From 9a8528f999238e88c794c30a5d6cc2f2262d7221 Mon Sep 17 00:00:00 2001 From: Florian Achleitner Date: Tue, 11 Apr 2023 14:11:20 +0200 Subject: [PATCH 1/9] keycloak: Improve API error message --- plugins/module_utils/identity/keycloak/keycloak.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py index 15b665752d6..79b7aee79ee 100644 --- a/plugins/module_utils/identity/keycloak/keycloak.py +++ b/plugins/module_utils/identity/keycloak/keycloak.py @@ -1795,6 +1795,9 @@ def update_authentication_executions(self, flowAlias, updatedExec, realm='master data=json.dumps(updatedExec), timeout=self.connection_timeout, validate_certs=self.validate_certs) + except HTTPError as e: + self.module.fail_json(msg="Unable to update execution '%s': %s: %s %s" % + (flowAlias, repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(updatedExec))) except Exception as e: self.module.fail_json(msg="Unable to update executions %s: %s" % (updatedExec, str(e))) @@ -1865,6 +1868,9 @@ def create_execution(self, execution, flowAlias, realm='master'): data=json.dumps(newExec), timeout=self.connection_timeout, validate_certs=self.validate_certs) + except HTTPError as e: + self.module.fail_json(msg="Unable to create new execution '%s' %s: %s: %s %s" % + (flowAlias, execution["providerId"], repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(newExec))) except Exception as e: self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e))) From a4d6ae6340be73897ac59fc25ffa8f6a427951a8 Mon Sep 17 00:00:00 2001 From: Florian Achleitner Date: Tue, 11 Apr 2023 15:33:00 +0200 Subject: [PATCH 2/9] keycloak: Fix API error message They key 'provider' is undefined. --- plugins/module_utils/identity/keycloak/keycloak.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py index 79b7aee79ee..dabd73a5d79 100644 --- a/plugins/module_utils/identity/keycloak/keycloak.py +++ b/plugins/module_utils/identity/keycloak/keycloak.py @@ -1872,7 +1872,7 @@ def create_execution(self, execution, flowAlias, realm='master'): self.module.fail_json(msg="Unable to create new execution '%s' %s: %s: %s %s" % (flowAlias, execution["providerId"], repr(e), ";".join([e.url, e.msg, str(e.code), str(e.hdrs)]), str(newExec))) except Exception as e: - self.module.fail_json(msg="Unable to create new execution %s: %s" % (execution["provider"], str(e))) + self.module.fail_json(msg="Unable to create new execution '%s' %s: %s" % (flowAlias, execution["providerId"], repr(e))) def change_execution_priority(self, executionId, diff, realm='master'): """ Raise or lower execution priority of diff time From 45ee9f7e171666d223ea2df942d7cfbc40df7b28 Mon Sep 17 00:00:00 2001 From: Florian Achleitner Date: Tue, 11 Apr 2023 15:35:03 +0200 Subject: [PATCH 3/9] keycloak: Allow the creation of 'form-flow' authentication sub flows To create something like keycloak's built-in registration flow, we need to create a subflow with the type 'form-flow'. --- plugins/module_utils/identity/keycloak/keycloak.py | 4 ++-- plugins/modules/keycloak_authentication.py | 11 +++++++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py index dabd73a5d79..b918065dca9 100644 --- a/plugins/module_utils/identity/keycloak/keycloak.py +++ b/plugins/module_utils/identity/keycloak/keycloak.py @@ -1822,7 +1822,7 @@ def add_authenticationConfig_to_execution(self, executionId, authenticationConfi except Exception as e: self.module.fail_json(msg="Unable to add authenticationConfig %s: %s" % (executionId, str(e))) - def create_subflow(self, subflowName, flowAlias, realm='master'): + def create_subflow(self, subflowName, flowAlias, realm='master', flowType='basic-flow'): """ Create new sublow on the flow :param subflowName: name of the subflow to create @@ -1833,7 +1833,7 @@ def create_subflow(self, subflowName, flowAlias, realm='master'): newSubFlow = {} newSubFlow["alias"] = subflowName newSubFlow["provider"] = "registration-page-form" - newSubFlow["type"] = "basic-flow" + newSubFlow["type"] = flowType