VhL~ddlmZmZmZeZdZdZdZddl m Z m Z m Z m Z mZddlmZdZd dZd Zed k(rey y ) )absolute_importdivisionprint_functionuw module: keycloak_authentication short_description: Configure authentication in Keycloak description: - This module actually can only make a copy of an existing authentication flow, add an execution to it and configure it. - It can also delete the flow. version_added: "3.3.0" attributes: check_mode: support: full diff_mode: support: full action_group: version_added: 10.2.0 options: realm: description: - The name of the realm in which is the authentication. required: true type: str alias: description: - Alias for the authentication flow. required: true type: str description: description: - Description of the flow. type: str providerId: description: - C(providerId) for the new flow when not copied from an existing flow. choices: ["basic-flow", "client-flow"] type: str copyFrom: description: - C(flowAlias) of the authentication flow to use for the copy. type: str authenticationExecutions: description: - Configuration structure for the executions. type: list elements: dict suboptions: providerId: description: - C(providerID) for the new flow when not copied from an existing flow. type: str displayName: description: - Name of the execution or subflow to create or update. type: str requirement: description: - Control status of the subflow or execution. choices: ["REQUIRED", "ALTERNATIVE", "DISABLED", "CONDITIONAL"] type: str flowAlias: description: - Alias of parent flow. type: str authenticationConfig: description: - Describe the config of the authentication. type: dict index: description: - Priority order of the execution. type: int subFlowType: description: - For new subflows, optionally specify the type. - Is only used at creation. choices: ["basic-flow", "form-flow"] default: "basic-flow" type: str version_added: 6.6.0 state: description: - Control if the authentication flow must exists or not. choices: ["present", "absent"] default: present type: str force: type: bool default: false description: - If V(true), allows to remove the authentication flow and recreate it. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak - community.general.attributes author: - Philippe Gauthier (@elfelip) - Gaëtan Daubresse (@Gaetan2907) a - name: Create an authentication flow from first broker login and add an execution to it. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" authenticationConfig: alias: "test.execution1.property" config: test1.property: "value" - providerId: "test-execution2" requirement: "REQUIRED" authenticationConfig: alias: "test.execution2.property" config: test2.property: "value" state: present - name: Re-create the authentication flow community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-provisioning" requirement: "REQUIRED" authenticationConfig: alias: "test.provisioning.property" config: test.provisioning.property: "value" state: present force: true - name: Create an authentication flow with subflow containing an execution. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" copyFrom: "first broker login" authenticationExecutions: - providerId: "test-execution1" requirement: "REQUIRED" - displayName: "New Subflow" requirement: "REQUIRED" - providerId: "auth-cookie" requirement: "REQUIRED" flowAlias: "New Sublow" state: present - name: Remove authentication. community.general.keycloak_authentication: auth_keycloak_url: http://localhost:8080/auth auth_realm: master auth_username: admin auth_password: password realm: master alias: "Copy of first broker login" state: absent a  msg: description: Message as to what action was taken. returned: always type: str end_state: description: Representation of the authentication after module execution. returned: on success type: dict sample: { "alias": "Copy of first broker login", "authenticationExecutions": [ { "alias": "review profile config", "authenticationConfig": { "alias": "review profile config", "config": { "update.profile.on.first.login": "missing" }, "id": "6f09e4fb-aad4-496a-b873-7fa9779df6d7" }, "configurable": true, "displayName": "Review Profile", "id": "8f77dab8-2008-416f-989e-88b09ccf0b4c", "index": 0, "level": 0, "providerId": "idp-review-profile", "requirement": "REQUIRED", "requirementChoices": [ "REQUIRED", "ALTERNATIVE", "DISABLED" ] } ], "builtIn": false, "description": "Actions taken after first broker login with identity provider account, which is not yet linked to any Keycloak account", "id": "bc228863-5887-4297-b898-4d988f8eaa5c", "providerId": "basic-flow", "topLevel": true } ) KeycloakAPIkeycloak_argument_spec get_token KeycloakErroris_struct_included) AnsibleModulect|dD]1\}}d|vrd|vr |d|dk(sd|vsd|vs#|d|dk(s/|cSy)z Search if exec is contained in the executions. :param searched_exec: Execution to search for. :param executions: List of executions. :return: Index of the execution, -1 if not found.. rstart providerId displayName) enumerate) searched_exec executionsi existing_execs }/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/keycloak_authentication.pyfind_exec_in_executionsrsk&j:= M )lm.Kl+}\/JJ.