Fix keycloak_client_rolemapping role removal and diff (#5619)
* Keycloak: Fix client rolemapping removal
Keycloak's delete_group_rolemapping API wrapper didn't pass data about
the roles to remove to keycloak, resulting in removal of all roles.
Follow the intended behaviour and delete only the roles listed in the
module invocation.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Fix client_rolemapping diff
The module's diff output wrongly showed the changed roles list as
'after' state. This is obviously wrong for role removal and also
wrong for role addition, if there are other roles assigned.
Use the result of the API query for 'end_state' for 'diff' as well.
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Keycloak: Calculate client_rolemapping proposed state properly
Signed-off-by: Florian Achleitner <flo@fopen.at>
* Add changelog fragment
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix for python2 unit test
Signed-off-by: Florian Achleitner <flo@fopen.at>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit f0b3bba030)
Co-authored-by: fachleitner <flo@fopen.at>
* Add explanation and example to vendor option
##### SUMMARY
<!— Your description here –>
##### ISSUE TYPE
- Docs Pull Request
+label: docsite_pr
* Update plugins/modules/identity/keycloak/keycloak_user_federation.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 7b86fa6a7d)
Co-authored-by: clovis-monmousseau <58973012+clovis-monmousseau@users.noreply.github.com>
* Move licenses to LICENSES/, run add-license.py, add LICENSES/MIT.txt.
* Replace 'Copyright:' with 'Copyright'
sed -i 's|Copyright:\(.*\)|Copyright\1|' $(rg -l 'Copyright:')
Co-authored-by: Maxwell G <gotmax@e.email>
(cherry picked from commit 123c7efe5e)
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm: fix default groups and roles (#4241)
* add changelog fragment
(cherry picked from commit 7ee15f95f7)
Co-authored-by: adam-cleo <90759784+adam-cleo@users.noreply.github.com>
* Get first found configuration file
There are three valid places to get the configuration.
https://developer.1password.com/docs/cli/about-biometric-unlock#remove-old-account-information
* Use common config class
* Add changelog fragment
* Explicitly use new style classes for Python 2.7 compatibility
This shouldn’t matter for lookups, but does matter for module_utils
and modules since Python 2.7 is still supported on the managed node.
* Update changelogs/fragments/4065-onepassword-config.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: fix creating a user federation w/ idempotent id
Creating a user federation while specifying an id (that doesn't exist
yet) will fail with a 404. This commits fix this behavior.
* keycloak: fix user federation mapper duplication
This commit fixes a bug where mappers are duplicated instead of
configured when creating a user federation.
When creating a user federation, some mappers are autogenerated by
keycloak. This commit lets the keycloak_user_federation module recompute
mappers final values after the user federation is created so that the
module can try to merge them by their name.
* add missing fragment for pr #4212
* Add PTR synchronization support for dnszones
* Add changelog fragment
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Update to reflect proper module name.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Add period.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Remove requires comment.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change type to boolean in following with API docs
* Tested with needed changes made.
* Fix documentation to max implementation
* Check for specific params; allow for modifications if needed
* Add PTR synchronization support for dnszones
* Add changelog fragment
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Update to reflect proper module name.
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove trailing whitespace
* Make use of full search and compare params
* Fix formatting errors
* Move the change flag outside of module check
* Fix itens typo to items
* Update dynamicupdate to a boolean
* Remove unnecessary flags and options
* Minor comment changes
* Update changelogs/fragments/3374-add-ipa-ptr-sync-support.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/ipa/ipa_dnszone.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Anne-Marie Lee <alee@datainterfuse.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Prepare for distutils.version being removed in Python 2.12.
* Fix copy'n'paste error.
* Re-add Loose prefix.
* Fix Python version typos.
* Improve formulation.
* Move message into own line.
* Fix casing, now that the object is no longer called Version.
* KeycloakClientDiffBugs - Introduce test that passes.
* KeycloakClientDiffBugs - Add test to show that checking of redirect_uri's fails.
* KeycloakClientDiffBugs - (Fix1) Update so that checking of `redirectUris` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of attributes's fails (sorting issue)
* KeycloakClientDiffBugs - (Fix2) Update so that checking of `attributes` no longer shows a change.
* KeycloakClientDiffBugs - Add test to show that checking of protocol_mappers's fail
* KeycloakClientDiffBugs - (Fix3) Update so that checking of `protocol_mappers` no longer shows a change when there is none.
* Introduce code fragment.
* Update the changelog to be based on the PR instead of the issue.
* Fix the readme
* Fix yaml indentation.
* Fix pep8
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3610-fix-keycloak-client-diff-bugs-when-sorting.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove need for .copy() after making normalise_cr not mutate the dict.
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Consistent Modules - Rename updated_?? to desired_?? in all the keycloak modules.
* Consistent Modules - Rename the comments, and add whitespace so that all the modules are a lot more consistent between each other.
* Consistent Modules - Remove final elif where a final else doesn't exist.
This is to address the inconsistency between the other modules.
Whilst I can see it being more descriptive, there should be a final "else:" to cater if the values is neither 'absent' or 'present'.
* Consistent Modules - Use dict() instead of {} like most of the other keycloak modules.
* Consistent Modules - Update keycloak authentication so that the if ordering is consistent for no-item.
* Consistent Modules - Move the 'Filter and map' process to always occur before getting an existing item.
* Consistent Modules - Be consistent with how to initialse before_?? and set it to dict() if it is None.
* Consistent Modules - Add module.exit_?? in the locations as per the other modules.
* Consistent Modules - Represent result['diff'] using dict(before=.., after=...) as per all the other modules.
* Consistent Modules - Add / Move location of when result['end_state'] is getting defined.
* Consistent modules - Add result['changed'] = False where we do nothing and exit because item exists.
* Consistent Modules - Set the value result['changed'] to True earlier so it shows up when in checking mode only.
* Consistent Modules - test for equality with a dict to assert there was no realm in the first place as per the other modules.
* Consistent Modules - Address the spelling.
* Consistent Modules - keycloak_group - Remove result['group'] as result['end_state'] is the consistent value used in the other modules.
* Consistent Modules - Order the lines in the section, Do nothing and exit consistently.
* Consistent Modules - Add result['end_state'] and still add deprecated `flow` return value.
* Consistent Modules - Add missing return documentation for `msg`.
* Consistent Modules - Tweak whitespace in the RETURN variable.
* Consistent Modules - Add result['group'] in addition to deprecated result['group'] response.
* Consistent Modules - Add return property, 'contains' to address test errors.
* Consistent Modules - Rename updated_?? to desired_?? in new modules since initial PR.
* Consistent Modules - Rename the comments, and add whitespace so that all the (recently added) modules are a lot more consistent between each other.
* Consistent Modules - Make indentation consistent within the response document.
* Consistent Modules - Use B(DEPRECATED) in a seperate line in the description.
* Consistent Modules - Add a lot of full stops to sentences.
* Consistent Modules - Use C(...) and I(...) formatting methods.
* Consistent Modules - Use "on success" everywhere for end_state response documentation.
* Consistent Modules - Update the documents for RETURN.proposed, RETURN.existing, RETURN.end_state to be the same.
* Consistent Modules - Add fragment.
* Remove period after short_description.
* Update changelog fragment.
* Consistent Modules - PRFeedback - Remove `module.exit_json(**result)` within the `Delete` section of the if statement.
There's a exit_json(..) immediately after.
* Consistent Modules - PRFeedback - Use `if not x_repr` instead of `if x_repr == dict()`.
* keycloak_authentication - Add a sample of the output.
* Replace `dict()` with `{}` for all the keycloak modules.
