ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-02-04 07:51:50 +00:00
Code Activity
community.general/tests/unit/plugins/modules/test_keycloak_identity_provider.py
Felix Fontein 236b9c0e04
Sort imports with ruff check --fix (#11400) 
Sort imports with ruff check --fix.
2026-01-09 07:40:58 +01:00

909 lines
39 KiB
Python
Raw Blame History

# Copyright (c) 2021, Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
from __future__ import annotations
from contextlib import contextmanager
from io import StringIO
from itertools import count
from unittest.mock import patch
from ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import (
AnsibleExitJson,
ModuleTestCase,
set_module_args,
)
from ansible_collections.community.general.plugins.modules import keycloak_identity_provider
@contextmanager
def patch_keycloak_api(
get_identity_provider,
create_identity_provider=None,
update_identity_provider=None,
delete_identity_provider=None,
get_identity_provider_mappers=None,
create_identity_provider_mapper=None,
update_identity_provider_mapper=None,
delete_identity_provider_mapper=None,
get_realm_by_id=None,
):
"""Mock context manager for patching the methods in PwPolicyIPAClient that contact the IPA server
Patches the `login` and `_post_json` methods
Keyword arguments are passed to the mock object that patches `_post_json`
No arguments are passed to the mock object that patches `login` because no tests require it
Example::
with patch_ipa(return_value={}) as (mock_login, mock_post):
...
"""
obj = keycloak_identity_provider.KeycloakAPI
with patch.object(obj, "get_identity_provider", side_effect=get_identity_provider) as mock_get_identity_provider:
with patch.object(
obj, "create_identity_provider", side_effect=create_identity_provider
) as mock_create_identity_provider:
with patch.object(
obj, "update_identity_provider", side_effect=update_identity_provider
) as mock_update_identity_provider:
with patch.object(
obj, "delete_identity_provider", side_effect=delete_identity_provider
) as mock_delete_identity_provider:
with patch.object(
obj, "get_identity_provider_mappers", side_effect=get_identity_provider_mappers
) as mock_get_identity_provider_mappers:
with patch.object(
obj, "create_identity_provider_mapper", side_effect=create_identity_provider_mapper
) as mock_create_identity_provider_mapper:
with patch.object(
obj, "update_identity_provider_mapper", side_effect=update_identity_provider_mapper
) as mock_update_identity_provider_mapper:
with patch.object(
obj, "delete_identity_provider_mapper", side_effect=delete_identity_provider_mapper
) as mock_delete_identity_provider_mapper:
with patch.object(
obj, "get_realm_by_id", side_effect=get_realm_by_id
) as mock_get_realm_by_id:
yield (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
)
def get_response(object_with_future_response, method, get_id_call_count):
if callable(object_with_future_response):
return object_with_future_response()
if isinstance(object_with_future_response, dict):
return get_response(object_with_future_response[method], method, get_id_call_count)
if isinstance(object_with_future_response, list):
call_number = next(get_id_call_count)
return get_response(object_with_future_response[call_number], method, get_id_call_count)
return object_with_future_response
def build_mocked_request(get_id_user_count, response_dict):
def _mocked_requests(*args, **kwargs):
url = args[0]
method = kwargs["method"]
future_response = response_dict.get(url, None)
return get_response(future_response, method, get_id_user_count)
return _mocked_requests
def create_wrapper(text_as_string):
"""Allow to mock many times a call to one address.
Without this function, the StringIO is empty for the second call.
