From 8ff40b3619dc078dafc82da485c933d80bdf41a5 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 22 Mar 2024 15:28:38 +0800 Subject: [PATCH 1/2] Add 'optional_claims' to the return value of azure_rm_adapplication --- plugins/modules/azure_rm_adapplication.py | 30 +++++++++++-- .../modules/azure_rm_adapplication_info.py | 44 ++++++++++++++++++- .../azure_rm_adapplication/tasks/main.yml | 10 ++--- 3 files changed, 74 insertions(+), 10 deletions(-) diff --git a/plugins/modules/azure_rm_adapplication.py b/plugins/modules/azure_rm_adapplication.py index 12ac21715..7e7ce98fe 100644 --- a/plugins/modules/azure_rm_adapplication.py +++ b/plugins/modules/azure_rm_adapplication.py @@ -430,6 +430,30 @@ returned: always type: list sample: [] +optional_claims: + description: + - Declare the optional claims for the application. + type: complex + returned: always + contains: + access_token_claims : + description: + - The optional claims returned in the JWT access token + type: list + returned: always + sample: ['name': 'aud', 'source': null, 'essential': false, 'additional_properties': []] + id_token_claims: + description: + - The optional claims returned in the JWT ID token + type: list + returned: always + sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []] + saml2_token_claims: + description: + - The optional claims returned in the SAML token + type: list + returned: always + sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []] ''' from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt @@ -861,9 +885,9 @@ def build_claims(claims_dict): ) for claim in claims_dict] claims = OptionalClaims( - access_token=build_claims(optional_claims.get("access_token")), - id_token=build_claims(optional_claims.get("id_token")), - saml2_token=build_claims(optional_claims.get("saml2_token")) + access_token=build_claims(optional_claims.get("access_token_claims")), + id_token=build_claims(optional_claims.get("id_token_claims")), + saml2_token=build_claims(optional_claims.get("saml2_token_claims")) ) return claims diff --git a/plugins/modules/azure_rm_adapplication_info.py b/plugins/modules/azure_rm_adapplication_info.py index 167b82552..e3eb53aac 100644 --- a/plugins/modules/azure_rm_adapplication_info.py +++ b/plugins/modules/azure_rm_adapplication_info.py @@ -129,6 +129,30 @@ returned: always type: list sample: [] + optional_claims: + description: + - Declare the optional claims for the application. + type: complex + returned: always + contains: + access_token_claims : + description: + - The optional claims returned in the JWT access token + type: list + returned: always + sample: ['name': 'aud', 'source': null, 'essential': false, 'additional_properties': []] + id_token_claims: + description: + - The optional claims returned in the JWT ID token + type: list + returned: always + sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []] + saml2_token_claims: + description: + - The optional claims returned in the SAML token + type: list + returned: always + sample: ['name': 'acct', 'source': null, 'essential': false, 'additional_properties': []] ''' from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBase @@ -191,8 +215,17 @@ def exec_module(self, **kwargs): return self.results + def serialize_claims(self, claims): + if claims is None: + return None + return [{ + "additional_properties": claim.additional_properties, + "essential": claim.essential, + "name": claim.name, + "source": claim.source} for claim in claims] + def to_dict(self, object): - return dict( + response = dict( app_id=object.app_id, object_id=object.id, app_display_name=object.display_name, @@ -201,9 +234,16 @@ def to_dict(self, object): sign_in_audience=object.sign_in_audience, web_reply_urls=object.web.redirect_uris, spa_reply_urls=object.spa.redirect_uris, - public_client_reply_urls=object.public_client.redirect_uris + public_client_reply_urls=object.public_client.redirect_uris, + optional_claims=dict(access_token=[], id_token=[], saml2_token=[]) ) + if object.optional_claims is not None: + response['optional_claims']['id_token'] = self.serialize_claims(object.optional_claims.id_token) + response['optional_claims']['saml2_token'] = self.serialize_claims(object.optional_claims.saml2_token) + response['optional_claims']['access_token'] = self.serialize_claims(object.optional_claims.access_token) + return response + async def get_application(self, obj_id): return await self._client.applications.by_application_id(obj_id).get() diff --git a/tests/integration/targets/azure_rm_adapplication/tasks/main.yml b/tests/integration/targets/azure_rm_adapplication/tasks/main.yml index a5f62936c..86a06c675 100644 --- a/tests/integration/targets/azure_rm_adapplication/tasks/main.yml +++ b/tests/integration/targets/azure_rm_adapplication/tasks/main.yml @@ -38,14 +38,14 @@ is_enabled: true value: Password@0329 optional_claims: - access_token: + access_token_claims: - name: aud essential: true - id_token: - - name: aud + id_token_claims: + - name: acct essential: true - saml2_token: - - name: aud + saml2_token_claims: + - name: acct essential: true register: second_output From a5001c455e8fe7325b32517eefe214ef7e15e43f Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 22 Mar 2024 15:45:19 +0800 Subject: [PATCH 2/2] Modify 'additional_properties' type to 'list' --- plugins/modules/azure_rm_adapplication.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/plugins/modules/azure_rm_adapplication.py b/plugins/modules/azure_rm_adapplication.py index 7e7ce98fe..4e7fd58ad 100644 --- a/plugins/modules/azure_rm_adapplication.py +++ b/plugins/modules/azure_rm_adapplication.py @@ -176,7 +176,8 @@ description: - Additional properties of the claim. - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property. - type: str + type: list + elements: str id_token_claims: description: - The optional claims returned in the JWT ID token @@ -205,7 +206,8 @@ description: - Additional properties of the claim. - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property. - type: str + type: list + elements: str saml2_token_claims: description: - The optional claims returned in the SAML token @@ -234,7 +236,8 @@ description: - Additional properties of the claim. - If a property exists in this collection, it modifies the behavior of the optional claim specified in the name property. - type: str + type: list + elements: str password: description: - App password, aka 'client secret'. @@ -514,7 +517,8 @@ default=False ), additional_properties=dict( - type='str' + type='list', + elements='str' ) )