-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
keycloak: Add option to create authentication sub-flow of type 'form flow' #6318
keycloak: Add option to create authentication sub-flow of type 'form flow' #6318
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
bc446f0
to
52372a8
Compare
This comment was marked as outdated.
This comment was marked as outdated.
Docs Build 📝Thank you for contribution!✨ The docsite for this PR is available for download as an artifact from this run: File changes:
Click to see the diff comparison.NOTE: only file modifications are shown here. New and deleted files are excluded. diff --git a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/keycloak_authentication_module.html b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/keycloak_authentication_module.html
index 42f52fd..0a7d76c 100644
--- a/home/runner/work/community.general/community.general/docsbuild/base/collections/community/general/keycloak_authentication_module.html
+++ b/home/runner/work/community.general/community.general/docsbuild/head/collections/community/general/keycloak_authentication_module.html
@@ -282,7 +282,21 @@
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-indent"></div><div class="ansible-option-cell">
+<div class="ansibleOptionAnchor" id="parameter-authenticationExecutions/subFlowType"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-authenticationexecutions-subflowtype"><strong>subFlowType</strong></p>
+<a class="ansibleOptionLink" href="#parameter-authenticationExecutions/subFlowType" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
+<p><span class="ansible-option-versionadded">added in community.general 6.6.0</span></p>
+</div></td>
+<td><div class="ansible-option-indent-desc"></div><div class="ansible-option-cell"><p>For new subflows, optionally specify the type.</p>
+<p>Is only used at creation.</p>
+<p class="ansible-option-line"><span class="ansible-option-choices">Choices:</span></p>
+<ul class="simple">
+<li><p><code class="ansible-option-default-bold docutils literal notranslate"><span class="pre">"basic-flow"</span></code> <span class="ansible-option-choices-default-mark">← (default)</span></p></li>
+<li><p><code class="ansible-option-choices-entry docutils literal notranslate"><span class="pre">"form-flow"</span></code></p></li>
+</ul>
+</div></td>
+</tr>
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-connection_timeout"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-connection-timeout"><strong>connection_timeout</strong></p>
<a class="ansibleOptionLink" href="#parameter-connection_timeout" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">integer</span></p>
<p><span class="ansible-option-versionadded">added in community.general 4.5.0</span></p>
@@ -291,21 +305,21 @@
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">10</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-copyFrom"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-copyfrom"><strong>copyFrom</strong></p>
<a class="ansibleOptionLink" href="#parameter-copyFrom" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">flowAlias</span></code> of the authentication flow to use for the copy.</p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-description"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-description"><strong>description</strong></p>
<a class="ansibleOptionLink" href="#parameter-description" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>Description of the flow.</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-force"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-force"><strong>force</strong></p>
<a class="ansibleOptionLink" href="#parameter-force" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
@@ -317,7 +331,7 @@
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-http_agent"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-http-agent"><strong>http_agent</strong></p>
<a class="ansibleOptionLink" href="#parameter-http_agent" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in community.general 5.4.0</span></p>
@@ -326,21 +340,21 @@
<p class="ansible-option-line"><span class="ansible-option-default-bold">Default:</span> <code class="ansible-option-default docutils literal notranslate"><span class="pre">"Ansible"</span></code></p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-providerId"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-providerid"><strong>providerId</strong></p>
<a class="ansibleOptionLink" href="#parameter-providerId" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
<td><div class="ansible-option-cell"><p><code class="docutils literal notranslate"><span class="pre">providerId</span></code> for the new flow when not copied from an existing flow.</p>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-realm"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-realm"><strong>realm</strong></p>
<a class="ansibleOptionLink" href="#parameter-realm" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span> / <span class="ansible-option-required">required</span></p>
</div></td>
<td><div class="ansible-option-cell"><p>The name of the realm in which is the authentication.</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-state"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-state"><strong>state</strong></p>
<a class="ansibleOptionLink" href="#parameter-state" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
</div></td>
@@ -352,7 +366,7 @@
</ul>
</div></td>
</tr>
-<tr class="row-even"><td><div class="ansible-option-cell">
+<tr class="row-odd"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-token"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-token"><strong>token</strong></p>
<a class="ansibleOptionLink" href="#parameter-token" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><span class="ansible-option-versionadded">added in community.general 3.0.0</span></p>
@@ -360,7 +374,7 @@
<td><div class="ansible-option-cell"><p>Authentication token for Keycloak API.</p>
</div></td>
</tr>
-<tr class="row-odd"><td><div class="ansible-option-cell">
+<tr class="row-even"><td><div class="ansible-option-cell">
<div class="ansibleOptionAnchor" id="parameter-validate_certs"></div><p class="ansible-option-title" id="ansible-collections-community-general-keycloak-authentication-module-parameter-validate-certs"><strong>validate_certs</strong></p>
<a class="ansibleOptionLink" href="#parameter-validate_certs" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
</div></td>
|
They key 'provider' is undefined.
To create something like keycloak's built-in registration flow, we need to create a subflow with the type 'form-flow'.
52372a8
to
dee4985
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for your contribution! I've added some first comments.
Please also check the failing unit tests. |
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
Co-authored-by: Felix Fontein <[email protected]>
f3a0955
to
bc1e903
Compare
The fail was a good catch. We must exclude the new parameter from checks, because it is only valid for creation. |
It is only useful for creation.
bc1e903
to
97a18b5
Compare
Sorry for messing up the PR history.. I forgot to pull the changes commited in the web ui. |
Co-authored-by: Felix Fontein <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me as far as I can judge. I'll merge this this weekend if nobody objects.
Backport to stable-6: 💚 backport PR created✅ Backport PR branch: Backported as #6393 🤖 @patchback |
…flow' (#6318) * keycloak: Improve API error message * keycloak: Fix API error message They key 'provider' is undefined. * keycloak: Allow the creation of 'form-flow' authentication sub flows To create something like keycloak's built-in registration flow, we need to create a subflow with the type 'form-flow'. * Add changelog fragment 6318 * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <[email protected]> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <[email protected]> * keycloak_authentication: Don't compare subFlowType It is only useful for creation. * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 114eb67)
@flyingflo thanks for your contribution! |
… authentication sub-flow of type 'form flow' (#6393) keycloak: Add option to create authentication sub-flow of type 'form flow' (#6318) * keycloak: Improve API error message * keycloak: Fix API error message They key 'provider' is undefined. * keycloak: Allow the creation of 'form-flow' authentication sub flows To create something like keycloak's built-in registration flow, we need to create a subflow with the type 'form-flow'. * Add changelog fragment 6318 * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <[email protected]> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <[email protected]> * Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein <[email protected]> * keycloak_authentication: Don't compare subFlowType It is only useful for creation. * Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 114eb67) Co-authored-by: fachleitner <[email protected]>
v7.5.0 Minor Changes ------------- ansible.posix ~~~~~~~~~~~~~ - Add jsonl callback plugin to ansible.posix collection - firewalld - add `protocol` parameter cisco.aci ~~~~~~~~~ - Add aci_access_span_dst_group module for fabric access policies span destination group support - Add aci_access_span_filter_group and aci_access_span_filter_group_entry modules for access span filter group support - Add aci_config_export_policy module - Add aci_igmp_interface_policy module - Add aci_interface_config module for new interface configuration available in ACI v5.2(5)+ - Add aci_interface_policy_spanning_tree module cisco.dnac ~~~~~~~~~~ - accesspoint_configuration_details_by_task_id_info - new module - authentication_policy_servers_info - new module - credential_to_site_by_siteid_create_v2 - new module - device_interface_info - attributes `lastInputTime` and `lastOutputTime` were added. - device_reboot_apreboot_info - new module - dnac_packages_info - new module - eox_status_device_info - new module - eox_status_summary_info - new module - event_email_config - new module - event_email_config_info - new module - event_snmp_config_info - new module - event_syslog_config - new module - event_syslog_config_info - new module - execute_suggested_actions_commands - new module - global_credential_v2 - new module - global_credential_v2_info - new module - integration_settings_instances_itsm - new module - integration_settings_instances_itsm_info - new module - lan_automation_log_by_serial_number_info - new module - network_device_user_defined_field - new module - network_device_user_defined_field_info - new module - network_v2 - new module - network_v2_info - new module - pnp_device_claim_to_site - attributes `removeInactive` and `hostname` were removed. - role_permissions_info - new module - roles_info - new module - sda_fabric_border_device - attributes `routeDistributionProtocol` and `borderPriority` were added. - sda_fabric_control_plane_device attribute `routeDistributionProtocol` was added. - sda_fabric_edge_device - attribute `siteNameHierarchy` was added. - sda_fabric_site - attribute `fabricType` was added. - sda_port_assignment_for_user_device - attribute `interfaceNames` was added. - sda_virtual_network - attribute `vManageVpnId` was added. - sda_virtual_network_ip_pool - attribute `isBridgeModeVm` was added. - sda_virtual_network_v2 - attribute `isBridgeModeVm` was added. - service_provider_v2 - new module - service_provider_v2_info - new module - sp_profile_delete_v2 - new module - user - new module - user_info - new module - users_external_servers_info - new module - wireless_accespoint_configuration - new module - wireless_accesspoint_configuration_summary_info - new module cisco.ios ~~~~~~~~~ - ios_bgp_address_family - add option redistribute.ospf.include_connected when redistributing OSPF in IPv6 AFI - ios_bgp_address_family - add option redistribute.ospf.match.externals.type_1 to allow - ios_bgp_address_family - add option redistribute.ospf.match.externals.type_2 to allow - specification of OSPF E1 routes - specification of OSPF E2 routes cisco.mso ~~~~~~~~~ - Add ip_data_plane_learning and preferred_group arguments to mso_schema_template_vrf module - Add module mso_schema_site_anp_epg_bulk_staticport - Add route_reachability attribute to mso_schema_site_external_epg module cisco.nxos ~~~~~~~~~~ - `nxos_route_maps` - add support for 'set ip next-hop <>' command in route-maps - `nxos_vxlan_vtep` - add support for 'advertise virtual-rmac' command under nve interface community.crypto ~~~~~~~~~~~~~~~~ - get_certificate - add ``asn1_base64`` option to control whether the ASN.1 included in the ``extensions`` return value is binary data or Base64 encoded (ansible-collections/community.crypto#592). community.general ~~~~~~~~~~~~~~~~~ - cpanm - minor change, use feature from ``ModuleHelper`` (ansible-collections/community.general#6385). - dconf - be forgiving about boolean values: convert them to GVariant booleans automatically (ansible-collections/community.general#6206). - dconf - minor refactoring improving parameters and dependencies validation (ansible-collections/community.general#6336). - deps module utils - add function ``failed()`` providing the ability to check the dependency check result without triggering an exception (ansible-collections/community.general#6383). - dig lookup plugin - Support multiple domains to be queried as indicated in docs (ansible-collections/community.general#6334). - gitlab_project - add new option ``topics`` for adding topics to GitLab projects (ansible-collections/community.general#6278). - homebrew_cask - allows passing ``--greedy`` option to ``upgrade_all`` (ansible-collections/community.general#6267). - idrac_redfish_command - add ``job_id`` to ``CreateBiosConfigJob`` response (ansible-collections/community.general#5603). - ipa_hostgroup - add ``append`` parameter for adding a new hosts to existing hostgroups without changing existing hostgroup members (ansible-collections/community.general#6203). - keycloak_authentication - add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in Keycloak's built-in registration flow (ansible-collections/community.general#6318). - mksysb - improved the output of the module in case of errors (ansible-collections/community.general#6263). - nmap inventory plugin - added environment variables for configure ``address`` and ``exclude`` (ansible-collections/community.general#6351). - nmcli - add ``macvlan`` connection type (ansible-collections/community.general#6312). - pipx - add ``system_site_packages`` parameter to give application access to system-wide packages (ansible-collections/community.general#6308). - pipx - ensure ``include_injected`` parameter works with ``state=upgrade`` and ``state=latest`` (ansible-collections/community.general#6212). - puppet - add new options ``skip_tags`` to exclude certain tagged resources during a puppet agent or apply (ansible-collections/community.general#6293). - terraform - remove state file check condition and error block, because in the native implementation of terraform will not cause errors due to the non-existent file (ansible-collections/community.general#6296). - udm_dns_record - minor refactor to the code (ansible-collections/community.general#6382). community.zabbix ~~~~~~~~~~~~~~~~ - httpapi plugin - updated to work with Zabbix 6.4. - zabbix_action, zabbix_authentication, zabbix_discovery_rule, zabbix_mediatype, zabbix_user, zabbix_user_directory, zabbix_usergroup - updated to work with Zabbix 6.4. - zabbix_agent role - Add support for SUSE Linux Enterprise Server for SAP Applications ("SLES_SAP"). - zabbix_host - add missing variants for SNMPv3 authprotocol and privprotocol introduced by Zabbix 6 - zabbix_proxy role - Add variable zabbix_proxy_dbpassword_hash_method to control whether you want postgresql user password to be hashed with md5 or want to use db default. When zabbix_proxy_dbpassword_hash_method