"""
def _create_wrapper():
return StringIO(text_as_string)
return _create_wrapper
def mock_good_connection():
token_response = {
"http://keycloak.url/auth/realms/master/protocol/openid-connect/token": create_wrapper(
'{"access_token": "alongtoken"}'
),
}
return patch(
"ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak.open_url",
side_effect=build_mocked_request(count(), token_response),
autospec=True,
)
class TestKeycloakIdentityProvider(ModuleTestCase):
def setUp(self):
super().setUp()
self.module = keycloak_identity_provider
def test_create_when_absent(self):
"""Add a new identity provider"""
module_args = {
"auth_keycloak_url": "http://keycloak.url/auth",
"auth_password": "admin",
"auth_realm": "master",
"auth_username": "admin",
"auth_client_id": "admin-cli",
"validate_certs": True,
"realm": "realm-name",
"alias": "oidc-idp",
"display_name": "OpenID Connect IdP",
"enabled": True,
"provider_id": "oidc",
"config": {
"issuer": "https://idp.example.com",
"authorizationUrl": "https://idp.example.com/auth",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"syncMode": "FORCE",
},
"mappers": [
{
"name": "first_name",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "first_name",
"user.attribute": "first_name",
"syncMode": "INHERIT",
},
},
{
"name": "last_name",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "last_name",
"user.attribute": "last_name",
"syncMode": "INHERIT",
},
},
],
}
return_value_idp_get = [
None,
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "no_log",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
},
]
return_value_mappers_get = [
[
{
"config": {"claim": "first_name", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
{
"config": {"claim": "last_name", "syncMode": "INHERIT", "user.attribute": "last_name"},
"id": "f00c61e0-34d9-4bed-82d1-7e45acfefc09",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "last_name",
},
]
]
return_value_realm_get = [
{
"id": "realm-name",
"realm": "realm-name",
"enabled": True,
"identityProviders": [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
}
],
},
]
return_value_idp_created = [None]
return_value_mapper_created = [None, None]
changed = True
# Run the module
with set_module_args(module_args):
with mock_good_connection():
with patch_keycloak_api(
get_identity_provider=return_value_idp_get,
get_identity_provider_mappers=return_value_mappers_get,
create_identity_provider=return_value_idp_created,
create_identity_provider_mapper=return_value_mapper_created,
get_realm_by_id=return_value_realm_get,
) as (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_identity_provider.mock_calls), 2)
self.assertEqual(len(mock_get_identity_provider_mappers.mock_calls), 1)
self.assertEqual(len(mock_get_realm_by_id.mock_calls), 1)
self.assertEqual(len(mock_create_identity_provider.mock_calls), 1)
self.assertEqual(len(mock_create_identity_provider_mapper.mock_calls), 2)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]["changed"], changed)
def test_update_when_present(self):
"""Update existing identity provider"""
module_args = {
"auth_keycloak_url": "http://keycloak.url/auth",
"auth_password": "admin",
"auth_realm": "master",
"auth_username": "admin",
"auth_client_id": "admin-cli",
"validate_certs": True,
"realm": "realm-name",
"alias": "oidc-idp",
"display_name": "OpenID Connect IdP",
"enabled": True,
"provider_id": "oidc",
"config": {
"issuer": "https://idp.example.com",
"authorizationUrl": "https://idp.example.com/auth",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"syncMode": "FORCE",
},
"mappers": [
{
"name": "username",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "username",
"user.attribute": "username",
"syncMode": "INHERIT",
},
},
{
"name": "first_name",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "first_name",
"user.attribute": "first_name",
"syncMode": "INHERIT",
},
},
{
"name": "last_name",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "last_name",
"user.attribute": "last_name",
"syncMode": "INHERIT",
},
},
],
}
return_value_idp_get = [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "no_log",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP changeme",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
},
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "no_log",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
},
]
return_value_mappers_get = [
