VhsddlmZmZmZeZdZdZdZddl m Z m Z m Z m Z mZddlmZddlmZddlmZdd lZd Zd Zd Zed k(rey y ))absolute_importdivisionprint_functiona! module: keycloak_userprofile short_description: Allows managing Keycloak User Profiles description: - This module allows you to create, update, or delete Keycloak User Profiles using the Keycloak API. You can also customize the "Unmanaged Attributes" with it. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/24.0.5/rest-api/index.html). For compatibility reasons, the module also accepts the camelCase versions of the options. version_added: "9.4.0" attributes: check_mode: support: full diff_mode: support: full action_group: version_added: 10.2.0 options: state: description: - State of the User Profile provider. - On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters you provide. - On V(absent), the User Profile provider will be removed if it exists. default: 'present' type: str choices: - present - absent parent_id: description: - The parent ID of the realm key. In practice the ID (name) of the realm. aliases: - parentId - realm type: str required: true provider_id: description: - The name of the provider ID for the key (supported value is V(declarative-user-profile)). aliases: - providerId choices: ['declarative-user-profile'] default: 'declarative-user-profile' type: str provider_type: description: - Component type for User Profile (only supported value is V(org.keycloak.userprofile.UserProfileProvider)). aliases: - providerType choices: ['org.keycloak.userprofile.UserProfileProvider'] default: org.keycloak.userprofile.UserProfileProvider type: str config: description: - The configuration of the User Profile Provider. type: dict required: false suboptions: kc_user_profile_config: description: - Define a declarative User Profile. See EXAMPLES for more context. aliases: - kcUserProfileConfig type: list elements: dict suboptions: attributes: description: - A list of attributes to be included in the User Profile. type: list elements: dict suboptions: name: description: - The name of the attribute. type: str required: true display_name: description: - The display name of the attribute. aliases: - displayName type: str required: true validations: description: - The validations to be applied to the attribute. type: dict suboptions: length: description: - The length validation for the attribute. type: dict suboptions: min: description: - The minimum length of the attribute. type: int max: description: - The maximum length of the attribute. type: int required: true email: description: - The email validation for the attribute. type: dict username_prohibited_characters: description: - The prohibited characters validation for the username attribute. type: dict aliases: - usernameProhibitedCharacters up_username_not_idn_homograph: description: - The validation to prevent IDN homograph attacks in usernames. type: dict aliases: - upUsernameNotIdnHomograph person_name_prohibited_characters: description: - The prohibited characters validation for person name attributes. type: dict aliases: - personNameProhibitedCharacters uri: description: - The URI validation for the attribute. type: dict pattern: description: - The pattern validation for the attribute using regular expressions. type: dict options: description: - Validation to ensure the attribute matches one of the provided options. type: dict annotations: description: - Annotations for the attribute. type: dict group: description: - Specifies the User Profile group where this attribute will be added. type: str permissions: description: - The permissions for viewing and editing the attribute. type: dict suboptions: view: description: - The roles that can view the attribute. - Supported values are V(admin) and V(user). type: list elements: str default: - admin - user edit: description: - The roles that can edit the attribute. - Supported values are V(admin) and V(user). type: list elements: str default: - admin - user multivalued: description: - Whether the attribute can have multiple values. type: bool default: false required: description: - The roles that require this attribute. type: dict