Merge pull request #101 from laskasn/RCIAM-730

RCIAM-730
rciam · Jan 5, 2022 · d6573f9 · d6573f9
2 parents 3146f9b + 51b5aeb
commit d6573f9
Show file tree

Hide file tree

Showing 3 changed files with 79 additions and 19 deletions.
diff --git a/roles/keycloak/tasks/blocks/configure_federation_mapper.yml b/roles/keycloak/tasks/blocks/configure_federation_mapper.yml
@@ -0,0 +1,36 @@
+---
+# item[0] -> whole realm config (ansible variable)
+# item[1] -> current federation config (loop's item of ansible realm's federation config)
+# federation_exists -> boolean flag (it's always true in this file)
+# realm_federation_matches -> it's always a single element array (since federation_exists==true) with:  [{"alias": "federation_alias", "internalId": "federation_internalId" }]
+# existing_mappers_name_id -> contains the current federation mappers id,name pairs i.e. [{id:"mapper_id", name:"mapper_name"}, ...]
+# mapper -> contains the new mapper json (from ansible config vars) i.e. {"config":{},"identityProviderMapper":"hardcoded-attribute-idp-mapper","name":"test_mapper2"}
+
+- set_fact:
+    mapper_matches: "{{existing_mappers_name_id | json_query(query) | default([]) }}"
+  vars:
+    query: '[?name == `{{ mapper.name }}` ].{id: id, name: name }'
+
+
+- set_fact:
+    mapper_exists: "{{mapper_matches | length > 0 }}"
+
+- set_fact:
+    additional_info:
+      id: "{{mapper_matches[0].id}}"
+  when: mapper_exists
+
+- set_fact:
+    body: "{% if mapper_exists %}{{ mapper | combine(additional_info , recursive=True ) }}{% else %}{{ mapper }}{% endif %}"
+
+
+- name: "{% if mapper_exists %} Update {% else %} Create {% endif %} federation mapper {{ mapper.name }}"
+  uri:
+    url: "https://{{ keycloak_proxy_host }}/auth/admin/realms/{{ item[0].name }}/identity-provider-federation/instances/{{ realm_federation_matches[0].internalId }}/mappers{% if mapper_exists %}/{{body.id}}{% endif %}"
+    method: "{% if mapper_exists %}PUT{% else %}POST{% endif %}"
+    body_format: json
+    headers:
+      Authorization: "Bearer {{ result.json.access_token }}"
+    body:
+      "{{ body }}"
+    status_code: "{% if mapper_exists %}204{% else %}201{% endif %}"
diff --git a/roles/keycloak/tasks/blocks/configure_federations.yml b/roles/keycloak/tasks/blocks/configure_federations.yml
@@ -1,7 +1,7 @@
 ---
 
-- name: "Get current list of federations of the realm: {{item[0].name}}"
-  include_tasks: blocks/helpers/get_realm_federations.yml
+- name: "Initiating federation search in keycloak"
+  include_tasks: blocks/helpers/search_realm_federations.yml
 
 - set_fact:
     federation_exists: "{{realm_federation_matches | length > 0 }}"
@@ -12,25 +12,49 @@
   when: federation_exists
 
 - set_fact:
-    body: "{{ item[1] | combine(additional_info , recursive=True ) }}"
-  when: federation_exists
-
-- set_fact:
-    body: "{{ item[1] }}"
-  when: not federation_exists
-
-
-- name: "Configuring federation: {{item[1].alias}}"
+    body: "{% if federation_exists %}{{ item[1] | combine(additional_info , recursive=True ) }}{% else %}{{ item[1] }}{% endif %}"
+
+- set_fact: # remove the 'mappers' field from the body (if it exists)
+    body: '{{  body | dict2items | rejectattr("key", "equalto", "mappers") | list | items2dict }}'
+
+- name: "Configuring federation {{ item[1].alias }}"
+  uri:
+    url: "https://{{ keycloak_proxy_host }}/auth/admin/realms/{{ item[0].name }}/identity-provider-federation/instances"
+    method: POST
+    body_format: json
+    headers:
+      Authorization: "Bearer {{ result.json.access_token }}"
+    body:
+      "{{ body }}"
+    status_code: 201
+
+  #get once more the federation_matches. now federation_matches should contain exactly one object in the list with the internalId and alias of the current federation
+- name: "Initiating federation search in keycloak"
+  include_tasks: blocks/helpers/search_realm_federations.yml
+
+- name: "Configuring mappers of the federation {{item[1].alias}} of the realm: {{item[0].name}}"
   block:
 
-    - name: "Configuring federation {{ item[1].alias }}"
+    - name: "Get list of federation {{ item[1].alias }} mappers"
       uri:
-        url: "https://{{ keycloak_proxy_host }}/auth/admin/realms/{{ item[0].name }}/identity-provider-federation/instances"
-        method: POST
-        body_format: json
+        url: "https://{{ keycloak_proxy_host }}/auth/admin/realms/{{ item[0].name }}/identity-provider-federation/instances/{{ realm_federation_matches[0].internalId }}/mappers"
+        method: GET
         headers:
           Authorization: "Bearer {{ result.json.access_token }}"
-        body:
-          "{{body}}"
-        status_code: 201
+        status_code: 200
+      register: existing_mappers
+
+    - set_fact:
+        existing_mappers_name_id: "{{existing_mappers.json | json_query(query) | default([]) }}"
+      vars:
+        query: '[].{name: name, id: id }'
+
+    - name: Setup federation mapper
+      include_tasks: blocks/configure_federation_mapper.yml
+      with_items: "{{ item[1].mappers }}"
+      loop_control:
+        loop_var: mapper
+      run_once: true
+
+  when: "realm_federation_matches | length > 0"
 
diff --git a/.../blocks/helpers/get_realm_federations.yml → ...ocks/helpers/search_realm_federations.yml b/.../blocks/helpers/get_realm_federations.yml → ...ocks/helpers/search_realm_federations.yml
@@ -1,6 +1,6 @@
 ---
 
-- name: "Get list of federations"
+- name: "Search federation {{item[1].alias}} in keycloak"
   uri:
     url: "https://{{ keycloak_proxy_host }}/auth/admin/realms/{{ item[0].name }}"
     method: GET