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
},
{
"config": {"claim": "first_name_changeme", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
],
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
},
{
"config": {"claim": "first_name_changeme", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
],
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
},
{
"config": {"claim": "first_name_changeme", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
],
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
},
{
"config": {"claim": "first_name_changeme", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
],
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
},
{
"config": {"claim": "first_name", "syncMode": "INHERIT", "user.attribute": "first_name"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "first_name",
},
{
"config": {"claim": "last_name", "syncMode": "INHERIT", "user.attribute": "last_name"},
"id": "f00c61e0-34d9-4bed-82d1-7e45acfefc09",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "last_name",
},
],
]
return_value_realm_get = [
{
"id": "realm-name",
"realm": "realm-name",
"enabled": True,
"identityProviders": [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
}
],
},
{
"id": "realm-name",
"realm": "realm-name",
"enabled": True,
"identityProviders": [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
}
],
},
]
return_value_idp_updated = [None]
return_value_mapper_updated = [None]
return_value_mapper_created = [None]
changed = True
# Run the module
with set_module_args(module_args):
with mock_good_connection():
with patch_keycloak_api(
get_identity_provider=return_value_idp_get,
get_identity_provider_mappers=return_value_mappers_get,
update_identity_provider=return_value_idp_updated,
update_identity_provider_mapper=return_value_mapper_updated,
create_identity_provider_mapper=return_value_mapper_created,
get_realm_by_id=return_value_realm_get,
) as (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_identity_provider.mock_calls), 2)
self.assertEqual(len(mock_get_identity_provider_mappers.mock_calls), 5)
self.assertEqual(len(mock_get_realm_by_id.mock_calls), 2)
self.assertEqual(len(mock_update_identity_provider.mock_calls), 1)
self.assertEqual(len(mock_update_identity_provider_mapper.mock_calls), 1)
self.assertEqual(len(mock_create_identity_provider_mapper.mock_calls), 1)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]["changed"], changed)
def test_no_change_when_present(self):
"""Update existing identity provider"""
module_args = {
"auth_keycloak_url": "http://keycloak.url/auth",
"auth_password": "admin",
"auth_realm": "master",
"auth_username": "admin",
"auth_client_id": "admin-cli",
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP changeme",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
"mappers": [
{
"name": "username",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"config": {
"claim": "username",
"user.attribute": "username",
"syncMode": "INHERIT",
},
}
],
}
return_value_idp_get = [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "**********",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP changeme",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
},
]
return_value_mappers_get = [
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
}
],
[
{
"config": {"claim": "username", "syncMode": "INHERIT", "user.attribute": "username"},
"id": "616f11ba-b9ae-42ae-bd1b-bc618741c10b",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "username",
}
],
]
return_value_realm_get = [
{
"id": "realm-name",
"realm": "realm-name",
"enabled": True,
"identityProviders": [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "secret",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
}
],
}
]
return_value_idp_updated = [None]
return_value_mapper_updated = [None]
return_value_mapper_created = [None]
changed = False
# Run the module
with set_module_args(module_args):
with mock_good_connection():
with patch_keycloak_api(
get_identity_provider=return_value_idp_get,
get_identity_provider_mappers=return_value_mappers_get,
update_identity_provider=return_value_idp_updated,
update_identity_provider_mapper=return_value_mapper_updated,
create_identity_provider_mapper=return_value_mapper_created,
get_realm_by_id=return_value_realm_get,
) as (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_identity_provider.mock_calls), 1)
