Merge pull request #1 from Fred-sun/update-kent007-dev-application

Add 'optional_claims' to the return value of azure_rm_adapplication
kent007 · Mar 22, 2024 · 49c31ef · 49c31ef
2 parents 7669ca0 + a5001c4
commit 49c31ef
Show file tree

Hide file tree

Showing 3 changed files with 82 additions and 14 deletions.
diff --git a/plugins/modules/azure_rm_adapplication.py b/plugins/modules/azure_rm_adapplication.py
@@ -177,7 +177,8 @@
                         description:
                             - Additional properties of the claim.
                             - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property.
-                        type: str
+                        type: list
+                        elements: str
             id_token_claims:
                 description:
                     - The optional claims returned in the JWT ID token
@@ -207,7 +208,8 @@
                         description:
                             - Additional properties of the claim.
                             - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property.
-                        type: str
+                        type: list
+                        elements: str
             saml2_token_claims:
                 description:
                     - The optional claims returned in the SAML token
@@ -237,7 +239,8 @@
                         description:
                             - Additional properties of the claim.
                             - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property.
-                        type: str
+                        type: list
+                        elements: str
     password:
         description:
             - App password, aka 'client secret'.
@@ -433,6 +436,30 @@
     returned: always
     type: list
     sample: []
+optional_claims:
+    description:
+        - Declare the optional claims for the application.
+    type: complex
+    returned: always
+    contains:
+        access_token_claims :
+            description:
+                - The optional claims returned in the JWT access token
+            type: list
+            returned: always
+            sample: ['name': 'aud', 'source': null, 'essential': false, 'additional_properties': []]
+        id_token_claims:
+            description:
+                - The optional claims returned in the JWT ID token
+            type: list
+            returned: always
+            sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []]
+        saml2_token_claims:
+            description:
+                - The optional claims returned in the SAML token
+            type: list
+            returned: always
+            sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []]
 '''
 
 from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt
@@ -493,7 +520,8 @@
         default=False
     ),
     additional_properties=dict(
-        type='str'
+        type='list',
+        elements='str'
     )
 )
 
@@ -864,9 +892,9 @@ def build_claims(claims_dict):
             ) for claim in claims_dict]
 
         claims = OptionalClaims(
-            access_token=build_claims(optional_claims.get("access_token")),
-            id_token=build_claims(optional_claims.get("id_token")),
-            saml2_token=build_claims(optional_claims.get("saml2_token"))
+            access_token=build_claims(optional_claims.get("access_token_claims")),
+            id_token=build_claims(optional_claims.get("id_token_claims")),
+            saml2_token=build_claims(optional_claims.get("saml2_token_claims"))
         )
         return claims
 

diff --git a/plugins/modules/azure_rm_adapplication_info.py b/plugins/modules/azure_rm_adapplication_info.py
@@ -129,6 +129,30 @@
             returned: always
             type: list
             sample: []
+        optional_claims:
+            description:
+                - Declare the optional claims for the application.
+            type: complex
+            returned: always
+            contains:
+                access_token_claims :
+                    description:
+                        - The optional claims returned in the JWT access token
+                    type: list
+                    returned: always
+                    sample: ['name': 'aud', 'source': null, 'essential': false, 'additional_properties': []]
+                id_token_claims:
+                    description:
+                        - The optional claims returned in the JWT ID token
+                    type: list
+                    returned: always
+                    sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []]
+                saml2_token_claims:
+                    description:
+                        - The optional claims returned in the SAML token
+                    type: list
+                    returned: always
+                    sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []]
 '''
 
 from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase
@@ -191,8 +215,17 @@ def exec_module(self, **kwargs):
 
         return self.results
 
+    def serialize_claims(self, claims):
+        if claims is None:
+            return None
+        return [{
+            "additional_properties": claim.additional_properties,
+            "essential": claim.essential,
+            "name": claim.name,
+            "source": claim.source} for claim in claims]
+
     def to_dict(self, object):
-        return dict(
+        response = dict(
             app_id=object.app_id,
             object_id=object.id,
             app_display_name=object.display_name,
@@ -201,9 +234,16 @@ def to_dict(self, object):
             sign_in_audience=object.sign_in_audience,
             web_reply_urls=object.web.redirect_uris,
             spa_reply_urls=object.spa.redirect_uris,
-            public_client_reply_urls=object.public_client.redirect_uris
+            public_client_reply_urls=object.public_client.redirect_uris,
+            optional_claims=dict(access_token=[], id_token=[], saml2_token=[])
         )
 
+        if object.optional_claims is not None:
+            response['optional_claims']['id_token'] = self.serialize_claims(object.optional_claims.id_token)
+            response['optional_claims']['saml2_token'] = self.serialize_claims(object.optional_claims.saml2_token)
+            response['optional_claims']['access_token'] = self.serialize_claims(object.optional_claims.access_token)
+        return response
+
     async def get_application(self, obj_id):
         return await self._client.applications.by_application_id(obj_id).get()
 

diff --git a/tests/integration/targets/azure_rm_adapplication/tasks/main.yml b/tests/integration/targets/azure_rm_adapplication/tasks/main.yml
@@ -38,14 +38,14 @@
         is_enabled: true
         value: Password@0329
     optional_claims:
-      access_token:
+      access_token_claims:
         - name: aud
           essential: true
-      id_token:
-        - name: aud
+      id_token_claims:
+        - name: acct
           essential: true
-      saml2_token:
-        - name: aud
+      saml2_token_claims:
+        - name: acct
           essential: true
   register: second_output