ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-03-22 05:09:12 +00:00
Code Activity

keycloak_realm_key: handle missing config fields for default keys (#11470)

Browse source 
* fix(keycloak_realm_key): handle missing config fields for default keys

Keycloak API may not return 'active', 'enabled', or 'algorithm' fields
in the config response for default/auto-generated realm keys. This caused
a KeyError when the module tried to compare these fields during state
detection.

Use .get() with the expected value as default to handle missing fields
gracefully, treating them as unchanged if not present in the API response.

Fixes: #11459

* add PR link to changelog entry per review feedback
This commit is contained in:
Ivan Kokalovic 2026-02-07 16:21:32 +01:00 committed by GitHub
parent af4dbafe86
commit 106817316d
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 15 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

5
changelogs/fragments/keycloak-realm-key-keyerror-bugfix.yml Normal file
View file

@ -0,0 +1,5 @@
bugfixes:
- keycloak_realm_key - fix ``KeyError`` crash when managing realm keys where Keycloak
does not return ``active``, ``enabled``, or ``algorithm`` fields in the config
response (https://github.com/ansible-collections/community.general/issues/11459,
https://github.com/ansible-collections/community.general/pull/11470).

13
plugins/modules/keycloak_realm_key.py
View file

@ -402,10 +402,17 @@ def main():
result["changed"] = True result["changed"] = True
# Compare parameters under the "config" key # Compare parameters under the "config" key
# Note: Keycloak API may not return all config fields for default keys
# (e.g., 'active', 'enabled', 'algorithm' may be missing). Handle this
# gracefully by using .get() with defaults.
for p, v in changeset_copy["config"].items(): for p, v in changeset_copy["config"].items():
before_realm_key["config"][p] = key["config"][p] # Get the current value, defaulting to our expected value if not present
if v != key["config"][p]: # This handles the case where Keycloak does not return certain fields
changes += f"config.{p}: {key['config'][p]} -> {v}, " # for default/generated keys
current_value = key["config"].get(p, v)
before_realm_key["config"][p] = current_value
if v != current_value:
changes += f"config.{p}: {current_value} -> {v}, "
result["changed"] = True result["changed"] = True
# Sanitize linefeeds for the privateKey. Without this the JSON payload # Sanitize linefeeds for the privateKey. Without this the JSON payload