keycloak_clientscope: add normalizations for attributes and protocol_mappers (#8496)

Signed-off-by: Eike Waldt <waldt@b1-systems.de>
2024-09-14 20:13:21 +02:00 · 2024-06-16 22:14:31 +02:00 · 2024-06-16 22:14:31 +02:00 · fd2cd5f28c
commit fd2cd5f28c
parent 3716187fc3
2 changed files with 38 additions and 2 deletions
--- a/changelogs/fragments/8496-keycloak_clientscope-add-normalizations.yaml
+++ b/changelogs/fragments/8496-keycloak_clientscope-add-normalizations.yaml
@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).
--- a/plugins/modules/keycloak_clientscope.py
+++ b/plugins/modules/keycloak_clientscope.py
@ -301,10 +301,37 @@ end_state:
 '''

 from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
-    keycloak_argument_spec, get_token, KeycloakError
+    keycloak_argument_spec, get_token, KeycloakError, is_struct_included
 from ansible.module_utils.basic import AnsibleModule


+def normalise_cr(clientscoperep, remove_ids=False):
+    """ Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
+    the change detection is more effective.
+
+    :param clientscoperep: the clientscoperep dict to be sanitized
+    :param remove_ids: If set to true, then the unique ID's of objects is removed to make the diff and checks for changed
+                       not alert when the ID's of objects are not usually known, (e.g. for protocol_mappers)
+    :return: normalised clientscoperep dict
+    """
+    # Avoid the dict passed in to be modified
+    clientscoperep = clientscoperep.copy()
+
+    if 'attributes' in clientscoperep:
+        clientscoperep['attributes'] = list(sorted(clientscoperep['attributes']))
+
+    if 'protocolMappers' in clientscoperep:
+        clientscoperep['protocolMappers'] = sorted(clientscoperep['protocolMappers'], key=lambda x: (x.get('name'), x.get('protocol'), x.get('protocolMapper')))
+        for mapper in clientscoperep['protocolMappers']:
+            if remove_ids:
+                mapper.pop('id', None)
+
+            # Set to a default value.
+            mapper['consentRequired'] = mapper.get('consentRequired', False)
+
+    return clientscoperep
+
+
 def sanitize_cr(clientscoperep):
    """ Removes probably sensitive details from a clientscoperep representation.

@ -317,7 +344,7 @@ def sanitize_cr(clientscoperep):
    if 'attributes' in result:
        if 'saml.signing.private.key' in result['attributes']:
            result['attributes']['saml.signing.private.key'] = 'no_log'
-    return result
+    return normalise_cr(result)


 def main():
@ -458,6 +485,13 @@ def main():
                result['diff'] = dict(before=sanitize_cr(before_clientscope), after=sanitize_cr(desired_clientscope))

            if module.check_mode:
+                # We can only compare the current clientscope with the proposed updates we have
+                before_norm = normalise_cr(before_clientscope, remove_ids=True)
+                desired_norm = normalise_cr(desired_clientscope, remove_ids=True)
+                if module._diff:
+                    result['diff'] = dict(before=sanitize_cr(before_norm),
+                                          after=sanitize_cr(desired_norm))
+                result['changed'] = not is_struct_included(desired_norm, before_norm)
                module.exit_json(**result)

            # do the update