community.general/plugins/modules/identity/keycloak/keycloak_authentication.py

#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright: (c) 2019, INSPQ <philippe.gauthier@inspq.qc.ca>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

from __future__ import absolute_import, division, print_function
__metaclass__ = type

DOCUMENTATION = '''
---
module: keycloak_authentication
short_description: Configure authentication in Keycloak
description:
    - This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.
    - It can also delete the flow.
version_added: "3.3.0"
options:
    realm:
        description:
            - The name of the realm in which is the authentication.
        required: true
        type: str
    alias:
        description:
            - Alias for the authentication flow.
        required: true
        type: str
    description:
        description:
            - Description of the flow.
        type: str
    providerId:
        description:
            - C(providerId) for the new flow when not copied from an existing flow.
        type: str
    copyFrom:
        description:
            - C(flowAlias) of the authentication flow to use for the copy.
        type: str
    authenticationExecutions:
        description:
            - Configuration structure for the executions.
        type: list
        elements: dict
        suboptions:
            providerId:
                description:
                    - C(providerID) for the new flow when not copied from an existing flow.
                type: str
            displayName:
                description:
                    - Name of the execution or subflow to create or update.
                type: str
            requirement:
                description:
                    - Control status of the subflow or execution.
                choices: [ "REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL" ]
                type: str
            flowAlias:
                description:
                    - Alias of parent flow.
                type: str
            authenticationConfig:
                description:
                    - Describe the config of the authentication.
                type: dict
            index:
                description:
                    - Priority order of the execution.
                type: int
    state:
        description:
            - Control if the authentication flow must exists or not.
        choices: [ "present", "absent" ]
        default: present
        type: str
    force:
        type: bool
        default: false
        description:
            - If C(true), allows to remove the authentication flow and recreate it.
extends_documentation_fragment:
- community.general.keycloak

author:
    - Philippe Gauthier (@elfelip)
    - Gaëtan Daubresse (@Gaetan2907)
'''

EXAMPLES = '''
    - name: Create an authentication flow from first broker login and add an execution to it.
      community.general.keycloak_authentication:
        auth_keycloak_url: http://localhost:8080/auth
        auth_realm: master
        auth_username: admin
        auth_password: password
        realm: master
        alias: "Copy of first broker login"
        copyFrom: "first broker login"
        authenticationExecutions:
          - providerId: "test-execution1"
            requirement: "REQUIRED"
            authenticationConfig:
              alias: "test.execution1.property"
              config:
                test1.property: "value"
          - providerId: "test-execution2"
            requirement: "REQUIRED"
            authenticationConfig:
              alias: "test.execution2.property"
              config:
                test2.property: "value"
        state: present

    - name: Re-create the authentication flow
      community.general.keycloak_authentication:
        auth_keycloak_url: http://localhost:8080/auth
        auth_realm: master
        auth_username: admin
        auth_password: password
        realm: master
        alias: "Copy of first broker login"
        copyFrom: "first broker login"
        authenticationExecutions:
          - providerId: "test-provisioning"
            requirement: "REQUIRED"
            authenticationConfig:
              alias: "test.provisioning.property"
              config:
                test.provisioning.property: "value"
        state: present
        force: true

    - name: Create an authentication flow with subflow containing an execution.
      community.general.keycloak_authentication:
        auth_keycloak_url: http://localhost:8080/auth
        auth_realm: master
        auth_username: admin
        auth_password: password
        realm: master
        alias: "Copy of first broker login"
        copyFrom: "first broker login"
        authenticationExecutions:
          - providerId: "test-execution1"
            requirement: "REQUIRED"
          - displayName: "New Subflow"
            requirement: "REQUIRED"
          - providerId: "auth-cookie"
            requirement: "REQUIRED"
            flowAlias: "New Sublow"
        state: present

    - name: Remove authentication.
      community.general.keycloak_authentication:
        auth_keycloak_url: http://localhost:8080/auth
        auth_realm: master
        auth_username: admin
        auth_password: password
        realm: master
        alias: "Copy of first broker login"
        state: absent
'''

RETURN = '''
flow:
  description: JSON representation for the authentication.
  returned: on success
  type: dict
'''

from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak \
    import KeycloakAPI, camel, keycloak_argument_spec, get_token, KeycloakError, is_struct_included
from ansible.module_utils.basic import AnsibleModule


def find_exec_in_executions(searched_exec, executions):
    """
    Search if exec is contained in the executions.
    :param searched_exec: Execution to search for.
    :param executions: List of executions.
    :return: Index of the execution, -1 if not found..
    """
    for i, existing_exec in enumerate(executions, start=0):
        if ("providerId" in existing_exec and "providerId" in searched_exec and
                existing_exec["providerId"] == searched_exec["providerId"] or
                "displayName" in existing_exec and "displayName" in searched_exec and
                existing_exec["displayName"] == searched_exec["displayName"]):
            return i
    return -1


def create_or_update_executions(kc, config, realm='master'):
    """
    Create or update executions for an authentication flow.
    :param kc: Keycloak API access.
    :param config: Representation of the authentication flow including it's executions.
    :param realm: Realm
    :return: True if executions have been modified. False otherwise.
    """
    try:
        changed = False
        if "authenticationExecutions" in config:
            for new_exec_index, new_exec in enumerate(config["authenticationExecutions"], start=0):
                if new_exec["index"] is not None:
                    new_exec_index = new_exec["index"]
                # Get existing executions on the Keycloak server for this alias
                existing_executions = kc.get_executions_representation(config, realm=realm)
                exec_found = False
                # Get flowalias parent if given
                if new_exec["flowAlias"] is not None:
                    flow_alias_parent = new_exec["flowAlias"]
                else:
                    flow_alias_parent = config["alias"]
                # Check if same providerId or displayName name between existing and new execution
                exec_index = find_exec_in_executions(new_exec, existing_executions)
                if exec_index != -1:
                    # Remove key that doesn't need to be compared with existing_exec
                    exclude_key = ["flowAlias"]
                    for index_key, key in enumerate(new_exec, start=0):
                        if new_exec[key] is None:
                            exclude_key.append(key)
                    # Compare the executions to see if it need changes
                    if not is_struct_included(new_exec, existing_executions[exec_index], exclude_key) or exec_index != new_exec_index:
                        changed = True
                elif new_exec["providerId"] is not None:
                    kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm)
                    changed = True
                elif new_exec["displayName"] is not None:
                    kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm)
                    changed = True
                if changed:
                    # Get existing executions on the Keycloak server for this alias
                    existing_executions = kc.get_executions_representation(config, realm=realm)
                    exec_index = find_exec_in_executions(new_exec, existing_executions)
                    if exec_index != -1:
                        # Update the existing execution
                        updated_exec = {
                            "id": existing_executions[exec_index]["id"]
                        }
                        # add the execution configuration
                        if new_exec["authenticationConfig"] is not None:
                            kc.add_authenticationConfig_to_execution(updated_exec["id"], new_exec["authenticationConfig"], realm=realm)
                        for key in new_exec:
                            # remove unwanted key for the next API call
                            if key != "flowAlias" and key != "authenticationConfig":
                                updated_exec[key] = new_exec[key]
                        if new_exec["requirement"] is not None:
                            kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm)
                        diff = exec_index - new_exec_index
                        kc.change_execution_priority(updated_exec["id"], diff, realm=realm)
        return changed
    except Exception as e:
        kc.module.fail_json(msg='Could not create or update executions for authentication flow %s in realm %s: %s'
                            % (config["alias"], realm, str(e)))


def main():
    """
    Module execution
    :return:
    """
    argument_spec = keycloak_argument_spec()
    meta_args = dict(
        realm=dict(type='str', required=True),
        alias=dict(type='str', required=True),
        providerId=dict(type='str'),
        description=dict(type='str'),
        copyFrom=dict(type='str'),
        authenticationExecutions=dict(type='list', elements='dict',
                                      options=dict(
                                          providerId=dict(type='str'),
                                          displayName=dict(type='str'),
                                          requirement=dict(choices=["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"], type='str'),
                                          flowAlias=dict(type='str'),
                                          authenticationConfig=dict(type='dict'),
                                          index=dict(type='int'),
                                      )),
        state=dict(choices=["absent", "present"], default='present'),
        force=dict(type='bool', default=False),
    )
    argument_spec.update(meta_args)

