1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

keycloak_client_rolemapping.py: add support for subgroups (#6687)

* keycloak_client_rolemapping.py: add support for subgroups

* Add PR number after creating a PR to 6687-support-subgroups-for-keycloak-client-rolemapping.yml

* Update changelogs/fragments/6687-support-subgroups-for-keycloak-client-rolemapping.yml

Add missing URL

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client_rolemapping.py

Set a correct version_added (previously it was a copy-paste)

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client_rolemapping.py

Fix typo after copy-paste

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client_rolemapping.py

Fix typo after copy-paste

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client_rolemapping.py

Fix typo after copy-paste

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Mikhail Putilov <Mikhail.Putilov@dimoco.eu>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Mikhail Putilov 2023-06-18 19:49:00 +02:00 committed by GitHub
parent ccdcf70d69
commit e06a0e22f7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 62 additions and 2 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- keycloak_client_rolemapping - adds support for subgroups with additional parameter ``parents`` (https://github.com/ansible-collections/community.general/pull/6687).

View file

@ -63,6 +63,33 @@ options:
- Name of the group to be mapped.
- This parameter is required (can be replaced by gid for less API call).
parents:
version_added: "7.1.0"
type: list
description:
- List of parent groups for the group to handle sorted top to bottom.
- >-
Set this if your group is a subgroup and you do not provide the GID in O(gid).
elements: dict
suboptions:
id:
type: str
description:
- Identify parent by ID.
- Needs less API calls than using O(parents[].name).
- A deep parent chain can be started at any point when first given parent is given as ID.
- Note that in principle both ID and name can be specified at the same time
but current implementation only always use just one of them, with ID
being preferred.
name:
type: str
description:
- Identify parent by name.
- Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood.
- When giving a parent chain with only names it must be complete up to the top.
- Note that in principle both ID and name can be specified at the same time
but current implementation only always use just one of them, with ID
being preferred.
gid:
type: str
description:
@ -144,6 +171,24 @@ EXAMPLES = '''
id: role_id2
delegate_to: localhost
- name: Map a client role to a subgroup, authentication with token
community.general.keycloak_client_rolemapping:
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
token: TOKEN
state: present
client_id: client1
group_name: subgroup1
parents:
- name: parent-group
roles:
- name: role_name1
id: role_id1
- name: role_name2
id: role_id2
delegate_to: localhost
- name: Unmap client role from a group
community.general.keycloak_client_rolemapping:
realm: MyCustomRealm
@ -230,6 +275,13 @@ def main():
realm=dict(default='master'),
gid=dict(type='str'),
group_name=dict(type='str'),
parents=dict(
type='list', elements='dict',
options=dict(
id=dict(type='str'),
name=dict(type='str')
),
),
cid=dict(type='str'),
client_id=dict(type='str'),
roles=dict(type='list', elements='dict', options=roles_spec),
@ -259,6 +311,7 @@ def main():
gid = module.params.get('gid')
group_name = module.params.get('group_name')
roles = module.params.get('roles')
parents = module.params.get('parents')
# Check the parameters
if cid is None and client_id is None:
@ -268,7 +321,7 @@ def main():
# Get the potential missing parameters
if gid is None:
group_rep = kc.get_group_by_name(group_name, realm=realm)
group_rep = kc.get_group_by_name(group_name, realm=realm, parents=parents)
if group_rep is not None:
gid = group_rep['id']
else:

View file

@ -120,6 +120,11 @@ class TestKeycloakRealm(ModuleTestCase):
'state': 'present',
'client_id': 'test_client',
'group_name': 'test_group',
'parents': [
{
'name': 'parent_group'
}
],
'roles': [
{
'name': 'test_role1',
@ -139,7 +144,7 @@ class TestKeycloakRealm(ModuleTestCase):
"clientRoles": "{}",
"id": "92f2400e-0ecb-4185-8950-12dcef616c2b",
"name": "test_group",
"path": "/test_group",
"path": "/parent_group/test_group",
"realmRoles": "[]",
"subGroups": "[]"
}]