[PR #5606/7ea544a6 backport][stable-6] New Module: Keycloak ClientSecret with PR changes (#5654)

New Module: Keycloak ClientSecret with PR changes (#5606) * feat(plugins/keycloak): add get and create util function for client secret * feat(plugins/keycloak): add client secret module * chore: add maintainer in BOTMETA * Update plugins/modules/identity/keycloak/keycloak_clientsecret.py Co-authored-by: Felix Fontein <felix@fontein.de> * Make changes to keycloak_clientsecret from PR * Add SPDX identifier for keycloak_clientsecret * Add copyright in keycloak_clientsecret for REUSE * Add integration test for keycloak_clientsecret * rm clientsecret from keycloak_clientsecret result - end_state used instead * keycloak_clientsecret: Undo meta/runtime.yml change * Fix sanity tests for keycloak_clientsecret * New keycloak_clientsecret_info module - Replaces keycloak_clientsecret - Module definition and some common logic moved into module_utils - Update documentation, tests, etc. - Add myself as author * Misc fixes to keycloak_clientsecret_info * Add keycloak_clientsecret_regenerate module * keycloak_clientsecret* Update .github/BOTMETA.yml * keycloak_clientsecret_regenerate: Fix sanity tests * Fix README for keycloak_clientsecret integration test * Separate out keycloak_clientsecret module_utils * Keycloak_clientsecret module_utils: boilerplate * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_clientsecret_info.py Co-authored-by: Felix Fontein <felix@fontein.de> * keycloak_clientsecret: Add no_log to examples and docs * keycloak_clientsecret: Update BOTMETA * Update .github/BOTMETA.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: fynncfchen <fynn.cfchen@gmail.com> Co-authored-by: Fynnnnn <ethan.cfchen@gmail.com> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 7ea544a624) Co-authored-by: John Cant <a.johncant@gmail.com>
2026-04-19 02:11:32 +00:00 · 2022-12-05 05:47:23 +00:00 · 2022-12-05 05:47:23 +00:00 · 8a231e4b36
commit 8a231e4b36
parent 671f850069
13 changed files with 692 additions and 0 deletions
--- a/tests/integration/targets/keycloak_clientsecret_info/README.md
+++ b/tests/integration/targets/keycloak_clientsecret_info/README.md
@ -0,0 +1,17 @@
+<!--
+Copyright (c) Ansible Project
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+The integration test can be performed as follows:
+
+```
+# 1. Start docker-compose:
+docker-compose -f tests/integration/targets/keycloak_clientsecret_info/docker-compose.yml stop
+docker-compose -f tests/integration/targets/keycloak_clientsecret_info/docker-compose.yml rm -f -v
+docker-compose -f tests/integration/targets/keycloak_clientsecret_info/docker-compose.yml up -d
+
+# 2. Run the integration tests:
+ansible-test integration keycloak_clientsecret_info --allow-unsupported -v
+```
--- a/tests/integration/targets/keycloak_clientsecret_info/docker-compose.yml
+++ b/tests/integration/targets/keycloak_clientsecret_info/docker-compose.yml
@ -0,0 +1,31 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+version: '3.4'
+
+services:
+  postgres:
+    image: postgres:9.6
+    restart: always
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+
+  keycloak:
+    image: jboss/keycloak:12.0.4
+    ports:
+      - 8080:8080
+
+    environment:
+      DB_VENDOR: postgres
+      DB_ADDR: postgres
+      DB_DATABASE: postgres
+      DB_USER: postgres
+      DB_SCHEMA: public
+      DB_PASSWORD: postgres
+
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: password
--- a/tests/integration/targets/keycloak_clientsecret_info/tasks/main.yml
+++ b/tests/integration/targets/keycloak_clientsecret_info/tasks/main.yml
@ -0,0 +1,48 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Create realm
+  community.general.keycloak_realm: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      id: "{{ realm }}"
+      realm: "{{ realm }}"
+      state: present
+
+- name: Keycloak Client
+  community.general.keycloak_client: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      client_id: "{{ client_id }}"
+      state: present
+  register: client
+
+- name: Keycloak Client fetch clientsecret by client_id
+  community.general.keycloak_clientsecret_info: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      client_id: "{{ client_id }}"
+  register: fetch_by_client_id_result
+
+- name: Assert that the client secret was retrieved
+  assert:
+    that:
+      - fetch_by_client_id_result.clientsecret_info.type == "secret"
+      - "{{ fetch_by_client_id_result.clientsecret_info.value | length }} >= 32"
+
+- name: Keycloak Client fetch clientsecret by id