* Add the requested deprecated notices
* Update changelogs/fragments/3280-keycloak-module-cleanup-and-consistency.yml
Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa: add append parameter to modify_if_diff
* ipa_group: add state: append
* ipa_group: rework append to an option instead of another state
* ipa_group: append default=no
* ipa_group: add change fragment for new append option
* ipa_group: restore descriptions for group and user
* ipa_group: re-add missed quotation mark
* ipa_group: set default for append in
argument_spec
* ipa_group: add .yml ext to fragement file
* ipa_group: corrections to append description
* ipa_group: refine change fragement text
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa_group: use correct macros in option descriptions
Co-authored-by: Felix Fontein <felix@fontein.de>
* ipa_group: include append in user and group descriptions
* ipa_group: add version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix diff mode when updating authentication flow with keycloak_authentication module
* Update documentation of create_or_update_executions function (return tuple instead of dict)
* Fix: Update requirement when new exex created
* Add changelog fragment
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/3330-bugfix-keycloak-authentication-flow-requirements-not-set-correctly.yml.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Edit requirement of sublow
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add authentication_flow_binding_overrides option to the keycloak_client module
* Add changelog fragment
* Update changelogs/fragments/2949-add_authentication-flow-binding_keycloak-client.yml
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Add unit test authentication_flow_binding_overrides feature on keycloak_client module
Co-authored-by: Amin Vakil <info@aminvakil.com>
* Fix bug when 2 identical executions in same auth flow
* Add changelog fragment
* Fix unit tests
* Update changelogs/fragments/2904-fix-bug-when-2-identical-executions-in-same-auth-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
Fix unit test and add new one for token as param
Fix identation
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Check if base_url is None before to check format
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Switch to modern syntax for the documentation (e.g. community.general.keycloak_client)
Update keycloak_client.py
Update keycloak_clienttemplate.py
Add keycloak_authentication module to manage authentication
Minor fixex
Fix indent
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Removing variable ANSIBLE_METADATA from beginning of file
Minor fix
Refactoring create_or_update_executions :add change_execution_priority function
Refactoring create_or_update_executions :add create_execution function
Refactoring create_or_update_executions: add create_subflow
Refactoring create_or_update_executions: add update_authentication_executions function
Minor fix
* Using FQCN for the examples
Minor fix
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Refactoring: rename isDictEquals into is_dict_equals
Refactoring: rename variable as authentication_flow
Refactoring: rename variable as new_name
Refactoring: rename variable as flow_list
Refactoring: rename variable as new_flow
Refactoring: changing construction of dict newAuthenticationRepresentation and renaming as new_auth_repr
Minor fix
* Refactoring: rename variables with correct Python syntax (auth_repr, exec_repr)
Move create_or_update_executions function from keycloak.py to keycloak_authentication.py
Minor fix
Remove mock_create_or_update_executions not needed anymore
Fix unit test
Update plugins/module_utils/identity/keycloak/keycloak.py
is_dict_equals function return True if value1 empty
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Rename is_dict_equal as is_struct_included and rename params as struct1 and struct2
Rename variables according to Python naming conventions
Refactoring: add find_exec_in_executions function in keycloak_authentication to remove code duplication
typo
Add blank line
Add required parameter, either creds or token
Typo
try/except only surround for loop containing struct2[key]
Add sub-options to meta_args
assigment of result['changed'] after if-elif-else block
Fix CI error: parameter-type-not-in-doc
Fix unit test: none value excluded from comparison
Minor fix
Simplify is_struct_included function
Replace 'type(..) is' by isinstance(..)
Remove redundant required=True and redundant parenthesis
Add check_mode, check if value is None (None value added by argument spec checker)
Apply suggestions from code review
Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Add index paramter to configure the priority order of the execution
* Minor fix: authenticationConfig dict instead of str
Co-authored-by: Felix Fontein <felix@fontein.de>
* fix sudorule_add_allow_command_group
fix sudorule_add_allow_command_group is not working on freeIPA 4.8.7 at least, sudorule_add_allow_command should be used instead with item sudocmdgroup
* Added changelog fragment
* keycloak_realm.py: Fix the `ssl_required` parameter according to the API
The `ssl_required` parameter is a string and must be one of 'all',
'external' or 'none'. Passing a bool will make the server return a 500.
* fixup! keycloak_realm.py: Fix the `ssl_required` parameter according to the API
* Update changelogs/fragments/keycloak_realm_ssl_required.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm.py: Mark 'reset_password_allowed' as no_log=False
This value is not sensitive but Ansible will complain about it otherwise
* fixup! keycloak_realm.py: Mark 'reset_password_allowed' as no_log=False
* Apply all suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