open_url( URL_AUTHENTICATION_FLOW_EXECUTIONS_FLOW.format( url=self.baseurl, diff --git a/plugins/modules/keycloak_authentication.py b/plugins/modules/keycloak_authentication.py index 5db9bc93180..3f32c8a6357 100644 --- a/plugins/modules/keycloak_authentication.py +++ b/plugins/modules/keycloak_authentication.py @@ -79,6 +79,12 @@ description: - Priority order of the execution. type: int + subFlowType: + description: + - For new subflows, optionally specify the type. + choices: ["basic-flow", "form-flow"] + default: "basic-flow" + type: str state: description: - Control if the authentication flow must exists or not. @@ -282,7 +288,7 @@ def create_or_update_executions(kc, config, realm='master'): id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] after += str(new_exec) + '\n' elif new_exec["displayName"] is not None: - kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm) + kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec['subFlowType']) exec_found = True exec_index = new_exec_index id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] @@ -299,7 +305,7 @@ def create_or_update_executions(kc, config, realm='master'): kc.add_authenticationConfig_to_execution(updated_exec["id"], new_exec["authenticationConfig"], realm=realm) for key in new_exec: # remove unwanted key for the next API call - if key != "flowAlias" and key != "authenticationConfig": + if key not in ("flowAlias", "authenticationConfig", "subFlowType"): updated_exec[key] = new_exec[key] if new_exec["requirement"] is not None: kc.update_authentication_executions(flow_alias_parent, updated_exec, realm=realm) @@ -334,6 +340,7 @@ def main(): flowAlias=dict(type='str'), authenticationConfig=dict(type='dict'), index=dict(type='int'), + subFlowType=dict(choices=["basic-flow", "form-flow"], default='basic-flow', type='str'), )), state=dict(choices=["absent", "present"], default='present'), force=dict(type='bool', default=False), From dee4985cbb0217308741e0e6424fef393a4848a4 Mon Sep 17 00:00:00 2001 From: Florian Achleitner Date: Tue, 11 Apr 2023 16:27:47 +0200 Subject: [PATCH 4/9] Add changelog fragment 6318 --- changelogs/fragments/6318-add-form-flow.yml | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 changelogs/fragments/6318-add-form-flow.yml diff --git a/changelogs/fragments/6318-add-form-flow.yml b/changelogs/fragments/6318-add-form-flow.yml new file mode 100644 index 00000000000..e95bbdef996 --- /dev/null +++ b/changelogs/fragments/6318-add-form-flow.yml @@ -0,0 +1,5 @@ +bugfixes: + - "keycloak - Improve error messages (https://github.com/ansible-collections/community.general/pull/6318)." + +minor_changes: + - "keycloak_authentication - Add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in keycloak's built-in registration flow (https://github.com/ansible-collections/community.general/pull/6318)." From 0acca394828203d25f815b487bc73d267e07500e Mon Sep 17 00:00:00 2001 From: fachleitner Date: Thu, 13 Apr 2023 16:47:12 +0200 Subject: [PATCH 5/9] Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein --- changelogs/fragments/6318-add-form-flow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6318-add-form-flow.yml b/changelogs/fragments/6318-add-form-flow.yml index e95bbdef996..e6a762e51e3 100644 --- a/changelogs/fragments/6318-add-form-flow.yml +++ b/changelogs/fragments/6318-add-form-flow.yml @@ -1,5 +1,5 @@ bugfixes: - - "keycloak - Improve error messages (https://github.com/ansible-collections/community.general/pull/6318)." + - "keycloak - improve error messages (https://github.com/ansible-collections/community.general/pull/6318)." minor_changes: - "keycloak_authentication - Add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in keycloak's built-in registration flow (https://github.com/ansible-collections/community.general/pull/6318)." From a4cfa11e0c2b25e93b14f689354fd24d6aee8a8a Mon Sep 17 00:00:00 2001 From: fachleitner Date: Thu, 13 Apr 2023 16:47:25 +0200 Subject: [PATCH 6/9] Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein --- plugins/modules/keycloak_authentication.