From 2e6b160c188a0373eaa2ab36d90a0aa5b1b6db3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Herv=C3=A9=20Quatremain?= Date: Thu, 21 Nov 2024 13:19:24 +0100 Subject: [PATCH] Fix bugs in the rhacs_auth_provider module (#4) --- CHANGELOG.rst | 14 +++++++++ changelogs/changelog.yaml | 13 +++++++++ galaxy.yml | 2 +- plugins/module_utils/api_module.py | 9 ++++-- plugins/modules/rhacs_auth_provider.py | 40 ++++++++++++++++---------- 5 files changed, 59 insertions(+), 19 deletions(-) diff --git a/CHANGELOG.rst b/CHANGELOG.rst index bbbb152..e3fda22 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,20 @@ Red Hat Advanced Cluster Security for Kubernetes Collection Release Notes .. contents:: Topics +v1.1.1 +====== + +Release Summary +--------------- + +Fixing bugs in the ``herve4m.rhacs_configuration.rhacs_auth_provider`` module. + +Bugfixes +-------- + +- The ``uiEndpoint`` OpenID Connect parameter was wrongly set and prevented authentication. +- Updating a configuration failed because once the authentication provider is used, it cannot be modified. Now, for update operations, the configuration is deleted and then re-created. + v1.1.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 6852117..7ff67d5 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -92,3 +92,16 @@ releases: name: rhacs_report_schedule namespace: '' release_date: '2024-10-27' + 1.1.1: + changes: + bugfixes: + - The ``uiEndpoint`` OpenID Connect parameter was wrongly set and prevented + authentication. + - Updating a configuration failed because once the authentication provider + is used, it cannot be modified. Now, for update operations, the configuration + is deleted and then re-created. + release_summary: Fixing bugs in the ``herve4m.rhacs_configuration.rhacs_auth_provider`` + module. + fragments: + - PR4-v1.1.1-summary.yml + release_date: '2024-11-21' diff --git a/galaxy.yml b/galaxy.yml index 6ef9eb5..9bceff6 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -1,7 +1,7 @@ --- namespace: herve4m name: rhacs_configuration -version: 1.1.0 +version: 1.1.1 readme: README.md authors: - Hervé Quatremain diff --git a/plugins/module_utils/api_module.py b/plugins/module_utils/api_module.py index d3aa572..c8e20a2 100644 --- a/plugins/module_utils/api_module.py +++ b/plugins/module_utils/api_module.py @@ -222,11 +222,14 @@ def make_raw_request(self, method, url, ok_error_codes=None, **kwargs): response = he # Sanity check: Did the server send back some kind of internal error? elif he.code >= 500: - raise APIModuleError( - ("The host sent back a server error: {path}: {error}.").format( + # The response might include an error message + try: + msg = self.get_error_message({"json": json.loads(he.read())}) + except Exception: + msg = ("The host sent back a server error: {path}: {error}.").format( path=url.path, error=he ) - ) + raise APIModuleError(msg) # Sanity check: Did we fail to authenticate properly? # If so, fail out now; this is always a failure. elif he.code == 401: diff --git a/plugins/modules/rhacs_auth_provider.py b/plugins/modules/rhacs_auth_provider.py index 2c76e8d..b5fa8ef 100644 --- a/plugins/modules/rhacs_auth_provider.py +++ b/plugins/modules/rhacs_auth_provider.py @@ -54,7 +54,8 @@ rhacs_url: description: - URL of the RHACS web interface. - - The value of O(rhacs_host) by default. + - The network location of O(rhacs_host) by default, such as + C(rhacs.example.com:8443) for example. type: str auth0: description: @@ -512,10 +513,7 @@ def main(): if state == "absent": id = config.get("id", "") if config else "" module.delete( - config, - "authentication provider", - name, - "/v1/authProviders/{id}".format(id=id), + config, "authentication provider", name, "/v1/authProviders/{id}".format(id=id) ) if not config and new_config: @@ -552,7 +550,7 @@ def main(): new_fields = { "name": name, "type": parameter_to_API_type(auth_type), - "uiEndpoint": rhacs_url if rhacs_url else module.host_url.geturl(), + "uiEndpoint": rhacs_url if rhacs_url else module.host_url.netloc, "enabled": True, "traits": {"mutabilityMode": "ALLOW_MUTATE"}, } @@ -739,8 +737,10 @@ def main(): # Build the data to send to the API to update the configuration data = copy.deepcopy(config) + data.pop("id", None) + data.pop("lastUpdated", None) + data.pop("loginUrl", None) data["name"] = name - data["id"] = id_to_update conf = config.get("config", {}) # Compare the object with the requested configuration to verify whether @@ -810,6 +810,10 @@ def main(): not new_name and (not rhacs_url or rhacs_url == data.get("uiEndpoint")) and not client_secret + and ( + use_client_secret is None + or (use_client_secret is False and not conf.get("client_secret")) + ) and (mode is None or mode == conf.get("mode")) and (issuer is None or issuer == conf.get("issuer")) and (client_id is None or client_id == conf.get("client_id")) @@ -935,13 +939,6 @@ def main(): if rhacs_url: data["uiEndpoint"] = rhacs_url - module.unconditional_update( - "authentication provider", - name, - "/v1/authProviders/{id}".format(id=id_to_update), - data, - ) - # In case a rename operation occurred (when new_name is set), and the # source and destination objects both existed, then delete the source # object @@ -953,7 +950,20 @@ def main(): "/v1/authProviders/{id}".format(id=id_to_delete), auto_exit=False, ) - module.exit_json(changed=True, id=id_to_update) + + # Because a provider cannot be updated after it has been used, delete the + # provider and then re-create it. + module.delete( + config, + "authentication provider", + name, + "/v1/authProviders/{id}".format(id=id_to_update), + auto_exit=False, + ) + resp = module.create( + "authentication provider", name, "/v1/authProviders", data, auto_exit=False + ) + module.exit_json(changed=True, id=resp.get("id", "")) if __name__ == "__main__":