From d01417b504a189f8bdc0ec65dc0b6bc08c34deb7 Mon Sep 17 00:00:00 2001 From: loricvdt Date: Mon, 7 Aug 2023 21:20:08 +0200 Subject: [PATCH 1/3] Fix KeycloakAPI's missing http_agent, timeout, and validate_certs open_url() parameters --- .../identity/keycloak/keycloak.py | 44 +++++++++++++------ 1 file changed, 31 insertions(+), 13 deletions(-) diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py index f7120c7e24a..a8d0db14d9d 100644 --- a/plugins/module_utils/identity/keycloak/keycloak.py +++ b/plugins/module_utils/identity/keycloak/keycloak.py @@ -777,7 +777,8 @@ def get_user_by_username(self, username, realm="master"): users_url += '?username=%s&exact=true' % username try: userrep = None - users = json.loads(to_native(open_url(users_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout, + users = json.loads(to_native(open_url(users_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, validate_certs=self.validate_certs).read())) for user in users: if user['username'] == username: @@ -803,7 +804,8 @@ def get_service_account_user_by_client_id(self, client_id, realm="master"): service_account_user_url = URL_CLIENT_SERVICE_ACCOUNT_USER.format(url=self.baseurl, realm=realm, id=cid) try: - return json.loads(to_native(open_url(service_account_user_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout, + return json.loads(to_native(open_url(service_account_user_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, validate_certs=self.validate_certs).read())) except ValueError as e: self.module.fail_json(msg='API returned incorrect JSON when trying to obtain the service-account-user for realm %s and client_id %s: %s' @@ -1347,7 +1349,8 @@ def create_clientsecret(self, id, realm="master"): clientsecret_url = URL_CLIENTSECRET.format(url=self.baseurl, realm=realm, id=id) try: - return json.loads(to_native(open_url(clientsecret_url, method='POST', headers=self.restheaders, timeout=self.connection_timeout, + return json.loads(to_native(open_url(clientsecret_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, validate_certs=self.validate_certs).read())) except HTTPError as e: @@ -1370,7 +1373,8 @@ def get_clientsecret(self, id, realm="master"): clientsecret_url = URL_CLIENTSECRET.format(url=self.baseurl, realm=realm, id=id) try: - return json.loads(to_native(open_url(clientsecret_url, method='GET', headers=self.restheaders, timeout=self.connection_timeout, + return json.loads(to_native(open_url(clientsecret_url, method='GET', http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, validate_certs=self.validate_certs).read())) except HTTPError as e: @@ -2678,7 +2682,9 @@ def get_user_by_id(self, user_id, realm='master'): open_url( user_url, method='GET', - headers=self.restheaders)) + http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs)) return userrep except Exception as e: self.module.fail_json(msg='Could not get user %s in realm %s: %s' @@ -2700,8 +2706,10 @@ def create_user(self, userrep, realm='master'): realm=realm) open_url(users_url, method='POST', - headers=self.restheaders, - data=json.dumps(userrep)) + http_agent=self.http_agent, headers=self.restheaders, + data=json.dumps(userrep), + timeout=self.connection_timeout, + validate_certs=self.validate_certs) created_user = self.get_user_by_username( username=userrep['username'], realm=realm) @@ -2744,8 +2752,10 @@ def update_user(self, userrep, realm='master'): open_url( user_url, method='PUT', - headers=self.restheaders, - data=json.dumps(userrep)) + http_agent=self.http_agent, headers=self.restheaders, + data=json.dumps(userrep), + timeout=self.connection_timeout, + validate_certs=self.validate_certs) updated_user = self.get_user_by_id( user_id=userrep['id'], realm=realm) @@ -2769,7 +2779,9 @@ def delete_user(self, user_id, realm='master'): return open_url( user_url, method='DELETE', - headers=self.restheaders) + http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs) except Exception as e: self.module.fail_json(msg='Could not delete user %s in realm %s: %s' % (user_id, realm, str(e))) @@ -2791,7 +2803,9 @@ def get_user_groups(self, user_id, realm='master'): open_url( user_groups_url, method='GET', - headers=self.restheaders)) + http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs)) for user_group in user_groups: groups.append(user_group["name"]) return groups @@ -2816,7 +2830,9 @@ def add_user_in_group(self, user_id, group_id, realm='master'): return open_url( user_group_url, method='PUT', - headers=self.restheaders) + http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs) except Exception as e: self.module.fail_json(msg='Could not add user %s in group %s in realm %s: %s' % (user_id, group_id, realm, str(e))) @@ -2838,7 +2854,9 @@ def remove_user_from_group(self, user_id, group_id, realm='master'): return open_url( user_group_url, method='DELETE', - headers=self.restheaders) + http_agent=self.http_agent, headers=self.restheaders, + timeout=self.connection_timeout, + validate_certs=self.validate_certs) except Exception as e: self.module.fail_json(msg='Could not remove user %s from group %s in realm %s: %s' % (user_id, group_id, realm, str(e))) From 75b899a99c7ae7e4c8e743b63edc94939775fff5 Mon Sep 17 00:00:00 2001 From: loricvdt Date: Mon, 7 Aug 2023 21:34:07 +0200 Subject: [PATCH 2/3] Add changelog fragment --- changelogs/fragments/7067-keycloak-api-paramerter-fix.yml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 changelogs/fragments/7067-keycloak-api-paramerter-fix.yml diff --git a/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml b/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml new file mode 100644 index 00000000000..7423795fe33 --- /dev/null +++ b/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak module util - fix missing http_agent, timeout, and validate_certs open_url() parameters From d87f1f14d62f18f49cd16188df7bbe31fca246ee Mon Sep 17 00:00:00 2001 From: Loric Vandentempel Date: Mon, 7 Aug 2023 22:23:21 +0200 Subject: [PATCH 3/3] Update changelogs/fragments/7067-keycloak-api-paramerter-fix.yml Following suggestion Co-authored-by: Felix Fontein --- changelogs/fragments/7067-keycloak-api-paramerter-fix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml b/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml index 7423795fe33..a52c6fe953b 100644 --- a/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml +++ b/changelogs/fragments/7067-keycloak-api-paramerter-fix.yml @@ -1,2 +1,2 @@ bugfixes: - - keycloak module util - fix missing http_agent, timeout, and validate_certs open_url() parameters + - keycloak module util - fix missing ``http_agent``, ``timeout``, and ``validate_certs`` ``open_url()`` parameters (https://github.com/ansible-collections/community.general/pull/7067).