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/keycloak_authentication.py b/plugins/modules/keycloak_authentication.py index 3f32c8a6357..cc710b99094 100644 --- a/plugins/modules/keycloak_authentication.py +++ b/plugins/modules/keycloak_authentication.py @@ -85,6 +85,7 @@ choices: ["basic-flow", "form-flow"] default: "basic-flow" type: str + version_added: 6.6.0 state: description: - Control if the authentication flow must exists or not. From f3a0955cd800b1313bd0c70ddb19bc075d643c13 Mon Sep 17 00:00:00 2001 From: fachleitner Date: Thu, 13 Apr 2023 16:48:05 +0200 Subject: [PATCH 7/9] Update plugins/modules/keycloak_authentication.py Co-authored-by: Felix Fontein --- plugins/modules/keycloak_authentication.py | 1 + 1 file changed, 1 insertion(+) diff --git a/plugins/modules/keycloak_authentication.py b/plugins/modules/keycloak_authentication.py index cc710b99094..d28ddc1589f 100644 --- a/plugins/modules/keycloak_authentication.py +++ b/plugins/modules/keycloak_authentication.py @@ -82,6 +82,7 @@ subFlowType: description: - For new subflows, optionally specify the type. + - Is only used at creation. choices: ["basic-flow", "form-flow"] default: "basic-flow" type: str From 97a18b5800449812a01a32dc0e5b4a421e0c4792 Mon Sep 17 00:00:00 2001 From: Florian Achleitner Date: Fri, 14 Apr 2023 11:50:31 +0200 Subject: [PATCH 8/9] keycloak_authentication: Don't compare subFlowType It is only useful for creation. --- plugins/modules/keycloak_authentication.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/modules/keycloak_authentication.py b/plugins/modules/keycloak_authentication.py index d28ddc1589f..6143d9d5cdf 100644 --- a/plugins/modules/keycloak_authentication.py +++ b/plugins/modules/keycloak_authentication.py @@ -272,7 +272,7 @@ def create_or_update_executions(kc, config, realm='master'): exec_index = find_exec_in_executions(new_exec, existing_executions) if exec_index != -1: # Remove key that doesn't need to be compared with existing_exec - exclude_key = ["flowAlias"] + exclude_key = ["flowAlias", "subFlowType"] for index_key, key in enumerate(new_exec, start=0): if new_exec[key] is None: exclude_key.append(key) @@ -290,7 +290,7 @@ def create_or_update_executions(kc, config, realm='master'): id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] after += str(new_exec) + '\n' elif new_exec["displayName"] is not None: - kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec['subFlowType']) + kc.create_subflow(new_exec["displayName"], flow_alias_parent, realm=realm, flowType=new_exec["subFlowType"]) exec_found = True exec_index = new_exec_index id_to_update = kc.get_executions_representation(config, realm=realm)[exec_index]["id"] From 64857afd5fcd144b8ab661bc0e69967c039d42a6 Mon Sep 17 00:00:00 2001 From: fachleitner Date: Mon, 17 Apr 2023 08:18:15 +0200 Subject: [PATCH 9/9] Update changelogs/fragments/6318-add-form-flow.yml Co-authored-by: Felix Fontein --- changelogs/fragments/6318-add-form-flow.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/6318-add-form-flow.yml b/changelogs/fragments/6318-add-form-flow.yml index e6a762e51e3..db567f4fafc 100644 --- a/changelogs/fragments/6318-add-form-flow.yml +++ b/changelogs/fragments/6318-add-form-flow.yml @@ -2,4 +2,4 @@ bugfixes: - "keycloak - improve error messages (https://github.com/ansible-collections/community.general/pull/6318)." minor_changes: - - "keycloak_authentication - Add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in keycloak's built-in registration flow (https://github.com/ansible-collections/community.general/pull/6318)." + - "keycloak_authentication - add flow type option to sub flows to allow the creation of 'form-flow' sub flows like in Keycloak's built-in registration flow (https://github.com/ansible-collections/community.general/pull/6318)."