mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
keycloak_client_rolemapping.py: add support for subgroups (#6687)
* keycloak_client_rolemapping.py: add support for subgroups * Add PR number after creating a PR to 6687-support-subgroups-for-keycloak-client-rolemapping.yml * Update changelogs/fragments/6687-support-subgroups-for-keycloak-client-rolemapping.yml Add missing URL Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_client_rolemapping.py Set a correct version_added (previously it was a copy-paste) Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_client_rolemapping.py Fix typo after copy-paste Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_client_rolemapping.py Fix typo after copy-paste Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_client_rolemapping.py Fix typo after copy-paste Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Mikhail Putilov <Mikhail.Putilov@dimoco.eu> Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
ccdcf70d69
commit
e06a0e22f7
3 changed files with 62 additions and 2 deletions
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- keycloak_client_rolemapping - adds support for subgroups with additional parameter ``parents`` (https://github.com/ansible-collections/community.general/pull/6687).
|
|
@ -63,6 +63,33 @@ options:
|
||||||
- Name of the group to be mapped.
|
- Name of the group to be mapped.
|
||||||
- This parameter is required (can be replaced by gid for less API call).
|
- This parameter is required (can be replaced by gid for less API call).
|
||||||
|
|
||||||
|
parents:
|
||||||
|
version_added: "7.1.0"
|
||||||
|
type: list
|
||||||
|
description:
|
||||||
|
- List of parent groups for the group to handle sorted top to bottom.
|
||||||
|
- >-
|
||||||
|
Set this if your group is a subgroup and you do not provide the GID in O(gid).
|
||||||
|
elements: dict
|
||||||
|
suboptions:
|
||||||
|
id:
|
||||||
|
type: str
|
||||||
|
description:
|
||||||
|
- Identify parent by ID.
|
||||||
|
- Needs less API calls than using O(parents[].name).
|
||||||
|
- A deep parent chain can be started at any point when first given parent is given as ID.
|
||||||
|
- Note that in principle both ID and name can be specified at the same time
|
||||||
|
but current implementation only always use just one of them, with ID
|
||||||
|
being preferred.
|
||||||
|
name:
|
||||||
|
type: str
|
||||||
|
description:
|
||||||
|
- Identify parent by name.
|
||||||
|
- Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood.
|
||||||
|
- When giving a parent chain with only names it must be complete up to the top.
|
||||||
|
- Note that in principle both ID and name can be specified at the same time
|
||||||
|
but current implementation only always use just one of them, with ID
|
||||||
|
being preferred.
|
||||||
gid:
|
gid:
|
||||||
type: str
|
type: str
|
||||||
description:
|
description:
|
||||||
|
@ -144,6 +171,24 @@ EXAMPLES = '''
|
||||||
id: role_id2
|
id: role_id2
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Map a client role to a subgroup, authentication with token
|
||||||
|
community.general.keycloak_client_rolemapping:
|
||||||
|
realm: MyCustomRealm
|
||||||
|
auth_client_id: admin-cli
|
||||||
|
auth_keycloak_url: https://auth.example.com/auth
|
||||||
|
token: TOKEN
|
||||||
|
state: present
|
||||||
|
client_id: client1
|
||||||
|
group_name: subgroup1
|
||||||
|
parents:
|
||||||
|
- name: parent-group
|
||||||
|
roles:
|
||||||
|
- name: role_name1
|
||||||
|
id: role_id1
|
||||||
|
- name: role_name2
|
||||||
|
id: role_id2
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
- name: Unmap client role from a group
|
- name: Unmap client role from a group
|
||||||
community.general.keycloak_client_rolemapping:
|
community.general.keycloak_client_rolemapping:
|
||||||
realm: MyCustomRealm
|
realm: MyCustomRealm
|
||||||
|
@ -230,6 +275,13 @@ def main():
|
||||||
realm=dict(default='master'),
|
realm=dict(default='master'),
|
||||||
gid=dict(type='str'),
|
gid=dict(type='str'),
|
||||||
group_name=dict(type='str'),
|
group_name=dict(type='str'),
|
||||||
|
parents=dict(
|
||||||
|
type='list', elements='dict',
|
||||||
|
options=dict(
|
||||||
|
id=dict(type='str'),
|
||||||
|
name=dict(type='str')
|
||||||
|
),
|
||||||
|
),
|
||||||
cid=dict(type='str'),
|
cid=dict(type='str'),
|
||||||
client_id=dict(type='str'),
|
client_id=dict(type='str'),
|
||||||
roles=dict(type='list', elements='dict', options=roles_spec),
|
roles=dict(type='list', elements='dict', options=roles_spec),
|
||||||
|
@ -259,6 +311,7 @@ def main():
|
||||||
gid = module.params.get('gid')
|
gid = module.params.get('gid')
|
||||||
group_name = module.params.get('group_name')
|
group_name = module.params.get('group_name')
|
||||||
roles = module.params.get('roles')
|
roles = module.params.get('roles')
|
||||||
|
parents = module.params.get('parents')
|
||||||
|
|
||||||
# Check the parameters
|
# Check the parameters
|
||||||
if cid is None and client_id is None:
|
if cid is None and client_id is None:
|
||||||
|
@ -268,7 +321,7 @@ def main():
|
||||||
|
|
||||||
# Get the potential missing parameters
|
# Get the potential missing parameters
|
||||||
if gid is None:
|
if gid is None:
|
||||||
group_rep = kc.get_group_by_name(group_name, realm=realm)
|
group_rep = kc.get_group_by_name(group_name, realm=realm, parents=parents)
|
||||||
if group_rep is not None:
|
if group_rep is not None:
|
||||||
gid = group_rep['id']
|
gid = group_rep['id']
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -120,6 +120,11 @@ class TestKeycloakRealm(ModuleTestCase):
|
||||||
'state': 'present',
|
'state': 'present',
|
||||||
'client_id': 'test_client',
|
'client_id': 'test_client',
|
||||||
'group_name': 'test_group',
|
'group_name': 'test_group',
|
||||||
|
'parents': [
|
||||||
|
{
|
||||||
|
'name': 'parent_group'
|
||||||
|
}
|
||||||
|
],
|
||||||
'roles': [
|
'roles': [
|
||||||
{
|
{
|
||||||
'name': 'test_role1',
|
'name': 'test_role1',
|
||||||
|
@ -139,7 +144,7 @@ class TestKeycloakRealm(ModuleTestCase):
|
||||||
"clientRoles": "{}",
|
"clientRoles": "{}",
|
||||||
"id": "92f2400e-0ecb-4185-8950-12dcef616c2b",
|
"id": "92f2400e-0ecb-4185-8950-12dcef616c2b",
|
||||||
"name": "test_group",
|
"name": "test_group",
|
||||||
"path": "/test_group",
|
"path": "/parent_group/test_group",
|
||||||
"realmRoles": "[]",
|
"realmRoles": "[]",
|
||||||
"subGroups": "[]"
|
"subGroups": "[]"
|
||||||
}]
|
}]
|
||||||
|
|
Loading…
Reference in a new issue