Fix keycloak_client_rolemapping role removal and diff (#5619)
* Keycloak: Fix client rolemapping removal
Keycloak's delete_group_rolemapping API wrapper didn't pass data about
the roles to remove to keycloak, resulting in removal of all roles.
Follow the intended behaviour and delete only the roles listed in the
module invocation.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Fix client_rolemapping diff
The module's diff output wrongly showed the changed roles list as
'after' state. This is obviously wrong for role removal and also
wrong for role addition, if there are other roles assigned.
Use the result of the API query for 'end_state' for 'diff' as well.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Calculate client_rolemapping proposed state properly
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Add changelog fragment
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for python2 unit test
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f0b3bba030)
Co-authored-by: fachleitner <flo@fopen.at>
* Add explanation and example to vendor option
##### SUMMARY
<!— Your description here –>
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* Update plugins/modules/identity/keycloak/keycloak_user_federation.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7b86fa6a7d)
Co-authored-by: clovis-monmousseau <58973012+clovis-monmousseau@users.noreply.github.com>
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
(cherry picked from commit 123c7efe5e)
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm: fix default groups and roles (#4241)
* add changelog fragment
(cherry picked from commit 7ee15f95f7)
Co-authored-by: adam-cleo <90759784+adam-cleo@users.noreply.github.com>
* keycloak: fix creating a user federation w/ idempotent id
Creating a user federation while specifying an id (that doesn't exist
yet) will fail with a 404. This commits fix this behavior.
* keycloak: fix user federation mapper duplication
This commit fixes a bug where mappers are duplicated instead of
configured when creating a user federation.
When creating a user federation, some mappers are autogenerated by
keycloak. This commit lets the keycloak_user_federation module recompute
mappers final values after the user federation is created so that the
module can try to merge them by their name.
* add missing fragment for pr #4212
* KeycloakClientDiffBugs - Introduce test that passes.
* KeycloakClientDiffBugs - Add test to show that checking of redirect_uri's fails.
* KeycloakClientDiffBugs - (Fix1) Update so that checking of `redirectUris` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of attributes's fails (sorting issue)
* KeycloakClientDiffBugs - (Fix2) Update so that checking of `attributes` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of protocol_mappers's fail
* KeycloakClientDiffBugs - (Fix3) Update so that checking of `protocol_mappers` no longer shows a change when there is none.
* Introduce code fragment.
* Update the changelog to be based on the PR instead of the issue.
* Fix the readme
* Fix yaml indentation.
* Fix pep8
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove need for .copy() after making normalise_cr not mutate the dict.
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Consistent Modules - Rename updated_?? to desired_?? in all the keycloak modules.
* Consistent Modules - Rename the comments, and add whitespace so that all the modules are a lot more consistent between each other.
* Consistent Modules - Remove final elif where a final else doesn't exist.
This is to address the inconsistency between the other modules.
Whilst I can see it being more descriptive, there should be a final "else:" to cater if the values is neither 'absent' or 'present'.
* Consistent Modules - Use dict() instead of {} like most of the other keycloak modules.
* Consistent Modules - Update keycloak authentication so that the if ordering is consistent for no-item.
* Consistent Modules - Move the 'Filter and map' process to always occur before getting an existing item.
* Consistent Modules - Be consistent with how to initialse before_?? and set it to dict() if it is None.
* Consistent Modules - Add module.exit_?? in the locations as per the other modules.
* Consistent Modules - Represent result['diff'] using dict(before=.., after=...) as per all the other modules.
* Consistent Modules - Add / Move location of when result['end_state'] is getting defined.
* Consistent modules - Add result['changed'] = False where we do nothing and exit because item exists.
* Consistent Modules - Set the value result['changed'] to True earlier so it shows up when in checking mode only.
* Consistent Modules - test for equality with a dict to assert there was no realm in the first place as per the other modules.
* Consistent Modules - Address the spelling.
* Consistent Modules - keycloak_group - Remove result['group'] as result['end_state'] is the consistent value used in the other modules.
* Consistent Modules - Order the lines in the section, Do nothing and exit consistently.
* Consistent Modules - Add result['end_state'] and still add deprecated `flow` return value.
* Consistent Modules - Add missing return documentation for `msg`.
* Consistent Modules - Tweak whitespace in the RETURN variable.
* Consistent Modules - Add result['group'] in addition to deprecated result['group'] response.
* Consistent Modules - Add return property, 'contains' to address test errors.
* Consistent Modules - Rename updated_?? to desired_?? in new modules since initial PR.
* Consistent Modules - Rename the comments, and add whitespace so that all the (recently added) modules are a lot more consistent between each other.
* Consistent Modules - Make indentation consistent within the response document.
* Consistent Modules - Use B(DEPRECATED) in a seperate line in the description.
* Consistent Modules - Add a lot of full stops to sentences.
* Consistent Modules - Use C(...) and I(...) formatting methods.
