rename to role_owner_client_id

plugins/modules/keycloak_client.py

@@ -1346,7 +1346,7 @@ def main():
 
     # See if it already exists in Keycloak
     if cid is None:
-        before_client = kc.get_client_by_clientid(module.params.get("client_id"), realm=realm)
+        before_client = kc.get_client_by_client_idd(module.params.get("client_id"), realm=realm)
         if before_client is not None:
             cid = before_client["id"]
     else:
@@ -1440,7 +1440,7 @@ def main():
 
         # create it
         kc.create_client(desired_client, realm=realm)
-        after_client = kc.get_client_by_clientid(desired_client["clientId"], realm=realm)
+        after_client = kc.get_client_by_client_id(desired_client["clientId"], realm=realm)
 
         result["end_state"] = sanitize_cr(after_client)
 

plugins/modules/keycloak_client_rolescope.py

@@ -19,7 +19,7 @@ description:
     to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights.
     In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with
     the scope tailored to your needs and a user having the expected roles.
-  - Client O(client_id) must have O(middleware_automation.keycloak.keycloak_client#module:full_scope_allowed) set to V(false).
+  - Client O(target_client_id) must have O(middleware_automation.keycloak.keycloak_client#module:full_scope_allowed) set to V(false).
   - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
     by this module. You may pass single values for attributes when calling the module, and this is translated into a list
     suitable for the API.
@@ -50,12 +50,12 @@ options:
       - The Keycloak realm under which clients resides.
     default: 'master'
 
-  client_id:
+  target_client_id:
     type: str
     required: true
     description:
       - Roles provided in O(role_names) while be added to this client scope.
-  client_scope_id:
+  role_owner_client_id:
     type: str
     description:
       - If the O(role_names) are client role, the client ID under which it resides.
@@ -66,8 +66,8 @@ options:
     elements: str
     description:
       - Names of roles to manipulate.
-      - If O(client_scope_id) is present, all roles must be under this client.
-      - If O(client_scope_id) is absent, all roles must be under the realm.
+      - If O(role_owner_client_id) is present, all roles must be under this client.
+      - If O(role_owner_client_id) is absent, all roles must be under the realm.
 extends_documentation_fragment:
   - middleware_automation.keycloak.keycloak
   - middleware_automation.keycloak.actiongroup_keycloak
@@ -85,8 +85,8 @@ EXAMPLES = r"""
     auth_username: USERNAME
     auth_password: PASSWORD
     realm: MyCustomRealm
-    client_id: frontend-client-public
-    client_scope_id: backend-client-private
+    target_client_id: frontend-client-public
+    role_owner_client_id: backend-client-private
     role_names:
       - backend-role-admin
       - backend-role-user
@@ -98,8 +98,8 @@ EXAMPLES = r"""
     auth_username: USERNAME
     auth_password: PASSWORD
     realm: MyCustomRealm
-    client_id: frontend-client-public
-    client_scope_id: backend-client-private
+    target_client_id: frontend-client-public
+    role_owner_client_id: backend-client-private
     role_names:
       - backend-role-admin
     state: absent
@@ -111,7 +111,7 @@ EXAMPLES = r"""
     auth_username: USERNAME
     auth_password: PASSWORD
     realm: MyCustomRealm
-    client_id: frontend-client-public
+    target_client_id: frontend-client-public
     role_names:
       - realm-role-admin
       - realm-role-user
@@ -167,8 +167,8 @@ def main():
     argument_spec = keycloak_argument_spec()
 
     meta_args = dict(
-        client_id=dict(type="str", required=True),
-        client_scope_id=dict(type="str"),
+        target_client_id=dict(type="str", required=True),
+        role_owner_client_id=dict(type="str"),
         realm=dict(type="str", default="master"),
         role_names=dict(type="list", elements="str", required=True),
         state=dict(type="str", default="present", choices=["present", "absent"]),
@@ -189,8 +189,8 @@ def main():
     kc = KeycloakAPI(module, connection_header)
 
     realm = module.params.get("realm")
-    clientid = module.params.get("client_id")
-    client_scope_id = module.params.get("client_scope_id")
+    target_client_id = module.params.get("target_client_id")
+    role_owner_client_id = module.params.get("role_owner_client_id")
     role_names = module.params.get("role_names")
     state = module.params.get("state")
 
@@ -198,23 +198,23 @@ def main():
     if not objRealm:
         module.fail_json(msg=f"Failed to retrive realm '{realm}'")
 
