Fix bugs in the rhacs_auth_provider module (#4)

CHANGELOG.rst

@@ -4,6 +4,20 @@ Red Hat Advanced Cluster Security for Kubernetes Collection Release Notes
 
 .. contents:: Topics
 
+v1.1.1
+======
+
+Release Summary
+---------------
+
+Fixing bugs in the ``herve4m.rhacs_configuration.rhacs_auth_provider`` module.
+
+Bugfixes
+--------
+
+- The ``uiEndpoint`` OpenID Connect parameter was wrongly set and prevented authentication.
+- Updating a configuration failed because once the authentication provider is used, it cannot be modified. Now, for update operations, the configuration is deleted and then re-created.
+
 v1.1.0
 ======
 

changelogs/changelog.yaml

@@ -92,3 +92,16 @@ releases:
         name: rhacs_report_schedule
         namespace: ''
     release_date: '2024-10-27'
+  1.1.1:
+    changes:
+      bugfixes:
+        - The ``uiEndpoint`` OpenID Connect parameter was wrongly set and prevented
+          authentication.
+        - Updating a configuration failed because once the authentication provider
+          is used, it cannot be modified. Now, for update operations, the configuration
+          is deleted and then re-created.
+      release_summary: Fixing bugs in the ``herve4m.rhacs_configuration.rhacs_auth_provider``
+        module.
+    fragments:
+      - PR4-v1.1.1-summary.yml
+    release_date: '2024-11-21'

galaxy.yml

@@ -1,7 +1,7 @@
 ---
 namespace: herve4m
 name: rhacs_configuration
-version: 1.1.0
+version: 1.1.1
 readme: README.md
 authors:
   - Hervé Quatremain <[email protected]>

plugins/module_utils/api_module.py

@@ -222,11 +222,14 @@ def make_raw_request(self, method, url, ok_error_codes=None, **kwargs):
                 response = he
             # Sanity check: Did the server send back some kind of internal error?
             elif he.code >= 500:
-                raise APIModuleError(
-                    ("The host sent back a server error: {path}: {error}.").format(
+                # The response might include an error message
+                try:
+                    msg = self.get_error_message({"json": json.loads(he.read())})
+                except Exception:
+                    msg = ("The host sent back a server error: {path}: {error}.").format(
                         path=url.path, error=he
                     )
-                )
+                raise APIModuleError(msg)
             # Sanity check: Did we fail to authenticate properly?
             # If so, fail out now; this is always a failure.
             elif he.code == 401:

plugins/modules/rhacs_auth_provider.py

@@ -54,7 +54,8 @@
   rhacs_url:
     description:
       - URL of the RHACS web interface.
-      - The value of O(rhacs_host) by default.
+      - The network location of O(rhacs_host) by default, such as
+        C(rhacs.example.com:8443) for example.
     type: str
   auth0:
     description:
@@ -512,10 +513,7 @@ def main():
     if state == "absent":
         id = config.get("id", "") if config else ""
         module.delete(
-            config,
-            "authentication provider",
-            name,
-            "/v1/authProviders/{id}".format(id=id),
+            config, "authentication provider", name, "/v1/authProviders/{id}".format(id=id)
         )
 
     if not config and new_config:
@@ -552,7 +550,7 @@ def main():
         new_fields = {
             "name": name,
             "type": parameter_to_API_type(auth_type),
-            "uiEndpoint": rhacs_url if rhacs_url else module.host_url.geturl(),
+            "uiEndpoint": rhacs_url if rhacs_url else module.host_url.netloc,
             "enabled": True,
             "traits": {"mutabilityMode": "ALLOW_MUTATE"},
         }
@@ -739,8 +737,10 @@ def main():
 
     # Build the data to send to the API to update the configuration
     data = copy.deepcopy(config)
+    data.pop("id", None)
+    data.pop("lastUpdated", None)
+    data.pop("loginUrl", None)
     data["name"] = name
-    data["id"] = id_to_update
     conf = config.get("config", {})
 
     # Compare the object with the requested configuration to verify whether
@@ -810,6 +810,10 @@ def main():
             not new_name
             and (not rhacs_url or rhacs_url == data.get("uiEndpoint"))
             and not client_secret
+            and (
+                use_client_secret is None
+                or (use_client_secret is False and not conf.get("client_secret"))
+            )
             and (mode is None or mode == conf.get("mode"))
             and (issuer is None or issuer == conf.get("issuer"))
             and (client_id is None or client_id == conf.get("client_id"))
@@ -935,13 +939,6 @@ def main():
     if rhacs_url:
         data["uiEndpoint"] = rhacs_url
 
-    module.unconditional_update(
-        "authentication provider",
-        name,
-        "/v1/authProviders/{id}".format(id=id_to_update),
-        data,
-    )
-
     # In case a rename operation occurred (when new_name is set), and the
     # source and destination objects both existed, then delete the source
     # object
@@ -953,7 +950,20 @@ def main():
             "/v1/authProviders/{id}".format(id=id_to_delete),
             auto_exit=False,
         )
-    module.exit_json(changed=True, id=id_to_update)
+
+    # Because a provider cannot be updated after it has been used, delete the
+    # provider and then re-create it.
+    module.delete(
+        config,
+        "authentication provider",
+        name,
+        "/v1/authProviders/{id}".format(id=id_to_update),
+        auto_exit=False,
+    )
+    resp = module.create(
+        "authentication provider", name, "/v1/authProviders", data, auto_exit=False
+    )
+    module.exit_json(changed=True, id=resp.get("id", ""))
 
 
 if __name__ == "__main__":