Vh?|ddlmZmZmZeZdZdZdZddl m Z m Z m Z m Z mZmZddlmZddlZdZed k(reyy) )absolute_importdivisionprint_functionat module: keycloak_user short_description: Create and configure a user in Keycloak description: - This module creates, removes, or updates Keycloak users. version_added: 7.1.0 options: auth_username: aliases: [] realm: description: - The name of the realm in which is the client. default: master type: str username: description: - Username for the user. required: true type: str id: description: - ID of the user on the Keycloak server if known. type: str enabled: description: - Enabled user. type: bool email_verified: description: - Check the validity of user email. default: false type: bool aliases: - emailVerified first_name: description: - The user's first name. required: false type: str aliases: - firstName last_name: description: - The user's last name. required: false type: str aliases: - lastName email: description: - User email. required: false type: str federation_link: description: - Federation Link. required: false type: str aliases: - federationLink service_account_client_id: description: - Description of the client Application. required: false type: str aliases: - serviceAccountClientId client_consents: description: - Client Authenticator Type. type: list elements: dict default: [] aliases: - clientConsents suboptions: client_id: description: - Client ID of the client role. Not the technical ID of the client. type: str required: true aliases: - clientId roles: description: - List of client roles to assign to the user. type: list required: true elements: str groups: description: - List of groups for the user. Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). The path syntax allows you to reference subgroups, which is not possible otherwise. This is possible since community.general 10.6.0. type: list elements: dict default: [] suboptions: name: description: - Name of the group. type: str state: description: - Control whether the user must be member of this group or not. choices: ["present", "absent"] default: present type: str credentials: description: - User credentials. default: [] type: list elements: dict suboptions: type: description: - Credential type. type: str required: true value: description: - Value of the credential. type: str required: true temporary: description: - If V(true), the users are required to reset their credentials at next login. type: bool default: false required_actions: description: - RequiredActions user Auth. default: [] type: list elements: str aliases: - requiredActions federated_identities: description: - List of IDPs of user. default: [] type: list elements: str aliases: - federatedIdentities attributes: description: - List of user attributes. required: false type: list elements: dict suboptions: name: description: - Name of the attribute. type: str values: description: - Values for the attribute as list. type: list elements: str state: description: - Control whether the attribute must exists or not. choices: ["present", "absent"] default: present type: str access: description: - List user access. required: false type: dict disableable_credential_types: description: - List user Credential Type. default: [] type: list elements: str aliases: - disableableCredentialTypes origin: description: - User origin. required: false type: str self: description: - User self administration. required: false type: str state: description: - Control whether the user should exists or not. choices: ["present", "absent"] default: present type: str force: description: - If V(true), allows to remove user and recreate it. type: bool default: false extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak - community.general.attributes attributes: check_mode: support: full diff_mode: support: full action_group: version_added: 10.2.0 notes: - The module does not modify the user ID of an existing user. author: - Philippe Gauthier (@elfelip) ad - name: Create a user user1 community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present - name: Re-create a User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present - name: Re-create a User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present force: true - name: Remove User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 state: absent a_ msg: description: Message as to what action was taken. returned: always type: str sample: User f18c709c-03d6-11ee-970b-c74bf2721112 created proposed: description: Representation of the proposed user. returned: on success type: dict existing: description: Representation of the existing user. returned: on success type: dict end_state: description: Representation of the user after module execution. returned: on success type: dict changed: description: Return V(true) if the operation changed the user on the keycloak server, V(false) otherwise. returned: always type: bool ) KeycloakAPIcamelkeycloak_argument_spec get_token KeycloakErroris_struct_included) AnsibleModuleNc  t}g|dd<ttddtddtdd }ttddd g td dd }ttdtd dtdddgd}ttdtdddgd}td[idtdddtddtddtdddtddgdtddgd tdd!tdd"tddd#g$d%tdd&gd'tdd(gd)td d*|+d,td*d-td gd*|.d/td gd0gd1d2td gd3gd1d4td gd*|.d5td gd6gd1d7td gd8gd*|9d:tdd;tddgd<d=tdd}|j|t|dgd>ggd?gd@dAiB}tddCiiiiD} t |j }t|} |j jd} |j jd;} |j jd=} |j jd}|j jd-}|j Dcgc]G}|ttjgdFzvr|j j||I}}| j|| G}|i}i}|D]}|j j|}|d)k(r||vr| j|d)H}n ||vr||nd}||k7sN|J|d)k(rE|D]@}d}|D]}|dI|dIk(sd}|r|jt!j"|Bt%|tr"t!j"||t'|<||t'|<t!j"|}|j|||dJ<||dK<d}| dk(rf|s?|j(rtdCdCL|dM<d|dN<i|dO<dP|dQ<|j*d[i|n7| j-|d| RdS|dz|dQ<d}ni}| r|r| j-|d| R|r| rwd}||jdTE|j(rtdC|L|dM<|j.r|j*d[i|| j1|| U}dV|dz|dQ<|d|d<n.gdW}|d|d<t3|||s| j5|| U}d}| j7||| Xrd}| j9|d| R|d-<||dO<|r dY|dz|dQ<n dZ|dz|dQ<||dN<|j*d[i|y#t $r&} |jt| EYd} ~ d} ~ wwxYwcc}w)\N auth_usernamealiasesstrT)typerequiredboolF)rdefault)rvalue temporaryclientId)rrrlist)relementsr) client_idroles)r)rrpresentabsent)rchoicesr)namevaluesstate)rr!realmmasterselfidusername first_name firstName)rr last_namelastNameemailenabledemail_verified emailVerified)rrrfederation_linkfederationLinkservice_account_client_idserviceAccountClientId attributesdict)rroptionsaccessgroups)rrrr5disableable_credential_typesdisableableCredentialTypes)rrrrrequired_actionsrequiredActions credentialsfederated_identitiesfederatedIdentitiesclient_consentsclientConsents)rrrrr5originr!)rrforce)token auth_realmr auth_password)rDrrE refresh_tokenrD) argument_specsupports_check_moderequired_one_ofrequired_together required_by)changedmsgdiffproposedexisting end_state)rN)r!r"rBr7)r&r")r3rrPrQ)beforeafterrOrMrRz#Role does not exist, doing nothing.rN)user_idr"zUser %s deletedz3username must be specified when creating a new user)userrepr"zUser %s created) r6 notBeforecreatedTimestamptotpr<r9r7r@r>r;)rVr7r"zUser %s updatedzNo changes made for user %s)rr4updater r paramsr fail_jsonrrgetrkeysget_user_by_username4convert_keycloak_user_attributes_dict_to_module_listappendcopydeepcopy isinstancer_diff exit_json delete_user check_mode create_userr update_userupdate_user_groups_membershipget_user_groups)rGcredential_specclient_consents_specattributes_spec groups_spec meta_argsmoduleresultconnection_headerekcr"r!rBr&r7x user_params before_user changesetparamnew_param_value old_value old_attributeold_attribute_found new_attribute desired_userrM after_userexcludess s/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/keycloak_user.pymainrls#*,M02M/"9- ut ,-FE2O  ED:,G> u %0 8'P[akA'()*Hi0)D+,.-I0# /3-f,g/_.`(7'F F%Rb2VX YF%%fmm4 V. /B MM  g &E MM  g &E MM  g &E}}  ,H ]]  x (F%mm5t$:$<$A$A$CDGlll==$$Q'35K5))85)IK I: --++E2 L Uk%9OO[fgs[tOuI.3{.B E*I i '$,)>%.MM*/')87 (0M&4II26/7/'..t}}]/KL M/40*.--*H %,'*9 %,'%:(==-L ""F:$F:G ||!%Rr!:v %F9 "$F; AF5M F   &v & NN;t#4EN B-Z1HIF5MG [ NN;t#4EN BeG  %Z [||!%R|!Dv     *6* EJJ-j1IJF5M!+D!1L  #H"-T!2L '|[(K^^L^N   + +LW\ + ]G!11,t:LTY1Z 8({ -j1IJF5M9\*=UVF5MF9Fvw %SV$$%5s X A X> X;X66X;__main__) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNUansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloakrrrr r r ansible.module_utils.basicr rcr__name__rZrrsYA@ Z xd L 0II4 vr zFr