mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	[PR #8428/b11da288 backport][stable-9] Keycloak set client authentification flows by name (#8524)
Keycloak set client authentification flows by name (#8428)
* first commit
* Add change logs
* fix sanity
* Sanity 2
* Test unset flows
* Update plugins/modules/keycloak_client.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Update plugins/modules/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/8428-assign-auth-flow-by-name-keycloak-client.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Remove double traitement from "alias"
* Update plugins/modules/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit b11da288d2)
Co-authored-by: desand01 <desrosiers.a@hotmail.com>
	
	
This commit is contained in:
		
					parent
					
						
							
								fc0f677535
							
						
					
				
			
			
				commit
				
					
						f96c6476fe
					
				
			
		
					 3 changed files with 240 additions and 1 deletions
				
			
		|  | @ -340,6 +340,42 @@ options: | |||
|         description: | ||||
|             - Override realm authentication flow bindings. | ||||
|         type: dict | ||||
|         suboptions: | ||||
|             browser: | ||||
|                 description: | ||||
|                     - Flow ID of the browser authentication flow. | ||||
|                     - O(authentication_flow_binding_overrides.browser) | ||||
|                       and O(authentication_flow_binding_overrides.browser_name) are mutually exclusive. | ||||
|                 type: str | ||||
| 
 | ||||
|             browser_name: | ||||
|                 description: | ||||
|                     - Flow name of the browser authentication flow. | ||||
|                     - O(authentication_flow_binding_overrides.browser) | ||||
|                       and O(authentication_flow_binding_overrides.browser_name) are mutually exclusive. | ||||
|                 aliases: | ||||
|                     - browserName | ||||
|                 type: str | ||||
|                 version_added: 9.1.0 | ||||
| 
 | ||||
|             direct_grant: | ||||
|                 description: | ||||
|                     - Flow ID of the direct grant authentication flow. | ||||
|                     - O(authentication_flow_binding_overrides.direct_grant) | ||||
|                       and O(authentication_flow_binding_overrides.direct_grant_name) are mutually exclusive. | ||||
|                 aliases: | ||||
|                     - directGrant | ||||
|                 type: str | ||||
| 
 | ||||
|             direct_grant_name: | ||||
|                 description: | ||||
|                     - Flow name of the direct grant authentication flow. | ||||
|                     - O(authentication_flow_binding_overrides.direct_grant) | ||||
|                       and O(authentication_flow_binding_overrides.direct_grant_name) are mutually exclusive. | ||||
|                 aliases: | ||||
|                     - directGrantName | ||||
|                 type: str | ||||
|                 version_added: 9.1.0 | ||||
|         aliases: | ||||
|             - authenticationFlowBindingOverrides | ||||
|         version_added: 3.4.0 | ||||
|  | @ -781,6 +817,64 @@ def sanitize_cr(clientrep): | |||
|     return normalise_cr(result) | ||||
| 
 | ||||
| 
 | ||||
| def get_authentication_flow_id(flow_name, realm, kc): | ||||
|     """ Get the authentication flow ID based on the flow name, realm, and Keycloak client. | ||||
| 
 | ||||
|     Args: | ||||
|         flow_name (str): The name of the authentication flow. | ||||
|         realm (str): The name of the realm. | ||||
|         kc (KeycloakClient): The Keycloak client instance. | ||||
| 
 | ||||
|     Returns: | ||||
|         str: The ID of the authentication flow. | ||||
| 
 | ||||
|     Raises: | ||||
|         KeycloakAPIException: If the authentication flow with the given name is not found in the realm. | ||||
|     """ | ||||
|     flow = kc.get_authentication_flow_by_alias(flow_name, realm) | ||||
|     if flow: | ||||
|         return flow["id"] | ||||
|     kc.module.fail_json(msg='Authentification flow %s not found in realm %s' % (flow_name, realm)) | ||||
| 
 | ||||
| 
 | ||||
| def flow_binding_from_dict_to_model(newClientFlowBinding, realm, kc): | ||||
|     """ Convert a dictionary representing client flow bindings to a model representation. | ||||
| 
 | ||||
|     Args: | ||||
|         newClientFlowBinding (dict): A dictionary containing client flow bindings. | ||||
|         realm (str): The name of the realm. | ||||
|         kc (KeycloakClient): An instance of the KeycloakClient class. | ||||
| 
 | ||||
|     Returns: | ||||
|         dict: A dictionary representing the model flow bindings. The dictionary has two keys: | ||||
|             - "browser" (str or None): The ID of the browser authentication flow binding, or None if not provided. | ||||
|             - "direct_grant" (str or None): The ID of the direct grant authentication flow binding, or None if not provided. | ||||
| 
 | ||||
|     Raises: | ||||
|         KeycloakAPIException: If the authentication flow with the given name is not found in the realm. | ||||
| 
 | ||||
|     """ | ||||
| 
 | ||||
|     modelFlow = { | ||||
|         "browser": None, | ||||
|         "direct_grant": None | ||||
|     } | ||||
| 
 | ||||
|     for k, v in newClientFlowBinding.items(): | ||||
|         if not v: | ||||
|             continue | ||||
|         if k == "browser": | ||||
|             modelFlow["browser"] = v | ||||
|         elif k == "browser_name": | ||||
|             modelFlow["browser"] = get_authentication_flow_id(v, realm, kc) | ||||
|         elif k == "direct_grant": | ||||
|             modelFlow["direct_grant"] = v | ||||
|         elif k == "direct_grant_name": | ||||
|             modelFlow["direct_grant"] = get_authentication_flow_id(v, realm, kc) | ||||
| 
 | ||||
|     return modelFlow | ||||
| 
 | ||||
| 
 | ||||
| def main(): | ||||
|     """ | ||||
|     Module execution | ||||
|  | @ -799,6 +893,13 @@ def main(): | |||
|         config=dict(type='dict'), | ||||
|     ) | ||||
| 
 | ||||
|     authentication_flow_spec = dict( | ||||
|         browser=dict(type='str'), | ||||
|         browser_name=dict(type='str', aliases=['browserName']), | ||||
|         direct_grant=dict(type='str', aliases=['directGrant']), | ||||
|         direct_grant_name=dict(type='str', aliases=['directGrantName']), | ||||
|     ) | ||||
| 
 | ||||
|     meta_args = dict( | ||||
|         state=dict(default='present', choices=['present', 'absent']), | ||||
|         realm=dict(type='str', default='master'), | ||||
|  | @ -838,7 +939,13 @@ def main(): | |||
|         use_template_scope=dict(type='bool', aliases=['useTemplateScope']), | ||||
|         use_template_mappers=dict(type='bool', aliases=['useTemplateMappers']), | ||||
|         always_display_in_console=dict(type='bool', aliases=['alwaysDisplayInConsole']), | ||||
|         authentication_flow_binding_overrides=dict(type='dict', aliases=['authenticationFlowBindingOverrides']), | ||||
|         authentication_flow_binding_overrides=dict( | ||||
|             type='dict', | ||||
|             aliases=['authenticationFlowBindingOverrides'], | ||||
|             options=authentication_flow_spec, | ||||
|             required_one_of=[['browser', 'direct_grant', 'browser_name', 'direct_grant_name']], | ||||
|             mutually_exclusive=[['browser', 'browser_name'], ['direct_grant', 'direct_grant_name']], | ||||
|         ), | ||||
|         protocol_mappers=dict(type='list', elements='dict', options=protmapper_spec, aliases=['protocolMappers']), | ||||
|         authorization_settings=dict(type='dict', aliases=['authorizationSettings']), | ||||
|         default_client_scopes=dict(type='list', elements='str', aliases=['defaultClientScopes']), | ||||
|  | @ -900,6 +1007,8 @@ def main(): | |||
|         # they are not specified | ||||
|         if client_param == 'protocol_mappers': | ||||
|             new_param_value = [dict((k, v) for k, v in x.items() if x[k] is not None) for x in new_param_value] | ||||
|         elif client_param == 'authentication_flow_binding_overrides': | ||||
|             new_param_value = flow_binding_from_dict_to_model(new_param_value, realm, kc) | ||||
| 
 | ||||
|         changeset[camel(client_param)] = new_param_value | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue