Skip to content

Commit

Permalink
keycloak_group: fix subgroup creation in Keycloak ≥23 (ansible-collec…
Browse files Browse the repository at this point in the history
…tions#8979)

* keycloak_group: fix subgroup creation in Keycloak ≥23

* Add changelog fragment

* Include issue and pull request in changelog fragment

Co-authored-by: Felix Fontein <[email protected]>

* Use new way to get subgroups when getting a subgroup chain

* Fix indent

---------

Co-authored-by: Felix Fontein <[email protected]>
  • Loading branch information
vgaudard and felixfontein authored Oct 19, 2024
1 parent b1f4604 commit 658637d
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 2 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/8979-keycloak_group-fix-subgroups.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- keycloak_group - fix crash caused in subgroup creation. The crash was caused by a missing or empty ``subGroups`` property in Keycloak ≥23 (https://github.com/ansible-collections/community.general/issues/8788, https://github.com/ansible-collections/community.general/pull/8979).
21 changes: 19 additions & 2 deletions plugins/module_utils/identity/keycloak/keycloak.py
Original file line number Diff line number Diff line change
Expand Up @@ -1499,6 +1499,23 @@ def get_group_by_groupid(self, gid, realm="master"):
self.module.fail_json(msg="Could not fetch group %s in realm %s: %s"
% (gid, realm, str(e)))

def get_subgroups(self, parent, realm="master"):
if 'subGroupCount' in parent:
# Since version 23, when GETting a group Keycloak does not
# return subGroups but only a subGroupCount.
# Children must be fetched in a second request.
if parent['subGroupCount'] == 0:
group_children = []
else:
group_children_url = URL_GROUP_CHILDREN.format(url=self.baseurl, realm=realm, groupid=parent['id'])
group_children = json.loads(to_native(open_url(group_children_url, method="GET", http_agent=self.http_agent, headers=self.restheaders,
timeout=self.connection_timeout,
validate_certs=self.validate_certs).read()))
subgroups = group_children
else:
subgroups = parent['subGroups']
return subgroups

def get_group_by_name(self, name, realm="master", parents=None):
""" Fetch a keycloak group within a realm based on its name.
Expand All @@ -1519,7 +1536,7 @@ def get_group_by_name(self, name, realm="master", parents=None):
if not parent:
return None

all_groups = parent['subGroups']
all_groups = self.get_subgroups(parent, realm)
else:
all_groups = self.get_groups(realm=realm)

Expand Down Expand Up @@ -1568,7 +1585,7 @@ def get_subgroup_by_chain(self, name_chain, realm="master"):
return None

for p in name_chain[1:]:
for sg in tmp['subGroups']:
for sg in self.get_subgroups(tmp):
pv, is_id = self._get_normed_group_parent(p)

if is_id:
Expand Down

0 comments on commit 658637d

Please sign in to comment.