mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-03-22 05:09:12 +00:00
d637db7623
keycloak: URL-encode query parameters for usernames with special characters (#11472)
* fix(keycloak): URL-encode query params for usernames with special chars
get_user_by_username() concatenates the username directly into the URL
query string. When the username contains a +, it is interpreted as a
space by the server, returning no match and causing a TypeError.
Use urllib.parse.quote() (already imported) for the username parameter.
Also replace three fragile .replace(' ', '%20') calls in the authz
search methods with proper quote() calls.
Fixes #10305
* Update changelogs/fragments/keycloak-url-encode-query-params.yml
---------
(cherry picked from commit c41de53dbb)
Co-authored-by: Ivan Kokalovic <67540157+koke1997@users.noreply.github.com>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
170 lines
4.8 KiB
YAML
170 lines
4.8 KiB
YAML
# Copyright (c) 2022, Dušan Marković (@bratwurzt)
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: Create realm
|
|
community.general.keycloak_realm:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
id: "{{ realm }}"
|
|
realm: "{{ realm }}"
|
|
state: present
|
|
|
|
- name: Create new realm role
|
|
community.general.keycloak_role:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: "{{ role }}"
|
|
description: "{{ description_1 }}"
|
|
state: present
|
|
|
|
- name: Create client
|
|
community.general.keycloak_client:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
client_id: "{{ client_id }}"
|
|
service_accounts_enabled: true
|
|
state: present
|
|
register: client
|
|
|
|
|
|
- name: Create new client role
|
|
community.general.keycloak_role:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
client_id: "{{ client_id }}"
|
|
name: "{{ keycloak_client_role }}"
|
|
description: "{{ description_1 }}"
|
|
state: present
|
|
|
|
- name: Create new groups
|
|
community.general.keycloak_group:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
realm: "{{ realm }}"
|
|
name: "{{ item.name }}"
|
|
state: present
|
|
with_items: "{{ keycloak_user_groups }}"
|
|
|
|
- name: Create user
|
|
community.general.keycloak_user:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
username: "{{ keycloak_username }}"
|
|
realm: "{{ realm }}"
|
|
first_name: Ceciestes
|
|
last_name: Untestes
|
|
email: ceciestuntestes@test.com
|
|
groups: "{{ keycloak_user_groups }}"
|
|
attributes: "{{ keycloak_user_attributes }}"
|
|
state: present
|
|
register: create_result
|
|
|
|
- name: debug
|
|
debug:
|
|
var: create_result
|
|
|
|
- name: Assert user is created
|
|
assert:
|
|
that:
|
|
- create_result.changed
|
|
- create_result.end_state.username == 'test'
|
|
- create_result.end_state.attributes | length == 3
|
|
- create_result.end_state.groups | length == 2
|
|
|
|
- name: Delete User
|
|
community.general.keycloak_user:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
username: "{{ keycloak_username }}"
|
|
realm: "{{ realm }}"
|
|
first_name: Ceciestes
|
|
last_name: Untestes
|
|
email: ceciestuntestes@test.com
|
|
groups: "{{ keycloak_user_groups }}"
|
|
attributes: "{{ keycloak_user_attributes }}"
|
|
state: absent
|
|
register: delete_result
|
|
|
|
- name: debug
|
|
debug:
|
|
var: delete_result
|
|
|
|
- name: Assert user is deleted
|
|
assert:
|
|
that:
|
|
- delete_result.changed
|
|
- delete_result.end_state | length == 0
|
|
|
|
- name: Create user with plus-addressed email
|
|
community.general.keycloak_user:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
username: "testuser+tag"
|
|
realm: "{{ realm }}"
|
|
first_name: Plus
|
|
last_name: User
|
|
email: "testuser+tag@example.org"
|
|
state: present
|
|
register: plus_create_result
|
|
|
|
- name: Assert plus-addressed user is created
|
|
assert:
|
|
that:
|
|
- plus_create_result.changed
|
|
- plus_create_result.end_state.username == 'testuser+tag'
|
|
- plus_create_result.end_state.email == 'testuser+tag@example.org'
|
|
|
|
- name: Re-run plus-addressed user creation (idempotency)
|
|
community.general.keycloak_user:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
username: "testuser+tag"
|
|
realm: "{{ realm }}"
|
|
first_name: Plus
|
|
last_name: User
|
|
email: "testuser+tag@example.org"
|
|
state: present
|
|
register: plus_idempotent_result
|
|
|
|
- name: Assert plus-addressed user is idempotent
|
|
assert:
|
|
that:
|
|
- plus_idempotent_result is not changed
|
|
|
|
- name: Delete plus-addressed user
|
|
community.general.keycloak_user:
|
|
auth_keycloak_url: "{{ url }}"
|
|
auth_username: "{{ admin_user }}"
|
|
auth_password: "{{ admin_password }}"
|
|
auth_realm: "{{ admin_realm }}"
|
|
username: "testuser+tag"
|
|
realm: "{{ realm }}"
|
|
state: absent
|
|
register: plus_delete_result
|
|
|
|
- name: Assert plus-addressed user is deleted
|
|
assert:
|
|
that:
|
|
- plus_delete_result.changed
|