keycloak_client: Notify user for correct URI scheme

[SamyCoenen]

SUMMARY

When I don't define the protocol(http/https) I get an unknown url type exception

This happens when using the keycloak_client module with a wrong auth_keycloak_url

https://github.com/ansible-collections/community.general/blob/46914b857c55221f7047ac32c68ca83f34739293/plugins/modules/identity/keycloak/keycloak_client.py#L721

this uses open_url here https://github.com/ansible-collections/community.general/blob/46914b857c55221f7047ac32c68ca83f34739293/plugins/module_utils/identity/keycloak/keycloak.py#L90

open_url is included in Ansible itself.

In an existing issue I found this

I will however note that open_url typically contains no error handling, that is also the responsibility of the caller. https://github.com/ansible/ansible/issues/66002#issuecomment-568051268

ISSUE TYPE

• Bug Report

COMPONENT NAME

keycloak_client

ANSIBLE VERSION

ansible 2.9.7
  config file = /etc/ansible/ansible.cfg
  configured module search path = ['/home/samy/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /home/samy/.local/lib/python3.8/site-packages/ansible
  executable location = /home/samy/.local/bin/ansible
  python version = 3.8.2 (default, Apr  8 2020, 14:31:25) [GCC 9.3.0]

CONFIGURATION

DEFAULT_MODULE_UTILS_PATH(/etc/ansible/ansible.cfg) = ['/home/samy/nubera/ansible/module_utils']
DEFAULT_ROLES_PATH(/etc/ansible/ansible.cfg) = ['/home/samy/nubera/ansible/apb']

OS / ENVIRONMENT

uname -a                                                                                                               10:10:44
Linux dell-latitude-5500-sc 5.6.11-arch1-1 #1 SMP PREEMPT Wed, 06 May 2020 17:32:37 +0000 x86_64 GNU/Linux

STEPS TO REPRODUCE

- hosts: localhost
  connection: local
  tasks:
  - name: Create a Keycloak client for Vault
    keycloak_client:
      state: present
      realm: master
      auth_keycloak_url: keycloak.example.com:8080/auth
      auth_realm: master
      auth_username: admin
      auth_password: password
      client_id: vault
      name: vault
      root_url: "http://vault.example.com"
      admin_url: "http://vault.example.com"
      base_url: "/"
      enabled: true
      client_authenticator_type: client-secret
      redirect_uris:
        - "https://vault.example.com/*"
      web_origins:
        - "https://vault.example.com"
      not_before: 0
      bearer_only: false
      consent_required: false
      standard_flow_enabled: true
      implicit_flow_enabled: false
      direct_access_grants_enabled: true
      service_accounts_enabled: false
      public_client: false
      protocol: openid-connect
      protocol_mappers:
        - name: app_metadata
          protocol: openid-connect
          protocolMapper: oidc-usermodel-realm-role-mapper
          consentRequired: false
          config:
            multivalued: "true"
            userinfo.token.claim: "true"
            id.token.claim: "true"
            access.token.claim: "true"
            claim.name: app_metadata.roles
            jsonType.label: String

EXPECTED RESULTS

"msg": "Client vault has been updated.",

ACTUAL RESULTS

"msg": "Could not obtain access token from keycloak.example.com:8080/auth/realms/master/protocol/openid-connect/token: <urlopen error unknown url type: keycloak>"

[ansibullbot]

Files identified in the description:

• plugins/modules/identity/keycloak/keycloak_client.py

If these files are inaccurate, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @eikef @ndclt click here for bot help

[ndclt]

Hi @SamyCoenen,

it seems logical to me that you have to specify the protocol and it fails without it. @resmo: what do you think about it?

[SamyCoenen]

@ndclt It would be nice to have a clear error message in that case. Right now unknown url type doesn't tell me that protocol http or https is missing.

[Akasurde]

resolved_by_pr #1487