keycloak_realm does not reassign user roles
Opened this issue · 0 comments
guidograzioli commented
ISSUE TYPE
- Bug Report
SUMMARY
Re-executing the keycloak_realm role with renamed roles does not reassign users to new role names. Also renamed roles are not purged.
ANSIBLE VERSION
ansible [core 2.13.3]
COLLECTION VERSION
1.1.0
STEPS TO REPRODUCE
Execute with following:
- include_role:
name: sso_realm
apply:
delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true
vars:
sso_admin_password: "{{ admin_pass }}"
sso_realm: addressbook
sso_clients:
- name: addressbook
client_id: addressbook
roles:
- admin
- user
realm: addressbook
public_client: False
web_origins: '+'
users:
- username: flangeadmin
email: ansible-middleware-core@redhat.com
firstName: Flange
lastName: Admin
password: password
client_roles:
- client: addressbook
role: admin
realm: addressbook
- client: addressbook
role: user
realm: addressbook
- username: flangeuser
email: ggraziol@redhat.com
firstName: Flange
lastName: User
password: password
client_roles:
- client: addressbook
role: user
realm: addressbook
then execute again with:
- include_role:
name: sso_realm
apply:
delegate_to: "{{ ansible_play_hosts | first }}"
run_once: true
vars:
sso_admin_password: "{{ admin_pass }}"
sso_realm: addressbook
sso_clients:
- name: addressbook
client_id: addressbook
roles:
- flangeadmin
- flangeuser
realm: addressbook
public_client: False
web_origins: '+'
users:
- username: flangeadmin
email: ansible-middleware-core@redhat.com
firstName: Flange
lastName: Admin
password: password
client_roles:
- client: addressbook
role: flangeadmin
realm: addressbook
- client: addressbook
role: flangeuser
realm: addressbook
- username: flangeuser
email: ggraziol@redhat.com
firstName: Flange
lastName: User
password: password
client_roles:
- client: addressbook
role: flangeuser
realm: addressbook
ie. rename the roles admin->flangeadmin user->flangeuser and reassign flangeadmin user to flangeadmin role (same for flangeuser)
EXPECTED RESULTS
flangeadmin has roles [ flangeadmin, flangeuser]
flangeuser has role [ flangeuser ]
roles admin and user are purged
ACTUAL RESULTS
flangeadmin has roles [ admin, user]
flangeuser has role [ user ]