suboptions: roles: description: - The roles for which this attribute is required. - Supported values are V(admin) and V(user). type: list elements: str default: - user groups: description: - A list of attribute groups to be included in the User Profile. type: list elements: dict suboptions: name: description: - The name of the group. type: str required: true display_header: description: - The display header for the group. aliases: - displayHeader type: str required: true display_description: description: - The display description for the group. aliases: - displayDescription type: str required: false annotations: description: - The annotations included in the group. type: dict required: false unmanaged_attribute_policy: description: - Policy for unmanaged attributes. aliases: - unmanagedAttributePolicy type: str choices: - ENABLED - ADMIN_EDIT - ADMIN_VIEW notes: - Currently, only a single V(declarative-user-profile) entry is supported for O(provider_id) (design of the Keyckoak API). However, there can be multiple O(config.kc_user_profile_config[].attributes[]) entries. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak - community.general.attributes author: - Eike Waldt (@yeoldegrove) a - name: Create a Declarative User Profile with default settings community.general.keycloak_userprofile: state: present parent_id: master config: kc_user_profile_config: - attributes: - name: username displayName: ${username} validations: length: min: 3 max: 255 username_prohibited_characters: {} up_username_not_idn_homograph: {} annotations: {} permissions: view: - admin - user edit: [] multivalued: false - name: email displayName: ${email} validations: email: {} length: max: 255 annotations: {} required: roles: - user permissions: view: - admin - user edit: [] multivalued: false - name: firstName displayName: ${firstName} validations: length: max: 255 person_name_prohibited_characters: {} annotations: {} required: roles: - user permissions: view: - admin - user edit: [] multivalued: false - name: lastName displayName: ${lastName} validations: length: max: 255 person_name_prohibited_characters: {} annotations: {} required: roles: - user permissions: view: - admin - user edit: [] multivalued: false groups: - name: user-metadata displayHeader: User metadata displayDescription: Attributes, which refer to user metadata annotations: {} - name: Delete a Keycloak User Profile Provider keycloak_userprofile: state: absent parent_id: master # Unmanaged attributes are user attributes not explicitly defined in the User Profile # configuration. By default, unmanaged attributes are "Disabled" and are not # available from any context such as registration, account, and the # administration console. By setting "Enabled", unmanaged attributes are fully # recognized by the server and accessible through all contexts, useful if you are # starting migrating an existing realm to the declarative User Profile # and you don't have yet all user attributes defined in the User Profile configuration. - name: Enable Unmanaged Attributes community.general.keycloak_userprofile: state: present parent_id: master config: kc_user_profile_config: - unmanagedAttributePolicy: ENABLED # By setting "Only administrators can write", unmanaged attributes can be managed # only through the administration console and API, useful if you have already # defined any custom attribute that can be managed by users but you are unsure # about adding other attributes that should only be managed by administrators. - name: Enable ADMIN_EDIT on Unmanaged Attributes community.general.keycloak_userprofile: state: present parent_id: master config: kc_user_profile_config: - unmanagedAttributePolicy: ADMIN_EDIT # By setting `Only administrators can view`, unmanaged attributes are read-only # and only available through the administration console and API. - name: Enable ADMIN_VIEW on Unmanaged Attributes community.general.keycloak_userprofile: state: present parent_id: master config: kc_user_profile_config: - unmanagedAttributePolicy: ADMIN_VIEW a msg: description: The output message generated by the module. returned: always type: str sample: UserProfileProvider created successfully data: description: The data returned by the Keycloak API. returned: when state is present type: dict sample: {'...': '...'} ) KeycloakAPIcamelkeycloak_argument_spec get_token KeycloakError) AnsibleModule) urlencode)deepcopyNct|tr0|jDcic]\}}| |t|c}}St|tr|Dcgc]}|t|c}S|Scc}}wcc}wN) isinstancedictitemsremove_null_valueslistdatakvitems z/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/general/plugins/modules/keycloak_userprofile.pyrrso$59ZZ\STQQ]%a((SS D$ 59NTT=M"4(NN TOs A/A/A5 A5ct|tr6|jDcic]\}}t|t |c}}St|t r|Dcgc] }t |c}S|Scc}}wcc}wr)rrrrcamel_recursiverrs rrrsg$9=FAa/!,,FF D$ 267$%77 G8s A2A8c%t}ttdddgdtdddgdtdd gd d g tdd gd d g tdddtddgdtdddtddtddgdtdtdtddtdddtddtddgdtddgdtddgdtddtddtdddtdtdtdtddddgtddddgd td!d"tdd#tdddgid$%tddtddtdd&gdtdd'gdtddd()tdd*ggd+d,d-.i/0}|j|t|dgd1ggd2gd3d4i5}tdd6itii78}i}i|d9< t |j }t|}ttjd;gz}|j D cgc]#} | |vr|j j| | %} } i} |j jd9} i| d9<| D]} | dk(s| d}t| |}g| t| |<t!|d?kDs:t#|}d@|d?vrv|d?d@D]k}dA|vsd|dAvr|dAjd|dAdB<d|dAvr|dAjd|dAdC<d|dAvsR|dAjd|dAdD<m| t| |j%|d?g| t| t|<|j j| |}t'|t(rt|j+}n|}| t| t|j%|u|j j| }|| t| <|j jd;}|j jdE}|j jd<}|j jdF}|j jdG}t-| }|j/t1t||}d}d6}d|dH<|D]}|d k(s |dI}|| dI<||dI<d9|vr.d>|d9vr't3j4|d9d>d?|d9d>d?<| j7D]8\}}||||<||||k7s|d9k7s ||dJ||dK||dLz }d|dH<:|d9j7D]E\} }!|d9| |d9| <|d9| |d9| k7s&|dM| dJ|d9| dK|d9| dLz }d|dH<Gd9| vr.d>| d9vr't3j8| d9d>d?| d9d>d?<|r|dk(r|dHrp|j:rt||7|dN<|j<rdO|dP|j?dL|dQ<n5|jA| |dO|dR|j?dL|dQ<ndS|z|dQ<||dT<n|r`|dk(r[|j:rt|i7|dN<|j<rd|dH<dU|z|dQ<n|jC||d|dH<dV|z|dQ<i|dT<n{|s`|dk(r[|j:rti|7|dN<|j<rd|dH<dW|z|dQ<n|jE| |d|dH<dX|z|dQ<||dT<n|s|dk(rd|dH<dY|z|dQ<i|dT<|jFdZi|y#t $r&}|jt|:Yd}~d}~wwxYwcc} w)[Nstrpresentabsent)typechoicesdefaultparentIdrealmT)r!aliasesrequired providerIdzdeclarative-user-profile)r!r&r#r" providerTypez,org.keycloak.userprofile.UserProfileProviderrFkc_user_profile_configrkcUserProfileConfig)r!r' displayNameint)minmax)r!optionsusernameProhibitedCharactersupUsernameNotIdnHomographpersonNameProhibitedCharacters)lengthemailusername_prohibited_charactersup_username_not_idn_homograph!person_name_prohibited_charactersuripatternr0)r!adminuser)r!elementsr#)vieweditbool)r!r#roles)name display_name validations annotationsgroup permissions multivaluedr')r!r=r'r0 displayHeaderdisplayDescription)rBdisplay_headerdisplay_descriptionrE)r!r=r0unmanagedAttributePolicy)ENABLED ADMIN_EDIT ADMIN_VIEW)r!r&r"r') attributesgroupsunmanaged_attribute_policy)r!r&r=r0)r!r'r0)state parent_id provider_id provider_typeconfig)token auth_realm auth_username auth_password)rZr[r\ refresh_tokenrZ) argument_specsupports_check_moderequired_one_ofrequired_together required_by)beforeafter)changedmsg end_statediffrX)rgrTrU)r+r*zkc.user.profile.configrrQrDzusername-prohibited-characterszup-username-not-idn-homographz!person-name-prohibited-charactersenabledrWrVrfidz: z -> z, zconfig.riz Userprofile z would be changed: rgz changed: zUserprofile %s was in syncrhzUserprofile %s would be deletedzUserprofile %s deletedzUserprofile %s would be createdzUserprofile %s createdzUserprofile %s not present)$rrupdater r paramsr fail_jsonrrrkeysgetpoprrlenrappendrr@lowerr get_componentsr jsonloadsrdumps_diff check_modestripupdate_componentdelete_componentcreate_component exit_json)"r^ meta_argsmoduleresultbefore_realm_userprofileconnection_headerekcparams_to_ignorexcomponent_params changesetrXcomponent_param config_paramconfig_param_orgr* attribute raw_valuevaluenew_param_valuerTrjrUrWrVchangeset_copyrealm_userprofilesuserprofile_idchanges userprofileparamprs" rmainrs *,M 8'?B!* 1 - u2=e2D(/!%(K,>>5HCT5+e:Ln]bNcddG(,F9%  -'x0668 -18CH8Ma8P(215!(+A.+h2G2JJ![=RST=UWefnWopqWrssG(,F9%  -'-<9!9Yx=P!P;?::iPXFYZrFstuFv;w (45a8%9, ) ||!%-E^!\v  ITV]VcVcdhVi ju ##Iy9@KW]][_M` au 8KHF5M,{ EX- <<!)ALF6N    $F9 =MF5M    : $F9 4 DF5M {  2 <<!>BF6N    $F9 =MF5M    9 5 $F9 4 DF5M,{  1!y4 Du  {Fvo %SV$$%s-`(a  a #aa __main__) __future__rrrr! __metaclass__ DOCUMENTATIONEXAMPLESRETURNUansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloakrrrr r ansible.module_utils.basicr +ansible.module_utils.six.moves.urllib.parser copyr rwrrr__name__rlrrsgA@ J Xv p 554A   dN  zFr