Make all doc fragments, module utils, and plugin utils private (#11896)

* Make all doc fragments private. * Make all plugin utils private. * Make all module utils private. * Reformat. * Changelog fragment. * Update configs and ignores. * Adjust unit test names.
2026-04-27 05:58:50 +00:00 · 2026-04-20 20:16:26 +02:00 · 2026-04-20 20:16:26 +02:00 · 4fa82b9617
commit 4fa82b9617
parent 9ef1dbb6d5
807 changed files with 2041 additions and 1702 deletions
--- a/tests/unit/plugins/module_utils/_identity/keycloak/test_keycloak_connect.py
+++ b/tests/unit/plugins/module_utils/_identity/keycloak/test_keycloak_connect.py
@ -0,0 +1,169 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import annotations
+
+from io import StringIO
+from itertools import count
+from urllib.error import HTTPError
+
+import pytest
+
+from ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak import (
+    KeycloakError,
+    get_token,
+)
+
+module_params_creds = {
+    "auth_keycloak_url": "http://keycloak.url/auth",
+    "validate_certs": True,
+    "auth_realm": "master",
+    "client_id": "admin-cli",
+    "auth_username": "admin",
+    "auth_password": "admin",
+    "client_secret": None,
+}
+
+
+def build_mocked_request(get_id_user_count, response_dict):
+    def _mocked_requests(*args, **kwargs):
+        url = args[0]
+        method = kwargs["method"]
+        future_response = response_dict.get(url, None)
+        return get_response(future_response, method, get_id_user_count)
+
+    return _mocked_requests
+
+
+def get_response(object_with_future_response, method, get_id_call_count):
+    if callable(object_with_future_response):
+        return object_with_future_response()
+    if isinstance(object_with_future_response, dict):
+        return get_response(object_with_future_response[method], method, get_id_call_count)
+    if isinstance(object_with_future_response, list):
+        try:
+            call_number = get_id_call_count.__next__()
+        except AttributeError:
+            # manage python 2 versions.
+            call_number = get_id_call_count.next()
+        return get_response(object_with_future_response[call_number], method, get_id_call_count)
+    return object_with_future_response
+
+
+def create_wrapper(text_as_string):
+    """Allow to mock many times a call to one address.
+    Without this function, the StringIO is empty for the second call.
+    """
+
+    def _create_wrapper():
+        return StringIO(text_as_string)
+
+    return _create_wrapper
+
+
+@pytest.fixture()
+def mock_good_connection(mocker):
+    token_response = {
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token": create_wrapper(
+            '{"access_token": "alongtoken"}'
+        ),
+    }
+    return mocker.patch(
+        "ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak.open_url",
+        side_effect=build_mocked_request(count(), token_response),
+        autospec=True,
+    )
+
+
+def test_connect_to_keycloak_with_creds(mock_good_connection):
+    keycloak_header = get_token(module_params_creds)
+    assert keycloak_header == {"Authorization": "Bearer alongtoken", "Content-Type": "application/json"}
+
+
+def test_connect_to_keycloak_with_token(mock_good_connection):
+    module_params_token = {
+        "auth_keycloak_url": "http://keycloak.url/auth",
+        "validate_certs": True,
+        "client_id": "admin-cli",
+        "token": "alongtoken",
+    }
+    keycloak_header = get_token(module_params_token)
+    assert keycloak_header == {"Authorization": "Bearer alongtoken", "Content-Type": "application/json"}
+
+
+@pytest.fixture()
+def mock_bad_json_returned(mocker):
+    token_response = {
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token": create_wrapper('{"access_token":'),
+    }
+    return mocker.patch(
+        "ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak.open_url",
+        side_effect=build_mocked_request(count(), token_response),
+        autospec=True,
+    )
+
+
+def test_bad_json_returned(mock_bad_json_returned):
+    with pytest.raises(KeycloakError) as raised_error:
+        get_token(module_params_creds)
+    # cannot check all the message, different errors message for the value
+    # error in python 2.6, 2.7 and 3.*.
+    assert (
+        "API returned invalid JSON when trying to obtain access token from "
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token: "
+    ) in str(raised_error.value)
+
+
+def raise_401(url):
+    def _raise_401():
+        raise HTTPError(url=url, code=401, msg="Unauthorized", hdrs="", fp=StringIO(""))
+
+    return _raise_401
+
+
+@pytest.fixture()
+def mock_401_returned(mocker):
+    token_response = {
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token": raise_401(
+            "http://keycloak.url/auth/realms/master/protocol/openid-connect/token"
+        ),
+    }
+    return mocker.patch(
+        "ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak.open_url",
+        side_effect=build_mocked_request(count(), token_response),
+        autospec=True,
+    )
+
+
+def test_error_returned(mock_401_returned):
+    with pytest.raises(KeycloakError) as raised_error:
+        get_token(module_params_creds)
+    assert str(raised_error.value) == (
+        "Could not obtain access token from http://keycloak.url"
+        "/auth/realms/master/protocol/openid-connect/token: "
+        "HTTP Error 401: Unauthorized"
+    )
+
+
+@pytest.fixture()
+def mock_json_without_token_returned(mocker):
+    token_response = {
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token": create_wrapper(
+            '{"not_token": "It is not a token"}'
+        ),
+    }
+    return mocker.patch(
+        "ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak.open_url",
+        side_effect=build_mocked_request(count(), token_response),
+        autospec=True,
+    )
+
+
+def test_json_without_token_returned(mock_json_without_token_returned):
+    with pytest.raises(KeycloakError) as raised_error:
+        get_token(module_params_creds)
+    assert str(raised_error.value) == (
+        "API did not include access_token field in response from "
+        "http://keycloak.url/auth/realms/master/protocol/openid-connect/token"
+    )
--- a/tests/unit/plugins/module_utils/_identity/keycloak/test_keycloak_module_utils.py
+++ b/tests/unit/plugins/module_utils/_identity/keycloak/test_keycloak_module_utils.py
@ -0,0 +1,72 @@
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import annotations
+
+import unittest
+
+from ansible_collections.community.general.plugins.module_utils._identity.keycloak.keycloak import is_struct_included
+
+
+class KeycloakIsStructIncludedTestCase(unittest.TestCase):
+    dict1 = dict(
+        test1="test1", test2=dict(test1="test1", test2="test2"), test3=["test1", dict(test="test1", test2="test2")]
+    )
+    dict2 = dict(
+        test1="test1",
+        test2=dict(test1="test1", test2="test2", test3="test3"),
+        test3=["test1", dict(test="test1", test2="test2"), "test3"],
+        test4="test4",
+    )
+    dict3 = dict(
+        test1="test1",
+        test2=dict(test1="test1", test2="test23", test3="test3"),
+        test3=["test1", dict(test="test1", test2="test23"), "test3"],
+        test4="test4",
+    )
+
+    dict5 = dict(
+        test1="test1",
+        test2=dict(test1=True, test2="test23", test3="test3"),
+        test3=["test1", dict(test="test1", test2="test23"), "test3"],
+        test4="test4",
+    )
+
+    dict6 = dict(
+        test1="test1",
+        test2=dict(test1="true", test2="test23", test3="test3"),
+        test3=["test1", dict(test="test1", test2="test23"), "test3"],
+        test4="test4",
+    )
+    dict7 = [
+        {
+            "roles": ["view-clients", "view-identity-providers", "view-users", "query-realms", "manage-users"],
+            "clientid": "master-realm",
+        },
+        {"roles": ["manage-account", "view-profile", "manage-account-links"], "clientid": "account"},
+    ]
+    dict8 = [
+        {"roles": ["view-clients", "query-realms", "view-users"], "clientid": "master-realm"},
+        {"roles": ["manage-account-links", "view-profile", "manage-account"], "clientid": "account"},
+    ]
+
+    def test_trivial(self):
+        self.assertTrue(is_struct_included(self.dict1, self.dict1))
+
+    def test_equals_with_dict2_bigger_than_dict1(self):
+        self.assertTrue(is_struct_included(self.dict1, self.dict2))
+
+    def test_not_equals_with_dict2_bigger_than_dict1(self):
+        self.assertFalse(is_struct_included(self.dict2, self.dict1))
+
+    def test_not_equals_with_dict1_different_than_dict3(self):
+        self.assertFalse(is_struct_included(self.dict1, self.dict3))
+
+    def test_equals_with_dict5_contain_bool_and_dict6_contain_true_string(self):
+        self.assertFalse(is_struct_included(self.dict5, self.dict6))
+        self.assertFalse(is_struct_included(self.dict6, self.dict5))
+
+    def test_not_equals_dict7_dict8_compare_dict7_with_list_bigger_than_dict8_but_reverse_equals(self):
+        self.assertFalse(is_struct_included(self.dict7, self.dict8))
+        self.assertTrue(is_struct_included(self.dict8, self.dict7))