keycloak_clientscope_type - keep other clientscopes unchanged feature

[g-nardiello]

Summary

I am trying to setup default_clientscopes and optional_clientscopes on new scopes I created using the community.general.keycloak_clientscope_type module, but when I execute it changes the state on non-declared scopes to none. How could I change clientscope_type only for clientscopes I indicated on my request?

Suggestion: It could be added a none_clientscopes list of strings parameter to the keycloak_clientscope_type module. It will work as follow:

• if none_clientscopes is defined, it changes only declared clientscopes
• if none_clientscopes is not defined, all non-declared clientscopes will be set to null

If I well understand how the plugin words, this solution ensures backwards compatibility of the plugin!

Issue Type

Feature Idea

Component Name

keycloak_clientscope_type

Additional Information

Updated examples:

- name: Set default client scopes on realm level, change others to none
  community.general.keycloak_clientsecret_info:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
    auth_username: USERNAME
    auth_password: PASSWORD
    realm: "MyCustomRealm"
    default_clientscopes: ['profile', 'roles']
  delegate_to: localhost

- name: Set default and optional client scopes on client level with token auth, change others to none
  community.general.keycloak_clientsecret_info:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    token: TOKEN
    realm: "MyCustomRealm"
    client_id: "MyCustomClient"
    default_clientscopes: ['profile', 'roles']
    optional_clientscopes: ['phone']
  delegate_to: localhost

- name: Set default and optional client scopes on client level with token auth, keep others unchanged
  community.general.keycloak_clientsecret_info:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    token: TOKEN
    realm: "MyCustomRealm"
    client_id: "MyCustomClient"
    default_clientscopes: ['profile', 'roles']
    optional_clientscopes: ['phone']
    none_clientscopes: ['']

- name: Set default, optional and none client scopes on client level with token auth, keep others unchanged
  community.general.keycloak_clientsecret_info:
    auth_client_id: admin-cli
    auth_keycloak_url: https://auth.example.com/auth
    token: TOKEN
    realm: "MyCustomRealm"
    client_id: "MyCustomClient"
    default_clientscopes: ['profile', 'roles']
    optional_clientscopes: ['phone']
    none_clientscopes: ['address']

Code of Conduct

• [X] I agree to follow the Ansible Code of Conduct

[ansibullbot]

Files identified in the description:

• plugins/modules/keycloak_clientscope_type.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

[ansibullbot]

cc @eikef @mattock @ndclt @simonpahl click here for bot help

[ansibullbot]

cc @thomasbach-dev click here for bot help