keycloak_user_federation: set krbPrincipalAttribute to '' if unse…

…t in kc responses (#8785) * set `krbPrincipalAttribute` to `''` if unset in kc before and after responses * add changelog fragment * Update changelogs/fragments/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit ac302eb)
ansible-collections · Sep 21, 2024 · c8dfc92 · c8dfc92
1 parent 57277e0
commit c8dfc92
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 3 deletions.
diff --git a/...s/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml b/...s/8785-keycloak_user_federation-set-krbPrincipalAttribute-to-empty-string-if-missing.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_user_federation - minimize change detection by setting ``krbPrincipalAttribute`` to ``''`` in Keycloak responses if missing (https://github.com/ansible-collections/community.general/pull/8785).
diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py
@@ -721,15 +721,20 @@
 from copy import deepcopy
 
 
+def normalize_kc_comp(comp):
+    # kc completely removes the parameter `krbPrincipalAttribute` if it is set to `''`; the unset kc parameter is equivalent to `''`;
+    # to make change detection and diff more accurate we set it again in the kc responses
+    if 'config' in comp:
+        if 'krbPrincipalAttribute' not in comp['config']:
+            comp['config']['krbPrincipalAttribute'] = ['']
+
+
 def sanitize(comp):
     compcopy = deepcopy(comp)
     if 'config' in compcopy:
         compcopy['config'] = {k: v[0] for k, v in compcopy['config'].items()}
         if 'bindCredential' in compcopy['config']:
             compcopy['config']['bindCredential'] = '**********'
-        # an empty string is valid for krbPrincipalAttribute but is filtered out in diff
-        if 'krbPrincipalAttribute' not in compcopy['config']:
-            compcopy['config']['krbPrincipalAttribute'] = ''
     if 'mappers' in compcopy:
         for mapper in compcopy['mappers']:
             if 'config' in mapper:
@@ -885,6 +890,8 @@ def main():
     if cid is not None and before_comp:
         before_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '')
 
+    normalize_kc_comp(before_comp)
+
     # Build a proposed changeset from parameters given to this module
     changeset = {}
 
@@ -994,6 +1001,7 @@ def main():
                     kc.delete_component(default_mapper['id'], realm)
 
         after_comp['mappers'] = kc.get_components(urlencode(dict(parent=cid)), realm)
+        normalize_kc_comp(after_comp)
         if module._diff:
             result['diff'] = dict(before='', after=sanitize(after_comp))
         result['end_state'] = sanitize(after_comp)
@@ -1041,6 +1049,7 @@ def main():
 
             after_comp = kc.get_component(cid, realm)
             after_comp['mappers'] = sorted(kc.get_components(urlencode(dict(parent=cid)), realm), key=lambda x: x.get('name') or '')
+            normalize_kc_comp(after_comp)
             after_comp_sanitized = sanitize(after_comp)
             before_comp_sanitized = sanitize(before_comp)
             result['end_state'] = after_comp_sanitized