is set to anything other than md5 then do not hash the password with md5 so you could use postgresql scram-sha-256 hashing method. - zabbix_server role - Add variable zabbix_server_dbpassword_hash_method to control whether you want postgresql user password to be hashed with md5 or want to use db default. When zabbix_server_dbpassword_hash_method is set to anything other than md5 then do not hash the password with md5 so you could use postgresql scram-sha-256 hashing method. - zabbix_usergroup module - userdirectory, hostgroup_rights and templategroup_rights parameters added (Zabbix >= 6.2) - zabbix_web role - possibility to add custom includes in apache vhost config dellemc.powerflex ~~~~~~~~~~~~~~~~~ - Info module is enhanced to support the listing of replication pairs. dellemc.unity ~~~~~~~~~~~~~ - Add synchronous replication support for filesystem. - Support addition of host from the Host List to NFS Export in nfs module. - Support enable/disable advanced dedup in volume module. hetzner.hcloud ~~~~~~~~~~~~~~ - hcloud_image_info - Add cpu architecture field to return value. - hcloud_image_info - Allow filtering images by cpu architecture. - hcloud_server - Select matching image for the cpu architecture of the server type on create & rebuild. - hcloud_server_type_info - Add cpu architecture field to return value. - inventory plugin - Add cpu architecture to server variables. netapp.ontap ~~~~~~~~~~~~ - na_ontap_cifs - new options ``browsable`` and ``show_previous_versions`` added in REST. - na_ontap_cifs - removed default value for ``unix_symlink`` as its not supported with ZAPI. - na_ontap_cifs - updated documentation and examples for REST. - na_ontap_file_security_permissions - updated module examples. - na_ontap_ipspace - improved module fail error message in REST. - na_ontap_rest_info - improved documentation for ``parameters`` option. - na_ontap_security_config - updated documentation for ``supported_cipher_suites``. - na_ontap_user - option ``vserver`` is not required with REST, ignore this option to create cluster scoped user. netbox.netbox ~~~~~~~~~~~~~ - netbox_aggregate - Add tenant as parameter to module - netbox_asn - Add module - netbox_fhrp_group - Add module - netbox_journal_entry - Add module purestorage.flashblade ~~~~~~~~~~~~~~~~~~~~~~ - purefb_info - Added `encryption` and `support_keys` information. - purefb_info - Added bucket quota and safemode information per bucket - purefb_info - Added security update version for Purity//FB 4.0.2, or higher - purefb_info - Updated object store account information - purefb_inventory - Added `part_number` to hardware item information. - purefb_policy - Added support for multiple rules in snapshot policies - purefb_proxy - Added new boolean parameter `secure`. Default of true (for backwards compatability) sets the protocol to be `https://`. False sets `http://` - purefb_s3acc - Added support for default bucket quotas and hard limits - purefb_s3acc - Added support for object account quota and hard limit purestorage.fusion ~~~~~~~~~~~~~~~~~~ - added Python package dependency checks in prerequisites.py - fusion_hap - added missing 'windows' personality type theforeman.foreman ~~~~~~~~~~~~~~~~~~ - content_export_library, content_export_repository, content_export_version - add ``format`` option to control the export format - content_view_filter - add support for creating modulemd filters - content_view_publish role - also accept a list of dicts as the ``content_views`` role for publishing (theforeman/foreman-ansible-modules#1436) - setting - document how to obtain valid setting names (https://bugzilla.redhat.com/show_bug.cgi?id=2174367) Deprecated Features ------------------- cisco.ios ~~~~~~~~~ - ios_bgp_address_family - deprecate redistribute.ospf.match.external with redistribute.ospf.match.externals which enables attributes for OSPF type E1 and E2 routes - ios_bgp_address_family - deprecate redistribute.ospf.match.nssa_external with redistribute.ospf.match.nssa_externals which enables attributes for OSPF type N1 and N2 routes - ios_bgp_address_family - deprecate redistribute.ospf.match.type_1 with redistribute.ospf.match.nssa_externals.type_1 - ios_bgp_address_family - deprecate redistribute.ospf.match.type_2 with redistribute.ospf.match.nssa_externals.type_2
SUMMARY
To create something like keycloak's built-in registration flow,
we need to create a subflow with the type 'form-flow'.
ISSUE TYPE
COMPONENT NAME
keycloak_authentication
ADDITIONAL INFORMATION
Additionally, this adds some detail to the error message created on keycloak API exceptions, i.e.
fields from the HTTPError exception. This is optional.
Another patch fixes an Exception when formatting an error message.