* feat: begin refactor to support refresh token in keycloak modules
* chore: add start of tests for shared token usage
* feat: progress towards supporting refresh token; token introspection not yet working [8857]
* chore: reset to main branch previous state; a different approach is needed [8857]
* feat: add request methods to keycloak class, which will be expanded with retry logic [8857]
* feat: all requests to keycloak use request methods instead of open_url [8857]
* fix: data argument is optional in keycloak request methods [8857]
* feat: add integration test for keycloak module authentication methods [8857]
* chore: refactor get token logic to separate logic using username/pass credentials [8857]
* chore: refactor token request logic further to isolate request logic [8857]
* chore: fix minor lint issues [8857]
* test: add (currently failing) test for request with invalid auth token, valid refresh token [8857]
* chore: allow realm to be provided to role module with refresh_token, without username/pass [8857]
* feat: add retry logic to requests in keycloak module utils [8857]
* chore: rename keycloak module fail_open_url method to fail_request [8857]
* chore: update all keycloak modules to support refresh token param [8857]
* chore: add refresh_token param to keycloak doc_fragments [8857]
* chore: restore dependency between auth_realm and auth_username,auth_password params [8857]
* chore: rearrange module param checks to reduce future pr size [8857]
* chore: remove extra comma [8857]
* chore: update version added for refresh token param [8857]
* chore: add changelog fragment [8857]
* chore: re-add fail_open_url to keycloak module utils for backward compatability [8857]
* fix: do not make a new request to keycloak without reauth when refresh token not provided (#8857)
* fix: only make final auth attempt if username/pass provided, and return exception on failure (#8857)
* fix: make re-auth and retry code more consistent, ensure final exceptions are thrown (#8857)
* test: fix arguments for invalid token, valid refresh token test (#8857)
* feat: catch invalid refresh token errors during re-auth attempt (#8857)
Add test to verify this behaviour works.
* test: improve test coverage, including some unhappy path tests for authentication failures (#8857)
* chore: store auth errors from token request in backwards compatible way (#8857)
* fix: ensure method is still specified for all requests (#8857)
* chore: simplify token request logic (#8857)
* chore: rename functions to request tokens using refresh token or username/password (#8857)
To emphasize their difference from the `get_token` function,
which either gets the token from the module params
*or* makes a request for it.
* doc: add docstrings for new or significantly modified functions (#8857)
* test: repair unit test following change to exception message upon key error during auth request (#8857)
* Create group for keycloak
This will allows keycloak authentication details to be set as a module_defaults rather than repeated on each task
* add documentation to keycloak modules to note creation of action_group
* add changelog for keycloak action_group creation
* exclude keycloak_realm_info from action group, as it does not share same set of base parameters
* fix formatting on changelog entry for adding Keycloak action group
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* refac: provider id choices
* feat: minor changes fragment
* Update changelogs/fragments/6763-keycloak-auth-provider-choices.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Skrekulko <Skrekulko@users.noreply.github.com>
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak: Improve API error message
* keycloak: Fix API error message
They key 'provider' is undefined.
* keycloak: Allow the creation of 'form-flow' authentication sub flows
To create something like keycloak's built-in registration flow,
we need to create a subflow with the type 'form-flow'.
* Add changelog fragment 6318
* Update changelogs/fragments/6318-add-form-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* keycloak_authentication: Don't compare subFlowType
It is only useful for creation.
* Update changelogs/fragments/6318-add-form-flow.yml
Co-authored-by: Felix Fontein <felix@fontein.de>
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
* Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
Fix unit test and add new one for token as param
Fix identation
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Allow keycloak_group.py to take token as parameter for the authentification
Refactor get_token to pass module.params + Documentation
* Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Check if base_url is None before to check format
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_client.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Update plugins/modules/identity/keycloak/keycloak_clienttemplate.py
Co-authored-by: Amin Vakil <info@aminvakil.com>
Switch to modern syntax for the documentation (e.g. community.general.keycloak_client)
Update keycloak_client.py
Update keycloak_clienttemplate.py
Add keycloak_authentication module to manage authentication
Minor fixex
Fix indent
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Removing variable ANSIBLE_METADATA from beginning of file
Minor fix
Refactoring create_or_update_executions :add change_execution_priority function
Refactoring create_or_update_executions :add create_execution function
Refactoring create_or_update_executions: add create_subflow
Refactoring create_or_update_executions: add update_authentication_executions function
Minor fix
* Using FQCN for the examples
Minor fix
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Update plugins/modules/identity/keycloak/keycloak_authentication.py
Co-authored-by: Felix Fontein <felix@fontein.de>
Refactoring: rename isDictEquals into is_dict_equals
Refactoring: rename variable as authentication_flow
Refactoring: rename variable as new_name
Refactoring: rename variable as flow_list
Refactoring: rename variable as new_flow
Refactoring: changing construction of dict newAuthenticationRepresentation and renaming as new_auth_repr
Minor fix
* Refactoring: rename variables with correct Python syntax (auth_repr, exec_repr)
Move create_or_update_executions function from keycloak.py to keycloak_authentication.py
Minor fix
Remove mock_create_or_update_executions not needed anymore
Fix unit test
Update plugins/module_utils/identity/keycloak/keycloak.py
is_dict_equals function return True if value1 empty
Update plugins/module_utils/identity/keycloak/keycloak.py
Co-authored-by: Alexei Znamensky <103110+russoz@users.noreply.github.com>
Rename is_dict_equal as is_struct_included and rename params as struct1 and struct2
Rename variables according to Python naming conventions
Refactoring: add find_exec_in_executions function in keycloak_authentication to remove code duplication
typo
Add blank line
Add required parameter, either creds or token
Typo
try/except only surround for loop containing struct2[key]
Add sub-options to meta_args
assigment of result['changed'] after if-elif-else block
Fix CI error: parameter-type-not-in-doc
Fix unit test: none value excluded from comparison
Minor fix
Simplify is_struct_included function
Replace 'type(..) is' by isinstance(..)
Remove redundant required=True and redundant parenthesis
Add check_mode, check if value is None (None value added by argument spec checker)
Apply suggestions from code review
Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Update plugins/modules/identity/keycloak/keycloak_authentication.py
* Add index paramter to configure the priority order of the execution
* Minor fix: authenticationConfig dict instead of str
Co-authored-by: Felix Fontein <felix@fontein.de>
Mark Armstrong
Felix Fontein
Alexei Znamensky
Chris Northwood
Florian Apolloner
Skrekulko
fachleitner
Gaetan2907