mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-10-24 04:54:00 -07:00
[PR #8496/fd2cd5f2 backport][stable-9] keycloak_clientscope: add normalizations for attributes and protocol_mappers (#8521)
keycloak_clientscope: add normalizations for attributes and protocol_mappers (#8496)
Signed-off-by: Eike Waldt <waldt@b1-systems.de>
(cherry picked from commit fd2cd5f28c
)
Co-authored-by: Eike Waldt <waldt@b1-systems.de>
This commit is contained in:
parent
5eff31e760
commit
e9f0e49283
2 changed files with 38 additions and 2 deletions
|
@ -301,10 +301,37 @@ end_state:
|
|||
'''
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
keycloak_argument_spec, get_token, KeycloakError
|
||||
keycloak_argument_spec, get_token, KeycloakError, is_struct_included
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
|
||||
|
||||
def normalise_cr(clientscoperep, remove_ids=False):
|
||||
""" Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
|
||||
the change detection is more effective.
|
||||
|
||||
:param clientscoperep: the clientscoperep dict to be sanitized
|
||||
:param remove_ids: If set to true, then the unique ID's of objects is removed to make the diff and checks for changed
|
||||
not alert when the ID's of objects are not usually known, (e.g. for protocol_mappers)
|
||||
:return: normalised clientscoperep dict
|
||||
"""
|
||||
# Avoid the dict passed in to be modified
|
||||
clientscoperep = clientscoperep.copy()
|
||||
|
||||
if 'attributes' in clientscoperep:
|
||||
clientscoperep['attributes'] = list(sorted(clientscoperep['attributes']))
|
||||
|
||||
if 'protocolMappers' in clientscoperep:
|
||||
clientscoperep['protocolMappers'] = sorted(clientscoperep['protocolMappers'], key=lambda x: (x.get('name'), x.get('protocol'), x.get('protocolMapper')))
|
||||
for mapper in clientscoperep['protocolMappers']:
|
||||
if remove_ids:
|
||||
mapper.pop('id', None)
|
||||
|
||||
# Set to a default value.
|
||||
mapper['consentRequired'] = mapper.get('consentRequired', False)
|
||||
|
||||
return clientscoperep
|
||||
|
||||
|
||||
def sanitize_cr(clientscoperep):
|
||||
""" Removes probably sensitive details from a clientscoperep representation.
|
||||
|
||||
|
@ -317,7 +344,7 @@ def sanitize_cr(clientscoperep):
|
|||
if 'attributes' in result:
|
||||
if 'saml.signing.private.key' in result['attributes']:
|
||||
result['attributes']['saml.signing.private.key'] = 'no_log'
|
||||
return result
|
||||
return normalise_cr(result)
|
||||
|
||||
|
||||
def main():
|
||||
|
@ -458,6 +485,13 @@ def main():
|
|||
result['diff'] = dict(before=sanitize_cr(before_clientscope), after=sanitize_cr(desired_clientscope))
|
||||
|
||||
if module.check_mode:
|
||||
# We can only compare the current clientscope with the proposed updates we have
|
||||
before_norm = normalise_cr(before_clientscope, remove_ids=True)
|
||||
desired_norm = normalise_cr(desired_clientscope, remove_ids=True)
|
||||
if module._diff:
|
||||
result['diff'] = dict(before=sanitize_cr(before_norm),
|
||||
after=sanitize_cr(desired_norm))
|
||||
result['changed'] = not is_struct_included(desired_norm, before_norm)
|
||||
module.exit_json(**result)
|
||||
|
||||
# do the update
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue