Allow keycloak modules to take token as parameter for the auth. (#2250)

* Allow keycloak_group.py to take token as parameter for the authentification * Fix some pep8 issues * Add changelog fragment * Refactor get_token to pass module.params + Documentation * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Fix unit test and add new one for token as param * Fix identation * Check base_url format also if token is given * Update plugins/doc_fragments/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py Co-authored-by: Felix Fontein <felix@fontein.de> * Allow keycloak_group.py to take token as parameter for the authentification * Refactor get_token to pass module.params + Documentation * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/identity/keycloak/keycloak_group.py Co-authored-by: Felix Fontein <felix@fontein.de> * Check if base_url is None before to check format * Fix unit test: rename base_url parameter to auth_keycloak_url * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update changelogs/fragments/2250-allow-keycloak-modules-to-take-token-as-param.yml Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update changelogs/fragments/2250-allow-keycloak-modules-to-take-token-as-param.yml Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_group.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Update plugins/modules/identity/keycloak/keycloak_group.py Co-authored-by: Amin Vakil <info@aminvakil.com> * Switch to modern syntax for the documentation (e.g. community.general.keycloak_client) * Add check either creds or token as argument of all keyloak_* modules * Update plugins/modules/identity/keycloak/keycloak_client.py Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Amin Vakil <info@aminvakil.com>
2025-05-27 11:29:09 -07:00 · 2021-04-20 13:20:46 +02:00 · 2021-04-20 13:20:46 +02:00 · 6ab9b05da3
commit 6ab9b05da3
parent 5b4fab80e2
7 changed files with 155 additions and 122 deletions
--- a/plugins/modules/identity/keycloak/keycloak_client.py
+++ b/plugins/modules/identity/keycloak/keycloak_client.py
@ -511,20 +511,30 @@ author:
 '''

 EXAMPLES = '''
- name: Create or update Keycloak client (minimal example)
-  local_action:
-    module: keycloak_client
-    auth_client_id: admin-cli
+- name: Create or update Keycloak client (minimal example), authentication with credentials
+  community.general.keycloak_client:
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
    auth_username: USERNAME
    auth_password: PASSWORD
    client_id: test
    state: present
+  delegate_to: localhost
+
+
+- name: Create or update Keycloak client (minimal example), authentication with token
+  community.general.keycloak_client:
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    token: TOKEN
+    client_id: test
+    state: present
+  delegate_to: localhost
+

 - name: Delete a Keycloak client
-  local_action:
-    module: keycloak_client
+  community.general.keycloak_client:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
@ -532,10 +542,11 @@ EXAMPLES = '''
    auth_password: PASSWORD
    client_id: test
    state: absent
+  delegate_to: localhost
+

 - name: Create or update a Keycloak client (with all the bells and whistles)
-  local_action:
-    module: keycloak_client
+  community.general.keycloak_client:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
@ -619,6 +630,7 @@ EXAMPLES = '''
      use.jwks.url: true
      jwks.url: JWKS_URL_FOR_CLIENT_AUTH_JWT
      jwt.credential.certificate: JWT_CREDENTIAL_CERTIFICATE_FOR_CLIENT_AUTH
+  delegate_to: localhost
 '''

 RETURN = '''
@ -740,21 +752,15 @@ def main():

    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
-                           required_one_of=([['client_id', 'id']]))
+                           required_one_of=([['client_id', 'id'],
+                                             ['token', 'auth_realm', 'auth_username', 'auth_password']]),
+                           required_together=([['auth_realm', 'auth_username', 'auth_password']]))

    result = dict(changed=False, msg='', diff={}, proposed={}, existing={}, end_state={})

    # Obtain access token, initialize API
    try:
-        connection_header = get_token(
-            base_url=module.params.get('auth_keycloak_url'),
-            validate_certs=module.params.get('validate_certs'),
-            auth_realm=module.params.get('auth_realm'),
-            client_id=module.params.get('auth_client_id'),
-            auth_username=module.params.get('auth_username'),
-            auth_password=module.params.get('auth_password'),
-            client_secret=module.params.get('auth_client_secret'),
-        )
+        connection_header = get_token(module.params)
    except KeycloakError as e:
        module.fail_json(msg=str(e))

--- a/plugins/modules/identity/keycloak/keycloak_clienttemplate.py
+++ b/plugins/modules/identity/keycloak/keycloak_clienttemplate.py
@ -169,9 +169,8 @@ author:
 '''

