* fix(keycloak_realm_key): handle missing config fields for default keys
Keycloak API may not return 'active', 'enabled', or 'algorithm' fields
in the config response for default/auto-generated realm keys. This caused
a KeyError when the module tried to compare these fields during state
detection.
Use .get() with the expected value as default to handle missing fields
gracefully, treating them as unchanged if not present in the API response.
Fixes: #11459
* add PR link to changelog entry per review feedback
* Get rid of all six.moves imports.
* Get rid of iteritems.
* Get rid of *_type(s) aliases.
* Replace StringIO import.
* Get rid of PY2/PY3 constants.
* Get rid of raise_from.
* Get rid of python_2_unicode_compatible.
* Clean up global six imports.
* Remove all usage of ansible.module_utils.six.
* Linting.
* Fix xml module.
* Docs adjustments.
* Adjust all __future__ imports:
for i in $(grep -REl "__future__.*absolute_import" plugins/ tests/); do
sed -e 's/from __future__ import .*/from __future__ import annotations/g' -i $i;
done
* Remove all UTF-8 encoding specifications for Python source files:
for i in $(grep -REl '[-][*]- coding: utf-8 -[*]-' plugins/ tests/); do
sed -e '/^# -\*- coding: utf-8 -\*-/d' -i $i;
done
* Remove __metaclass__ = type:
for i in $(grep -REl '__metaclass__ = type' plugins/ tests/); do
sed -e '/^__metaclass__ = type/d' -i $i;
done
* add client_credentials authentication for keycloak tasks incl. test case
* support client credentials in all keycloak modules
* Add changelog fragment
* fix typos in required list
* Update changelogs/fragments/10231-keycloak-add-client-credentials-authentication.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* revert keycloak url in test environment
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: begin refactor to support refresh token in keycloak modules
* chore: add start of tests for shared token usage
* feat: progress towards supporting refresh token; token introspection not yet working [8857]
* chore: reset to main branch previous state; a different approach is needed [8857]
* feat: add request methods to keycloak class, which will be expanded with retry logic [8857]
* feat: all requests to keycloak use request methods instead of open_url [8857]
* fix: data argument is optional in keycloak request methods [8857]
* feat: add integration test for keycloak module authentication methods [8857]
* chore: refactor get token logic to separate logic using username/pass credentials [8857]
* chore: refactor token request logic further to isolate request logic [8857]
* chore: fix minor lint issues [8857]
* test: add (currently failing) test for request with invalid auth token, valid refresh token [8857]
* chore: allow realm to be provided to role module with refresh_token, without username/pass [8857]
* feat: add retry logic to requests in keycloak module utils [8857]
* chore: rename keycloak module fail_open_url method to fail_request [8857]
* chore: update all keycloak modules to support refresh token param [8857]
* chore: add refresh_token param to keycloak doc_fragments [8857]
* chore: restore dependency between auth_realm and auth_username,auth_password params [8857]
* chore: rearrange module param checks to reduce future pr size [8857]
* chore: remove extra comma [8857]
* chore: update version added for refresh token param [8857]
* chore: add changelog fragment [8857]
* chore: re-add fail_open_url to keycloak module utils for backward compatability [8857]
* fix: do not make a new request to keycloak without reauth when refresh token not provided (#8857)
* fix: only make final auth attempt if username/pass provided, and return exception on failure (#8857)
* fix: make re-auth and retry code more consistent, ensure final exceptions are thrown (#8857)
* test: fix arguments for invalid token, valid refresh token test (#8857)
* feat: catch invalid refresh token errors during re-auth attempt (#8857)
Add test to verify this behaviour works.
* test: improve test coverage, including some unhappy path tests for authentication failures (#8857)
* chore: store auth errors from token request in backwards compatible way (#8857)
* fix: ensure method is still specified for all requests (#8857)
* chore: simplify token request logic (#8857)
* chore: rename functions to request tokens using refresh token or username/password (#8857)
To emphasize their difference from the `get_token` function,
which either gets the token from the module params
*or* makes a request for it.
* doc: add docstrings for new or significantly modified functions (#8857)
* test: repair unit test following change to exception message upon key error during auth request (#8857)
* Create group for keycloak
This will allows keycloak authentication details to be set as a module_defaults rather than repeated on each task
* add documentation to keycloak modules to note creation of action_group
* add changelog for keycloak action_group creation
* exclude keycloak_realm_info from action group, as it does not share same set of base parameters
* fix formatting on changelog entry for adding Keycloak action group
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* add support for rsa enc key usage, more algorithms, and make certficate optional
* fix formatting
* adding changelog fragment
* made suggested code changes based on review
* fix typo and be more clear
* revert certificate to previous defined settings
* Add keycloak_realm_key module
* keycloak_realm_key: make "ansible-test sanity" happy
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
* keycloak_realm_key: support check_mode
* keycloak_realm_key: add integration tests
* keycloak_realm_key: remove FIXME comment
* keycloak_realm_key: fix EOL in integration test variables
* keycloak_realm_key: remove unused import
* keycloak_realm_key: remove integration test realm at the end of test suite
* keycloak_realm_key: add version_added metadata
* keycloak_realm_key: add documentation for end_state
* keycloak_realm_key: support the "certificate" parameter
As with "private_key" changing the certificate after creation is not possible
because we can't compare the current value to the desired value.
* keycloak_realm_key: document default for certificate parameter
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
* keycloak_realm_key: implement diff mode
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm_key: remove note about literal linefeeds
* keycloak_realm_key: remove defaults from priority and certificate
* keycloak_realm_key: mark diff and check modes as partially supported
* keycloak_realm_key: implement "force" parameter
This ensures that the desired state is always enforced on keys that should be,
and are, present.
* keycloak_realm_key: fix yaml parsing error in documentation
* keycloak_realm_key: document why check_mode support is partial
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_realm_key: documentation and metadata fixes
* keycloak_realm_key: small documentation fix
* keycloak_realm_key: change version_added to 7.5.0
* Update plugins/modules/keycloak_realm_key.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Signed-off-by: Samuli Seppänen <samuli.seppanen@puppeteers.net>
Co-authored-by: Felix Fontein <felix@fontein.de>
