Vh=k|ddlmZmZmZeZdZdZdZddl m Z m Z m Z m Z mZddlmZdZdZd Zed k(rey y ) )absolute_importdivisionprint_functionaS1 module: keycloak_realm short_description: Allows administration of Keycloak realm using Keycloak API version_added: 3.0.0 description: - This module allows the administration of Keycloak realm using the Keycloak REST API. It requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used as well. - The Keycloak API does not always sanity check inputs, for example you can set SAML-specific settings on an OpenID Connect client for instance and also the other way around. B(Be careful). If you do not specify a setting, usually a sensible default is chosen. attributes: check_mode: support: full diff_mode: support: full action_group: version_added: 10.2.0 options: state: description: - State of the realm. - On V(present), the realm will be created (or updated if it exists already). - On V(absent), the realm will be removed if it exists. choices: ['present', 'absent'] default: 'present' type: str id: description: - The realm to create. type: str realm: description: - The realm name. type: str access_code_lifespan: description: - The realm access code lifespan. aliases: - accessCodeLifespan type: int access_code_lifespan_login: description: - The realm access code lifespan login. aliases: - accessCodeLifespanLogin type: int access_code_lifespan_user_action: description: - The realm access code lifespan user action. aliases: - accessCodeLifespanUserAction type: int access_token_lifespan: description: - The realm access token lifespan. aliases: - accessTokenLifespan type: int access_token_lifespan_for_implicit_flow: description: - The realm access token lifespan for implicit flow. aliases: - accessTokenLifespanForImplicitFlow type: int account_theme: description: - The realm account theme. aliases: - accountTheme type: str action_token_generated_by_admin_lifespan: description: - The realm action token generated by admin lifespan. aliases: - actionTokenGeneratedByAdminLifespan type: int action_token_generated_by_user_lifespan: description: - The realm action token generated by user lifespan. aliases: - actionTokenGeneratedByUserLifespan type: int admin_events_details_enabled: description: - The realm admin events details enabled. aliases: - adminEventsDetailsEnabled type: bool admin_events_enabled: description: - The realm admin events enabled. aliases: - adminEventsEnabled type: bool admin_theme: description: - The realm admin theme. aliases: - adminTheme type: str attributes: description: - The realm attributes. type: dict browser_flow: description: - The realm browser flow. aliases: - browserFlow type: str browser_security_headers: description: - The realm browser security headers. aliases: - browserSecurityHeaders type: dict brute_force_protected: description: - The realm brute force protected. aliases: - bruteForceProtected type: bool client_authentication_flow: description: - The realm client authentication flow. aliases: - clientAuthenticationFlow type: str client_scope_mappings: description: - The realm client scope mappings. aliases: - clientScopeMappings type: dict default_default_client_scopes: description: - The realm default default client scopes. aliases: - defaultDefaultClientScopes type: list elements: str default_groups: description: - The realm default groups. aliases: - defaultGroups type: list elements: str default_locale: description: - The realm default locale. aliases: - defaultLocale type: str default_optional_client_scopes: description: - The realm default optional client scopes. aliases: - defaultOptionalClientScopes type: list elements: str default_roles: description: - The realm default roles. aliases: - defaultRoles type: list elements: str default_signature_algorithm: description: - The realm default signature algorithm. aliases: - defaultSignatureAlgorithm type: str direct_grant_flow: description: - The realm direct grant flow. aliases: - directGrantFlow type: str display_name: description: - The realm display name. aliases: - displayName type: str display_name_html: description: - The realm display name HTML. aliases: - displayNameHtml type: str docker_authentication_flow: description: - The realm docker authentication flow. aliases: - dockerAuthenticationFlow type: str duplicate_emails_allowed: description: - The realm duplicate emails