��
�Udac������������@`��s����d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�m��Z��m��Z��m
�Z
�m��Z��m��Z���d��d��l��m��Z���d
����Z��e��d��k��r��e������n��d��S(����i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bys����
---
module: keycloak_clienttemplate
short_description: Allows administration of Keycloak client templates via Keycloak API
version_added: "2.5"
description:
- This module allows the administration of Keycloak client templates via the Keycloak REST API. It
requires access to the REST API via OpenID Connect; the user connecting and the client being
used must have the requisite access rights. In a default Keycloak installation, admin-cli
and an admin user would work, as would a separate client definition with the scope tailored
to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the
Keycloak API and its documentation at U(http://www.keycloak.org/docs-api/3.3/rest-api/)
- The Keycloak API does not always enforce for only sensible settings to be used -- you can set
SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful.
If you do not specify a setting, usually a sensible default is chosen.
options:
state:
description:
- State of the client template
- On C(present), the client template will be created (or updated if it exists already).
- On C(absent), the client template will be removed if it exists
choices: ['present', 'absent']
default: 'present'
id:
description:
- Id of client template to be worked on. This is usually a UUID.
realm:
description:
- Realm this client template is found in.
name:
description:
- Name of the client template
description:
description:
- Description of the client template in Keycloak
protocol:
description:
- Type of client template (either C(openid-connect) or C(saml).
choices: ['openid-connect', 'saml']
full_scope_allowed:
description:
- Is the "Full Scope Allowed" feature set for this client template or not.
This is 'fullScopeAllowed' in the Keycloak REST API.
type: bool
protocol_mappers:
description:
- a list of dicts defining protocol mappers for this client template.
This is 'protocolMappers' in the Keycloak REST API.
suboptions:
consentRequired:
description:
- Specifies whether a user needs to provide consent to a client for this mapper to be active.
consentText:
description:
- The human-readable name of the consent the user is presented to accept.
id:
description:
- Usually a UUID specifying the internal ID of this protocol mapper instance.
name:
description:
- The name of this protocol mapper.
protocol:
description:
- is either 'openid-connect' or 'saml', this specifies for which protocol this protocol mapper
is active.
choices: ['openid-connect', 'saml']
protocolMapper:
description:
- The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
impossible to provide since this may be extended through SPIs by the user of Keycloak,
by default Keycloak as of 3.4 ships with at least
- C(docker-v2-allow-all-mapper)
- C(oidc-address-mapper)
- C(oidc-full-name-mapper)
- C(oidc-group-membership-mapper)
- C(oidc-hardcoded-claim-mapper)
- C(oidc-hardcoded-role-mapper)
- C(oidc-role-name-mapper)
- C(oidc-script-based-protocol-mapper)
- C(oidc-sha256-pairwise-sub-mapper)
- C(oidc-usermodel-attribute-mapper)
- C(oidc-usermodel-client-role-mapper)
- C(oidc-usermodel-property-mapper)
- C(oidc-usermodel-realm-role-mapper)
- C(oidc-usersessionmodel-note-mapper)
- C(saml-group-membership-mapper)
- C(saml-hardcode-attribute-mapper)
- C(saml-hardcode-role-mapper)
- C(saml-role-list-mapper)
- C(saml-role-name-mapper)
- C(saml-user-attribute-mapper)
- C(saml-user-property-mapper)
- C(saml-user-session-note-mapper)
- An exhaustive list of available mappers on your installation can be obtained on
the admin console by going to Server Info -> Providers and looking under
'protocol-mapper'.
config:
description:
- Dict specifying the configuration options for the protocol mapper; the
contents differ depending on the value of I(protocolMapper) and are not documented
other than by the source of the mappers and its parent class(es). An example is given
below. It is easiest to obtain valid config values by dumping an already-existing
protocol mapper configuration through check-mode in the "existing" field.
attributes:
description:
- A dict of further attributes for this client template. This can contain various
configuration settings, though in the default installation of Keycloak as of 3.4, none
are documented or known, so this is usually empty.
notes:
- The Keycloak REST API defines further fields (namely I(bearerOnly), I(consentRequired), I(standardFlowEnabled),
I(implicitFlowEnabled), I(directAccessGrantsEnabled), I(serviceAccountsEnabled), I(publicClient), and
I(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on
Keycloak client-templates and are discarded if supplied with an API request changing client-templates. As such,
they are not available through this module.
extends_documentation_fragment:
- keycloak
author:
- Eike Frost (@eikef)
s����
- name: Create or update Keycloak client template (minimal)
local_action:
module: keycloak_clienttemplate
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
realm: master
name: this_is_a_test
- name: delete Keycloak client template
local_action:
module: keycloak_clienttemplate
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
realm: master
state: absent
name: test01
- name: Create or update Keycloak client template (with a protocol mapper)
local_action:
module: keycloak_clienttemplate
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
realm: master
name: this_is_a_test
protocol_mappers:
- config:
access.token.claim: True
claim.name: "family_name"
id.token.claim: True
jsonType.label: String
user.attribute: lastName
userinfo.token.claim: True
consentRequired: True
consentText: "${familyName}"
name: family name
protocol: openid-connect
protocolMapper: oidc-usermodel-property-mapper
full_scope_allowed: false
id: bce6f5e9-d7d3-4955-817e-c5b7f8d65b3f
s����
msg:
description: Message as to what action was taken
returned: always
type: str
sample: "Client template testclient has been updated"
proposed:
description: client template representation of proposed changes to client template
returned: always
type: dict
sample: {
name: "test01"
}
existing:
description: client template representation of existing client template (sample is truncated)
returned: always
type: dict
sample: {
"description": "test01",
"fullScopeAllowed": false,
"id": "9c3712ab-decd-481e-954f-76da7b006e5f",
"name": "test01",
"protocol": "saml"
}
end_state:
description: client template representation of client template after module execution (sample is truncated)
returned: always
type: dict
sample: {
"description": "test01",
"fullScopeAllowed": false,
"id": "9c3712ab-decd-481e-954f-76da7b006e5f",
"name": "test01",
"protocol": "saml"
}
(����t����KeycloakAPIt����camelt����keycloak_argument_spect ���get_tokent
���KeycloakError(����t
���AnsibleModulec������������C`��s����t�����}��t��d��t��d��d�����d��t��d��d�����d��t��d��d�����d��t��d��d�����d��t��d��d��d �d
�d��g�����d��t��d��d�����d
�t��d��d��������}��t��d��t��d��d��d��d�����d��t��d��d��d �d��d��g�����d��t��d��d�����d��t��d��d�����d��t��d��d�����d��t��d��d��d �d
�d��g�����d��t��d��d�����d��t��d��d�����d��t��d��d��d��d��d��|������� }��|��j��|������t��d��|��d��t��d��d��d��g��g�����}��t��d��t��d �d!�d"�i��d#�i��d$�i��d%�i�����}��y��t��d&�|��j��j��d'����d(�|��j��j��d(����d)�|��j��j��d)����d*�|��j��j��d+����d,�|��j��j��d,����d-�|��j��j��d-����d.�|��j��j��d/�������}��Wn)��t �k
�rU��}���|��j
�d �t��|���������n��Xt��|��|�����}��|��j��j��d�����}��|��j��j��d�����} �|��j��j��d�����}
�g��|��j��D]0�}��|��d8�k��r��|��j��j��|�����d7�k �r��|��^��q��}��|
�d7�k��r$�|��j��|��j��j��d�����d��|�����}
�|
�d7�k �r9�|
�d���}
�q9�n��|��j��|
�d��|�����}
�|
�d7�k��rQ�t�����}
�n��|
�|��d$�<t�����}��xf�|��D]^�}��|��j��j��|�����}��t��|��t�����r��y��t��|�����}��Wq���t��k
�r�����q��Xn��|��|��t��|�����<qk�W|
�j�����}��|��j��|������|��|��d#�<|
�t�����k��r �| �d��k��rJ�|��j��r0�t��d0�d!�d1�d!����|��d"�<n��d2�|��d �<|��j��|������n��t��|��d��<d��|��k��rs�|��j
�d �d3�����n��|��j��r��t��d0�d!�d1�|�����|��d"�<n��|��j��r��|��j��|������n��|��j��|��d��|������|��j��|��d���d��|�����}��|��|��d%�<d4�|��d����|��d �<|��j��|������n��| �d��k��r��t��|��d��<|��j��r]�|��j��rM�t��d0�|
�d1�|�����|��d"�<n��|��j��|������n��|��j��|
�|��d��|������|��j��|
�d��|�����}��|
�|��k��r��t��|��d��<n��|��j��r��t��d0�|
�d1�|�����|��d"�<n��|��|��d%�<d5�|��d����|��d �<|��j��|������n��t��|��d��<|��j��r$�|
�|��d"��d0�<d!�|��d"��d1�<n��|��j��r=�|��j��|������n��|��j��|
�d��|������t�����|��d#�<t�����|��d%�<d6�|
�d����|��d �<|��j��|������|��j��|������d7�S(9���s(���
Module execution
:return:
t����consentRequiredt����typet����boolt����consentTextt����strt����idt����namet����protocolt����choicess����openid-connectt����samlt����protocolMappert����configt����dictt����realmt����defaultt����mastert����statet����presentt����absentt����descriptiont
���attributest����full_scope_allowedt����protocol_mapperst����listt����elementst����optionst
���argument_spect����supports_check_modet����required_one_oft����changedt����msgt����t����difft����proposedt����existingt ���end_statet����base_urlt����auth_keycloak_urlt����validate_certst
���auth_realmt ���client_idt����auth_client_idt
���auth_usernamet
���auth_passwordt
���client_secrett����auth_client_secrett����beforet����afters.���Client template does not exist, doing nothing.s5���name needs to be specified when creating a new clients$���Client template %s has been created.s$���Client template %s has been updated.s$���Client template %s has been deleted.N( ���R����R3���R7���R5���R;���R8���R9���R4���R����(����R
���R����t����updateR
���t����Truet����FalseR����t����paramst����getR����t ���fail_jsonR����R����t����Nonet����get_client_template_by_namet����get_client_template_by_idt
���isinstanceR%���t����sortedt ���TypeErrorR ���t����copyt����_difft ���exit_jsont
���check_modet����create_client_templatet����update_client_templatet����delete_client_template(����R(���t����protmapper_spect ���meta_argst����modulet����resultt����connection_headert����et����kcR����R����t����cidt����xt����clientt_paramst����before_clienttt ���changesett
���clientt_paramt����new_param_valuet����updated_clienttt
���after_clientt(����(����s]���/usr/lib/python2.7/site-packages/ansible/modules/identity/keycloak/keycloak_clienttemplate.pyt����main����s������ �������������������������������������
�������-�������������������������������������-���!�����������
� �
���������
�������
�
����� ���
���
����� ��� �������
�������
� � �������������
� �����
�����
� ����� �����
�
���
�t����__main__N(����t
���__future__R����R����R����R����t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNt/���ansible.module_utils.identity.keycloak.keycloakR����R ���R
���R����R����t����ansible.module_utils.basicR
���Ra���t����__name__(����(����(����s]���/usr/lib/python2.7/site-packages/ansible/modules/identity/keycloak/keycloak_clienttemplate.pyt����<module>����s������������
�
��3�&��(��� ���
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell