consentRequired": "false",
"id.token.claim": "false",
"introspection.token.claim": "false",
"jsonType.label": "String",
"user.attribute": "personal_id",
"userinfo.token.claim": "true"
},
"consentRequired": false,
"id": "45eaddf6-db22-4fb7-b874-56a31a4f7251",
"name": "client-name-environment-personal-id-mapper",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper"
}
],
"publicClient": true,
"redirectUris": [
"http://localhost:8888/",
"https://www.example.com/*"
],
"rootUrl": "https://www.example.com/",
"serviceAccountsEnabled": false,
"standardFlowEnabled": true,
"surrogateAuthRequired": false,
"webOrigins": [
"https://www.example.com/*"
]
},
"existing": {},
"invocation": {
"module_args": {
"admin_url": "https://www.example.com/admin_url",
"always_display_in_console": false,
"attributes": null,
"auth_client_id": "admin-cli",
"auth_client_secret": null,
"auth_keycloak_url": "https://keycloak.domain.org",
"auth_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"auth_realm": "test",
"auth_username": "supervisor",
"authentication_flow_binding_overrides": null,
"authorization_services_enabled": false,
"authorization_settings": null,
"base_url": "https://www.example.com/",
"bearer_only": false,
"client_authenticator_type": null,
"client_id": "test-ansible-add-client",
"client_template": null,
"connection_timeout": 10,
"consent_required": false,
"default_client_scopes": null,
"default_roles": [
"role_1",
"role_2"
],
"description": "Name of the Client",
"direct_access_grants_enabled": false,
"enabled": true,
"frontchannel_logout": true,
"full_scope_allowed": false,
"http_agent": "Ansible",
"id": null,
"implicit_flow_enabled": null,
"name": "this_is_a_test",
"node_re_registration_timeout": null,
"not_before": null,
"optional_client_scopes": null,
"protocol": "openid-connect",
"protocol_mappers": [
{
"config": {
"access.token.claim": true,
"claim.name": "personal_id",
"consentRequired": false,
"id.token.claim": false,
"introspection.token.claim": false,
"jsonType.label": "String",
"user.attribute": "personal_id",
"userinfo.token.claim": true
},
"consentRequired": null,
"consentText": null,
"id": null,
"name": "client-name-environment-personal-id-mapper",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper"
}
],
"public_client": true,
"realm": "test",
"redirect_uris": [
"https://www.example.com/*",
"http://localhost:8888/"
],
"registered_nodes": null,
"registration_access_token": null,
"root_url": "https://www.example.com/",
"secret": null,
"service_accounts_enabled": false,
"standard_flow_enabled": true,
"state": "present",
"surrogate_auth_required": null,
"token": null,
"use_template_config": null,
"use_template_mappers": null,
"use_template_scope": null,
"validate_certs": true,
"web_origins": [
"https://www.example.com/*"
]
}
},
"msg": "Client test-ansible-add-client has been created.",
"proposed": {
"adminUrl": "https://www.example.com/admin_url",
"alwaysDisplayInConsole": false,
"authorizationServicesEnabled": false,
"baseUrl": "https://www.example.com/",
"bearerOnly": false,
"clientId": "test-ansible-add-client",
"consentRequired": false,
"defaultRoles": [
"role_1",
"role_2"
],
"description": "Name of the Client",
"directAccessGrantsEnabled": false,
"enabled": true,
"frontchannelLogout": true,
"fullScopeAllowed": false,
"name": "this_is_a_test",
"protocol": "openid-connect",
"protocolMappers": [
{
"config": {
"access.token.claim": true,
"claim.name": "personal_id",
"consentRequired": false,
"id.token.claim": false,
"introspection.token.claim": false,
"jsonType.label": "String",
"user.attribute": "personal_id",
"userinfo.token.claim": true
},
"consentRequired": false,
"name": "client-name-environment-personal-id-mapper",
"protocol": "openid-connect",
"protocolMapper": "oidc-usermodel-attribute-mapper"
}
],
"publicClient": true,
"redirectUris": [
"http://localhost:8888/",
"https://www.example.com/*"
],
"rootUrl": "https://www.example.com/",
"serviceAccountsEnabled": false,
"standardFlowEnabled": true,
"webOrigins": [
"https://www.example.com/*"
]
}
}
Code of Conduct
- [X] I agree to follow the Ansible Code of Conduct
