diff --git a/CHANGELOG.md b/CHANGELOG.md index c27beb96..b377c1e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org). +## [v7.5.1](https://github.com/treydock/puppet-module-keycloak/tree/v7.5.1) (2021-08-03) + +[Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.5.0...v7.5.1) + +### Fixed + +- Ensure flow execution will add config if not added on create [\#201](https://github.com/treydock/puppet-module-keycloak/pull/201) ([treydock](https://github.com/treydock)) + ## [v7.5.0](https://github.com/treydock/puppet-module-keycloak/tree/v7.5.0) (2021-07-12) [Full Changelog](https://github.com/treydock/puppet-module-keycloak/compare/v7.4.1...v7.5.0) diff --git a/lib/puppet/provider/keycloak_flow_execution/kcadm.rb b/lib/puppet/provider/keycloak_flow_execution/kcadm.rb index 5d3105ed..9a4d6a29 100644 --- a/lib/puppet/provider/keycloak_flow_execution/kcadm.rb +++ b/lib/puppet/provider/keycloak_flow_execution/kcadm.rb @@ -202,15 +202,23 @@ def flush end if @property_flush[:config] config_data = {} - config_data[:id] = config_id config_data[:alias] = resource[:alias] if resource[:alias] config_data[:config] = resource[:config] + if !config_id.nil? && config_id.to_s != 'absent' + config_data[:id] = config_id + end t = Tempfile.new('keycloak_flow_execution_config') t.write(JSON.pretty_generate(config_data)) t.close Puppet.debug(IO.read(t.path)) begin - kcadm('update', "authentication/config/#{config_id}", resource[:realm], t.path) + if config_id.nil? || config_id.to_s == 'absent' + output = kcadm('create', "authentication/executions/#{id}/config", resource[:realm], t.path) + Puppet.debug("create flow execution config output: #{output}") + else + kcadm('update', "authentication/config/#{config_id}", resource[:realm], t.path) + Puppet.debug("update flow execution config output: #{output}") + end rescue Puppet::ExecutionFailure => e raise Puppet::Error, "kcadm update flow execution config failed\nError message: #{e.message}" end diff --git a/metadata.json b/metadata.json index 5af8bd31..4e4a2141 100644 --- a/metadata.json +++ b/metadata.json @@ -1,6 +1,6 @@ { "name": "treydock-keycloak", - "version": "7.5.0", + "version": "7.5.1", "author": "treydock", "summary": "Keycloak Puppet module", "license": "Apache-2.0", diff --git a/spec/acceptance/9_flow_spec.rb b/spec/acceptance/9_flow_spec.rb index 4ae43174..a799d235 100644 --- a/spec/acceptance/9_flow_spec.rb +++ b/spec/acceptance/9_flow_spec.rb @@ -17,7 +17,9 @@ class { 'keycloak': test_realm => 'test', test_before => [ 'Keycloak_flow[form-browser-with-duo]', + 'Keycloak_flow[form-browser-with-duo2]', 'Keycloak_flow_execution[duo-mfa-authenticator under form-browser-with-duo on test]', + 'Keycloak_flow_execution[duo-mfa-authenticator under form-browser-with-duo2 on test]', ], } keycloak_realm { 'test': ensure => 'present' } @@ -39,6 +41,14 @@ class { 'keycloak': requirement => 'REQUIRED', index => 1, } + keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo2 on test': + ensure => 'present', + configurable => true, + display_name => 'Duo MFA', + alias => 'Duo2', + requirement => 'REQUIRED', + index => 0, + } keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test': ensure => 'present', configurable => false, @@ -52,6 +62,12 @@ class { 'keycloak': requirement => 'ALTERNATIVE', top_level => false, } + keycloak_flow { 'form-browser-with-duo2 under browser-with-duo on test': + ensure => 'present', + index => 3, + requirement => 'REQUIRED', + top_level => false, + } keycloak_flow_execution { 'auth-cookie under browser-with-duo on test': ensure => 'present', configurable => false, @@ -113,7 +129,9 @@ class { 'keycloak': test_realm => 'test', test_before => [ 'Keycloak_flow[form-browser-with-duo]', + 'Keycloak_flow[form-browser-with-duo2]', 'Keycloak_flow_execution[duo-mfa-authenticator under form-browser-with-duo on test]', + 'Keycloak_flow_execution[duo-mfa-authenticator under form-browser-with-duo2 on test]', ], } keycloak_realm { 'test': ensure => 'present' } @@ -136,6 +154,21 @@ class { 'keycloak': requirement => 'REQUIRED', index => 0, } + keycloak_flow_execution { 'duo-mfa-authenticator under form-browser-with-duo2 on test': + ensure => 'present', + configurable => true, + display_name => 'Duo MFA', + alias => 'Duo2', + config => { + "duomfa.akey" => "foo-akey2", + "duomfa.apihost" => "api-foo.duosecurity.com", + "duomfa.skey" => "secret2", + "duomfa.ikey" => "foo-ikey2", + "duomfa.groups" => "duo,duo2" + }, + requirement => 'REQUIRED', + index => 0, + } keycloak_flow_execution { 'auth-username-password-form under form-browser-with-duo on test': ensure => 'present', configurable => false, @@ -149,6 +182,12 @@ class { 'keycloak': requirement => 'REQUIRED', top_level => false, } + keycloak_flow { 'form-browser-with-duo2 under browser-with-duo on test': + ensure => 'present', + index => 3, + requirement => 'REQUIRED', + top_level => false, + } keycloak_flow_execution { 'auth-cookie under browser-with-duo on test': ensure => 'present', configurable => false,