=M3Qm, m0LLH  c R d}d}d}d}d|vrD|j||}t|ddD]\}} | d| d}d} | d | d } n|d } t| |} | d k7rd d g} t| dD]\}}| | | j|t | || | r| |k7rd } | d| }|t || dzz }|| j }|| jn| d@|j| | ||j||| }d } |} |t | dzz }nK| dF|j| d| || d |j||| }d } |} |t | dzz }| sQd }| d k7sZd|di}| d>d|vr d|dvr|j|dd||j|d| d|| D]}|dvs| |||<| d d|vr|d|d<|j| ||| |z }|j|d|||t |j|||dzz } |t||fS#t$r;}|j j#d|d d|dt |Yd}~yd}~wwxYw)a Create or update executions for an authentication flow. :param kc: Keycloak API access. :param config: Representation of the authentication flow including its executions. :param realm: Realm :return: tuple (changed, dict(before, after) WHERE bool changed indicates if changes have been made dict(str, str) shows state before and after creation/update FNauthenticationExecutions)realmrr index flowAliasaliasr subFlowTypeT r)rrr)rflowTypeidauthenticationConfig)rr%r! requirementprioritybeforeafterz>Could not create or update executions for authentication flow z in realm z: msg)get_executions_representationrrappendr strcopyclearcreate_executioncreate_subflowdelete_authentication_config%add_authenticationConfig_to_execution update_authentication_executionschange_execution_prioritydict Exceptionmodule fail_json)kcconfigrchangedr*r) executionexisting_executionsnew_exec_indexnew_exec exec_foundflow_alias_parent exec_index exclude_key index_keykey updated_execdiffes rcreate_or_update_executionsrLsH@ % /"$"B"B6QV"B"W ,5f=W6X`a,b< s(G$0%-g%6N" K(4(0(=%(.w%4X?RS ##. ">K*3HA*F4 3#C=0'..s34.h8KJ8WYdeisxFjF%) #G,4-7N#&9*&E"F"MM 3J ? D D FI' 399;l+7'')Y6;DZ;P Z 8??@QS_gl?m)N:44\$5GUZ4[R%E%EfTY%E%Z[i%j!knr!rry< szF%888 @ %gs1v!? @ @@s3BI"C>I"I" AI" BI"" J&+1J!!J&ct t}ttddtddtdddgtdtdtdd ttdtdtgd d tdtd td tdd gddtddgdtdd}|j|t|dgdggdgddi}tddi} t |j }t|}|j jd!}|j jd"}|j jd#} |j jd$|j jd%|j jd&|j jd'|j jd(|j jd)|j jd*d+} |j| d$|,} | s|dk(rE|jrtdd-|d.<d|d/<i|d0<| d$d1z|d2<|jd:i|nY|dk(rSd|d/<|jrtd| -|d.<|jr|jd:i|d%| vr| d%|j| |3} n|j!| |3} | #d4t| z|d2<|jd:i|t#|| |5|j%| |3} | | | d'<| |d0<n|dk(r| rd|d/<|jrt| | -|d.<|jr|jd:i||j'| d6|7d%| vr| d%|j| |3} n|j!| |3} | #d4t| z|d2<|jd:i||jr|jd:i|t#|| |5\} }|d/xx| zcc<|jr||d.<|j%| |3} | | | d'<| |d0<nqd|d/<|jrt| d-|d.<|jr|jd:i||j'| d6|7d8j)| d$| d69|d2<|jd:i|y #t $r&}|jt|Yd }~d }~wwxYw);z( Module execution :return: r/T)typerequiredz basic-flowz client-flow)rNchoices)rNlistr8)REQUIRED ALTERNATIVEDISABLED CONDITIONAL)rPrNintz form-flow)rPdefaultrN)rrr&rr%rr!)rNelementsoptionsabsentpresent)rPrWboolF)rNrW)rr r descriptioncopyFromrstateforce)token auth_realm auth_username auth_password)rbrcrd refresh_tokenrb) argument_specsupports_check_moderequired_one_ofrequired_together required_byr)r>r,flowr+Nrr_r`r r^rrr]builtInsubflow)r r^rrr]rlrm)r rr(rJr> end_statez absentr,)r=rz'Authentication just created not found: )r<r=rr$)r$rz0Authentication flow: {alias} id: {id} is deleted)r r$)rr8updater rparamsr r;r/rget get_authentication_flow_by_alias_diff exit_json check_modecopy_auth_flowcreate_empty_auth_flowrLr- delete_authentication_flow_by_idformat)rf meta_argsr:resultconnection_headerrKr<rr_r` new_auth_repr auth_repr exec_reprr>rJs rmainrRs~ +,M--U\=,IJe$5!!%6F.259u5E6:6F6:CyAF7G48e4D?C?P04%0@6:LR]C^ht|A7B/( ")Hi0)D.#I(# /3-f,g/_.`(7'F F%Rb 1F%%fmm4 V. /B MM  g &E MM  g &E MM  g &E""7+MM%%j1mm'' 5$*MM$5$56P$Q}}((7==$$Y/==$$Y/M33-:PX]3^I  H ||!%Rr!:v %F9 "$F; )'2Y>F5M F   &v & i  $F9 ||!%R}!Ev     *6*]*}Z/H/T--]%-P 55]RW5X  ICP]L^ ^u    *6* (2m5 Q88 UZ8[I$8A 45"+F;  I $(y!<<%)-%PF6N$$$F$$.v.33ye3T.=3L3X " 1 1e 1 TI " 9 9V[ 9 \I$$MPSTaPb$bF5M$F$$.v.     *6*72m[`aMGT 9  ( ||!%v88 UZ8[I$8A 45"+F; !%F9 ||!%Yb!Av     *6*  / /9T?% / PNUU\ijq\rYbcgYhVjF5MFvg %SV$$%sT T7T22T7__main__N)master) __future__rrrrN __metaclass__ DOCUMENTATIONEXAMPLESRETURNUansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloakrrrr r ansible.module_utils.basicr rrLr__name__rorrrsdA@ d LH T+ Z]]4  S@l]@ zFr