    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
                           required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password']]),
                           required_together=([['auth_realm', 'auth_username', 'auth_password']])
                           )

    result = dict(changed=False, msg='', flow={})
    # Obtain access token, initialize API
    try:
        connection_header = get_token(module.params)
    except KeycloakError as e:
        module.fail_json(msg=str(e))

    kc = KeycloakAPI(module, connection_header)
    realm = module.params.get('realm')
    state = module.params.get('state')
    force = module.params.get('force')

    new_auth_repr = {
        "alias": module.params.get("alias"),
        "copyFrom": module.params.get("copyFrom"),
        "providerId": module.params.get("providerId"),
        "authenticationExecutions": module.params.get("authenticationExecutions"),
        "description": module.params.get("description"),
        "builtIn": module.params.get("builtIn"),
        "subflow": module.params.get("subflow"),
    }

    auth_repr = kc.get_authentication_flow_by_alias(alias=new_auth_repr["alias"], realm=realm)
    if auth_repr == {}:  # Authentication flow does not exist
        if state == 'present':  # If desired state is present
            result['changed'] = True
            if module._diff:
                result['diff'] = dict(before='', after=new_auth_repr)
            if module.check_mode:
                module.exit_json(**result)
            # If copyFrom is defined, create authentication flow from a copy
            if "copyFrom" in new_auth_repr and new_auth_repr["copyFrom"] is not None:
                auth_repr = kc.copy_auth_flow(config=new_auth_repr, realm=realm)
            else:  # Create an empty authentication flow
                auth_repr = kc.create_empty_auth_flow(config=new_auth_repr, realm=realm)
            # If the authentication still not exist on the server, raise an exception.
            if auth_repr is None:
                result['msg'] = "Authentication just created not found: " + str(new_auth_repr)
                module.fail_json(**result)
            # Configure the executions for the flow
            create_or_update_executions(kc=kc, config=new_auth_repr, realm=realm)
            # Get executions created
            exec_repr = kc.get_executions_representation(config=new_auth_repr, realm=realm)
            if exec_repr is not None:
                auth_repr["authenticationExecutions"] = exec_repr
            result['flow'] = auth_repr
        elif state == 'absent':  # If desired state is absent.
            if module._diff:
                result['diff'] = dict(before='', after='')
            result['msg'] = new_auth_repr["alias"] + ' absent'
    else:  # The authentication flow already exist
        if state == 'present':  # if desired state is present
            if force:  # If force option is true
                # Delete the actual authentication flow
                result['changed'] = True
                if module._diff:
                    result['diff'] = dict(before=auth_repr, after=new_auth_repr)
                if module.check_mode:
                    module.exit_json(**result)
                kc.delete_authentication_flow_by_id(id=auth_repr["id"], realm=realm)
                # If copyFrom is defined, create authentication flow from a copy
                if "copyFrom" in new_auth_repr and new_auth_repr["copyFrom"] is not None:
                    auth_repr = kc.copy_auth_flow(config=new_auth_repr, realm=realm)
                else:  # Create an empty authentication flow
                    auth_repr = kc.create_empty_auth_flow(config=new_auth_repr, realm=realm)
                # If the authentication still not exist on the server, raise an exception.
                if auth_repr is None:
                    result['msg'] = "Authentication just created not found: " + str(new_auth_repr)
                    module.fail_json(**result)
            # Configure the executions for the flow
            if module.check_mode:
                module.exit_json(**result)
            if create_or_update_executions(kc=kc, config=new_auth_repr, realm=realm):
                result['changed'] = True
            # Get executions created
            exec_repr = kc.get_executions_representation(config=new_auth_repr, realm=realm)
            if exec_repr is not None:
                auth_repr["authenticationExecutions"] = exec_repr
            result['flow'] = auth_repr
        elif state == 'absent':  # If desired state is absent
            result['changed'] = True
            # Delete the authentication flow alias.
            if module._diff:
                result['diff'] = dict(before=auth_repr, after='')
            if module.check_mode:
                module.exit_json(**result)
            kc.delete_authentication_flow_by_id(id=auth_repr["id"], realm=realm)
            result['msg'] = 'Authentication flow: {alias} id: {id} is deleted'.format(alias=new_auth_repr['alias'],
                                                                                      id=auth_repr["id"])

    module.exit_json(**result)


if __name__ == '__main__':
    main()
Keycloak: add authentication management (#2456) * Allow keycloak_group.py to take token as parameter for the authentification Refactor get_token to pass module.params + Documentation Fix unit test and add new one for token as param Fix identation Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py Co-authored-by: Felix Fontein <felix@fontein.de> Allow keycloak_group.py to take token as parameter for the authentification Refactor get_token to pass module.params + Documentation * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Check if base_url is None before to check format Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Amin Vakil <info@aminvakil.com> Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py Co-authored-by: Amin Vakil <info@aminvakil.com> Switch to modern syntax for the documentation (e.g. community.general.keycloak_client) Update keycloak_client.py Update keycloak_clienttemplate.py Add keycloak_authentication module to manage authentication Minor fixex Fix indent * Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Removing variable ANSIBLE_METADATA from beginning of file Minor fix Refactoring create_or_update_executions :add change_execution_priority function Refactoring create_or_update_executions :add create_execution function Refactoring create_or_update_executions: add create_subflow Refactoring create_or_update_executions: add update_authentication_executions function Minor fix * Using FQCN for the examples Minor fix Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Update plugins/modules/identity/keycloak/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> Refactoring: rename isDictEquals into is_dict_equals Refactoring: rename variable as authentication_flow Refactoring: rename variable as new_name Refactoring: rename variable as flow_list Refactoring: rename variable as new_flow Refactoring: changing construction of dict newAuthenticationRepresentation and renaming as new_auth_repr Minor fix * Refactoring: rename variables with correct Python syntax (auth_repr, exec_repr) Move create_or_update_executions function from keycloak.py to keycloak_authentication.py Minor fix Remove mock_create_or_update_executions not needed anymore Fix unit test Update plugins/module_utils/identity/keycloak/keycloak.py is_dict_equals function return True if value1 empty Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com> Rename is_dict_equal as is_struct_included and rename params as struct1 and struct2 Rename variables according to Python naming conventions Refactoring: add find_exec_in_executions function in keycloak_authentication to remove code duplication typo Add blank line Add required parameter, either creds or token Typo try/except only surround for loop containing struct2[key] Add sub-options to meta_args assigment of result['changed'] after if-elif-else block Fix CI error: parameter-type-not-in-doc Fix unit test: none value excluded from comparison Minor fix Simplify is_struct_included function Replace 'type(..) is' by isinstance(..) Remove redundant required=True and redundant parenthesis Add check_mode, check if value is None (None value added by argument spec checker) Apply suggestions from code review Update plugins/modules/identity/keycloak/keycloak_authentication.py * Update plugins/modules/identity/keycloak/keycloak_authentication.py * Add index paramter to configure the priority order of the execution * Minor fix: authenticationConfig dict instead of str Co-authored-by: Felix Fontein <felix@fontein.de> 2021-06-24 13:35:00 +02:00			`#!/usr/bin/python`
			`# -- coding: utf-8 --`
			`# Copyright: (c) 2019, INSPQ <philippe.gauthier@inspq.qc.ca>`
			`# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)`

			`from __future__ import absolute_import, division, print_function`
			`__metaclass__ = type`

			`DOCUMENTATION = '''`
			`---`
			`module: keycloak_authentication`
			`short_description: Configure authentication in Keycloak`
			`description:`
			`- This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it.`
			`- It can also delete the flow.`
			`version_added: "3.3.0"`
			`options:`
			`realm:`
			`description:`
			`- The name of the realm in which is the authentication.`
			`required: true`
			`type: str`
			`alias:`
			`description:`
			`- Alias for the authentication flow.`
			`required: true`
			`type: str`
			`description:`
			`description:`
			`- Description of the flow.`
			`type: str`
			`providerId:`
			`description:`
			`- C(providerId) for the new flow when not copied from an existing flow.`
			`type: str`
			`copyFrom:`
			`description:`
			`- C(flowAlias) of the authentication flow to use for the copy.`
			`type: str`
			`authenticationExecutions:`
			`description:`
			`- Configuration structure for the executions.`
			`type: list`
			`elements: dict`
			`suboptions:`
			`providerId:`
			`description:`
			`- C(providerID) for the new flow when not copied from an existing flow.`
			`type: str`
			`displayName:`
			`description:`
			`- Name of the execution or subflow to create or update.`
			`type: str`
			`requirement:`
			`description:`
			`- Control status of the subflow or execution.`
			`choices: [ "REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL" ]`
			`type: str`
			`flowAlias:`
			`description:`
			`- Alias of parent flow.`
			`type: str`
			`authenticationConfig:`
			`description:`
			`- Describe the config of the authentication.`
			`type: dict`
			`index:`
			`description:`
			`- Priority order of the execution.`
			`type: int`
			`state:`
			`description:`
			`- Control if the authentication flow must exists or not.`
			`choices: [ "present", "absent" ]`
			`default: present`
			`type: str`
			`force:`
			`type: bool`
			`default: false`
			`description:`
			`- If C(true), allows to remove the authentication flow and recreate it.`
			`extends_documentation_fragment:`
			`- community.general.keycloak`

			`author:`
			`- Philippe Gauthier (@elfelip)`
			`- Gaëtan Daubresse (@Gaetan2907)`
			`'''`

			`EXAMPLES = '''`
			`- name: Create an authentication flow from first broker login and add an execution to it.`
			`community.general.keycloak_authentication:`
			`auth_keycloak_url: http://localhost:8080/auth`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: password`
			`realm: master`
			`alias: "Copy of first broker login"`
			`copyFrom: "first broker login"`
			`authenticationExecutions:`
			`- providerId: "test-execution1"`
			`requirement: "REQUIRED"`
			`authenticationConfig:`
			`alias: "test.execution1.property"`
			`config:`
			`test1.property: "value"`
			`- providerId: "test-execution2"`
			`requirement: "REQUIRED"`
			`authenticationConfig:`
			`alias: "test.execution2.property"`
			`config:`
			`test2.property: "value"`
			`state: present`

			`- name: Re-create the authentication flow`
			`community.general.keycloak_authentication:`
			`auth_keycloak_url: http://localhost:8080/auth`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: password`
			`realm: master`
			`alias: "Copy of first broker login"`
			`copyFrom: "first broker login"`
			`authenticationExecutions:`
			`- providerId: "test-provisioning"`
			`requirement: "REQUIRED"`
			`authenticationConfig:`
			`alias: "test.provisioning.property"`
			`config:`
			`test.provisioning.property: "value"`
			`state: present`
			`force: true`

			`- name: Create an authentication flow with subflow containing an execution.`
			`community.general.keycloak_authentication:`
			`auth_keycloak_url: http://localhost:8080/auth`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: password`
			`realm: master`
			`alias: "Copy of first broker login"`
			`copyFrom: "first broker login"`
			`authenticationExecutions:`
			`- providerId: "test-execution1"`
			`requirement: "REQUIRED"`
			`- displayName: "New Subflow"`
			`requirement: "REQUIRED"`
			`- providerId: "auth-cookie"`
			`requirement: "REQUIRED"`
			`flowAlias: "New Sublow"`
			`state: present`

			`- name: Remove authentication.`
			`community.general.keycloak_authentication:`
			`auth_keycloak_url: http://localhost:8080/auth`
			`auth_realm: master`
			`auth_username: admin`
			`auth_password: password`
			`realm: master`
			`alias: "Copy of first broker login"`
			`state: absent`
			`'''`

			`RETURN = '''`
			`flow:`
			`description: JSON representation for the authentication.`
			`returned: on success`
			`type: dict`
			`'''`

			`from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak \`
			`import KeycloakAPI, camel, keycloak_argument_spec, get_token, KeycloakError, is_struct_included`
			`from ansible.module_utils.basic import AnsibleModule`


			`def find_exec_in_executions(searched_exec, executions):`
			`"""`
			`Search if exec is contained in the executions.`
			`:param searched_exec: Execution to search for.`
			`:param executions: List of executions.`
			`:return: Index of the execution, -1 if not found..`
			`"""`
			`for i, existing_exec in enumerate(executions, start=0):`
			`if ("providerId" in existing_exec and "providerId" in searched_exec and`
			`existing_exec["providerId"] == searched_exec["providerId"] or`
			`"displayName" in existing_exec and "displayName" in searched_exec and`
			`existing_exec["displayName"] == searched_exec["displayName"]):`
			`return i`
			`return -1`


			`def create_or_update_executions(kc, config, realm='master'):`
			`"""`
			`Create or update executions for an authentication flow.`
			`:param kc: Keycloak API access.`
			`:param config: Representation of the authentication flow including it's executions.`
			`:param realm: Realm`
			`:return: True if executions have been modified. False otherwise.`
			`"""`
			`try:`
			`changed = False`
			`if "authenticationExecutions" in config:`
			`for new_exec_index, new_exec in enumerate(config["authenticationExecutions"], start=0):`
			`if new_exec["index"] is not None:`
			`new_exec_index = new_exec["index"]`
			`# Get existing executions on the Keycloak server for this alias`
			`existing_executions = kc.get_executions_representation(config, realm=realm)`
			`exec_found = False`
			`# Get flowalias parent if given`
			`if new_exec["flowAlias"] is not None:`
			`flow_alias_parent = new_exec["flowAlias"]`
			`else:`
			`flow_alias_parent = config["alias"]`
			`# Check if same providerId or displayName name between existing and new execution`
			`exec_index = find_exec_in_executions(new_exec, existing_executions)`
			`if exec_index != -1:`
			`# Remove key that doesn't need to be compared with existing_exec`
			`exclude_key = ["flowAlias"]`
			`for index_key, key in enumerate(new_exec, start=0):`
			`if new_exec[key] is None:`
			`exclude_key.append(key)`
			`# Compare the executions to see if it need changes`
			`if not is_struct_included(new_exec, existing_executions[exec_index], exclude_key) or exec_index != new_exec_index:`
			`changed = True`
			`elif new_exec["providerId"] is not None:`
			`kc.create_execution(new_exec, flowAlias=flow_alias_parent, realm=realm)`
			`changed = True`
			`elif new_exec["displayName"] is not None:`
			`kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm)`
			`changed = True`
			`if changed:`
			`# Get existing executions on the Keycloak server for this alias`
			`existing_executions = kc.get_executions_representation(config, realm=realm)`
			`exec_index = find_exec_in_executions(new_exec, existing_executions)`
			`if exec_index != -1:`
			`# Update the existing execution`
			`updated_exec = {`
			`"id": existing_executions[exec_index]["id"]`
			`}`
			`# add the execution configuration`
			`if new_exec["authenticationConfig"] is not None:`
			`kc.add_authenticationConfig_to_execution(updated_exec["id"], new_exec["authenticationConfig"], realm=realm)`
			`for key in new_exec:`
			`# remove unwanted key for the next API call`
			`if key != "flowAlias" and key != "authenticationConfig":`
			`updated_exec[key] = new_exec[key]`
			`if new_exec["requirement"] is not None:`
			`kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm)`
			`diff = exec_index - new_exec_index`
			`kc.change_execution_priority(updated_exec["id"], diff, realm=realm)`
			`return changed`
			`except Exception as e:`
			`kc.module.fail_json(msg='Could not create or update executions for authentication flow %s in realm %s: %s'`
			`% (config["alias"], realm, str(e)))`


			`def main():`
			`"""`
			`Module execution`
			`:return:`
			`"""`
			`argument_spec = keycloak_argument_spec()`
			`meta_args = dict(`
			`realm=dict(type='str', required=True),`
			`alias=dict(type='str', required=True),`
			`providerId=dict(type='str'),`
			`description=dict(type='str'),`
			`copyFrom=dict(type='str'),`
			`authenticationExecutions=dict(type='list', elements='dict',`
			`options=dict(`
			`providerId=dict(type='str'),`
			`displayName=dict(type='str'),`
			`requirement=dict(choices=["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"], type='str'),`
			`flowAlias=dict(type='str'),`
			`authenticationConfig=dict(type='dict'),`
			`index=dict(type='int'),`
			`)),`
			`state=dict(choices=["absent", "present"], default='present'),`
			`force=dict(type='bool', default=False),`
			`)`
			`argument_spec.update(meta_args)`

			`module = AnsibleModule(argument_spec=argument_spec,`
			`supports_check_mode=True,`
			`required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password']]),`
			`required_together=([['auth_realm', 'auth_username', 'auth_password']])`
			`)`

			`result = dict(changed=False, msg='', flow={})`
			`# Obtain access token, initialize API`
			`try:`
			`connection_header = get_token(module.params)`
			`except KeycloakError as e:`
			`module.fail_json(msg=str(e))`

			`kc = KeycloakAPI(module, connection_header)`
			`realm = module.params.get('realm')`
			`state = module.params.get('state')`
			`force = module.params.get('force')`

			`new_auth_repr = {`
			`"alias": module.params.get("alias"),`
			`"copyFrom": module.params.get("copyFrom"),`
			`"providerId": module.params.get("providerId"),`
			`"authenticationExecutions": module.params.get("authenticationExecutions"),`
			`"description": module.params.get("description"),`
			`"builtIn": module.params.get("builtIn"),`
			`"subflow": module.params.get("subflow"),`
			`}`

			`auth_repr = kc.get_authentication_flow_by_alias(alias=new_auth_repr["alias"], realm=realm)`
			`if auth_repr == {}: # Authentication flow does not exist`
			`if state == 'present': # If desired state is present`
			`result['changed'] = True`
			`if module._diff:`
			`result['diff'] = dict(before='', after=new_auth_repr)`
			`if module.check_mode:`
			`module.exit_json(**result)`
			`# If copyFrom is defined, create authentication flow from a copy`
			`if "copyFrom" in new_auth_repr and new_auth_repr["copyFrom"] is not None:`
			`auth_repr = kc.copy_auth_flow(config=new_auth_repr, realm=realm)`
			`else: # Create an empty authentication flow`
			`auth_repr = kc.create_empty_auth_flow(config=new_auth_repr, realm=realm)`
			`# If the authentication still not exist on the server, raise an exception.`
			`if auth_repr is None:`
			`result['msg'] = "Authentication just created not found: " + str(new_auth_repr)`
			`module.fail_json(**result)`
			`# Configure the executions for the flow`
			`create_or_update_executions(kc=kc, config=new_auth_repr, realm=realm)`
			`# Get executions created`
			`exec_repr = kc.get_executions_representation(config=new_auth_repr, realm=realm)`
			`if exec_repr is not None:`
			`auth_repr["authenticationExecutions"] = exec_repr`
			`result['flow'] = auth_repr`
			`elif state == 'absent': # If desired state is absent.`
			`if module._diff:`
			`result['diff'] = dict(before='', after='')`
			`result['msg'] = new_auth_repr["alias"] + ' absent'`
			`else: # The authentication flow already exist`
			`if state == 'present': # if desired state is present`
			`if force: # If force option is true`
			`# Delete the actual authentication flow`
			`result['changed'] = True`
			`if module._diff:`
			`result['diff'] = dict(before=auth_repr, after=new_auth_repr)`
			`if module.check_mode:`
			`module.exit_json(**result)`
			`kc.delete_authentication_flow_by_id(id=auth_repr["id"], realm=realm)`
			`# If copyFrom is defined, create authentication flow from a copy`
			`if "copyFrom" in new_auth_repr and new_auth_repr["copyFrom"] is not None:`
			`auth_repr = kc.copy_auth_flow(config=new_auth_repr, realm=realm)`
			`else: # Create an empty authentication flow`
			`auth_repr = kc.create_empty_auth_flow(config=new_auth_repr, realm=realm)`
			`# If the authentication still not exist on the server, raise an exception.`
			`if auth_repr is None:`
			`result['msg'] = "Authentication just created not found: " + str(new_auth_repr)`
			`module.fail_json(**result)`
			`# Configure the executions for the flow`
			`if module.check_mode:`
			`module.exit_json(**result)`
			`if create_or_update_executions(kc=kc, config=new_auth_repr, realm=realm):`
			`result['changed'] = True`
			`# Get executions created`
			`exec_repr = kc.get_executions_representation(config=new_auth_repr, realm=realm)`
			`if exec_repr is not None:`
			`auth_repr["authenticationExecutions"] = exec_repr`
			`result['flow'] = auth_repr`
			`elif state == 'absent': # If desired state is absent`
			`result['changed'] = True`
			`# Delete the authentication flow alias.`
			`if module._diff:`
			`result['diff'] = dict(before=auth_repr, after='')`
			`if module.check_mode:`
			`module.exit_json(**result)`
			`kc.delete_authentication_flow_by_id(id=auth_repr["id"], realm=realm)`
			`result['msg'] = 'Authentication flow: {alias} id: {id} is deleted'.format(alias=new_auth_repr['alias'],`
			`id=auth_repr["id"])`

			`module.exit_json(**result)`


			`if __name__ == '__main__':`
			`main()`