bugfixing keycloak user federation failing when updating default mapper simultaneously (#5750)
* fix(modules/keycloak_user_federation): fixes ...
... user federation creation failing when also updating/changing default
mappers at the same time
* add changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 6781dd1918)
Co-authored-by: morco <thegreatwiper@web.de>
Bugfix/keycloak userfed idempotency (#5732)
* fix(modules/keycloak_user_federation): fixes ...
... federation read call not finding already existing federations
properly because of bad parametrisation
* fix(modules/keycloak_user_federation): added ...
... new integration test for module idempotency bugfix
* added changelog fragment for pr
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
(cherry picked from commit 0ca41dedce)
Co-authored-by: morco <thegreatwiper@web.de>
Fix keycloak_client_rolemapping role removal and diff (#5619)
* Keycloak: Fix client rolemapping removal
Keycloak's delete_group_rolemapping API wrapper didn't pass data about
the roles to remove to keycloak, resulting in removal of all roles.
Follow the intended behaviour and delete only the roles listed in the
module invocation.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Fix client_rolemapping diff
The module's diff output wrongly showed the changed roles list as
'after' state. This is obviously wrong for role removal and also
wrong for role addition, if there are other roles assigned.
Use the result of the API query for 'end_state' for 'diff' as well.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Calculate client_rolemapping proposed state properly
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Add changelog fragment
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for python2 unit test
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f0b3bba030)
Co-authored-by: fachleitner <flo@fopen.at>
* Add explanation and example to vendor option
##### SUMMARY
<!— Your description here –>
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* Update plugins/modules/identity/keycloak/keycloak_user_federation.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7b86fa6a7d)
Co-authored-by: clovis-monmousseau <58973012+clovis-monmousseau@users.noreply.github.com>
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
(cherry picked from commit 123c7efe5e)
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm: fix default groups and roles (#4241)
* add changelog fragment
(cherry picked from commit 7ee15f95f7)
Co-authored-by: adam-cleo <90759784+adam-cleo@users.noreply.github.com>
* Get first found configuration file
There are three valid places to get the configuration.
https://developer.1password.com/docs/cli/about-biometric-unlock#remove-old-account-information
* Use common config class
* Add changelog fragment
* Explicitly use new style classes for Python 2.7 compatibility
This shouldn’t matter for lookups, but does matter for module_utils
and modules since Python 2.7 is still supported on the managed node.
* Update changelogs/fragments/4065-onepassword-config.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: fix creating a user federation w/ idempotent id
Creating a user federation while specifying an id (that doesn't exist
yet) will fail with a 404. This commits fix this behavior.
* keycloak: fix user federation mapper duplication
This commit fixes a bug where mappers are duplicated instead of
configured when creating a user federation.
When creating a user federation, some mappers are autogenerated by
keycloak. This commit lets the keycloak_user_federation module recompute
mappers final values after the user federation is created so that the
module can try to merge them by their name.
* add missing fragment for pr #4212
* Add PTR synchronization support for dnszones
* Add changelog fragment
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Update to reflect proper module name.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Add period.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Remove requires comment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change type to boolean in following with API docs
* Tested with needed changes made.
* Fix documentation to max implementation
* Check for specific params; allow for modifications if needed
* Add PTR synchronization support for dnszones
* Add changelog fragment
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Update to reflect proper module name.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove trailing whitespace
* Make use of full search and compare params
* Fix formatting errors
* Move the change flag outside of module check
* Fix itens typo to items
* Update dynamicupdate to a boolean
* Remove unnecessary flags and options
* Minor comment changes
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Anne-Marie Lee <alee@datainterfuse.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typos.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
* KeycloakClientDiffBugs - Introduce test that passes.
* KeycloakClientDiffBugs - Add test to show that checking of redirect_uri's fails.
* KeycloakClientDiffBugs - (Fix1) Update so that checking of `redirectUris` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of attributes's fails (sorting issue)
* KeycloakClientDiffBugs - (Fix2) Update so that checking of `attributes` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of protocol_mappers's fail
* KeycloakClientDiffBugs - (Fix3) Update so that checking of `protocol_mappers` no longer shows a change when there is none.
* Introduce code fragment.
* Update the changelog to be based on the PR instead of the issue.
* Fix the readme
* Fix yaml indentation.
* Fix pep8
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove need for .copy() after making normalise_cr not mutate the dict.