allowed option. aliases: - duplicateEmailsAllowed type: bool edit_username_allowed: description: - The realm edit username allowed option. aliases: - editUsernameAllowed type: bool email_theme: description: - The realm email theme. aliases: - emailTheme type: str enabled: description: - The realm enabled option. type: bool enabled_event_types: description: - The realm enabled event types. aliases: - enabledEventTypes type: list elements: str events_enabled: description: - Enables or disables login events for this realm. aliases: - eventsEnabled type: bool version_added: 3.6.0 events_expiration: description: - The realm events expiration. aliases: - eventsExpiration type: int events_listeners: description: - The realm events listeners. aliases: - eventsListeners type: list elements: str failure_factor: description: - The realm failure factor. aliases: - failureFactor type: int internationalization_enabled: description: - The realm internationalization enabled option. aliases: - internationalizationEnabled type: bool login_theme: description: - The realm login theme. aliases: - loginTheme type: str login_with_email_allowed: description: - The realm login with email allowed option. aliases: - loginWithEmailAllowed type: bool max_delta_time_seconds: description: - The realm max delta time in seconds. aliases: - maxDeltaTimeSeconds type: int max_failure_wait_seconds: description: - The realm max failure wait in seconds. aliases: - maxFailureWaitSeconds type: int minimum_quick_login_wait_seconds: description: - The realm minimum quick login wait in seconds. aliases: - minimumQuickLoginWaitSeconds type: int not_before: description: - The realm not before. aliases: - notBefore type: int offline_session_idle_timeout: description: - The realm offline session idle timeout. aliases: - offlineSessionIdleTimeout type: int offline_session_max_lifespan: description: - The realm offline session max lifespan. aliases: - offlineSessionMaxLifespan type: int offline_session_max_lifespan_enabled: description: - The realm offline session max lifespan enabled option. aliases: - offlineSessionMaxLifespanEnabled type: bool otp_policy_algorithm: description: - The realm otp policy algorithm. aliases: - otpPolicyAlgorithm type: str otp_policy_digits: description: - The realm otp policy digits. aliases: - otpPolicyDigits type: int otp_policy_initial_counter: description: - The realm otp policy initial counter. aliases: - otpPolicyInitialCounter type: int otp_policy_look_ahead_window: description: - The realm otp policy look ahead window. aliases: - otpPolicyLookAheadWindow type: int otp_policy_period: description: - The realm otp policy period. aliases: - otpPolicyPeriod type: int otp_policy_type: description: - The realm otp policy type. aliases: - otpPolicyType type: str otp_supported_applications: description: - The realm otp supported applications. aliases: - otpSupportedApplications type: list elements: str password_policy: description: - The realm password policy. aliases: - passwordPolicy type: str organizations_enabled: description: - Enables support for experimental organization feature. aliases: - organizationsEnabled type: bool version_added: 10.0.0 permanent_lockout: description: - The realm permanent lockout. aliases: - permanentLockout type: bool quick_login_check_milli_seconds: description: - The realm quick login check in milliseconds. aliases: - quickLoginCheckMilliSeconds type: int refresh_token_max_reuse: description: - The realm refresh token max reuse. aliases: - refreshTokenMaxReuse type: int registration_allowed: description: - The realm registration allowed option. aliases: - registrationAllowed type: bool registration_email_as_username: description: - The realm registration email as username option. aliases: - registrationEmailAsUsername type: bool registration_flow: description: - The realm registration flow. aliases: - registrationFlow type: str remember_me: description: - The realm remember me option. aliases: - rememberMe type: bool reset_credentials_flow: description: - The realm reset credentials flow. aliases: - resetCredentialsFlow type: str reset_password_allowed: description: - The realm reset password allowed option. aliases: - resetPasswordAllowed type: bool revoke_refresh_token: description: - The realm revoke refresh token option. aliases: - revokeRefreshToken type: bool smtp_server: description: - The realm smtp server. aliases: - smtpServer type: dict ssl_required: description: - The realm ssl required option. choices: ['all', 'external', 'none'] aliases: - sslRequired type: str sso_session_idle_timeout: description: - The realm sso session idle timeout. aliases: - ssoSessionIdleTimeout type: int sso_session_idle_timeout_remember_me: description: - The realm sso session idle timeout remember me. aliases: - ssoSessionIdleTimeoutRememberMe type: int sso_session_max_lifespan: description: - The realm sso session max lifespan. aliases: - ssoSessionMaxLifespan type: int sso_session_max_lifespan_remember_me: description: - The realm sso session max lifespan remember me. aliases: - ssoSessionMaxLifespanRememberMe type: int supported_locales: description: - The realm supported locales. aliases: - supportedLocales type: list elements: str user_managed_access_allowed: description: - The realm user managed access allowed option. aliases: - userManagedAccessAllowed type: bool verify_email: description: - The realm verify email option. aliases: - verifyEmail type: bool wait_increment_seconds: description: - The realm wait increment in seconds. aliases: - waitIncrementSeconds type: int extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak - community.general.attributes author: - Christophe Gilles (@kris2kris) aG - name: Create or update Keycloak realm (minimal example) community.general.keycloak_realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: unique_realm_name state: present - name: Delete a Keycloak realm community.general.keycloak_realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: unique_realm_name state: absent a msg: description: Message as to what action was taken. returned: always type: str sample: "Realm testrealm has been updated" proposed: description: Representation of proposed realm. returned: always type: dict sample: {realm: "test"} existing: description: Representation of existing realm (sample is truncated). returned: always type: dict sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} end_state: description: Representation of realm after module execution (sample is truncated). returned: on success type: dict sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} ) KeycloakAPIcamelkeycloak_argument_spec get_token KeycloakError) AnsibleModulec|j}d|vrtt|d|d<d|vrtt|d|d<d|vrtt|d|d<|S)z Re-sorts any properties where the order is important so that diff's is minimised and the change detection is more effective. :param realmrep: the realmrep dict to be sanitized :return: normalised realmrep dict enabledEventTypesotpSupportedApplicationssupportedLocales)copylistsorted)realmreps t/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/keycloak_realm.py normalise_crr@s}}}Hh&(,VH=P4Q-R(S$%!X-/3F8D^;_4`/a+,X%'+F8F< ?IF< !; <  rc Vt}tdidtdddgdtddtdd td d g d td dg dtd dg dtd dgddtd dgddtddg dtd dgddtd dgddtddg d tdd!g d"tdd#g d$td%d&tdd'g d(td%d)g d*tdd+g d,tdd-g d.td%d/g d0td1dd2g3d4td1dd5g3d6tdd7g d8td1dd9g3d:td1dd;g3dtdd?g d@tddAg dBtddCg dDtddEg dFtddGg dHtddIg dJtddKg dLtddMtd1ddNg3dOtddPg dQtd dRg dStd1ddTg3dUtd dVg dWtddXg dYtddZg d[tdd\g d]td d^g d_td d`g datd dbg dctd ddg detd dfg dgtd dhg ditddjg dktddlg dmtd dng dotd dpg dqtd drg dstd dtg dutddvg dwtd1ddxg3dytddzgdd{tdd|g d}tdd~g dtd dg dtd dgddtddg dtddg dtddg dtddg dtddg dtddgddtddg dtd%dg dtgddgdtd dg dtd dg dtd dg dtd dg dtd1ddg3dtddg dtddg dtd dg }|j|t|dgdgdggdgddi}tddiiii} t |j }t|}|j jd}|j jd}ttjdgz} |j D cgc]#} | | vr|j j| | %} } |j|} | i} i} | D]+}|j j|}|| t|<-| j}|j| t!| |d<t!| }||d<| s|dk(r=|j"rtdd|d<d|d<i|d<d|d<|j$di|d|d<|j"rtdt!||d<|j&r|j$di||j)||j|d}t!||d<d|dz|d<|j$di|nZ|dk(rd|d<|j&r^t+| }t+|}|j"r"tt!|t!||d<||k7|d<|j$di||j-|||j|}| |k(rd|d<t!||d<|j"rt|t!