Keycloak print error msg from server #7645
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ansibullbot
added
feature
felixfontein
added
check-before-release
changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml
Outdated
Show resolved
Hide resolved
| @@ -1919,6 +1919,9 @@ def create_client_role(self, rolerep, clientid, realm='master'): | |||
| rolerep["composites"] = keycloak_compatible_composites | |||
| return open_url(roles_url, method='POST', http_agent=self.http_agent, headers=self.restheaders, timeout=self.connection_timeout, | |||
| data=json.dumps(rolerep), validate_certs=self.validate_certs) | |||
| except HTTPError as httpError: | |||
| self.module.fail_json(msg='Could not create role %s for client %s in realm %s: %s: %s' | |||
| % (rolerep['name'], clientid, realm, str(httpError), httpError.read().decode())) | |||
There was a problem hiding this comment.
This seems to be some explicitly repeated code for only a very few special cases.
Also httpError.read().decode() seems to be very error-prone. Handling all possible problems with this is something that should be moved to a function that can be called from every except HTTPError as e clause.
There was a problem hiding this comment.
I took the initiative to change all exception where 'open_url' is call. Hope it's ok
There was a problem hiding this comment.
Yes, agree with that. Haven't checked (or tested) all, but locally I had to add the except HTTPError as httpError in loads of places just to make sense of stuff. So, yes please add the httpError in as many places as possible
|
Upvote on this. I patched my local system with this change, and it's nice to see the actual cause of the "400 Bad Request" |
….yml Co-authored-by: Felix Fontein <felix@fontein.de>
|
@desand01 this PR contains the following merge commits: Please rebase your branch to remove these commits. |
ansibullbot
added
merge_commit
added 2 commits
December 1, 2023 12:57
Co-authored-by: Felix Fontein <felix@fontein.de>
Co-authored-by: Felix Fontein <felix@fontein.de>
felixfontein
approved these changes
Dec 2, 2023
felixfontein
removed
the
check-before-release
Backport to stable-8: cherry-pick succeededBackport PR branch: PR branch created, proceeding with making a PR. 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Dec 3, 2023
* Retrive error msg * changelog * Update changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml Co-authored-by: Felix Fontein <felix@fontein.de> * test sanity * Fixe var name * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Msg formating --------- Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e724bc5)
felixfontein
removed
the
backport-8
felixfontein
added
the
backport-8
Backport to stable-8: cherry-pick succeededBackport PR branch: PR branch created, proceeding with making a PR. 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Dec 3, 2023
* Retrive error msg * changelog * Update changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml Co-authored-by: Felix Fontein <felix@fontein.de> * test sanity * Fixe var name * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Msg formating --------- Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e724bc5)
felixfontein
added a commit
that referenced
this pull request
Dec 3, 2023
Keycloak print error msg from server (#7645) * Retrive error msg * changelog * Update changelogs/fragments/7645-Keycloak-print-error-msg-from-server.yml Co-authored-by: Felix Fontein <felix@fontein.de> * test sanity * Fixe var name * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/module_utils/identity/keycloak/keycloak.py Co-authored-by: Felix Fontein <felix@fontein.de> * Msg formating --------- Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca> Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit e724bc5) Co-authored-by: desand01 <desrosiers.a@hotmail.com>
felixfontein
added a commit
that referenced
this pull request
Dec 28, 2023
…7663) * Add keycloak_realm_rolemapping module to map realm roles to groups * Whitespace * Description in plain English * Casing * Update error reporting as per #7645 * Add agross as maintainer of keycloak_realm_rolemapping module * cid and client_id are not used here * Credit other authors * mhuysamen submitted #7645 * Gaetan2907 authored keycloak_client_rolemapping.py which I took as a basis * Add integration tests * With Keycloak 23 realmRoles are only returned if assigned * Remove debug statement * Add test verifying that unmap works when no realm roles are assigned * Add license to readme * Change version number this module was added * Document which versions of the docker images have been tested * Downgrade version_added Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
patchback bot
pushed a commit
that referenced
this pull request
Dec 28, 2023
…7663) * Add keycloak_realm_rolemapping module to map realm roles to groups * Whitespace * Description in plain English * Casing * Update error reporting as per #7645 * Add agross as maintainer of keycloak_realm_rolemapping module * cid and client_id are not used here * Credit other authors * mhuysamen submitted #7645 * Gaetan2907 authored keycloak_client_rolemapping.py which I took as a basis * Add integration tests * With Keycloak 23 realmRoles are only returned if assigned * Remove debug statement * Add test verifying that unmap works when no realm roles are assigned * Add license to readme * Change version number this module was added * Document which versions of the docker images have been tested * Downgrade version_added Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit f7bc696)
felixfontein
pushed a commit
that referenced
this pull request
Dec 28, 2023
… module to map realm roles to groups (#7785) Add keycloak_realm_rolemapping module to map realm roles to groups (#7663) * Add keycloak_realm_rolemapping module to map realm roles to groups * Whitespace * Description in plain English * Casing * Update error reporting as per #7645 * Add agross as maintainer of keycloak_realm_rolemapping module * cid and client_id are not used here * Credit other authors * mhuysamen submitted #7645 * Gaetan2907 authored keycloak_client_rolemapping.py which I took as a basis * Add integration tests * With Keycloak 23 realmRoles are only returned if assigned * Remove debug statement * Add test verifying that unmap works when no realm roles are assigned * Add license to readme * Change version number this module was added * Document which versions of the docker images have been tested * Downgrade version_added Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit f7bc696) Co-authored-by: Alexander Groß <agross@therightstuff.de>
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jan 18, 2024
v9.1.0 ansible.utils ~~~~~~~~~~~~~ - Fact_diff filter plugin - Add fact_diff filter plugin. (ansible-collections/ansible.utils#78). ansible.windows ~~~~~~~~~~~~~~~ - Set minimum supported Ansible version to 2.14 to align with the versions still supported by Ansible. - win_share - Added a new param called ``scope_name`` that allows file shares to be scoped for Windows Server failover cluster roles. cisco.ios ~~~~~~~~~ - Added ios_evpn_evi resource module. - Added ios_evpn_global resource module. - Added ios_vxlan_vtep resource module. - Fixed ios_evpn_evi resource module integration test failure - code to remove VLAN config. - ios_bgp_address_family - Fixed an issue with inherit peer-policy CLI - ios_bgp_address_family - added 'advertise' key - ios_vlans - added vlan config CLI feature. - ios_vrf - added MDT related keys cisco.ise ~~~~~~~~~ - Services included configuration, edda, dataconnect_services, subscriber. cisco.nxos ~~~~~~~~~~ - nxos_config - Relax restrictions on I(src) parameter so it can be used more like I(lines). (ansible-collections/cisco.nxos#89). community.general ~~~~~~~~~~~~~~~~~ - bitwarden lookup plugin - when looking for items using an item ID, the item is now accessed directly with ``bw get item`` instead of searching through all items. This doubles the lookup speed (ansible-collections/community.general#7468). - elastic callback plugin - close elastic client to not leak resources (ansible-collections/community.general#7517). - git_config - allow multiple git configs for the same name with the new ``add_mode`` option (ansible-collections/community.general#7260). - git_config - the ``after`` and ``before`` fields in the ``diff`` of the return value can be a list instead of a string in case more configs with the same key are affected (ansible-collections/community.general#7260). - git_config - when a value is unset, all configs with the same key are unset (ansible-collections/community.general#7260). - gitlab modules - add ``ca_path`` option (ansible-collections/community.general#7472). - gitlab modules - remove duplicate ``gitlab`` package check (ansible-collections/community.general#7486). - gitlab_runner - add support for new runner creation workflow (ansible-collections/community.general#7199). - ipa_config - adds ``passkey`` choice to ``ipauserauthtype`` parameter's choices (ansible-collections/community.general#7588). - ipa_sudorule - adds options to include denied commands or command groups (ansible-collections/community.general#7415). - ipa_user - adds ``idp`` and ``passkey`` choice to ``ipauserauthtype`` parameter's choices (ansible-collections/community.general#7589). - irc - add ``validate_certs`` option, and rename ``use_ssl`` to ``use_tls``, while keeping ``use_ssl`` as an alias. The default value for ``validate_certs`` is ``false`` for backwards compatibility. We recommend to every user of this module to explicitly set ``use_tls=true`` and `validate_certs=true`` whenever possible, especially when communicating to IRC servers over the internet (ansible-collections/community.general#7550). - keycloak module utils - expose error message from Keycloak server for HTTP errors in some specific situations (ansible-collections/community.general#7645). - keycloak_user_federation - add option for ``krbPrincipalAttribute`` (ansible-collections/community.general#7538). - lvol - change ``pvs`` argument type to list of strings (ansible-collections/community.general#7676, ansible-collections/community.general#7504). - lxd connection plugin - tighten the detection logic for lxd ``Instance not found`` errors, to avoid false detection on unrelated errors such as ``/usr/bin/python3: not found`` (ansible-collections/community.general#7521). - netcup_dns - adds support for record types ``OPENPGPKEY``, ``SMIMEA``, and ``SSHFP`` (ansible-collections/community.general#7489). - nmcli - add support for new connection type ``loopback`` (ansible-collections/community.general#6572). - nmcli - allow for ``infiniband`` slaves of ``bond`` interface types (ansible-collections/community.general#7569). - nmcli - allow for the setting of ``MTU`` for ``infiniband`` and ``bond`` interface types (ansible-collections/community.general#7499). - onepassword lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (ansible-collections/community.general#7116). - onepassword_raw lookup plugin - support 1Password Connect with the opv2 client by setting the connect_host and connect_token parameters (ansible-collections/community.general#7116) - passwordstore - adds ``timestamp`` and ``preserve`` parameters to modify the stored password format (ansible-collections/community.general#7426). - proxmox - adds ``template`` value to the ``state`` parameter, allowing conversion of container to a template (ansible-collections/community.general#7143). - proxmox - adds ``update`` parameter, allowing update of an already existing containers configuration (ansible-collections/community.general#7540). - proxmox inventory plugin - adds an option to exclude nodes from the dynamic inventory generation. The new setting is optional, not using this option will behave as usual (ansible-collections/community.general#6714, ansible-collections/community.general#7461). - proxmox_disk - add ability to manipulate CD-ROM drive (ansible-collections/community.general#7495). - proxmox_kvm - adds ``template`` value to the ``state`` parameter, allowing conversion of a VM to a template (ansible-collections/community.general#7143). - proxmox_kvm - support the ``hookscript`` parameter (ansible-collections/community.general#7600). - proxmox_ostype - it is now possible to specify the ``ostype`` when creating an LXC container (ansible-collections/community.general#7462). - proxmox_vm_info - add ability to retrieve configuration info (ansible-collections/community.general#7485). - redfish_info - adding the ``BootProgress`` property when getting ``Systems`` info (ansible-collections/community.general#7626). - ssh_config - adds ``controlmaster``, ``controlpath`` and ``controlpersist`` parameters (ansible-collections/community.general#7456). community.routeros ~~~~~~~~~~~~~~~~~~ - api_info, api_modify - add missing DoH parameters ``doh-max-concurrent-queries``, ``doh-max-server-connections``, and ``doh-timeout`` to the ``ip dns`` path (ansible-collections/community.routeros#230, ansible-collections/community.routeros#235) - api_info, api_modify - add missing parameters ``address-list``, ``address-list-timeout``, ``randomise-ports``, and ``realm`` to subpaths of the ``ip firewall`` path (ansible-collections/community.routeros#236, ansible-collections/community.routeros#237). - api_info, api_modify - mark the ``interface wireless`` parameter ``running`` as read-only (ansible-collections/community.routeros#233). - api_info, api_modify - set the default value to ``false`` for the ``disabled`` parameter in some more paths where it can be seen in the documentation (ansible-collections/community.routeros#237). - api_modify - add missing ``comment`` attribute to ``/routing id`` (ansible-collections/community.routeros#234). - api_modify - add missing attributes to the ``routing bgp connection`` path (ansible-collections/community.routeros#234). - api_modify - add versioning to the ``/tool e-mail`` path (RouterOS 7.12 release) (ansible-collections/community.routeros#234). - api_modify - make ``/ip traffic-flow target`` a multiple value attribute (ansible-collections/community.routeros#234). community.windows ~~~~~~~~~~~~~~~~~ - Set minimum supported Ansible version to 2.14 to align with the versions still supported by Ansible. community.zabbix ~~~~~~~~~~~~~~~~ - Added zabbix_group_events_info module - action module - Added notify_if_canceled property - agent and proxy roles - Set default `zabbix_api_server_port` to 80 or 443 based on `zabbix_api_use_ssl` - agent role - Removed duplicative Windows agent task - agent role - Standardized default yum priority to 99 - all roles - Re-added ability to override Debian repo source - all roles - Updated Debian repository format to 822 standard - various - updated testing modules - various - updated to fully qualified module names - zabbix agent - Added capability to add additional configuration includes - zabbix_api_info module added - zabbix_user module - add current_passwd optional parameter to enable password updating of the currently logged in user (https://www.zabbix.com/documentation/6.4/en/manual/api/reference/user/update) dellemc.powerflex ~~~~~~~~~~~~~~~~~ - Added support for PowerFlex Denver version(4.5.x) to TB and Config role. f5networks.f5_modules ~~~~~~~~~~~~~~~~~~~~~ - bigiq_device_discovery - Changes in documentation related to Provider block google.cloud ~~~~~~~~~~~~ - anisble-test - integration tests are now run against 2.14.0 and 2.15.0 - ansible - 2.14.0 is now the minimum version supported - ansible-lint - fixed over a thousand reported errors - ansible-lint - upgraded to 6.22 - ansible-test - add support for GCP application default credentials (ansible-collections/google.cloud#359). - gcp_serviceusage_service - added backoff when checking for operation completion. - gcp_serviceusage_service - use alloyb API for the integration test as spanner conflicts with other tests - gcp_sql_ssl_cert - made sha1_fingerprint optional, which enables resource creation - gcp_storage_default_object_acl - removed non-existent fields; the resource is not usable. hetzner.hcloud ~~~~~~~~~~~~~~ - Add the `hetzner.hcloud.all` group to configure all the modules using `module_defaults`. - Allow to set the `api_endpoint` module argument using the `HCLOUD_ENDPOINT` environment variable. - Removed the `hcloud_` prefix from all modules names, e.g. `hetzner.hcloud.hcloud_firewall` was renamed to `hetzner.hcloud.firewall`. Old module names will continue working. - Renamed the `endpoint` module argument to `api_endpoint`, backward compatibility is maintained using an alias. - hcloud inventory - Add the `api_endpoint` option. - hcloud inventory - Deprecate the `api_token_env` option, suggest using a lookup plugin (`{{ lookup('ansible.builtin.env', 'YOUR_ENV_VAR') }}`) or use the well-known `HCLOUD_TOKEN` environment variable name. - hcloud inventory - Rename the `token_env` option to `api_token_env`, use aliases for backward compatibility. - hcloud inventory - Rename the `token` option to `api_token`, use aliases for backward compatibility. inspur.ispim ~~~~~~~~~~~~ - Modify edit_smtp_com and add description information. microsoft.ad ~~~~~~~~~~~~ - Make ``name`` an optional parameter for the AD modules. Either ``name`` or ``identity`` needs to be set with their respective behaviours. If creating a new AD user and only ``identity`` is set, that will be the value used for the name of the object. - Set minimum supported Ansible version to 2.14 to align with the versions still supported by Ansible. - object_info - Add ActiveDirectory module import purestorage.flasharray ~~~~~~~~~~~~~~~~~~~~~~ - purefa_dns - Added facility to add a CA certifcate to management DNS and check peer. - purefa_info - Add NSID value for NVMe namespace in `hosts` response - purefa_info - Subset `pgroups` now also provides a new dict called `deleted_pgroups` - purefa_offload - Remove `nfs` as an option when Purity//FA 6.6.0 or higher is detected - purefa_snap - Add support for suffix on remote offload snapshots telekom_mms.icinga_director ~~~~~~~~~~~~~~~~~~~~~~~~~~~ - Extended docs and examples for multiple assign_filter conditions (telekom-mms/ansible-collection-icinga-director#227) theforeman.foreman ~~~~~~~~~~~~~~~~~~ - content_view_publish role - allow passing ``async`` and ``poll`` to the module (theforeman/foreman-ansible-modules#1676) - convert2rhel role - install ``convert2rhel`` from ``cdn-public.redhat.com``, dropping the requirement of a custom CA cert
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
SUMMARY
Print error message from keycloak following a HttpError
ISSUE TYPE
COMPONENT NAME
keycloak_user
keycloak_role
ADDITIONAL INFORMATION
Task
Before
After