* Consistent Modules - Use "on success" everywhere for end_state response documentation.
* Consistent Modules - Update the documents for RETURN.proposed, RETURN.existing, RETURN.end_state to be the same.
* Consistent Modules - Add fragment.
* Remove period after short_description.
* Update changelog fragment.
* Consistent Modules - PRFeedback - Remove `module.exit_json(**result)` within the `Delete` section of the if statement.
There's a exit_json(..) immediately after.
* Consistent Modules - PRFeedback - Use `if not x_repr` instead of `if x_repr == dict()`.
* keycloak_authentication - Add a sample of the output.
* Replace `dict()` with `{}` for all the keycloak modules.
* Add the requested deprecated notices
* Update changelogs/fragments/3280-keycloak-module-cleanup-and-consistency.yml
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix diff mode when updating authentication flow with keycloak_authentication module
* Update documentation of create_or_update_executions function (return tuple instead of dict)
* Fix: Update requirement when new exex created
* Add changelog fragment
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Edit requirement of sublow
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add authentication_flow_binding_overrides option to the keycloak_client module
* Add changelog fragment
* Update changelogs/fragments/2949-add_authentication-flow-binding_keycloak-client.yml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Add unit test authentication_flow_binding_overrides feature on keycloak_client module
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Fix bug when 2 identical executions in same auth flow
* Add changelog fragment
* Fix unit tests
* Update changelogs/fragments/2904-fix-bug-when-2-identical-executions-in-same-auth-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
Fix unit test and add new one for token as param
Fix identation
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Check if base_url is None before to check format
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Switch to modern syntax for the documentation (e.g. community.general.keycloak_client)
Update keycloak_client.py
Update keycloak_clienttemplate.py
Add keycloak_authentication module to manage authentication
Minor fixex
Fix indent
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Removing variable ANSIBLE_METADATA from beginning of file
Minor fix
Refactoring create_or_update_executions :add change_execution_priority function
Refactoring create_or_update_executions :add create_execution function
Refactoring create_or_update_executions: add create_subflow
Refactoring create_or_update_executions: add update_authentication_executions function
Minor fix
* Using FQCN for the examples
Minor fix
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Refactoring: rename isDictEquals into is_dict_equals
Refactoring: rename variable as authentication_flow
Refactoring: rename variable as new_name
Refactoring: rename variable as flow_list
Refactoring: rename variable as new_flow
Refactoring: changing construction of dict newAuthenticationRepresentation and renaming as new_auth_repr
Minor fix
* Refactoring: rename variables with correct Python syntax (auth_repr, exec_repr)
Move create_or_update_executions function from keycloak.py to keycloak_authentication.py
Minor fix
Remove mock_create_or_update_executions not needed anymore
Fix unit test
Update plugins/module_utils/identity/keycloak/keycloak.py
is_dict_equals function return True if value1 empty
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Rename is_dict_equal as is_struct_included and rename params as struct1 and struct2
Rename variables according to Python naming conventions
Refactoring: add find_exec_in_executions function in keycloak_authentication to remove code duplication
typo
Add blank line
Add required parameter, either creds or token
Typo
try/except only surround for loop containing struct2[key]
Add sub-options to meta_args
assigment of result['changed'] after if-elif-else block
Fix CI error: parameter-type-not-in-doc
Fix unit test: none value excluded from comparison
Minor fix
Simplify is_struct_included function
Replace 'type(..) is' by isinstance(..)
Remove redundant required=True and redundant parenthesis
Add check_mode, check if value is None (None value added by argument spec checker)
Apply suggestions from code review
Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Add index paramter to configure the priority order of the execution
* Minor fix: authenticationConfig dict instead of str
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm.py: Fix the `ssl_required` parameter according to the API
The `ssl_required` parameter is a string and must be one of 'all',
'external' or 'none'. Passing a bool will make the server return a 500.
