1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

keycloak_clientscope: add normalizations for attributes and protocol_mappers (#8496)

Signed-off-by: Eike Waldt <waldt@b1-systems.de>
This commit is contained in:
Eike Waldt 2024-06-16 22:14:31 +02:00 committed by GitHub
parent 3716187fc3
commit fd2cd5f28c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 38 additions and 2 deletions

View file

@ -0,0 +1,2 @@
bugfixes:
- keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).

View file

@ -301,10 +301,37 @@ end_state:
'''
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
keycloak_argument_spec, get_token, KeycloakError
keycloak_argument_spec, get_token, KeycloakError, is_struct_included
from ansible.module_utils.basic import AnsibleModule
def normalise_cr(clientscoperep, remove_ids=False):
""" Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
the change detection is more effective.
:param clientscoperep: the clientscoperep dict to be sanitized
:param remove_ids: If set to true, then the unique ID's of objects is removed to make the diff and checks for changed
not alert when the ID's of objects are not usually known, (e.g. for protocol_mappers)
:return: normalised clientscoperep dict
"""
# Avoid the dict passed in to be modified
clientscoperep = clientscoperep.copy()
if 'attributes' in clientscoperep:
clientscoperep['attributes'] = list(sorted(clientscoperep['attributes']))
if 'protocolMappers' in clientscoperep:
clientscoperep['protocolMappers'] = sorted(clientscoperep['protocolMappers'], key=lambda x: (x.get('name'), x.get('protocol'), x.get('protocolMapper')))
for mapper in clientscoperep['protocolMappers']:
if remove_ids:
mapper.pop('id', None)
# Set to a default value.
mapper['consentRequired'] = mapper.get('consentRequired', False)
return clientscoperep
def sanitize_cr(clientscoperep):
""" Removes probably sensitive details from a clientscoperep representation.
@ -317,7 +344,7 @@ def sanitize_cr(clientscoperep):
if 'attributes' in result:
if 'saml.signing.private.key' in result['attributes']:
result['attributes']['saml.signing.private.key'] = 'no_log'
return result
return normalise_cr(result)
def main():
@ -458,6 +485,13 @@ def main():
result['diff'] = dict(before=sanitize_cr(before_clientscope), after=sanitize_cr(desired_clientscope))
if module.check_mode:
# We can only compare the current clientscope with the proposed updates we have
before_norm = normalise_cr(before_clientscope, remove_ids=True)
desired_norm = normalise_cr(desired_clientscope, remove_ids=True)
if module._diff:
result['diff'] = dict(before=sanitize_cr(before_norm),
after=sanitize_cr(desired_norm))
result['changed'] = not is_struct_included(desired_norm, before_norm)
module.exit_json(**result)
# do the update