* fix ruff case UP031
* refactor backslashout of f-string for the sake of old Pythons
* add changelog frag
* Update plugins/modules/imc_rest.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* scaleway_user_data: fix bug and make it an f-string
* reformat
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add Keycloak module to send execute-actions email to users
Signed-off-by: Marius Bertram <marius@brtrm.de>
* Fix Example Typo
Signed-off-by: Marius Bertram <marius@brtrm.de>
* Break if argument_speck() is broken
Signed-off-by: Marius Bertram <marius@brtrm.de>
* Adjust to new tests in main.
* Remove unnecessary version_added.
---------
Signed-off-by: Marius Bertram <marius@brtrm.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: add client authentication support for client_secret
Signed-off-by: Marius Bertram <marius@brtrm.de>
* readd ['token', 'auth_realm']
Signed-off-by: Marius Bertram <marius@brtrm.de>
---------
Signed-off-by: Marius Bertram <marius@brtrm.de>
* use f-strings in module utils
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* remove unused imports
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Get rid of all six.moves imports.
* Get rid of iteritems.
* Get rid of *_type(s) aliases.
* Replace StringIO import.
* Get rid of PY2/PY3 constants.
* Get rid of raise_from.
* Get rid of python_2_unicode_compatible.
* Clean up global six imports.
* Remove all usage of ansible.module_utils.six.
* Linting.
* Fix xml module.
* Docs adjustments.
* Adjust all __future__ imports:
for i in $(grep -REl "__future__.*absolute_import" plugins/ tests/); do
sed -e 's/from __future__ import .*/from __future__ import annotations/g' -i $i;
done
* Remove all UTF-8 encoding specifications for Python source files:
for i in $(grep -REl '[-][*]- coding: utf-8 -[*]-' plugins/ tests/); do
sed -e '/^# -\*- coding: utf-8 -\*-/d' -i $i;
done
* Remove __metaclass__ = type:
for i in $(grep -REl '__metaclass__ = type' plugins/ tests/); do
sed -e '/^__metaclass__ = type/d' -i $i;
done
* first commit
* add and fixe test
* add example
* fragment and sanity
* sanity
* sanity
* Update plugins/modules/keycloak_identity_provider.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/10527-keycloak-idp-well-known-url-support.yml
---------
Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
* add client_credentials authentication for keycloak tasks incl. test case
* support client credentials in all keycloak modules
* Add changelog fragment
* fix typos in required list
* Update changelogs/fragments/10231-keycloak-add-client-credentials-authentication.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* revert keycloak url in test environment
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add support for addressing subgroups by paths to the keycloak_user module (issue #9647)
* Apply suggestions from code review.
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
* Add delete_authentication_config method and integrate it into create_or_update_executions
* typo
* Sanity
* Add integration tests for keycloak_authentication module with README, tasks, and variables
* Add copyright and license information to access_token.yml
* Sanity
* Refactor Keycloak integration tests: streamline README, update access token task, and enhance variable management
* Maj changelogs fragments
---------
Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
* remove realm id requirement
* replace id with realm
* replace id with realm in documentation
* add changelog fragment
* Update changelogs/fragments/9768-keycloak_realm-remove-id-requirement.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update changelogs/fragments/9768-keycloak_realm-remove-id-requirement.yaml
Co-authored-by: Felix Fontein <felix@fontein.de>
* add comment to get_realm_by_id
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat: begin refactor to support refresh token in keycloak modules
* chore: add start of tests for shared token usage
* feat: progress towards supporting refresh token; token introspection not yet working [8857]
* chore: reset to main branch previous state; a different approach is needed [8857]
* feat: add request methods to keycloak class, which will be expanded with retry logic [8857]
* feat: all requests to keycloak use request methods instead of open_url [8857]
* fix: data argument is optional in keycloak request methods [8857]
* feat: add integration test for keycloak module authentication methods [8857]
* chore: refactor get token logic to separate logic using username/pass credentials [8857]
* chore: refactor token request logic further to isolate request logic [8857]
* chore: fix minor lint issues [8857]
* test: add (currently failing) test for request with invalid auth token, valid refresh token [8857]
* chore: allow realm to be provided to role module with refresh_token, without username/pass [8857]
* feat: add retry logic to requests in keycloak module utils [8857]
* chore: rename keycloak module fail_open_url method to fail_request [8857]
* chore: update all keycloak modules to support refresh token param [8857]
* chore: add refresh_token param to keycloak doc_fragments [8857]
* chore: restore dependency between auth_realm and auth_username,auth_password params [8857]
* chore: rearrange module param checks to reduce future pr size [8857]
* chore: remove extra comma [8857]
* chore: update version added for refresh token param [8857]
* chore: add changelog fragment [8857]
* chore: re-add fail_open_url to keycloak module utils for backward compatability [8857]
* fix: do not make a new request to keycloak without reauth when refresh token not provided (#8857)
* fix: only make final auth attempt if username/pass provided, and return exception on failure (#8857)
* fix: make re-auth and retry code more consistent, ensure final exceptions are thrown (#8857)
* test: fix arguments for invalid token, valid refresh token test (#8857)
* feat: catch invalid refresh token errors during re-auth attempt (#8857)
Add test to verify this behaviour works.
* test: improve test coverage, including some unhappy path tests for authentication failures (#8857)
* chore: store auth errors from token request in backwards compatible way (#8857)
* fix: ensure method is still specified for all requests (#8857)
* chore: simplify token request logic (#8857)
* chore: rename functions to request tokens using refresh token or username/password (#8857)
To emphasize their difference from the `get_token` function,
which either gets the token from the module params
*or* makes a request for it.
* doc: add docstrings for new or significantly modified functions (#8857)
* test: repair unit test following change to exception message upon key error during auth request (#8857)
* keycloak_group: fix subgroup creation in Keycloak ≥23
* Add changelog fragment
* Include issue and pull request in changelog fragment
Co-authored-by: Felix Fontein <felix@fontein.de>
* Use new way to get subgroups when getting a subgroup chain
* Fix indent
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(keycloak): module to query keys metadata
* chore: add thomasbach-dev as maintainer in team_keycloak
* test: adding a unit test for keycloak_real_keys_metadata_info module
* fixup! feat(keycloak): module to query keys metadata
* Add keycloak_realm_rolemapping module to map realm roles to groups
* Whitespace
* Description in plain English
* Casing
* Update error reporting as per #7645
* Add agross as maintainer of keycloak_realm_rolemapping module
* cid and client_id are not used here
* Credit other authors
* mhuysamen submitted #7645
* Gaetan2907 authored keycloak_client_rolemapping.py which I took as a
basis
* Add integration tests
* With Keycloak 23 realmRoles are only returned if assigned
* Remove debug statement
* Add test verifying that unmap works when no realm roles are assigned
* Add license to readme
* Change version number this module was added
* Document which versions of the docker images have been tested
* Downgrade version_added
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix more typos in plugins/.
* Fix typos in tests/unit/.
* Fix typos in tests/integration/.
* Fix more typos.
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
---------
Co-authored-by: Sebastian Gumprich <rndmh3ro@users.noreply.github.com>
* Add composites to keycloak_role module
* Add composites support for realm role in keycloak module_utils
* Clean f.write from keycloak_role module
* keycloak_role support state for realm role composites
* Add support for composites in client role for keycloak_role module
* Add changelog fragment for keycloak role composites PR
* Fix pep8 and validate-modules tests errors
* Update changelogs/fragments/6469-add-composites-support-for-keycloak-role.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
I will try it
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix test_keycloak_role assertion
* Fix role composite compare before update in keycloak_role module
* Fix realm problem with update_role_composites in keycloak.py module_utils
* Add units tests for composites and client roles in keycloak_role module
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Change try in is_struct_included and add unit tests for keycloak.py module_utils
* Add integration tests for composites roles and fix bug with non master roles in keycloak_role module
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_role.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* is_struct_included refactor
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix composites comparison for role in is_struct_included keycloak.py function
* Add changelog fragment and unit tests
* Update changelogs/fragments/6688-is-struct-included-bug-in-keycloak-py.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add keycloak_authz_authorization scope module
This module allows managing Keycloak client authorization scopes. The client has
to have authorization enable for this to work.
* botmeta: make mattock maintainer of keycloak_authz_authorization_scope
* botmeta: add mattock to team_keycloak
* keycloak_authz_authorization_scope: documentation and code layout fixes
* keycloak_authz_authorization_scope: do not fail on names with whitespace
* keycloak_authz_authorization_scope: use url quote method
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authz_authorization_scope: style fixes to documentation
* keycloak_authz_authorization_scope: do not claim check/diff mode support
* keycloak_authz_authorization_scope: fix documentation
* keycloak_authz_authorization_scope: support check_mode and diff_mode
* keycloak_authz_authorization_scope: use more common terminology
Most keycloak modules use before_<object_type> and desired_<object_type> to
designate current and desired states of objects. Do the same for authorization
scopes.
* keycloak_authz_authorization_scope: fixes to check_mode and docs
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: Improve API error message
* keycloak: Fix API error message
They key 'provider' is undefined.
* keycloak: Allow the creation of 'form-flow' authentication sub flows
To create something like keycloak's built-in registration flow,
we need to create a subflow with the type 'form-flow'.
* Add changelog fragment 6318
* Update changelogs/fragments/6318-add-form-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authentication: Don't compare subFlowType
It is only useful for creation.
* Update changelogs/fragments/6318-add-form-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* feat(module/keycloak_group): add support for ...
... handling subgroups
* added changelog fragment and fixing sanity ...
... test issues
* more sanity fixes
* fix missing version and review issues
* added missing licence header
* fix docu
* fix line beeing too long
* replaced suboptimal string type prefixing ...
... with better subdict based approach
* fix sanity issues
* more sanity fixing
* fixed more review issues
* fix argument list too long
* why is it failing? something wrong with the docu?
* is it this line then?
* undid group attribute removing, it does not ...
... belong into this PR
* fix version_added for parents parameter
---------
Co-authored-by: Mirko Wilhelmi <Mirko.Wilhelmi@sma.de>