||d<d|dz|d<|j$di|nfd|d<|j"rt|d|d<|j&r|j$di||j/|i|d<i|d<d| dz|d<|j$di|y#t $r&}|jt|Yd}~d}~wwxYwcc} w)z( Module execution :return: statepresentabsent)defaultchoicesidstr)typerealmaccess_code_lifespanintaccessCodeLifespan)r$aliasesaccess_code_lifespan_loginaccessCodeLifespanLogin access_code_lifespan_user_actionaccessCodeLifespanUserActionaccess_token_lifespanaccessTokenLifespanF)r$r)no_log'access_token_lifespan_for_implicit_flow"accessTokenLifespanForImplicitFlow account_theme accountTheme(action_token_generated_by_admin_lifespan#actionTokenGeneratedByAdminLifespan'action_token_generated_by_user_lifespan"actionTokenGeneratedByUserLifespanadmin_events_details_enabledbooladminEventsDetailsEnabledadmin_events_enabledadminEventsEnabled admin_theme adminThemerdict browser_flow browserFlowbrowser_security_headersbrowserSecurityHeadersbrute_force_protectedbruteForceProtectedclient_authentication_flowclientAuthenticationFlowclient_scope_mappingsclientScopeMappingsdefault_default_client_scopesrdefaultDefaultClientScopes)r$elementsr)default_groups defaultGroupsdefault_locale defaultLocaledefault_optional_client_scopesdefaultOptionalClientScopes default_roles defaultRolesdefault_signature_algorithmdefaultSignatureAlgorithmdirect_grant_flowdirectGrantFlow display_name displayNamedisplay_name_htmldisplayNameHtmldocker_authentication_flowdockerAuthenticationFlowduplicate_emails_allowedduplicateEmailsAllowededit_username_allowededitUsernameAllowed email_theme emailThemeenabledenabled_event_typesr events_enabled eventsEnabledevents_expirationeventsExpirationevents_listenerseventsListenersfailure_factor failureFactorinternationalization_enabledinternationalizationEnabled login_theme loginThemelogin_with_email_allowedloginWithEmailAllowedmax_delta_time_secondsmaxDeltaTimeSecondsmax_failure_wait_secondsmaxFailureWaitSeconds minimum_quick_login_wait_secondsminimumQuickLoginWaitSeconds not_before notBeforeoffline_session_idle_timeoutofflineSessionIdleTimeoutoffline_session_max_lifespanofflineSessionMaxLifespan$offline_session_max_lifespan_enabled offlineSessionMaxLifespanEnabledotp_policy_algorithmotpPolicyAlgorithmotp_policy_digitsotpPolicyDigitsotp_policy_initial_counterotpPolicyInitialCounterotp_policy_look_ahead_windowotpPolicyLookAheadWindowotp_policy_periodotpPolicyPeriodotp_policy_type otpPolicyTypeotp_supported_applicationsrpassword_policypasswordPolicyorganizations_enabledorganizationsEnabledpermanent_lockoutpermanentLockoutquick_login_check_milli_secondsquickLoginCheckMilliSecondsrefresh_token_max_reuserefreshTokenMaxReuseregistration_allowedregistrationAllowedregistration_email_as_usernameregistrationEmailAsUsernameregistration_flowregistrationFlow remember_me rememberMereset_credentials_flowresetCredentialsFlowreset_password_allowedresetPasswordAllowedrevoke_refresh_tokenrevokeRefreshToken smtp_server smtpServer ssl_required)externalallnone sslRequired)r!r)sso_session_idle_timeoutssoSessionIdleTimeout$sso_session_idle_timeout_remember_messoSessionIdleTimeoutRememberMesso_session_max_lifespanssoSessionMaxLifespan$sso_session_max_lifespan_remember_messoSessionMaxLifespanRememberMesupported_localesruser_managed_access_alloweduserManagedAccessAllowed verify_email verifyEmailwait_increment_secondswaitIncrementSecondsT)r"r%rf)token auth_realm auth_username auth_password)rrr refresh_tokenr) argument_specsupports_check_moderequired_one_ofrequired_together required_by)changedmsgdiffproposedexisting end_state)rN)r%rr)beforeafterrrrz$Realm does not exist, doing nothing.rzRealm %s has been created.zRealm %s has been updated.zRealm %s has been deleted.)rr@updater r paramsr fail_jsonr#rgetrkeysget_realm_by_idrrr_diff exit_json check_mode create_realmr update_realm delete_realm)r meta_argsmodulerconnection_headerekcr%rparams_to_ignorex realm_params before_realm changeset realm_paramnew_param_value desired_realmbefore_realm_sanitized after_realm before_norm desired_norms rmainresi +,MP9y(.CDP U P P "u7K6LM P $(U=V#P$"&6Y=Z$[7P8E4E3FG9P:u}o>;P<E4E3FG=P>$(U=W[%\aPb&*u?Z>[%\cPd.2vHjGk-lePf"u7K6LMgPhE4E3FGiPj$(U=VZ%[mPnE4E3FGoPp%/1BCqPr$(VeNhMi#jsPt%2B1CERuPv#9O8PQwPxF5G4HIyPz)-%B_A`(a{P|!%%:P9QZ_ `}P~"v8M7NOP@(,B_A`'aAPBE4F3GHCPDf|n=EPF $9O8PQGPH $:P9QZ_`IPJ"v8L7MNKPLf|n=MPN"= WOPP"&5;R:S!TQPR.2uGhFi-jSPT"&5;R:S!TUPV.2uGhFi-jWPXFUEWDXYYPZ%)f?Y>Z$[[P\v ?]P^ $9O8PQ_PId# /3-G-f-h/_.`(7'F F%Rb2VX YF%%fmm4 V. /B MM  g &E MM  g &E2499;<yH &}}6! 00MM%%a(46L6 %%E%2L I#8  --++K8(7 % $%8 !%%'M#$Y/F:(6/F:  H ||!%Rr!:v %F9 "$F; BF5M F   &v &!y <<!;}3MNF6N    F   &v &  &((w)?@ )+6{4}W7MMu "6" I !%F9   *<8 +M: <<%)0;L0I&KF6N%0L%@y!   *6* OOMO 7,,5,9K{*$)y!"-k":F; ||!%-C,7 ,D"Fv9=;QQF5M F   &v &!%F9 ||!%-C2!Nv     *6* OO%O (!#F: "$F; 8<;PPF5MFvm %SV$$%6s.a48(b&4 b#=bb#__main__N) __future__rrrr$ __metaclass__ DOCUMENTATIONEXAMPLESRETURNUansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloakrrrr r ansible.module_utils.basicr rrr__name__rrrrs\A@ } ~ , 4554*  _D zFr