self.assertEqual(len(mock_get_identity_provider_mappers.mock_calls), 2)
self.assertEqual(len(mock_get_realm_by_id.mock_calls), 1)
self.assertEqual(len(mock_update_identity_provider.mock_calls), 0)
self.assertEqual(len(mock_update_identity_provider_mapper.mock_calls), 0)
self.assertEqual(len(mock_create_identity_provider_mapper.mock_calls), 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]["changed"], changed)
def test_delete_when_absent(self):
"""Remove an absent identity provider"""
module_args = {
"auth_keycloak_url": "http://keycloak.url/auth",
"auth_password": "admin",
"auth_realm": "master",
"auth_username": "admin",
"auth_client_id": "admin-cli",
"validate_certs": True,
"realm": "realm-name",
"alias": "oidc-idp",
"state": "absent",
}
return_value_idp_get = [None]
changed = False
# Run the module
with set_module_args(module_args):
with mock_good_connection():
with patch_keycloak_api(get_identity_provider=return_value_idp_get) as (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_identity_provider.mock_calls), 1)
self.assertEqual(len(mock_delete_identity_provider.mock_calls), 0)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]["changed"], changed)
def test_delete_when_present(self):
"""Remove an existing identity provider"""
module_args = {
"auth_keycloak_url": "http://keycloak.url/auth",
"auth_password": "admin",
"auth_realm": "master",
"auth_username": "admin",
"auth_client_id": "admin-cli",
"validate_certs": True,
"realm": "realm-name",
"alias": "oidc-idp",
"state": "absent",
}
return_value_idp_get = [
{
"addReadTokenRoleOnCreate": False,
"alias": "oidc-idp",
"authenticateByDefault": False,
"config": {
"authorizationUrl": "https://idp.example.com/auth",
"clientAuthMethod": "client_secret_post",
"clientId": "my-client",
"clientSecret": "no_log",
"issuer": "https://idp.example.com",
"syncMode": "FORCE",
"tokenUrl": "https://idp.example.com/token",
"userInfoUrl": "https://idp.example.com/userinfo",
},
"displayName": "OpenID Connect IdP",
"enabled": True,
"firstBrokerLoginFlowAlias": "first broker login",
"internalId": "7ab437d5-f2bb-4ecc-91a8-315349454da6",
"linkOnly": False,
"providerId": "oidc",
"storeToken": False,
"trustEmail": False,
},
None,
]
return_value_mappers_get = [
[
{
"config": {"claim": "email", "syncMode": "INHERIT", "user.attribute": "email"},
"id": "5fde49bb-93bd-4f5d-97d6-c5d0c1d07aef",
"identityProviderAlias": "oidc-idp",
"identityProviderMapper": "oidc-user-attribute-idp-mapper",
"name": "email",
}
]
]
return_value_realm_get = [
{
"id": "realm-name",
"realm": "realm-name",
"enabled": True,
"identityProviders": [
{
"alias": "oidc",
"displayName": "",
"internalId": "2bca4192-e816-4beb-bcba-190164eb55b8",
"providerId": "oidc",
"enabled": True,
"updateProfileFirstLoginMode": "on",
"trustEmail": False,
"storeToken": False,
"addReadTokenRoleOnCreate": False,
"authenticateByDefault": False,
"linkOnly": False,
"config": {
"validateSignature": "false",
"pkceEnabled": "false",
"tokenUrl": "https://localhost:8000",
"clientId": "asdf",
"authorizationUrl": "https://localhost:8000",
"clientAuthMethod": "client_secret_post",
"clientSecret": "real_secret",
"guiOrder": "0",
},
},
],
},
]
return_value_idp_deleted = [None]
changed = True
# Run the module
with set_module_args(module_args):
with mock_good_connection():
with patch_keycloak_api(
get_identity_provider=return_value_idp_get,
get_identity_provider_mappers=return_value_mappers_get,
delete_identity_provider=return_value_idp_deleted,
get_realm_by_id=return_value_realm_get,
) as (
mock_get_identity_provider,
mock_create_identity_provider,
mock_update_identity_provider,
mock_delete_identity_provider,
mock_get_identity_provider_mappers,
mock_create_identity_provider_mapper,
mock_update_identity_provider_mapper,
mock_delete_identity_provider_mapper,
mock_get_realm_by_id,
):
with self.assertRaises(AnsibleExitJson) as exec_info:
self.module.main()
self.assertEqual(len(mock_get_identity_provider.mock_calls), 1)
self.assertEqual(len(mock_get_identity_provider_mappers.mock_calls), 1)
self.assertEqual(len(mock_get_realm_by_id.mock_calls), 1)
self.assertEqual(len(mock_delete_identity_provider.mock_calls), 1)
# Verify that the module's changed status matches what is expected
self.assertIs(exec_info.exception.args[0]["changed"], changed)
View git blame Copy permalink