 EXAMPLES = '''
- name: Create or update Keycloak client template (minimal)
-  local_action:
-    module: keycloak_clienttemplate
+- name: Create or update Keycloak client template (minimal), authentication with credentials
+  community.general.keycloak_client:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
@ -179,10 +178,20 @@ EXAMPLES = '''
    auth_password: PASSWORD
    realm: master
    name: this_is_a_test
+  delegate_to: localhost
+
+- name: Create or update Keycloak client template (minimal), authentication with token
+  community.general.keycloak_clienttemplate:
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    token: TOKEN
+    realm: master
+    name: this_is_a_test
+  delegate_to: localhost

 - name: Delete Keycloak client template
-  local_action:
-    module: keycloak_clienttemplate
+  community.general.keycloak_client:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
@ -191,10 +200,10 @@ EXAMPLES = '''
    realm: master
    state: absent
    name: test01
+  delegate_to: localhost

 - name: Create or update Keycloak client template (with a protocol mapper)
-  local_action:
-    module: keycloak_clienttemplate
+  community.general.keycloak_client:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
@ -217,6 +226,7 @@ EXAMPLES = '''
        protocolMapper: oidc-usermodel-property-mapper
    full_scope_allowed: false
    id: bce6f5e9-d7d3-4955-817e-c5b7f8d65b3f
+  delegate_to: localhost
 '''

 RETURN = '''
@ -296,21 +306,15 @@ def main():

    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
-                           required_one_of=([['id', 'name']]))
+                           required_one_of=([['id', 'name'],
+                                             ['token', 'auth_realm', 'auth_username', 'auth_password']]),
+                           required_together=([['auth_realm', 'auth_username', 'auth_password']]))

    result = dict(changed=False, msg='', diff={}, proposed={}, existing={}, end_state={})

    # Obtain access token, initialize API
    try:
-        connection_header = get_token(
-            base_url=module.params.get('auth_keycloak_url'),
-            validate_certs=module.params.get('validate_certs'),
-            auth_realm=module.params.get('auth_realm'),
-            client_id=module.params.get('auth_client_id'),
-            auth_username=module.params.get('auth_username'),
-            auth_password=module.params.get('auth_password'),
-            client_secret=module.params.get('auth_client_secret'),
-        )
+        connection_header = get_token(module.params)
    except KeycloakError as e:
        module.fail_json(msg=str(e))
    kc = KeycloakAPI(module, connection_header)
--- a/plugins/modules/identity/keycloak/keycloak_group.py
+++ b/plugins/modules/identity/keycloak/keycloak_group.py
@ -81,7 +81,7 @@ author:
 '''

 EXAMPLES = '''
- name: Create a Keycloak group
+- name: Create a Keycloak group, authentication with credentials
  community.general.keycloak_group:
    name: my-new-kc-group
    realm: MyCustomRealm
@ -93,6 +93,16 @@ EXAMPLES = '''
    auth_password: PASSWORD
  delegate_to: localhost

+- name: Create a Keycloak group, authentication with token
+  community.general.keycloak_group:
+    name: my-new-kc-group
+    realm: MyCustomRealm
+    state: present
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://auth.example.com/auth
+    token: TOKEN
+  delegate_to: localhost
+
 - name: Delete a keycloak group
  community.general.keycloak_group:
    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
@ -217,30 +227,25 @@ def main():
        realm=dict(default='master'),
        id=dict(type='str'),
        name=dict(type='str'),
-        attributes=dict(type='dict')
+        attributes=dict(type='dict'),
    )

    argument_spec.update(meta_args)

    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True,
-                           required_one_of=([['id', 'name']]))
+                           required_one_of=([['id', 'name'],
+                                             ['token', 'auth_realm', 'auth_username', 'auth_password']]),
+                           required_together=([['auth_realm', 'auth_username', 'auth_password']]))

    result = dict(changed=False, msg='', diff={}, group='')

    # Obtain access token, initialize API
    try:
-        connection_header = get_token(
-            base_url=module.params.get('auth_keycloak_url'),
-            validate_certs=module.params.get('validate_certs'),
-            auth_realm=module.params.get('auth_realm'),
-            client_id=module.params.get('auth_client_id'),
-            auth_username=module.params.get('auth_username'),
-            auth_password=module.params.get('auth_password'),
-            client_secret=module.params.get('auth_client_secret'),
-        )
+        connection_header = get_token(module.params)
    except KeycloakError as e:
        module.fail_json(msg=str(e))
+
    kc = KeycloakAPI(module, connection_header)

    realm = module.params.get('realm')