From 92ae54bdaf2a955494ee2f2bc3d8a95a59a3c397 Mon Sep 17 00:00:00 2001
From: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
Date: Thu, 22 Dec 2022 21:16:09 +0100
Subject: [PATCH 1/3] fix(modules/keycloak_user_federation): fixes ...

... federation read call not finding already existing federations
properly because of bad parametrisation
---
 plugins/modules/keycloak_user_federation.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py
index 3e66c577ecd..411634418de 100644
--- a/plugins/modules/keycloak_user_federation.py
+++ b/plugins/modules/keycloak_user_federation.py
@@ -835,7 +835,7 @@ def main():
 
     # See if it already exists in Keycloak
     if cid is None:
-        found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', parent=realm, name=name)), realm)
+        found = kc.get_components(urlencode(dict(type='org.keycloak.storage.UserStorageProvider', name=name)), realm)
         if len(found) > 1:
             module.fail_json(msg='No ID given and found multiple user federations with name `{name}`. Cannot continue.'.format(name=name))
         before_comp = next(iter(found), None)

From e7393ee51c53732ead50b0eeb16f9de7267b4188 Mon Sep 17 00:00:00 2001
From: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
Date: Fri, 23 Dec 2022 14:40:20 +0100
Subject: [PATCH 2/3] fix(modules/keycloak_user_federation): added ...

... new integration test for module idempotency bugfix
---
 plugins/modules/keycloak_user_federation.py   |   2 +-
 .../keycloak_user_federation/tasks/main.yml   | 108 ++++++++++++++++++
 2 files changed, 109 insertions(+), 1 deletion(-)

diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py
index 411634418de..3659d757acf 100644
--- a/plugins/modules/keycloak_user_federation.py
+++ b/plugins/modules/keycloak_user_federation.py
@@ -24,7 +24,7 @@
       to your needs and a user having the expected roles.
 
     - The names of module options are snake_cased versions of the camelCase ones found in the
-      Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/15.0/rest-api/index.html).
+      Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
 
 
 options:
diff --git a/tests/integration/targets/keycloak_user_federation/tasks/main.yml b/tests/integration/targets/keycloak_user_federation/tasks/main.yml
index 79e21dae033..139d6ee2bed 100644
--- a/tests/integration/targets/keycloak_user_federation/tasks/main.yml
+++ b/tests/integration/targets/keycloak_user_federation/tasks/main.yml
@@ -66,6 +66,59 @@
       - result.existing == {}
       - result.end_state.name == "{{ federation }}"
 
+- name: Create new user federation in admin realm
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    realm: "{{ admin_realm }}"
+    name: "{{ federation }}"
+    state: present
+    provider_id: ldap
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config:
+      enabled: true
+      priority: 0
+      fullSyncPeriod: -1
+      changedSyncPeriod: -1
+      cachePolicy: DEFAULT
+      batchSizeForSync: 1000
+      editMode: READ_ONLY
+      importEnabled: true
+      syncRegistrations: false
+      vendor: other
+      usernameLDAPAttribute: uid
+      rdnLDAPAttribute: uid
+      uuidLDAPAttribute: entryUUID
+      userObjectClasses: "inetOrgPerson, organizationalPerson"
+      connectionUrl: "ldaps://ldap.example.com:636"
+      usersDn: "ou=Users,dc=example,dc=com"
+      authType: simple
+      bindDn: cn=directory reader
+      bindCredential: secret
+      searchScope: 1
+      validatePasswordPolicy: false
+      trustEmail: false
+      useTruststoreSpi: "ldapsOnly"
+      connectionPooling: true
+      pagination: true
+      allowKerberosAuthentication: false
+      useKerberosForPasswordAuthentication: false
+      debug: false
+  register: result
+
+- name: Debug
+  debug:
+    var: result
+
+- name: Assert user federation created (admin realm)
+  assert:
+    that:
+      - result is changed
+      - result.existing == {}
+      - result.end_state.name == "{{ federation }}"
+
 - name: Update existing user federation (no change)
   community.general.keycloak_user_federation:
     auth_keycloak_url: "{{ url }}"
@@ -121,6 +174,61 @@
       - result.end_state != {}
       - result.end_state.name == "{{ federation }}"
 
+- name: Update existing user federation (no change, admin realm)
+  community.general.keycloak_user_federation:
+    auth_keycloak_url: "{{ url }}"
+    auth_realm: "{{ admin_realm }}"
+    auth_username: "{{ admin_user }}"
+    auth_password: "{{ admin_password }}"
+    realm: "{{ admin_realm }}"
+    name: "{{ federation }}"
+    state: present
+    provider_id: ldap
+    provider_type: org.keycloak.storage.UserStorageProvider
+    config:
+      enabled: true
+      priority: 0
+      fullSyncPeriod: -1
+      changedSyncPeriod: -1
+      cachePolicy: DEFAULT
+      batchSizeForSync: 1000
+      editMode: READ_ONLY
+      importEnabled: true
+      syncRegistrations: false
+      vendor: other
+      usernameLDAPAttribute: uid
+      rdnLDAPAttribute: uid
+      uuidLDAPAttribute: entryUUID
+      userObjectClasses: "inetOrgPerson, organizationalPerson"
+      connectionUrl: "ldaps://ldap.example.com:636"
+      usersDn: "ou=Users,dc=example,dc=com"
+      authType: simple
+      bindDn: cn=directory reader
+      bindCredential: "**********"
+      searchScope: 1
+      validatePasswordPolicy: false
+      trustEmail: false
+      useTruststoreSpi: "ldapsOnly"
+      connectionPooling: true
+      pagination: true
+      allowKerberosAuthentication: false
+      useKerberosForPasswordAuthentication: false
+      debug: false
+  register: result
+
+- name: Debug
+  debug:
+    var: result
+
+- name: Assert user federation unchanged (admin realm)
+  assert:
+    that:
+      - result is not changed
+      - result.existing != {}
+      - result.existing.name == "{{ federation }}"
+      - result.end_state != {}
+      - result.end_state.name == "{{ federation }}"
+
 - name: Update existing user federation (with change)
   community.general.keycloak_user_federation:
     auth_keycloak_url: "{{ url }}"

From 968dbc89aa3f6ca3e96ef9ca41462515827e582e Mon Sep 17 00:00:00 2001
From: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
Date: Mon, 2 Jan 2023 09:50:43 +0100
Subject: [PATCH 3/3] added changelog fragment for pr

---
 .../fragments/5732-bugfix-keycloak-userfed-idempotency.yml  | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 changelogs/fragments/5732-bugfix-keycloak-userfed-idempotency.yml

diff --git a/changelogs/fragments/5732-bugfix-keycloak-userfed-idempotency.yml b/changelogs/fragments/5732-bugfix-keycloak-userfed-idempotency.yml
new file mode 100644
index 00000000000..c50a105c3f1
--- /dev/null
+++ b/changelogs/fragments/5732-bugfix-keycloak-userfed-idempotency.yml
@@ -0,0 +1,6 @@
+bugfixes:
+  - >
+    keycloak_user_federation - fixes idempotency detection issues. In some
+    cases the module could fail to properly detect already existing user
+    federations because of a buggy seemingly superflous extra query parameter
+    (https://github.com/ansible-collections/community.general/pull/5732).