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Consistent Modules - Rename updated_?? to desired_?? in all the keycloak modules.
* Consistent Modules - Rename the comments, and add whitespace so that all the modules are a lot more consistent between each other.
* Consistent Modules - Remove final elif where a final else doesn't exist.
This is to address the inconsistency between the other modules.
Whilst I can see it being more descriptive, there should be a final "else:" to cater if the values is neither 'absent' or 'present'.
* Consistent Modules - Use dict() instead of {} like most of the other keycloak modules.
* Consistent Modules - Update keycloak authentication so that the if ordering is consistent for no-item.
* Consistent Modules - Move the 'Filter and map' process to always occur before getting an existing item.
* Consistent Modules - Be consistent with how to initialse before_?? and set it to dict() if it is None.
* Consistent Modules - Add module.exit_?? in the locations as per the other modules.
* Consistent Modules - Represent result['diff'] using dict(before=.., after=...) as per all the other modules.
* Consistent Modules - Add / Move location of when result['end_state'] is getting defined.
* Consistent modules - Add result['changed'] = False where we do nothing and exit because item exists.
* Consistent Modules - Set the value result['changed'] to True earlier so it shows up when in checking mode only.
* Consistent Modules - test for equality with a dict to assert there was no realm in the first place as per the other modules.
* Consistent Modules - Address the spelling.
* Consistent Modules - keycloak_group - Remove result['group'] as result['end_state'] is the consistent value used in the other modules.
* Consistent Modules - Order the lines in the section, Do nothing and exit consistently.
* Consistent Modules - Add result['end_state'] and still add deprecated `flow` return value.
* Consistent Modules - Add missing return documentation for `msg`.
* Consistent Modules - Tweak whitespace in the RETURN variable.
* Consistent Modules - Add result['group'] in addition to deprecated result['group'] response.
* Consistent Modules - Add return property, 'contains' to address test errors.
* Consistent Modules - Rename updated_?? to desired_?? in new modules since initial PR.
* Consistent Modules - Rename the comments, and add whitespace so that all the (recently added) modules are a lot more consistent between each other.
* Consistent Modules - Make indentation consistent within the response document.
* Consistent Modules - Use B(DEPRECATED) in a seperate line in the description.
* Consistent Modules - Add a lot of full stops to sentences.
* Consistent Modules - Use C(...) and I(...) formatting methods.
* Consistent Modules - Use "on success" everywhere for end_state response documentation.
* Consistent Modules - Update the documents for RETURN.proposed, RETURN.existing, RETURN.end_state to be the same.
* Consistent Modules - Add fragment.
* Remove period after short_description.
* Update changelog fragment.
* Consistent Modules - PRFeedback - Remove `module.exit_json(**result)` within the `Delete` section of the if statement.
There's a exit_json(..) immediately after.
* Consistent Modules - PRFeedback - Use `if not x_repr` instead of `if x_repr == dict()`.
* keycloak_authentication - Add a sample of the output.
* Replace `dict()` with `{}` for all the keycloak modules.
* Add the requested deprecated notices
* Update changelogs/fragments/3280-keycloak-module-cleanup-and-consistency.yml
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa: add append parameter to modify_if_diff
* ipa_group: add state: append
* ipa_group: rework append to an option instead of another state
* ipa_group: append default=no
* ipa_group: add change fragment for new append option
* ipa_group: restore descriptions for group and user
* ipa_group: re-add missed quotation mark
* ipa_group: set default for append in
argument_spec
* ipa_group: add .yml ext to fragement file
* ipa_group: corrections to append description
* ipa_group: refine change fragement text
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa_group: use correct macros in option descriptions
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa_group: include append in user and group descriptions
* ipa_group: add version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix diff mode when updating authentication flow with keycloak_authentication module
* Update documentation of create_or_update_executions function (return tuple instead of dict)
* Fix: Update requirement when new exex created
* Add changelog fragment
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Edit requirement of sublow
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add authentication_flow_binding_overrides option to the keycloak_client module
* Add changelog fragment
* Update changelogs/fragments/2949-add_authentication-flow-binding_keycloak-client.yml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Add unit test authentication_flow_binding_overrides feature on keycloak_client module
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Fix bug when 2 identical executions in same auth flow
* Add changelog fragment
* Fix unit tests
* Update changelogs/fragments/2904-fix-bug-when-2-identical-executions-in-same-auth-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