* fixup! keycloak_realm.py: Fix the `ssl_required` parameter according to the API
* Update changelogs/fragments/keycloak_realm_ssl_required.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm.py: Mark 'reset_password_allowed' as no_log=False
This value is not sensitive but Ansible will complain about it otherwise
* fixup! keycloak_realm.py: Mark 'reset_password_allowed' as no_log=False
* Apply all suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Keycloak: add realm management
* Minor fixes
* Review fixes
* Remove sort of list because condition on list cannot be true
* Add exception in fail_json and update test
* Change output for secret and version in comments
* Update copyright
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add missing traceback
* Apply suggestions from code review
* Update plugins/modules/identity/keycloak/keycloak_realm.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow keycloak_group.py to take token as parameter for the authentification
* Fix some pep8 issues
* Add changelog fragment
* Refactor get_token to pass module.params + Documentation
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix unit test and add new one for token as param
* Fix identation
* Check base_url format also if token is given
* Update plugins/doc_fragments/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow keycloak_group.py to take token as parameter for the authentification
* Refactor get_token to pass module.params + Documentation
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_group.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Check if base_url is None before to check format
* Fix unit test: rename base_url parameter to auth_keycloak_url
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/2250-allow-keycloak-modules-to-take-token-as-param.yml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update changelogs/fragments/2250-allow-keycloak-modules-to-take-token-as-param.yml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_group.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_group.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Switch to modern syntax for the documentation (e.g. community.general.keycloak_client)
* Add check either creds or token as argument of all keyloak_* modules
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Amin Vakil <info@aminvakil.com>
* fixed validation-modules for plugins/modules/storage/netapp/na_ontap_gather_facts.py
* fixed validation-modules for plugins/modules/source_control/gitlab/gitlab_runner.py
* fixed validation-modules for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/notification/twilio.py
* fixed validation-modules for plugins/modules/notification/slack.py
* fixed validation-modules for plugins/modules/notification/sendgrid.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/notification/office_365_connector_card.py
* fixed validation-modules for plugins/modules/notification/nexmo.py
* fixed validation-modules for plugins/modules/notification/mail.py
* fixed validation-modules for plugins/modules/net_tools/omapi_host.py
* fixed validation-modules for plugins/modules/net_tools/nsupdate.py
* fixed validation-modules for plugins/modules/net_tools/dnsimple.py
* fixed validation-modules for plugins/modules/monitoring/pagerduty.py
* fixed validation-modules for plugins/modules/monitoring/librato_annotation.py
* fixed validation-modules for plugins/modules/identity/onepassword_info.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/files/xml.py
* fixed validation-modules for plugins/modules/cloud/softlayer/sl_vm.py
* fixed validation-modules for plugins/modules/cloud/smartos/vmadm.py
* fixed validation-modules for plugins/modules/cloud/pubnub/pubnub_blocks.py
* fixed validation-modules for plugins/modules/cloud/packet/packet_device.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/module_utils/oracle/oci_utils.py
* fixed validation-modules for plugins/doc_fragments/oracle_creatable_resource.py
* Tidy up validate-modules:parameter-list-no-elements for some modules
* fixed validation-modules for plugins/modules/monitoring/statusio_maintenance.py
* Fixed pending issues from CI validation
* Fixed xml module elements for add_children & set_children
* added changelog fragment
* typo
* fix wording in changelog frag
* Fix a bunch of potential security issues (secret leaking).
* oneandone_server was already ok.
* Add more parameters for pagerduty_alert.
* Add more no_log=True.
* Fixed validate-modules:mutually_exclusive-unknown for plugins/modules/packaging/os/redhat_subscription.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_container.py
* fixed validation-modules for plugins/modules/web_infrastructure/sophos_utm/utm_network_interface_address.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_host.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image_info.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_image.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_service.py
* fixed validation-modules for plugins/modules/cloud/opennebula/one_vm.py
* fixed validation-modules for plugins/modules/net_tools/cloudflare_dns.py
* fixed validation-modules for plugins/modules/net_tools/ip_netns.py
* fixed validation-modules for plugins/modules/net_tools/ipinfoio_facts.py
* fixed validation-modules for plugins/modules/net_tools/netcup_dns.py
* fixed validation-modules for plugins/modules/remote_management/wakeonlan.py
* added types to plugins/modules/remote_management/stacki/stacki_host.py but still cannot remove ignore line
* added a couple of FIXME comments
* fixed validation-modules for plugins/modules/remote_management/manageiq/manageiq_provider.py
* fixed validation-modules for plugins/modules/notification/rocketchat.py
* fixed validation-modules for plugins/modules/monitoring/bigpanda.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_client.py
* fixed validation-modules for plugins/modules/identity/keycloak/keycloak_clienttemplate.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_user.py
* fixed validation-modules for plugins/modules/cloud/univention/udm_group.py
* fixed validation-modules for plugins/modules/cloud/spotinst/spotinst_aws_elastigroup.py
* fixed validation-modules for plugins/modules/cloud/smartos/imgadm.py
* fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_nic.py
* fixed validation-modules for plugins/modules/cloud/ovirt/ovirt_external_provider_facts.py
* Tidy up validate-modules ignores no-default-for-required-parameter + couple of other cases
* Added changelog frag
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_alert_policy.py
* fixed validation-modules for plugins/modules/cloud/centurylink/clc_firewall_policy.py
* fixed validation-modules for plugins/modules/cloud/lxd/lxd_profile.py
* Typos and small fixes
* fixed validation-modules for plugins/modules/net_tools/ldap/ldap_passwd.py
* Typos and small fixes, part 2
* Fixes from PR comments
* Update plugins/modules/cloud/profitbricks/profitbricks_nic.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Rolled back the mutually-exclusive-unknown in redhat_subscription
* Update changelogs/fragments/1423-valmod_multiple_cases.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>