[PR #6318/114eb67f backport][stable-6] keycloak: Add option to create authentication sub-flow of type 'form flow' (#6393)

keycloak: Add option to create authentication sub-flow of type 'form flow' (#6318) * keycloak: Improve API error message * keycloak: Fix API error message They key 'provider' is undefined. * keycloak: Allow the creation of 'form-flow' authentication sub flows To create something like keycloak's built-in registration flow, we need to create a subflow with the type 'form-flow'. * Add changelog fragment 6318 * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_authentication: Don't compare subFlowType It is only useful for creation. * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 114eb67f58) Co-authored-by: fachleitner <flo@fopen.at>
2025-07-23 21:30:22 -07:00 · 2023-04-23 12:28:49 +02:00 · 2023-04-23 12:28:49 +02:00 · 57f262504d
commit 57f262504d
parent 29671cb54c
3 changed files with 26 additions and 6 deletions
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@ -1930,6 +1930,9 @@ class KeycloakAPI(object):
                data=json.dumps(updatedExec),
                timeout=self.connection_timeout,
                validate_certs=self.validate_certs)
+        except HTTPError as e:
+            self.module.fail_json(msg="Unable to update execution '%s': %s: %s %s" %
+                                      (flowAlias, repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(updatedExec)))
        except Exception as e:
            self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e)))

@ -1954,7 +1957,7 @@ class KeycloakAPI(object):
        except Exception as e:
            self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e)))

-    def create_subflow(self, subflowName, flowAlias, realm='master'):
+    def create_subflow(self, subflowName, flowAlias, realm='master', flowType='basic-flow'):
        """ Create new sublow on the flow

        :param subflowName: name of the subflow to create
@ -1965,7 +1968,7 @@ class KeycloakAPI(object):
            newSubFlow = {}
            newSubFlow["alias"] = subflowName
            newSubFlow["provider"] = "registration-page-form"
-            newSubFlow["type"] = "basic-flow"
+            newSubFlow["type"] = flowType
            open_url(
                URL_AUTHENTICATION_FLOW_EXECUTIONS_FLOW.format(
                    url=self.baseurl,
@ -2000,8 +2003,11 @@ class KeycloakAPI(object):
                data=json.dumps(newExec),
                timeout=self.connection_timeout,
                validate_certs=self.validate_certs)
+        except HTTPError as e:
+            self.module.fail_json(msg="Unable to create new execution '%s' %s: %s: %s %s" %
+                                  (flowAlias, execution["providerId"], repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(newExec)))
        except Exception as e:
-            self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e)))
+            self.module.fail_json(msg="Unable to create new execution '%s' %s: %s" % (flowAlias, execution["providerId"], repr(e)))

    def change_execution_priority(self, executionId, diff, realm='master'):
        """ Raise or lower execution priority of diff time