1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Fix Keycloak API client to quote '/' properly (#7641)

* fix Keycloak API client to quote '/' properly

* add changelog

* Update changelogs/fragments/7641-fix-keycloak-api-client-to-quote-properly.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Tomohiko Ozawa 2023-12-02 17:31:46 +09:00 committed by GitHub
parent 241cc02fa8
commit 58cce27d45
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 20 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- keycloak_* - fix Keycloak API client to quote ``/`` properly (https://github.com/ansible-collections/community.general/pull/7641).

View file

@ -1679,7 +1679,7 @@ class KeycloakAPI(object):
:param name: Name of the role to fetch. :param name: Name of the role to fetch.
:param realm: Realm in which the role resides; default 'master'. :param realm: Realm in which the role resides; default 'master'.
""" """
role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name)) role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name, safe=''))
try: try:
return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
validate_certs=self.validate_certs).read())) validate_certs=self.validate_certs).read()))
@ -1716,7 +1716,7 @@ class KeycloakAPI(object):
:param rolerep: A RoleRepresentation of the updated role. :param rolerep: A RoleRepresentation of the updated role.
:return HTTPResponse object on success :return HTTPResponse object on success
""" """
role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(rolerep['name'])) role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(rolerep['name']), safe='')
try: try:
composites = None composites = None
if "composites" in rolerep: if "composites" in rolerep:
@ -1737,9 +1737,9 @@ class KeycloakAPI(object):
if clientid is not None: if clientid is not None:
client = self.get_client_by_clientid(client_id=clientid, realm=realm) client = self.get_client_by_clientid(client_id=clientid, realm=realm)
cid = client['id'] cid = client['id']
composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"])) composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
else: else:
composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"])) composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
# Get existing composites # Get existing composites
return json.loads(to_native(open_url( return json.loads(to_native(open_url(
composite_url, composite_url,
@ -1758,9 +1758,9 @@ class KeycloakAPI(object):
if clientid is not None: if clientid is not None:
client = self.get_client_by_clientid(client_id=clientid, realm=realm) client = self.get_client_by_clientid(client_id=clientid, realm=realm)
cid = client['id'] cid = client['id']
composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"])) composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
else: else:
composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"])) composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
# Get existing composites # Get existing composites
# create new composites # create new composites
return open_url(composite_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return open_url(composite_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
@ -1775,9 +1775,9 @@ class KeycloakAPI(object):
if clientid is not None: if clientid is not None:
client = self.get_client_by_clientid(client_id=clientid, realm=realm) client = self.get_client_by_clientid(client_id=clientid, realm=realm)
cid = client['id'] cid = client['id']
composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"])) composite_url = URL_CLIENT_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep["name"], safe=''))
else: else:
composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"])) composite_url = URL_REALM_ROLE_COMPOSITES.format(url=self.baseurl, realm=realm, name=quote(rolerep["name"], safe=''))
# Get existing composites # Get existing composites
# create new composites # create new composites
return open_url(composite_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return open_url(composite_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
@ -1842,7 +1842,7 @@ class KeycloakAPI(object):
:param name: The name of the role. :param name: The name of the role.
:param realm: The realm in which this role resides, default "master". :param realm: The realm in which this role resides, default "master".
""" """
role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name)) role_url = URL_REALM_ROLE.format(url=self.baseurl, realm=realm, name=quote(name, safe=''))
try: try:
return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
validate_certs=self.validate_certs) validate_certs=self.validate_certs)
@ -1886,7 +1886,7 @@ class KeycloakAPI(object):
if cid is None: if cid is None:
self.module.fail_json(msg='Could not find client %s in realm %s' self.module.fail_json(msg='Could not find client %s in realm %s'
% (clientid, realm)) % (clientid, realm))
role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name)) role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name, safe=''))
try: try:
