mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-04-17 01:11:28 +00:00
Reformat everything.
This commit is contained in:
Felix Fontein
parent
3f2213791a
commit
340ff8586d
1008 changed files with 61301 additions and 58309 deletions
|
|
@ -239,7 +239,10 @@ end_state:
|
|||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
|
||||
KeycloakAPI, keycloak_argument_spec, get_token, KeycloakError,
|
||||
KeycloakAPI,
|
||||
keycloak_argument_spec,
|
||||
get_token,
|
||||
KeycloakError,
|
||||
)
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
|
||||
|
|
@ -253,37 +256,38 @@ def main():
|
|||
argument_spec = keycloak_argument_spec()
|
||||
|
||||
roles_spec = dict(
|
||||
name=dict(type='str'),
|
||||
id=dict(type='str'),
|
||||
name=dict(type="str"),
|
||||
id=dict(type="str"),
|
||||
)
|
||||
|
||||
meta_args = dict(
|
||||
state=dict(default='present', choices=['present', 'absent']),
|
||||
realm=dict(default='master'),
|
||||
gid=dict(type='str'),
|
||||
group_name=dict(type='str'),
|
||||
state=dict(default="present", choices=["present", "absent"]),
|
||||
realm=dict(default="master"),
|
||||
gid=dict(type="str"),
|
||||
group_name=dict(type="str"),
|
||||
parents=dict(
|
||||
type='list', elements='dict',
|
||||
options=dict(
|
||||
id=dict(type='str'),
|
||||
name=dict(type='str')
|
||||
),
|
||||
type="list",
|
||||
elements="dict",
|
||||
options=dict(id=dict(type="str"), name=dict(type="str")),
|
||||
),
|
||||
cid=dict(type='str'),
|
||||
client_id=dict(type='str'),
|
||||
roles=dict(type='list', elements='dict', options=roles_spec),
|
||||
cid=dict(type="str"),
|
||||
client_id=dict(type="str"),
|
||||
roles=dict(type="list", elements="dict", options=roles_spec),
|
||||
)
|
||||
|
||||
argument_spec.update(meta_args)
|
||||
|
||||
module = AnsibleModule(argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
required_one_of=([['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]),
|
||||
required_together=([['auth_username', 'auth_password']]),
|
||||
required_by={'refresh_token': 'auth_realm'},
|
||||
)
|
||||
module = AnsibleModule(
|
||||
argument_spec=argument_spec,
|
||||
supports_check_mode=True,
|
||||
required_one_of=(
|
||||
[["token", "auth_realm", "auth_username", "auth_password", "auth_client_id", "auth_client_secret"]]
|
||||
),
|
||||
required_together=([["auth_username", "auth_password"]]),
|
||||
required_by={"refresh_token": "auth_realm"},
|
||||
)
|
||||
|
||||
result = dict(changed=False, msg='', diff={}, proposed={}, existing={}, end_state={})
|
||||
result = dict(changed=False, msg="", diff={}, proposed={}, existing={}, end_state={})
|
||||
|
||||
# Obtain access token, initialize API
|
||||
try:
|
||||
|
|
@ -293,111 +297,117 @@ def main():
|
|||
|
||||
kc = KeycloakAPI(module, connection_header)
|
||||
|
||||
realm = module.params.get('realm')
|
||||
state = module.params.get('state')
|
||||
cid = module.params.get('cid')
|
||||
client_id = module.params.get('client_id')
|
||||
gid = module.params.get('gid')
|
||||
group_name = module.params.get('group_name')
|
||||
roles = module.params.get('roles')
|
||||
parents = module.params.get('parents')
|
||||
realm = module.params.get("realm")
|
||||
state = module.params.get("state")
|
||||
cid = module.params.get("cid")
|
||||
client_id = module.params.get("client_id")
|
||||
gid = module.params.get("gid")
|
||||
group_name = module.params.get("group_name")
|
||||
roles = module.params.get("roles")
|
||||
parents = module.params.get("parents")
|
||||
|
||||
# Check the parameters
|
||||
if cid is None and client_id is None:
|
||||
module.fail_json(msg='Either the `client_id` or `cid` has to be specified.')
|
||||
module.fail_json(msg="Either the `client_id` or `cid` has to be specified.")
|
||||
if gid is None and group_name is None:
|
||||
module.fail_json(msg='Either the `group_name` or `gid` has to be specified.')
|
||||
module.fail_json(msg="Either the `group_name` or `gid` has to be specified.")
|
||||
|
||||
# Get the potential missing parameters
|
||||
if gid is None:
|
||||
group_rep = kc.get_group_by_name(group_name, realm=realm, parents=parents)
|
||||
if group_rep is not None:
|
||||
gid = group_rep['id']
|
||||
gid = group_rep["id"]
|
||||
else:
|
||||
module.fail_json(msg=f'Could not fetch group {group_name}:')
|
||||
module.fail_json(msg=f"Could not fetch group {group_name}:")
|
||||
if cid is None:
|
||||
cid = kc.get_client_id(client_id, realm=realm)
|
||||
if cid is None:
|
||||
module.fail_json(msg=f'Could not fetch client {client_id}:')
|
||||
module.fail_json(msg=f"Could not fetch client {client_id}:")
|
||||
if roles is None:
|
||||
module.exit_json(msg="Nothing to do (no roles specified).")
|
||||
else:
|
||||
for role_index, role in enumerate(roles, start=0):
|
||||
if role['name'] is None and role['id'] is None:
|
||||
module.fail_json(msg='Either the `name` or `id` has to be specified on each role.')
|
||||
if role["name"] is None and role["id"] is None:
|
||||
module.fail_json(msg="Either the `name` or `id` has to be specified on each role.")
|
||||
# Fetch missing role_id
|
||||
if role['id'] is None:
|
||||
role_id = kc.get_client_role_id_by_name(cid, role['name'], realm=realm)
|
||||
if role["id"] is None:
|
||||
role_id = kc.get_client_role_id_by_name(cid, role["name"], realm=realm)
|
||||
if role_id is not None:
|
||||
role['id'] = role_id
|
||||
role["id"] = role_id
|
||||
else:
|
||||
module.fail_json(msg=f"Could not fetch role {role['name']}:")
|
||||
# Fetch missing role_name
|
||||
else:
|
||||
role['name'] = kc.get_client_group_rolemapping_by_id(gid, cid, role['id'], realm=realm)['name']
|
||||
if role['name'] is None:
|
||||
role["name"] = kc.get_client_group_rolemapping_by_id(gid, cid, role["id"], realm=realm)["name"]
|
||||
if role["name"] is None:
|
||||
module.fail_json(msg=f"Could not fetch role {role['id']}")
|
||||
|
||||
# Get effective client-level role mappings
|
||||
available_roles_before = kc.get_client_group_available_rolemappings(gid, cid, realm=realm)
|
||||
assigned_roles_before = kc.get_client_group_composite_rolemappings(gid, cid, realm=realm)
|
||||
|
||||
result['existing'] = assigned_roles_before
|
||||
result['proposed'] = list(assigned_roles_before) if assigned_roles_before else []
|
||||
result["existing"] = assigned_roles_before
|
||||
result["proposed"] = list(assigned_roles_before) if assigned_roles_before else []
|
||||
|
||||
update_roles = []
|
||||
for role_index, role in enumerate(roles, start=0):
|
||||
# Fetch roles to assign if state present
|
||||
if state == 'present':
|
||||
if state == "present":
|
||||
for available_role in available_roles_before:
|
||||
if role['name'] == available_role['name']:
|
||||
update_roles.append({
|
||||
'id': role['id'],
|
||||
'name': role['name'],
|
||||
})
|
||||
result['proposed'].append(available_role)
|
||||
if role["name"] == available_role["name"]:
|
||||
update_roles.append(
|
||||
{
|
||||
"id": role["id"],
|
||||
"name": role["name"],
|
||||
}
|
||||
)
|
||||
result["proposed"].append(available_role)
|
||||
# Fetch roles to remove if state absent
|
||||
else:
|
||||
for assigned_role in assigned_roles_before:
|
||||
if role['name'] == assigned_role['name']:
|
||||
update_roles.append({
|
||||
'id': role['id'],
|
||||
'name': role['name'],
|
||||
})
|
||||
if assigned_role in result['proposed']: # Handle double removal
|
||||
result['proposed'].remove(assigned_role)
|
||||
if role["name"] == assigned_role["name"]:
|
||||
update_roles.append(
|
||||
{
|
||||
"id": role["id"],
|
||||
"name": role["name"],
|
||||
}
|
||||
)
|
||||
if assigned_role in result["proposed"]: # Handle double removal
|
||||
result["proposed"].remove(assigned_role)
|
||||
|
||||
if len(update_roles):
|
||||
if state == 'present':
|
||||
if state == "present":
|
||||
# Assign roles
|
||||
result['changed'] = True
|
||||
result["changed"] = True
|
||||
if module._diff:
|
||||
result['diff'] = dict(before=assigned_roles_before, after=result['proposed'])
|
||||
result["diff"] = dict(before=assigned_roles_before, after=result["proposed"])
|
||||
if module.check_mode:
|
||||
module.exit_json(**result)
|
||||
kc.add_group_rolemapping(gid, cid, update_roles, realm=realm)
|
||||
result['msg'] = f'Roles {update_roles} assigned to group {group_name}.'
|
||||
result["msg"] = f"Roles {update_roles} assigned to group {group_name}."
|
||||
assigned_roles_after = kc.get_client_group_composite_rolemappings(gid, cid, realm=realm)
|
||||
result['end_state'] = assigned_roles_after
|
||||
result["end_state"] = assigned_roles_after
|
||||
module.exit_json(**result)
|
||||
else:
|
||||
# Remove mapping of role
|
||||
result['changed'] = True
|
||||
result["changed"] = True
|
||||
if module._diff:
|
||||
result['diff'] = dict(before=assigned_roles_before, after=result['proposed'])
|
||||
result["diff"] = dict(before=assigned_roles_before, after=result["proposed"])
|
||||
if module.check_mode:
|
||||
module.exit_json(**result)
|
||||
kc.delete_group_rolemapping(gid, cid, update_roles, realm=realm)
|
||||
result['msg'] = f'Roles {update_roles} removed from group {group_name}.'
|
||||
result["msg"] = f"Roles {update_roles} removed from group {group_name}."
|
||||
assigned_roles_after = kc.get_client_group_composite_rolemappings(gid, cid, realm=realm)
|
||||
result['end_state'] = assigned_roles_after
|
||||
result["end_state"] = assigned_roles_after
|
||||
module.exit_json(**result)
|
||||
# Do nothing
|
||||
else:
|
||||
result['changed'] = False
|
||||
result['msg'] = f"Nothing to do, roles {roles} are {'mapped' if state == 'present' else 'not mapped'} with group {group_name}."
|
||||
result["changed"] = False
|
||||
result["msg"] = (
|
||||
f"Nothing to do, roles {roles} are {'mapped' if state == 'present' else 'not mapped'} with group {group_name}."
|
||||
)
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue