Commit graph

26 commits

Author SHA1 Message Date
desand01
f34842b7b2
Keycloak client scope support (#10842)
Some checks failed
EOL CI / EOL Sanity (Ⓐ2.16) (push) Has been cancelled
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Has been cancelled
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Has been cancelled
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Has been cancelled
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Has been cancelled
nox / Run extra sanity tests (push) Has been cancelled
* first commit

* sanity

* fixe test

* trailing white space

* sanity

* Fragment

* test sanity

* Update changelogs/fragments/10842-keycloak-client-scope-support.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* add client_scopes_behavior

* Sanity

* Sanity

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix typo.

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2025-10-06 18:16:27 +02:00
Alexei Znamensky
14f13daa99
doc style adjustments: modules [jk]* (#10420)
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
nox / Run extra sanity tests (push) Waiting to run
* doc style adjustments: modules j*

* doc style adjustments: modules k*

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_realm_key.py

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2025-07-18 01:22:59 +02:00
divinity666
f44ca23d7a
keycloak: add support for client_credentials authentication (#10231)
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
nox / Run extra sanity tests (push) Waiting to run
* add client_credentials authentication for keycloak tasks incl. test case

* support client credentials in all keycloak modules

* Add changelog fragment

* fix typos in required list

* Update changelogs/fragments/10231-keycloak-add-client-credentials-authentication.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* revert keycloak url in test environment

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2025-06-18 07:40:46 +02:00
gruenbauer@b1-systems.de
0413774641
keycloak_client: fix idempotency regression (#9976)
* add function to normalize kc responses

* add changelog fragment

* Update changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* add newline to changelog fragment

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2025-04-14 22:35:50 +02:00
gruenbauer@b1-systems.de
b2e2d2d37b
keycloak_client: compare desired and before dicts directly in checkmode (#9739)
* compare desired and before dicts directly in checkmode

* fix authorizationServicesEnabled being dropped by kc if unset

* only add authorizationsServicesEnabled=false if before_client exists

* add changelog fragment

* Update changelog.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2025-02-16 12:25:05 +01:00
amPrimeSign
250dc1139c
Fb keycloak client improvement (#9644)
* Fix for failed test

TASK [keycloak_client : Assert changes not detected in last two tasks (desire when same, and check)] ***
task path: /root/ansible_collections/community/general/tests/output/.tmp/integration/keycloak_client-p3ttqf7d-ÅÑŚÌβŁÈ/tests/integration/targets/keycloak_client/tasks/main.yml:79
fatal: [testhost]: FAILED! => {
    "assertion": "check_client_when_present_and_same is not changed",
    "changed": false,
    "evaluated_to": false,
    "msg": "Assertion failed"
}

* Improved test data to test more scenarios, e.g documentation uses True in examples

* Normalize values in config

* add changelog

* Apply suggestions from code review

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update tests/integration/targets/keycloak_client/vars/main.yml

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update changelogs/fragments/9644-kc_client-test-improvement-and-fix.yaml

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

---------

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
2025-02-01 19:16:54 +01:00
Mark Armstrong
af0118278b
Keycloak modules retry request on authentication error, support refresh token parameter (#9494)
* feat: begin refactor to support refresh token in keycloak modules

* chore: add start of tests for shared token usage

* feat: progress towards supporting refresh token; token introspection not yet working [8857]

* chore: reset to main branch previous state; a different approach is needed [8857]

* feat: add request methods to keycloak class, which will be expanded with retry logic [8857]

* feat: all requests to keycloak use request methods instead of open_url [8857]

* fix: data argument is optional in keycloak request methods [8857]

* feat: add integration test for keycloak module authentication methods [8857]

* chore: refactor get token logic to separate logic using username/pass credentials [8857]

* chore: refactor token request logic further to isolate request logic [8857]

* chore: fix minor lint issues [8857]

* test: add (currently failing) test for request with invalid auth token, valid refresh token [8857]

* chore: allow realm to be provided to role module with refresh_token, without username/pass [8857]

* feat: add retry logic to requests in keycloak module utils [8857]

* chore: rename keycloak module fail_open_url method to fail_request [8857]

* chore: update all keycloak modules to support refresh token param [8857]

* chore: add refresh_token param to keycloak doc_fragments [8857]

* chore: restore dependency between auth_realm and auth_username,auth_password params [8857]

* chore: rearrange module param checks to reduce future pr size [8857]

* chore: remove extra comma [8857]

* chore: update version added for refresh token param [8857]

* chore: add changelog fragment [8857]

* chore: re-add fail_open_url to keycloak module utils for backward compatability [8857]

* fix: do not make a new request to keycloak without reauth when refresh token not provided (#8857)

* fix: only make final auth attempt if username/pass provided, and return exception on failure (#8857)

* fix: make re-auth and retry code more consistent, ensure final exceptions are thrown (#8857)

* test: fix arguments for invalid token, valid refresh token test (#8857)

* feat: catch invalid refresh token errors during re-auth attempt (#8857)

Add test to verify this behaviour works.

* test: improve test coverage, including some unhappy path tests for authentication failures (#8857)

* chore: store auth errors from token request in backwards compatible way (#8857)

* fix: ensure method is still specified for all requests (#8857)

* chore: simplify token request logic (#8857)

* chore: rename functions to request tokens using refresh token or username/password (#8857)

To emphasize their difference from the `get_token` function,
which either gets the token from the module params
*or* makes a request for it.

* doc: add docstrings for new or significantly modified functions (#8857)

* test: repair unit test following change to exception message upon key error during auth request (#8857)
2025-01-26 15:23:39 +01:00
fgruenbauer
fb4f7248c9
keycloak_client: sanitize saml.encryption.private.key (#9621)
* sanitize saml.encryption.private.key in module output

* add changelog fragment

* Re-categorize changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2025-01-26 13:15:06 +01:00
Alexei Znamensky
27c34b150f
jk*: style adjustments (#9529)
* jk*: style adjustments

* Apply suggestions from code review

* fix return yamls
2025-01-06 21:31:59 +01:00
Alexei Znamensky
49ed3d4acf
k*.py: normalize docs (#9391)
* k*.py: normalize docs

* Update plugins/modules/keycloak_realm_keys_metadata_info.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/kibana_plugin.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-12-26 13:42:44 +01:00
Chris Northwood
28f36ae25c
Add action group for keycloak (#9284)
* Create group for keycloak

This will allows keycloak authentication details to be set as a module_defaults rather than repeated on each task

* add documentation to keycloak modules to note creation of action_group

* add changelog for keycloak action_group creation

* exclude keycloak_realm_info from action group, as it does not share same set of base parameters

* fix formatting on changelog entry for adding Keycloak action group

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-12-23 18:51:34 +01:00
fgruenbauer
62cb6087b5
keycloak_client: remove code that turns attributes dict into list (#9077)
* remove code that turns attributes dict into list

* add changelog fragment

* Update changelogs/fragments/9077-keycloak_client-fix-attributes-dict-turned-into-list.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-11-11 20:01:47 +01:00
Boolman
464812a2c2
keycloak_client add option to support client-x509 authentication (#8973)
* keycloak_client: add client-x509 option to client_authenticator_type

Signed-off-by: boolman <boolman@gmail.com>

* keycloak_client: add attributes for client-x509

Signed-off-by: boolman <boolman@gmail.com>

* keycloak_client update description

Signed-off-by: boolman <boolman@gmail.com>

* keycloak_client add fragment

Signed-off-by: boolman <boolman@gmail.com>

* remove trailing whitespace

Signed-off-by: boolman <boolman@gmail.com>

* keycloak_client add example with x509 authentication

Signed-off-by: boolman <boolman@gmail.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelogs/fragments/8973-keycloak_client-add-x509-auth.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* keycloak_client added type on new suboptions

Signed-off-by: boolman <boolman@gmail.com>

---------

Signed-off-by: boolman <boolman@gmail.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2024-10-07 22:29:13 +02:00
Alexei Znamensky
ecc048bc12
Use dict comprehension in plugins (#8814)
* use dict comprehension in plugins

* Apply suggestions from code review

* add changelog frag

* fix references in changelog frag
2024-09-01 20:22:53 +02:00
desand01
b11da288d2
Keycloak set client authentification flows by name (#8428)
* first commit

* Add change logs

* fix sanity

* Sanity 2

* Test unset flows

* Update plugins/modules/keycloak_client.py

Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update changelogs/fragments/8428-assign-auth-flow-by-name-keycloak-client.yaml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove double traitement from "alias"

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
2024-06-17 07:06:47 +02:00
Thomas Bach
572caeaa39
keycloak_client: avoid TypeError if result["attributes"] is a list (#8403)
* fix(keycloak_client): avoid TypeError if attributes is a list

As sanitize_cr might be executed after normalise_cr, result['attributes'] can be of type list and we
run into:

TypeError: list indices must be integers or slices, not str

* Update changelog fragment.

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-05-26 21:07:48 +02:00
Eike Waldt
f55342d8af
keycloak_client: add sorted defaultClientScopes and optionalClientScopes to normalizations (#8223)
keycloak_client: add sorted defaultClientScopes and optionalClientScopes
to normalizations

Signed-off-by: Eike Waldt <waldt@b1-systems.de>
2024-04-21 00:25:10 +02:00
Anders Stiksrud Helmen
a5b2b5ce8c
Add support for docker-v2 protocol in Keycloak modules (#8216)
* Add support for docker-v2 protocol in Keycloak modules

* use dash instead of underscore for the docker-v2

* Update documentation

* Add changelog fragment

* fix missing whitespace around operator

* Update changelogs/fragments/8215-add-docker-v2-protocol.yml

Update changelog fragment to reviewers suggestion, add refrence to issue and pull request

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add documentation about adding docker-v2 value in community general 8.6.0

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
2024-04-20 09:24:00 +02:00
desand01
001292c780
Fixes #1226 - keycloak_client detects changes on check_mode but not in run mode (#7881)
* Fix warning integrated

* Update Keycloak version intergrated test

* Exclude metadata from diff test

* Sanity

* Add fragments

* typo

* Add test

* Update changelogs/fragments/7881-fix-keycloak-client-ckeckmode.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* Remove docker compose

* Update changelogs/fragments/7881-fix-keycloak-client-ckeckmode.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
2024-02-17 12:31:45 +01:00
desand01
91152cb123
Keycloak client secret (#6931)
* fixe missing secret at creation

* Update doc

* changelogs

* Default protocol only when creation

* Fix sanity test

* Add documentation

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
2023-08-08 13:46:01 +02:00
Felix Fontein
c694abbdf9
Use semantic markup (modules k-l) (#6678)
* Use semantic markup.

* Use option instead of alias.
2023-06-15 15:47:13 +02:00
Felix Fontein
18a6bdd6aa
Add attributes to ipa and keycloak modules (#5950)
Add attributes to ipa and keycloak modules.
2023-02-24 09:25:31 +01:00
Claude Dioudonnat
78297e44b7
Fix keycloak sanitize_cr (#5934)
* Fix keycloak sanitize_cr

* Update changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Claude Dioudonnat <claude.dioudonnat@be-ys.cloud>
Co-authored-by: Felix Fontein <felix@fontein.de>
2023-02-22 15:14:33 +01:00
Felix Fontein
b531ecdc9b
Unflatmap community.general (#5461)
* Move files.

* Update imports and references.

* Move wrongly placed files.

* Reverse redirects, deprecate long → short name redirects.

* Simplify contribution guidelines for new modules.

* Rewrite BOTMETA.

* Add changelog fragment.

* Fix ignore.txt files.
2022-11-02 20:42:29 +00:00
Felix Fontein
7743ecd776
Replace symlinks with meta/runtime.yml redirects. (#4562) 2022-04-26 20:33:13 +02:00
Brian Coca
8f90360d49
make collection usable with current ansible vers (#9) 2020-03-11 14:10:38 +00:00