keycloak_clientscope: add normalizations for attributes and protocol_…

…mappers (#8496) Signed-off-by: Eike Waldt <[email protected]>
ansible-collections · Jun 16, 2024 · fd2cd5f · fd2cd5f
1 parent 3716187
commit fd2cd5f
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 2 deletions.
diff --git a/changelogs/fragments/8496-keycloak_clientscope-add-normalizations.yaml b/changelogs/fragments/8496-keycloak_clientscope-add-normalizations.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).
diff --git a/plugins/modules/keycloak_clientscope.py b/plugins/modules/keycloak_clientscope.py
@@ -301,10 +301,37 @@
 '''
 
 from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
-    keycloak_argument_spec, get_token, KeycloakError
+    keycloak_argument_spec, get_token, KeycloakError, is_struct_included
 from ansible.module_utils.basic import AnsibleModule
 
 
+def normalise_cr(clientscoperep, remove_ids=False):
+    """ Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
+    the change detection is more effective.
+
+    :param clientscoperep: the clientscoperep dict to be sanitized
+    :param remove_ids: If set to true, then the unique ID's of objects is removed to make the diff and checks for changed
+                       not alert when the ID's of objects are not usually known, (e.g. for protocol_mappers)
+    :return: normalised clientscoperep dict
+    """
+    # Avoid the dict passed in to be modified
+    clientscoperep = clientscoperep.copy()
+
+    if 'attributes' in clientscoperep:
+        clientscoperep['attributes'] = list(sorted(clientscoperep['attributes']))
+
+    if 'protocolMappers' in clientscoperep:
+        clientscoperep['protocolMappers'] = sorted(clientscoperep['protocolMappers'], key=lambda x: (x.get('name'), x.get('protocol'), x.get('protocolMapper')))
+        for mapper in clientscoperep['protocolMappers']:
+            if remove_ids:
+                mapper.pop('id', None)
+
+            # Set to a default value.
+            mapper['consentRequired'] = mapper.get('consentRequired', False)
+
+    return clientscoperep
+
+
 def sanitize_cr(clientscoperep):
     """ Removes probably sensitive details from a clientscoperep representation.
 
@@ -317,7 +344,7 @@ def sanitize_cr(clientscoperep):
     if 'attributes' in result:
         if 'saml.signing.private.key' in result['attributes']:
             result['attributes']['saml.signing.private.key'] = 'no_log'
-    return result
+    return normalise_cr(result)
 
 
 def main():
@@ -458,6 +485,13 @@ def main():
                 result['diff'] = dict(before=sanitize_cr(before_clientscope), after=sanitize_cr(desired_clientscope))
 
             if module.check_mode:
+                # We can only compare the current clientscope with the proposed updates we have
+                before_norm = normalise_cr(before_clientscope, remove_ids=True)
+                desired_norm = normalise_cr(desired_clientscope, remove_ids=True)
+                if module._diff:
+                    result['diff'] = dict(before=sanitize_cr(before_norm),
+                                          after=sanitize_cr(desired_norm))
+                result['changed'] = not is_struct_included(desired_norm, before_norm)
                 module.exit_json(**result)
 
             # do the update
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		bugfixes:
		- keycloak_realm - add normalizations for ``attributes`` and ``protocol_mappers`` (https://github.com/ansible-collections/community.general/pull/8496).