ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

keycloak: add missing validate_certs parameters for open_url calls (#4382)

Browse source 
* fix: missing `validate_certs` parameters for `open_url` calls

As stated in the documentation, the `validate_certs` parameter can be
used to verify (or not) the TLS certificates. But, for some modules (at
least for the `keycloak_authentication` module), this parameter is not
used with the `open_url` function.

* add changelog fragment

* Update changelogs/fragments/4382-keycloak-add-missing-validate_certs-parameters.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

Co-authored-by: Laurent Meunier <lme@atolcd.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Laurent Meunier 2022-03-28 21:28:42 +02:00 committed by GitHub
parent 30c65cd84c
commit 34420e143e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 31 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
changelogs/fragments/4382-keycloak-add-missing-validate_certs-parameters.yml Normal file
View file

@ -0,0 +1,6 @@
---
bugfixes:
- keycloak_* - the documented ``validate_certs`` parameter was not taken into
account when calling the ``open_url`` function in some cases, thus enforcing
certificate validation even when ``validate_certs`` was set to ``false``.
(https://github.com/ansible-collections/community.general/pull/4382)

38
plugins/module_utils/identity/keycloak/keycloak.py
View file

@ -1237,7 +1237,7 @@ class KeycloakAPI(object):
authentication_flow = {} authentication_flow = {}
# Check if the authentication flow exists on the Keycloak serveraders # Check if the authentication flow exists on the Keycloak serveraders
authentications = json.load(open_url(URL_AUTHENTICATION_FLOWS.format(url=self.baseurl, realm=realm), method='GET', authentications = json.load(open_url(URL_AUTHENTICATION_FLOWS.format(url=self.baseurl, realm=realm), method='GET',
headers=self.restheaders, timeout=self.connection_timeout)) headers=self.restheaders, timeout=self.connection_timeout, validate_certs=self.validate_certs))
for authentication in authentications: for authentication in authentications:
if authentication["alias"] == alias: if authentication["alias"] == alias:
authentication_flow = authentication authentication_flow = authentication
@ -1281,14 +1281,16 @@ class KeycloakAPI(object):
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(new_name), data=json.dumps(new_name),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
flow_list = json.load( flow_list = json.load(
open_url( open_url(
URL_AUTHENTICATION_FLOWS.format(url=self.baseurl, URL_AUTHENTICATION_FLOWS.format(url=self.baseurl,
realm=realm), realm=realm),
method='GET', method='GET',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout)) timeout=self.connection_timeout,
validate_certs=self.validate_certs))
for flow in flow_list: for flow in flow_list:
if flow["alias"] == config["alias"]: if flow["alias"] == config["alias"]:
return flow return flow
@ -1318,7 +1320,8 @@ class KeycloakAPI(object):
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(new_flow), data=json.dumps(new_flow),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
flow_list = json.load( flow_list = json.load(
open_url( open_url(
URL_AUTHENTICATION_FLOWS.format( URL_AUTHENTICATION_FLOWS.format(
@ -1326,7 +1329,8 @@ class KeycloakAPI(object):
realm=realm), realm=realm),
method='GET', method='GET',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout)) timeout=self.connection_timeout,
validate_certs=self.validate_certs))
for flow in flow_list: for flow in flow_list:
if flow["alias"] == config["alias"]: if flow["alias"] == config["alias"]:
return flow return flow
@ -1351,7 +1355,8 @@ class KeycloakAPI(object):
method='PUT', method='PUT',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(updatedExec), data=json.dumps(updatedExec),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
except Exception as e: except Exception as e:
self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e))) self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e)))
@ -1371,7 +1376,8 @@ class KeycloakAPI(object):
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(authenticationConfig), data=json.dumps(authenticationConfig),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
except Exception as e: except Exception as e:
self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e))) self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))
@ -1395,7 +1401,8 @@ class KeycloakAPI(object):
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(newSubFlow), data=json.dumps(newSubFlow),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
except Exception as e: except Exception as e:
self.module.fail_json(msg="Unable to create new subflow %s: %s" % (subflowName, str(e))) self.module.fail_json(msg="Unable to create new subflow %s: %s" % (subflowName, str(e)))
@ -1418,7 +1425,8 @@ class KeycloakAPI(object):
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
data=json.dumps(newExec), data=json.dumps(newExec),
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
except Exception as e: except Exception as e:
self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e))) self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e)))
@ -1440,7 +1448,8 @@ class KeycloakAPI(object):
id=executionId), id=executionId),
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
elif diff < 0: elif diff < 0:
for i in range(-diff): for i in range(-diff):
open_url( open_url(
@ -1450,7 +1459,8 @@ class KeycloakAPI(object):
id=executionId), id=executionId),
method='POST', method='POST',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout) timeout=self.connection_timeout,
validate_certs=self.validate_certs)
except Exception as e: except Exception as e:
self.module.fail_json(msg="Unable to change execution priority %s: %s" % (executionId, str(e))) self.module.fail_json(msg="Unable to change execution priority %s: %s" % (executionId, str(e)))
@ -1471,7 +1481,8 @@ class KeycloakAPI(object):
flowalias=quote(config["alias"])), flowalias=quote(config["alias"])),
method='GET', method='GET',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout)) timeout=self.connection_timeout,
validate_certs=self.validate_certs))
for execution in executions: for execution in executions:
if "authenticationConfig" in execution: if "authenticationConfig" in execution:
execConfigId = execution["authenticationConfig"] execConfigId = execution["authenticationConfig"]
@ -1483,7 +1494,8 @@ class KeycloakAPI(object):
id=execConfigId), id=execConfigId),
method='GET', method='GET',
headers=self.restheaders, headers=self.restheaders,
timeout=self.connection_timeout)) timeout=self.connection_timeout,
validate_certs=self.validate_certs))
execution["authenticationConfig"] = execConfig execution["authenticationConfig"] = execConfig
return executions return executions
except Exception as e: except Exception as e: