keycloak: URL-encode query parameters for usernames with special characters (#11472)

* fix(keycloak): URL-encode query params for usernames with special chars get_user_by_username() concatenates the username directly into the URL query string. When the username contains a +, it is interpreted as a space by the server, returning no match and causing a TypeError. Use urllib.parse.quote() (already imported) for the username parameter. Also replace three fragile .replace(' ', '%20') calls in the authz search methods with proper quote() calls. Fixes #10305 * Update changelogs/fragments/keycloak-url-encode-query-params.yml Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> --------- Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2026-03-22 05:09:12 +00:00 · 2026-02-06 07:10:55 +01:00 · 2026-02-06 07:10:55 +01:00 · c41de53dbb
commit c41de53dbb
parent b236772e57
3 changed files with 67 additions and 4 deletions
--- a/tests/integration/targets/keycloak_user/tasks/main.yml
+++ b/tests/integration/targets/keycloak_user/tasks/main.yml
@ -112,3 +112,59 @@
    that:
      - delete_result.changed
      - delete_result.end_state | length == 0
+
+- name: Create user with plus-addressed email
+  community.general.keycloak_user:
+    auth_keycloak_url: "{{ url }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    auth_realm: "{{ admin_realm }}"
+    username: "testuser+tag"
+    realm: "{{ realm }}"
+    first_name: Plus
+    last_name: User
+    email: "testuser+tag@example.org"
+    state: present
+  register: plus_create_result
+
+- name: Assert plus-addressed user is created
+  assert:
+    that:
+      - plus_create_result.changed
+      - plus_create_result.end_state.username == 'testuser+tag'
+      - plus_create_result.end_state.email == 'testuser+tag@example.org'
+
+- name: Re-run plus-addressed user creation (idempotency)
+  community.general.keycloak_user:
+    auth_keycloak_url: "{{ url }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    auth_realm: "{{ admin_realm }}"
+    username: "testuser+tag"
+    realm: "{{ realm }}"
+    first_name: Plus
+    last_name: User
+    email: "testuser+tag@example.org"
+    state: present
+  register: plus_idempotent_result
+
+- name: Assert plus-addressed user is idempotent
+  assert:
+    that:
+      - plus_idempotent_result is not changed
+
+- name: Delete plus-addressed user
+  community.general.keycloak_user:
+    auth_keycloak_url: "{{ url }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    auth_realm: "{{ admin_realm }}"
+    username: "testuser+tag"
+    realm: "{{ realm }}"
+    state: absent
+  register: plus_delete_result
+
+- name: Assert plus-addressed user is deleted
+  assert:
+    that:
+      - plus_delete_result.changed