[ansible-project] Re: keycloak_client_rolemapping does nothing?

[M Foster]

Ok, I manually updated the role mapping, then ran the module with state = 
"absent" and got a 403 unauthorized message. So I added the manage-users 
realm-manamgent privilege to the account I was using and was able to make 
this module add and remove group mappings. 

On Friday, August 19, 2022 at 11:51:07 AM UTC-6 M Foster wrote:

> I added an "id" to the "roles:" dictionary, but now get an error 
> "TypeError: 'NoneType' object is not subscriptable", so its not clear what 
> values I'm supposed to be using here.
>
> On Friday, August 19, 2022 at 11:45:51 AM UTC-6 M Foster wrote:
>
>> Oh, I wonder if "id" is also required?
>>
>> On Friday, August 19, 2022 at 11:27:45 AM UTC-6 M Foster wrote:
>>
>>> I'm trying to map client roles to Keycloak groups using the 
>>> keycloak_client_rolemapping module, but everytime I run it even with the 
>>> simplest config it returns the following:
>>>
>>> "end_state": {},
>>>
>>> "msg": "Nothing to do, roles [{'name': 'test-role1', 'id': 
>>> '79026951-da5e-43f8-91de-bb0b03c298aa'}] are correctly mapped with group 
>>> mygroup. " yet in the Keycloak UI under the group I am trying to map, the 
>>> client role shows as "Available" not "Assigned". 
>>>
>>> Am I missing something? (FWIW, I haven't been able to figure out how to 
>>> do this using the REST API either).
>>>
>>> Example task in playbook:
>>>
>>> - name: Create client role mappings
>>>   local_action:
>>>     module: community.general.keycloak_client_rolemapping
>>>     auth_client_id: admin-cli
>>>     auth_keycloak_url: "{{ KEYCLOAK_AUTH_URL }}"
>>>     auth_realm: "{{ KEYCLOAK_REALM }}"
>>>     auth_username: "{{ KEYCLOAK_API_USER }}"
>>>     auth_password: "{{ KEYCLOAK_API_PASSWORD }}"
>>>     realm: "{{ KEYCLOAK_REALM }}"
>>>     state: "present"
>>>     client_id: "myclient"
>>>     group_name: "mygroup"
>>>     roles:
>>>       - name: "test-role1"
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Ansible Project" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ansible-project+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/ansible-project/65557dfd-1752-4528-ba37-9a2e8a0df675n%40googlegroups.com.