Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

keycloak_realm does not reassign user roles #43

Open
guidograzioli opened this issue Sep 29, 2022 · 0 comments
Open

keycloak_realm does not reassign user roles #43

guidograzioli opened this issue Sep 29, 2022 · 0 comments
Labels
bugfixes Fixes that resolve issues. SHOULD not be used for minor enhancements

Comments

@guidograzioli
Copy link
Member

ISSUE TYPE
  • Bug Report
SUMMARY

Re-executing the keycloak_realm role with renamed roles does not reassign users to new role names. Also renamed roles are not purged.

ANSIBLE VERSION
ansible [core 2.13.3]
COLLECTION VERSION
1.1.0
STEPS TO REPRODUCE

Execute with following:

    - include_role:
        name: sso_realm
        apply:
          delegate_to: "{{ ansible_play_hosts | first }}"
          run_once: true
      vars:
        sso_admin_password: "{{ admin_pass }}"
        sso_realm: addressbook
        sso_clients:
          - name: addressbook
            client_id: addressbook
            roles:
              - admin
              - user
            realm: addressbook
            public_client: False
            web_origins: '+'
            users:
              - username: flangeadmin
                email: [email protected]
                firstName: Flange
                lastName: Admin
                password: password
                client_roles:
                  - client: addressbook
                    role: admin
                    realm: addressbook
                  - client: addressbook
                    role: user
                    realm: addressbook
              - username: flangeuser
                email: [email protected]
                firstName: Flange
                lastName: User
                password: password
                client_roles:
                  - client: addressbook
                    role: user
                    realm: addressbook

then execute again with:

    - include_role:
        name: sso_realm
        apply:
          delegate_to: "{{ ansible_play_hosts | first }}"
          run_once: true
      vars:
        sso_admin_password: "{{ admin_pass }}"
        sso_realm: addressbook
        sso_clients:
          - name: addressbook
            client_id: addressbook
            roles:
              - flangeadmin
              - flangeuser
            realm: addressbook
            public_client: False
            web_origins: '+'
            users:
              - username: flangeadmin
                email: [email protected]
                firstName: Flange
                lastName: Admin
                password: password
                client_roles:
                  - client: addressbook
                    role: flangeadmin
                    realm: addressbook
                  - client: addressbook
                    role: flangeuser
                    realm: addressbook
              - username: flangeuser
                email: [email protected]
                firstName: Flange
                lastName: User
                password: password
                client_roles:
                  - client: addressbook
                    role: flangeuser
                    realm: addressbook

ie. rename the roles admin->flangeadmin user->flangeuser and reassign flangeadmin user to flangeadmin role (same for flangeuser)

EXPECTED RESULTS

flangeadmin has roles [ flangeadmin, flangeuser]
flangeuser has role [ flangeuser ]

roles admin and user are purged

ACTUAL RESULTS

flangeadmin has roles [ admin, user]
flangeuser has role [ user ]
@guidograzioli guidograzioli added the bugfixes Fixes that resolve issues. SHOULD not be used for minor enhancements label Sep 29, 2022
@RanabirChakraborty RanabirChakraborty added the hacktoberfest hacktoberfest issue for contributors label Sep 21, 2023
@guidograzioli guidograzioli removed the hacktoberfest hacktoberfest issue for contributors label Nov 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bugfixes Fixes that resolve issues. SHOULD not be used for minor enhancements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@guidograzioli @RanabirChakraborty