ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-10-10 18:34:03 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

Keycloak module cleanup and consistency (#3280)

Browse source 
* Consistent Modules - Rename updated_?? to desired_?? in all the keycloak modules.

* Consistent Modules - Rename the comments, and add whitespace so that all the modules are a lot more consistent between each other.

* Consistent Modules - Remove final elif where a final else doesn't exist.

This is to address the inconsistency between the other modules.

Whilst I can see it being more descriptive, there should be a final "else:" to cater if the values is neither 'absent' or 'present'.

* Consistent Modules - Use dict() instead of {} like most of the other keycloak modules.

* Consistent Modules - Update keycloak authentication so that the if ordering is consistent for no-item.

* Consistent Modules - Move the 'Filter and map' process to always occur before getting an existing item.

* Consistent Modules - Be consistent with how to initialse before_?? and set it to dict() if it is None.

* Consistent Modules - Add module.exit_?? in the locations as per the other modules.

* Consistent Modules - Represent result['diff'] using dict(before=.., after=...) as per all the other modules.

* Consistent Modules - Add / Move location of when result['end_state'] is getting defined.

* Consistent modules - Add result['changed'] = False where we do nothing and exit because item exists.

* Consistent Modules - Set the value result['changed'] to True earlier so it shows up when in checking mode only.

* Consistent Modules - test for equality with a dict to assert there was no realm in the first place as per the other modules.

* Consistent Modules - Address the spelling.

* Consistent Modules - keycloak_group - Remove result['group'] as result['end_state'] is the consistent value used in the other modules.

* Consistent Modules - Order the lines in the section, Do nothing and exit consistently.

* Consistent Modules - Add result['end_state'] and still add deprecated `flow` return value.

* Consistent Modules - Add missing return documentation for `msg`.

* Consistent Modules - Tweak whitespace in the RETURN variable.

* Consistent Modules - Add result['group'] in addition to deprecated result['group'] response.

* Consistent Modules - Add return property, 'contains' to address test errors.

* Consistent Modules - Rename updated_?? to desired_?? in new modules since initial PR.

* Consistent Modules - Rename the comments, and add whitespace so that all the (recently added) modules are a lot more consistent between each other.

* Consistent Modules - Make indentation consistent within the response document.

* Consistent Modules - Use B(DEPRECATED) in a seperate line in the description.

* Consistent Modules - Add a lot of full stops to sentences.

* Consistent Modules - Use C(...) and I(...) formatting methods.

* Consistent Modules - Use "on success" everywhere for end_state response documentation.

* Consistent Modules - Update the documents for RETURN.proposed, RETURN.existing, RETURN.end_state to be the same.

* Consistent Modules - Add fragment.

* Remove period after short_description.

* Update changelog fragment.

* Consistent Modules - PRFeedback - Remove `module.exit_json(**result)` within the `Delete` section of the if statement.

There's a exit_json(..) immediately after.

* Consistent Modules - PRFeedback - Use `if not x_repr` instead of `if x_repr == dict()`.

* keycloak_authentication - Add a sample of the output.

* Replace `dict()` with `{}` for all the keycloak modules.

* Add the requested deprecated notices

* Update changelogs/fragments/3280-keycloak-module-cleanup-and-consistency.yml

Co-authored-by: Pierre Dumuid <pierre@knowyourdata.com.au>
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Pierre Dumuid 2021-10-22 16:27:18 +10:30 committed by GitHub
commit 996dc617ed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 593 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

101
plugins/modules/identity/keycloak/keycloak_client.py
View file

@ -62,17 +62,17 @@ options:
name:
description:
- Name of the client (this is not the same as I(client_id))
- Name of the client (this is not the same as I(client_id)).
type: str
description:
description:
- Description of the client in Keycloak
- Description of the client in Keycloak.
type: str
root_url:
description:
- Root URL appended to relative URLs for this client
- Root URL appended to relative URLs for this client.
This is 'rootUrl' in the Keycloak REST API.
aliases:
- rootUrl
@ -80,7 +80,7 @@ options:
admin_url:
description:
- URL to the admin interface of the client
- URL to the admin interface of the client.
This is 'adminUrl' in the Keycloak REST API.
aliases:
- adminUrl
@ -357,7 +357,7 @@ options:
protocol:
description:
- This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper
- This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper.
is active.
choices: ['openid-connect', 'saml']
type: str
@ -513,7 +513,6 @@ options:
extends_documentation_fragment:
- community.general.keycloak
author:
- Eike Frost (@eikef)
'''
@ -645,20 +644,21 @@ EXAMPLES = '''
RETURN = '''
msg:
description: Message as to what action was taken
returned: always
type: str
sample: "Client testclient has been updated"
description: Message as to what action was taken.
returned: always
type: str
sample: "Client testclient has been updated"
proposed:
description: client representation of proposed changes to client
description: Representation of proposed client.
returned: always
type: dict
sample: {
clientId: "test"
}
existing:
description: client representation of existing client (sample is truncated)
description: Representation of existing client (sample is truncated).
returned: always
type: dict
sample: {
@ -667,9 +667,10 @@ existing:
"request.object.signature.alg": "RS256",
}
}
end_state:
description: client representation of client after module execution (sample is truncated)
returned: always
description: Representation of client after module execution (sample is truncated).
returned: on success
type: dict
sample: {
"adminUrl": "http://www.example.com/admin_url",
@ -685,7 +686,7 @@ from ansible.module_utils.basic import AnsibleModule
def sanitize_cr(clientrep):
""" Removes probably sensitive details from a client representation
""" Removes probably sensitive details from a client representation.
:param clientrep: the clientrep dict to be sanitized
:return: sanitized clientrep dict
@ -759,6 +760,7 @@ def main():
protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec, aliases=['protocolMappers']),
authorization_settings=dict(type='dict', aliases=['authorizationSettings']),
)
argument_spec.update(meta_args)
module = AnsibleModule(argument_spec=argument_spec,
@ -781,12 +783,12 @@ def main():
cid = module.params.get('id')
state = module.params.get('state')
# convert module parameters to client representation parameters (if they belong in there)
# Filter and map the parameters names that apply to the client
client_params = [x for x in module.params
if x not in list(keycloak_argument_spec().keys()) + ['state', 'realm'] and
module.params.get(x) is not None]
keycloak_argument_spec().keys()
# See whether the client already exists in Keycloak
# See if it already exists in Keycloak
if cid is None:
before_client = kc.get_client_by_clientid(module.params.get('client_id'), realm=realm)
if before_client is not None:
@ -795,10 +797,10 @@ def main():
before_client = kc.get_client_by_id(cid, realm=realm)
if before_client is None:
before_client = dict()
before_client = {}
# Build a proposed changeset from parameters given to this module
changeset = dict()
changeset = {}
for client_param in client_params:
new_param_value = module.params.get(client_param)
@ -817,54 +819,61 @@ def main():
changeset[camel(client_param)] = new_param_value
# Whether creating or updating a client, take the before-state and merge the changeset into it
updated_client = before_client.copy()
updated_client.update(changeset)
# Prepare the desired values using the existing values (non-existence results in a dict that is save to use as a basis)
desired_client = before_client.copy()
desired_client.update(changeset)
result['proposed'] = sanitize_cr(changeset)
result['existing'] = sanitize_cr(before_client)
# If the client does not exist yet, before_client is still empty
if before_client == dict():
# Cater for when it doesn't exist (an empty dict)
if not before_client:
if state == 'absent':
# do nothing and exit
# Do nothing and exit
if module._diff:
result['diff'] = dict(before='', after='')
result['msg'] = 'Client does not exist, doing nothing.'
result['changed'] = False
result['end_state'] = {}
result['msg'] = 'Client does not exist; doing nothing.'
module.exit_json(**result)
# create new client
# Process a creation
result['changed'] = True
if 'clientId' not in updated_client:
if 'clientId' not in desired_client:
module.fail_json(msg='client_id needs to be specified when creating a new client')
if module._diff:
result['diff'] = dict(before='', after=sanitize_cr(updated_client))
result['diff'] = dict(before='', after=sanitize_cr(desired_client))
if module.check_mode:
module.exit_json(**result)
kc.create_client(updated_client, realm=realm)
after_client = kc.get_client_by_clientid(updated_client['clientId'], realm=realm)
# create it
kc.create_client(desired_client, realm=realm)
after_client = kc.get_client_by_clientid(desired_client['clientId'], realm=realm)
result['end_state'] = sanitize_cr(after_client)
result['msg'] = 'Client %s has been created.' % updated_client['clientId']
result['msg'] = 'Client %s has been created.' % desired_client['clientId']
module.exit_json(**result)
else:
if state == 'present':
# update existing client
# Process an update
result['changed'] = True
if module.check_mode:
# We can only compare the current client with the proposed updates we have
if module._diff:
result['diff'] = dict(before=sanitize_cr(before_client),
after=sanitize_cr(updated_client))
result['changed'] = (before_client != updated_client)
after=sanitize_cr(desired_client))
result['changed'] = (before_client != desired_client)
module.exit_json(**result)
kc.update_client(cid, updated_client, realm=realm)
# do the update
kc.update_client(cid, desired_client, realm=realm)
after_client = kc.get_client_by_id(cid, realm=realm)
if before_client == after_client:
@ -872,25 +881,29 @@ def main():
if module._diff:
result['diff'] = dict(before=sanitize_cr(before_client),
after=sanitize_cr(after_client))
result['end_state'] = sanitize_cr(after_client)
result['msg'] = 'Client %s has been updated.' % updated_client['clientId']
result['msg'] = 'Client %s has been updated.' % desired_client['clientId']
module.exit_json(**result)
else:
# Delete existing client
# Process a deletion (because state was not 'present')
result['changed'] = True
if module._diff:
result['diff']['before'] = sanitize_cr(before_client)
result['diff']['after'] = ''
result['diff'] = dict(before=sanitize_cr(before_client), after='')
if module.check_mode:
module.exit_json(**result)
# delete it
kc.delete_client(cid, realm=realm)
result['proposed'] = dict()
result['end_state'] = dict()
result['proposed'] = {}
result['end_state'] = {}
result['msg'] = 'Client %s has been deleted.' % before_client['clientId']
module.exit_json(**result)
module.exit_json(**result)