ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-03-21 20:59:10 +00:00
Code Activity

keycloak: URL-encode query parameters for usernames with special characters (#11472)

Browse source 
* fix(keycloak): URL-encode query params for usernames with special chars

get_user_by_username() concatenates the username directly into the URL
query string. When the username contains a +, it is interpreted as a
space by the server, returning no match and causing a TypeError.

Use urllib.parse.quote() (already imported) for the username parameter.
Also replace three fragile .replace(' ', '%20') calls in the authz
search methods with proper quote() calls.

Fixes #10305

* Update changelogs/fragments/keycloak-url-encode-query-params.yml

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

---------

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
This commit is contained in:
Ivan Kokalovic 2026-02-06 07:10:55 +01:00 committed by GitHub
parent b236772e57
commit c41de53dbb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 67 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
plugins/module_utils/identity/keycloak/keycloak.py
View file

@ -998,7 +998,7 @@ class KeycloakAPI:
:param realm: Realm in which the user resides; default 'master'
"""
users_url = URL_USERS.format(url=self.baseurl, realm=realm)
users_url += f"?username={username}&exact=true"
users_url += f"?username={quote(username, safe='')}&exact=true"
try:
userrep = None
users = self._request_and_deserialize(users_url, method="GET")
@ -3018,7 +3018,7 @@ class KeycloakAPI:
def get_authz_permission_by_name(self, name, client_id, realm):
"""Get authorization permission by name"""
url = URL_AUTHZ_POLICIES.format(url=self.baseurl, client_id=client_id, realm=realm)
search_url = f"{url}/search?name={name.replace(' ', '%20')}"
search_url = f"{url}/search?name={quote(name, safe='')}"
try:
return self._request_and_deserialize(search_url, method="GET")
@ -3064,7 +3064,7 @@ class KeycloakAPI:
def get_authz_resource_by_name(self, name, client_id, realm):
"""Get authorization resource by name"""
url = URL_AUTHZ_RESOURCES.format(url=self.baseurl, client_id=client_id, realm=realm)
search_url = f"{url}/search?name={name.replace(' ', '%20')}"
search_url = f"{url}/search?name={quote(name, safe='')}"
try:
return self._request_and_deserialize(search_url, method="GET")
@ -3074,7 +3074,7 @@ class KeycloakAPI:
def get_authz_policy_by_name(self, name, client_id, realm):
"""Get authorization policy by name"""
url = URL_AUTHZ_POLICIES.format(url=self.baseurl, client_id=client_id, realm=realm)
search_url = f"{url}/search?name={name.replace(' ', '%20')}"
search_url = f"{url}/search?name={quote(name, safe='')}"
try:
return self._request_and_deserialize(search_url, method="GET")