return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return json.loads(to_native(open_url(role_url, method="GET", http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
validate_certs=self.validate_certs).read())) validate_certs=self.validate_certs).read()))
@ -1950,7 +1950,7 @@ class KeycloakAPI(object):
if cid is None: if cid is None:
self.module.fail_json(msg='Could not find client %s in realm %s' self.module.fail_json(msg='Could not find client %s in realm %s'
% (clientid, realm)) % (clientid, realm))
role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep['name'])) role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(rolerep['name'], safe=''))
try: try:
composites = None composites = None
if "composites" in rolerep: if "composites" in rolerep:
@ -1976,7 +1976,7 @@ class KeycloakAPI(object):
if cid is None: if cid is None:
self.module.fail_json(msg='Could not find client %s in realm %s' self.module.fail_json(msg='Could not find client %s in realm %s'
% (clientid, realm)) % (clientid, realm))
role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name)) role_url = URL_CLIENT_ROLE.format(url=self.baseurl, realm=realm, id=cid, name=quote(name, safe=''))
try: try:
return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, return open_url(role_url, method='DELETE', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout,
validate_certs=self.validate_certs) validate_certs=self.validate_certs)
@ -2036,7 +2036,7 @@ class KeycloakAPI(object):
URL_AUTHENTICATION_FLOW_COPY.format( URL_AUTHENTICATION_FLOW_COPY.format(
url=self.baseurl, url=self.baseurl,
realm=realm, realm=realm,
copyfrom=quote(config["copyFrom"])), copyfrom=quote(config["copyFrom"], safe='')),
method='POST', method='POST',
http_agent=self.http_agent, headers=self.restheaders, http_agent=self.http_agent, headers=self.restheaders,
data=json.dumps(new_name), data=json.dumps(new_name),
@ -2110,7 +2110,7 @@ class KeycloakAPI(object):
URL_AUTHENTICATION_FLOW_EXECUTIONS.format( URL_AUTHENTICATION_FLOW_EXECUTIONS.format(
url=self.baseurl, url=self.baseurl,
realm=realm, realm=realm,
flowalias=quote(flowAlias)), flowalias=quote(flowAlias, safe='')),
method='PUT', method='PUT',
http_agent=self.http_agent, headers=self.restheaders, http_agent=self.http_agent, headers=self.restheaders,
data=json.dumps(updatedExec), data=json.dumps(updatedExec),
@ -2159,7 +2159,7 @@ class KeycloakAPI(object):
URL_AUTHENTICATION_FLOW_EXECUTIONS_FLOW.format( URL_AUTHENTICATION_FLOW_EXECUTIONS_FLOW.format(
url=self.baseurl, url=self.baseurl,
realm=realm, realm=realm,
flowalias=quote(flowAlias)), flowalias=quote(flowAlias, safe='')),
method='POST', method='POST',
http_agent=self.http_agent, headers=self.restheaders, http_agent=self.http_agent, headers=self.restheaders,
data=json.dumps(newSubFlow), data=json.dumps(newSubFlow),
@ -2183,7 +2183,7 @@ class KeycloakAPI(object):
URL_AUTHENTICATION_FLOW_EXECUTIONS_EXECUTION.format( URL_AUTHENTICATION_FLOW_EXECUTIONS_EXECUTION.format(
url=self.baseurl, url=self.baseurl,
realm=realm, realm=realm,
flowalias=quote(flowAlias)), flowalias=quote(flowAlias, safe='')),
method='POST', method='POST',
http_agent=self.http_agent, headers=self.restheaders, http_agent=self.http_agent, headers=self.restheaders,
data=json.dumps(newExec), data=json.dumps(newExec),
@ -2243,7 +2243,7 @@ class KeycloakAPI(object):
URL_AUTHENTICATION_FLOW_EXECUTIONS.format( URL_AUTHENTICATION_FLOW_EXECUTIONS.format(
url=self.baseurl, url=self.baseurl,
realm=realm, realm=realm,
flowalias=quote(config["alias"])), flowalias=quote(config["alias"], safe='')),
method='GET', method='GET',
http_agent=self.http_agent, headers=self.restheaders, http_agent=self.http_agent, headers=self.restheaders,
timeout=self.connection_timeout, timeout=self.connection_timeout,
@ -2336,7 +2336,7 @@ class KeycloakAPI(object):
return open_url( return open_url(
URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format( URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format(
url=self.baseurl, url=self.baseurl,
alias=quote(alias), alias=quote(alias, safe=''),
realm=realm realm=realm
), ),
method='PUT', method='PUT',
@ -2363,7 +2363,7 @@ class KeycloakAPI(object):
return open_url( return open_url(
URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format( URL_AUTHENTICATION_REQUIRED_ACTIONS_ALIAS.format(
url=self.baseurl, url=self.baseurl,
alias=quote(alias), alias=quote(alias, safe=''),
realm=realm realm=realm
), ),
method='DELETE', method='DELETE',
@ -2630,7 +2630,7 @@ class KeycloakAPI(object):
def get_authz_authorization_scope_by_name(self, name, client_id, realm): def get_authz_authorization_scope_by_name(self, name, client_id, realm):
url = URL_AUTHZ_AUTHORIZATION_SCOPES.format(url=self.baseurl, client_id=client_id, realm=realm) url = URL_AUTHZ_AUTHORIZATION_SCOPES.format(url=self.baseurl, client_id=client_id, realm=realm)
search_url = "%s/search?name=%s" % (url, quote(name)) search_url = "%s/search?name=%s" % (url, quote(name, safe=''))
try: try:
return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, return json.loads(to_native(open_url(search_url, method='GET', http_agent=self.http_agent, headers=self.restheaders,