+  community.general.keycloak_clientsecret_info: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      id: "{{ client.end_state.id }}"
+  register: fetch_by_id_result
+
+- name: Assert that the same client secret was retrieved both times
+  assert:
+    that:
+      - fetch_by_id_result.clientsecret_info.value == fetch_by_client_id_result.clientsecret_info.value
--- a/tests/integration/targets/keycloak_clientsecret_info/vars/main.yml
+++ b/tests/integration/targets/keycloak_clientsecret_info/vars/main.yml
@ -0,0 +1,20 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+url: http://localhost:8080/auth
+admin_realm: master
+admin_user: admin
+admin_password: password
+realm: myrealm
+client_id: myclient
+role: myrole
+description_1: desc 1
+description_2: desc 2
+
+auth_args:
+  auth_keycloak_url: "{{ url }}"
+  auth_realm: "{{ admin_realm }}"
+  auth_username: "{{ admin_user }}"
+  auth_password: "{{ admin_password }}"
--- a/tests/integration/targets/keycloak_clientsecret_regenerate/README.md
+++ b/tests/integration/targets/keycloak_clientsecret_regenerate/README.md
@ -0,0 +1,17 @@
+<!--
+Copyright (c) Ansible Project
+GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+SPDX-License-Identifier: GPL-3.0-or-later
+-->
+
+The integration test can be performed as follows:
+
+```
+# 1. Start docker-compose:
+docker-compose -f tests/integration/targets/keycloak_clientsecret_regenerate/docker-compose.yml stop
+docker-compose -f tests/integration/targets/keycloak_clientsecret_regenerate/docker-compose.yml rm -f -v
+docker-compose -f tests/integration/targets/keycloak_clientsecret_regenerate/docker-compose.yml up -d
+
+# 2. Run the integration tests:
+ansible-test integration keycloak_clientsecret_regenerate --allow-unsupported -v
+```
--- a/tests/integration/targets/keycloak_clientsecret_regenerate/docker-compose.yml
+++ b/tests/integration/targets/keycloak_clientsecret_regenerate/docker-compose.yml
@ -0,0 +1,31 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+version: '3.4'
+
+services:
+  postgres:
+    image: postgres:9.6
+    restart: always
+    environment:
+      POSTGRES_USER: postgres
+      POSTGRES_DB: postgres
+      POSTGRES_PASSWORD: postgres
+
+  keycloak:
+    image: jboss/keycloak:12.0.4
+    ports:
+      - 8080:8080
+
+    environment:
+      DB_VENDOR: postgres
+      DB_ADDR: postgres
+      DB_DATABASE: postgres
+      DB_USER: postgres
+      DB_SCHEMA: public
+      DB_PASSWORD: postgres
+
+      KEYCLOAK_USER: admin
+      KEYCLOAK_PASSWORD: password
--- a/tests/integration/targets/keycloak_clientsecret_regenerate/tasks/main.yml
+++ b/tests/integration/targets/keycloak_clientsecret_regenerate/tasks/main.yml
@ -0,0 +1,49 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+- name: Create realm
+  community.general.keycloak_realm: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      id: "{{ realm }}"
+      realm: "{{ realm }}"
+      state: present
+
+- name: Keycloak Client
+  community.general.keycloak_client: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      client_id: "{{ client_id }}"
+      state: present
+  register: client
+
+- name: Keycloak Client regenerate clientsecret by client_id
+  community.general.keycloak_clientsecret_regenerate: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      client_id: "{{ client_id }}"
+  register: regenerate_by_client_id
+
+- name: Assert that the client secret was retrieved
+  assert:
+    that:
+      - regenerate_by_client_id.end_state.type == "secret"
+      - "{{ regenerate_by_client_id.end_state.value | length }} >= 32"
+
+- name: Keycloak Client regenerate clientsecret by id
+  community.general.keycloak_clientsecret_regenerate: "{{ auth_args | combine(call_args) }}"
+  vars:
+    call_args:
+      realm: "{{ realm }}"
+      id: "{{ client.end_state.id }}"
+  register: regenerate_by_id
+
+- name: Assert that client secret was regenerated
+  assert:
+    that:
+      - "{{ regenerate_by_id.end_state.value | length }} >= 32"
+      - regenerate_by_id.end_state.value != regenerate_by_client_id.end_state.value
--- a/tests/integration/targets/keycloak_clientsecret_regenerate/vars/main.yml
+++ b/tests/integration/targets/keycloak_clientsecret_regenerate/vars/main.yml
@ -0,0 +1,20 @@
+---
+# Copyright (c) Ansible Project
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+url: http://localhost:8080/auth
+admin_realm: master
+admin_user: admin
+admin_password: password
+realm: myrealm
+client_id: myclient
+role: myrole
+description_1: desc 1
+description_2: desc 2
+
+auth_args:
+  auth_keycloak_url: "{{ url }}"
+  auth_realm: "{{ admin_realm }}"
+  auth_username: "{{ admin_user }}"
+  auth_password: "{{ admin_password }}"