Open
Description
Summary
Unable to add a user to a sub-group when using the keycloak_user module – user creation completes successfully, but the user is not added to the sub-group. However, user is added to top-level groups without issues. Issues seems somehow related to this fix but don`t enough knowledge to figure out.
Issue Type
Bug Report
Component Name
keycloak_user module
Keycloak version (Docker image) : 26.0.5
Ansible Version
$ ansible --version
ansible [core 2.16.13]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/deployer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.13/site-packages/ansible
ansible collection location = /home/deployer/.ansible/collections:/usr/share/ansible/collections:/usr/local/lib/python3.13/site-packages/ansible/collections
executable location = /usr/local/bin/ansible
python version = 3.13.0 (main, Nov 12 2024, 06:05:34) [GCC 12.2.0] (/usr/local/bin/python3.13)
jinja version = 3.1.4
libyaml = TrueCommunity.general Version
$ ansible-galaxy collection list community.general
Collection Version
----------------- -------
community.general 10.3.0
TASK [Check community.general version]
ok: [localhost] => {
"msg": "You are using community.general version: 10.3.0"
}Configuration
$ ansible-config dump --only-changed
I am sorry, cant provide it now.OS / Environment
Host OS with keycloak container:
NAME="AlmaLinux"
VERSION="8.10 (Cerulean Leopard)"
ID="almalinux"
ID_LIKE="rhel centos fedora"
VERSION_ID="8.10"
PLATFORM_ID="platform:el8"
PRETTY_NAME="AlmaLinux 8.10 (Cerulean Leopard)"
ANSI_COLOR="0;34"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:almalinux:almalinux:8::baseos"
HOME_URL="https://almalinux.org/"
DOCUMENTATION_URL="https://wiki.almalinux.org/"
BUG_REPORT_URL="https://bugs.almalinux.org/"
ALMALINUX_MANTISBT_PROJECT="AlmaLinux-8"
ALMALINUX_MANTISBT_PROJECT_VERSION="8.10"
REDHAT_SUPPORT_PRODUCT="AlmaLinux"
REDHAT_SUPPORT_PRODUCT_VERSION="8.10"
SUPPORT_END=2029-06-01
Gitlab runner container with ansible:
PRETTY_NAME="Debian GNU/Linux 12 (bookworm)"
NAME="Debian GNU/Linux"
VERSION_ID="12"
VERSION="12 (bookworm)"
VERSION_CODENAME=bookworm
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
Steps to Reproduce
tasks:
- name: Check community.general version
debug:
msg: "You are using community.general version: {{ lookup('community.general.collection_version', 'community.general') }}"
- name: Create user
community.general.keycloak_user:
auth_keycloak_url: "{{ keycloak_server_url }}"
auth_username: "{{ keycloak_username }}"
auth_password: "{{ keycloak_password }}"
auth_realm: "{{ keycloak_master_realm }}"
realm: "{{ keycloak_target_realm }}"
username: user3
firstName: user
lastName: user
email: [email protected]
enabled: true
emailVerified: true
credentials:
- type: password
value: password
temporary: false
groups:
- name: Operations
state: present
- name: Projects
state: present
state: presentExpected Results
I expected to add user3 to subGroups Operations and Projects (or at least at one of them) which are a part of top-level group Engineers, but actually user3 is not added to these groups.
Actual Results
ansible-playbook [core 2.16.13]
config file = /etc/ansible/ansible.cfg
configured module search path = ['/home/deployer/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /usr/local/lib/python3.13/site-packages/ansible
ansible collection location = /home/deployer/.ansible/collections:/usr/share/ansible/collections:/usr/local/lib/python3.13/site-packages/ansible/collections
executable location = /usr/local/bin/ansible-playbook
python version = 3.13.0 (main, Nov 12 2024, 06:05:34) [GCC 12.2.0] (/usr/local/bin/python3.13)
jinja version = 3.1.4
libyaml = True
Using /etc/ansible/ansible.cfg as config file
host_list declined parsing /etc/ansible/hosts.ini as it did not pass its verify_file() method
script declined parsing /etc/ansible/hosts.ini as it did not pass its verify_file() method
auto declined parsing /etc/ansible/hosts.ini as it did not pass its verify_file() method
yaml declined parsing /etc/ansible/hosts.ini as it did not pass its verify_file() method
Parsed /etc/ansible/hosts.ini inventory source with ini plugin
Skipping callback 'default', as we already have a stdout callback.
Skipping callback 'minimal', as we already have a stdout callback.
Skipping callback 'oneline', as we already have a stdout callback.
PLAYBOOK: 101_add_user.yaml *****************************************************************************************************************************************************************************************************************
1 plays in ansible-deploy/routine/101_add_user.yaml
PLAY [Создание пользователей и групп в Keycloak] ********************************************************************************************************************************************************************************************
TASK [Check community.general version] ******************************************************************************************************************************************************************************************************
task path: /project/ansible-deploy/routine/101_add_user.yaml:16
ok: [localhost] => {
"msg": "You are using community.general version: 10.3.0"
}
TASK [Create user] **************************************************************************************************************************************************************************************************************************
task path: /project/ansible-deploy/routine/101_add_user.yaml:20
Using module file /home/deployer/.ansible/collections/ansible_collections/community/general/plugins/modules/keycloak_user.py
Pipelining is enabled.
<127.0.0.1> ESTABLISH LOCAL CONNECTION FOR USER: deployer
<127.0.0.1> EXEC /bin/sh -c '/usr/local/bin/python3.13 && sleep 0'
changed: [localhost] => {
"changed": true,
"diff": {},
"end_state": {
"access": {
"impersonate": true,
"manage": true,
"manageGroupMembership": true,
"mapRoles": true,
"view": true
},
"createdTimestamp": 1738175792070,
"disableableCredentialTypes": [],
"email": "[email protected]",
"emailVerified": true,
"enabled": true,
"firstName": "user",
"groups": [],
"id": "4befeaed-1365-494b-b0e4-97eb69751923",
"lastName": "user",
"notBefore": 0,
"requiredActions": [],
"totp": false,
"username": "user3"
},
"existing": {},
"invocation": {
"module_args": {
"access": null,
"attributes": null,
"auth_client_id": "admin-cli",
"auth_client_secret": null,
"auth_keycloak_url": "http://sso.int.xyz.net:80",
"auth_password": "VALUE_SPECIFIED_IN_NO_LOG_PARAMETER",
"auth_realm": "master",
"auth_username": "admin",
"client_consents": [],
"connection_timeout": 10,
"credentials": [
{
"temporary": false,
"type": "password",
"value": "password"
}
],
"disableable_credential_types": [],
"email": "[email protected]",
"emailVerified": true,
"email_verified": true,
"enabled": true,
"federated_identities": [],
"federation_link": null,
"firstName": "user",
"first_name": "user",
"force": false,
"groups": [
{
"name": "Operations",
"state": "present"
},
{
"name": "Projects",
"state": "present"
}
],
"http_agent": "Ansible",
"id": null,
"lastName": "user",
"last_name": "user",
"origin": null,
"realm": "ip-realm",
"refresh_token": null,
"required_actions": [],
"self": null,
"service_account_client_id": null,
"state": "present",
"token": null,
"username": "user3",
"validate_certs": true
}
},
"msg": "User user3 updated",
"proposed": {
"clientConsents": [],
"credentials": [
{
"temporary": false,
"type": "password",
"value": "password"
}
],
"disableableCredentialTypes": [],
"email": "[email protected]",
"emailVerified": true,
"enabled": true,
"federatedIdentities": [],
"firstName": "user",
"lastName": "user",
"requiredActions": [],
"username": "user3"
}
}
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost : ok=2 changed=1 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0Code of Conduct
- I agree to follow the Ansible Code of Conduct