keycloak_user_rolemapping: handle None response for client role lookup (#11471)

* fix(keycloak_user_rolemapping): handle None response for client role lookup When adding a client role to a user who has no existing roles for that client, get_client_user_rolemapping_by_id() returns None. The existing code indexed directly into the result causing a TypeError. Add the same None check that already existed for realm roles since PR #11256. Fixes #10960 * fix(tests): use dict format for task vars in keycloak_user_rolemapping tests Task-level vars requires a YAML mapping, not a sequence. The leading dash (- roles:) produced a list instead of a dict, which ansible-core 2.20 rejects with "Vars in a Task must be specified as a dictionary". * Update changelogs/fragments/keycloak-user-rolemapping-client-none-check.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
2026-03-22 05:09:12 +00:00 · 2026-02-18 20:24:35 +01:00 · 2026-02-18 20:24:35 +01:00 · 34938ca1ef
commit 34938ca1ef
parent 80d21f2a0d
4 changed files with 73 additions and 11 deletions
--- a/plugins/modules/keycloak_user_rolemapping.py
+++ b/plugins/modules/keycloak_user_rolemapping.py
@ -356,9 +356,9 @@ def main():
                    if role_rep is not None:
                        role["name"] = role_rep["name"]
                else:
-                    role["name"] = kc.get_client_user_rolemapping_by_id(
-                        uid=uid, cid=cid, rid=role.get("id"), realm=realm
-                    )["name"]
+                    role_rep = kc.get_client_user_rolemapping_by_id(uid=uid, cid=cid, rid=role.get("id"), realm=realm)
+                    if role_rep is not None:
+                        role["name"] = role_rep["name"]
                if role.get("name") is None:
                    module.fail_json(
                        msg=f"Could not fetch role {role.get('id')} for client_id {client_id} or realm {realm}"