keycloak_realm: fix default groups and roles (#4241)

[adam-cleo]

SUMMARY

Fixes #4241

Fixed attributes default_roles and default_groups to match Keycloak API

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

keycloak_realm

ADDITIONAL INFORMATION

Only checked and fixed default_roles and default_groups

[ansibullbot]

cc @eikef @kris2kris @ndclt
click here for bot help

[felixfontein]

Can you please add a changelog fragment? Thanks.

[adam-cleo]

Can you please add a changelog fragment? Thanks.

done 👍

[felixfontein]

Suggested change

	- "keycloak_realm - fix default groups and roles (https://github.com/ansible-collections/community.general/issues/4241)."
	- "keycloak_realm - fix types for ``default_groups`` and ``default_roles`` options from lists of dictionaries to lists of strings (https://github.com/ansible-collections/community.general/issues/4241)."

[felixfontein]

@eikef @kris2kris @ndclt could you please take a look at this change? Thanks.

[kris2kris]

Hi,
I'm ok with the fixes but it seems that default roles has been removed from keycloak API. The latest version with default roles parameter is v12.0 (https://www.keycloak.org/docs-api/12.0/rest-api/index.html#_realmrepresentation), it has been removed in v13.0 and now keycloak is in v18.0... maybe this parameter should be removed from keycloak_realm ?

[felixfontein]

@kris2kris that makes sense, but it needs to be deprecated first so it can be removed in a later version. I suggest the following:

1. Merge this (so at least the types are correct);
2. Someone creates a follow-up PR to deprecate this option, with removal scheduled for community.general 7.0.0 (standard two-major version deprecation cycle).

Does that sound good?

[felixfontein]

If nobody complains until in ~4 hours I'll merge this. (I'm planing to do a 5.0.1 release today around then, then this can go into that release.)

[patchback]

Backport to stable-4: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-4/7ee15f95f75ae9e9c0b592800cc2bdd299d84747/pr-4719

Backported as #4753

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[patchback]

Backport to stable-5: 💚 backport PR created

✅ Backport PR branch: patchback/backports/stable-5/7ee15f95f75ae9e9c0b592800cc2bdd299d84747/pr-4719

Backported as #4754

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.

[felixfontein]

@adam-cleo thanks for fixing this!
@kris2kris thanks for reviewing this!

[adam-cleo]

Hi @kris2kris , @felixfontein ,

default realms was removed from official documentation. But it still flies under the radar in the latest version. They map the legacy value here . I tested that with version 16.1.1

So the way in current keycloak is to have one default and then add composites .

There are separate GET, POST, DELETE method to add the composites see here, but i guess it should be enough to send them in the main call with the RealmRepresentation ( defaultRole.composites)