-    objClient = kc.get_client_by_clientid(clientid, realm)
+    objClient = kc.get_client_by_target_client_id(target_client_id, realm)
     if not objClient:
-        module.fail_json(msg=f"Failed to retrive client '{realm}.{clientid}'")
+        module.fail_json(msg=f"Failed to retrive client '{realm}.{target_client_id}'")
     if objClient["fullScopeAllowed"] and state == "present":
-        module.fail_json(msg=f"FullScopeAllowed is active for Client '{realm}.{clientid}'")
+        module.fail_json(msg=f"FullScopeAllowed is active for Client '{realm}.{target_client_id}'")
 
-    if client_scope_id:
-        objClientScope = kc.get_client_by_clientid(client_scope_id, realm)
-        if not objClientScope:
-            module.fail_json(msg=f"Failed to retrive client '{realm}.{client_scope_id}'")
-        before_role_mapping = kc.get_client_role_scope_from_client(objClient["id"], objClientScope["id"], realm)
+    if role_owner_client_id:
+        role_owner_client = kc.get_client_by_client_id(role_owner_client_id, realm)
+        if not role_owner_client:
+            module.fail_json(msg=f"Failed to retrive client '{realm}.{role_owner_client_id}'")
+        before_role_mapping = kc.get_client_role_scope_from_client(objClient["id"], role_owner_client["id"], realm)
     else:
         before_role_mapping = kc.get_client_role_scope_from_realm(objClient["id"], realm)
 
-    if client_scope_id:
+    if role_owner_client_id:
         # retrive all role from client_scope
-        client_scope_roles_by_name = kc.get_client_roles_by_id(objClientScope["id"], realm)
+        client_scope_roles_by_name = kc.get_client_roles_by_id(role_owner_client["id"], realm)
     else:
         # retrive all role from realm
         client_scope_roles_by_name = kc.get_realm_roles(realm)
@@ -228,8 +228,8 @@ def main():
         # update desired
         for role_name in role_names:
             if role_name not in client_scope_roles_by_name:
-                if client_scope_id:
-                    module.fail_json(msg=f"Failed to retrive role '{realm}.{client_scope_id}.{role_name}'")
+                if role_owner_client_id:
+                    module.fail_json(msg=f"Failed to retrive role '{realm}.{role_owner_client_id}.{role_name}'")
                 else:
                     module.fail_json(msg=f"Failed to retrive role '{realm}.{role_name}'")
             if role_name not in role_mapping_by_name:
@@ -253,33 +253,33 @@ def main():
     if not result["changed"]:
         # no changes
         result["end_state"] = before_role_mapping
-        result["msg"] = f"No changes required for client role scope {clientid}."
+        result["msg"] = f"No changes required for client role scope {target_client_id}."
     elif state == "present":
         # doing update
         if module.check_mode:
             result["end_state"] = desired_role_mapping
-        elif client_scope_id:
+        elif role_owner_client_id:
             result["end_state"] = kc.update_client_role_scope_from_client(
-                role_mapping_to_manipulate, objClient["id"], objClientScope["id"], realm
+                role_mapping_to_manipulate, objClient["id"], role_owner_client["id"], realm
             )
         else:
             result["end_state"] = kc.update_client_role_scope_from_realm(
                 role_mapping_to_manipulate, objClient["id"], realm
             )
-        result["msg"] = f"Client role scope for {clientid} has been updated"
+        result["msg"] = f"Client role scope for {target_client_id} has been updated"
     else:
         # doing delete
         if module.check_mode:
             result["end_state"] = desired_role_mapping
-        elif client_scope_id:
+        elif role_owner_client_id:
             result["end_state"] = kc.delete_client_role_scope_from_client(
-                role_mapping_to_manipulate, objClient["id"], objClientScope["id"], realm
+                role_mapping_to_manipulate, objClient["id"], role_owner_client["id"], realm
             )
         else:
             result["end_state"] = kc.delete_client_role_scope_from_realm(
                 role_mapping_to_manipulate, objClient["id"], realm
             )
-        result["msg"] = f"Client role scope for {clientid} has been deleted"
+        result["msg"] = f"Client role scope for {target_client_id} has been deleted"
     module.exit_json(**result)
 
 

plugins/modules/keycloak_client_scope_rolemappings.py

@@ -200,7 +200,7 @@ def main():
 
     if client_id:
         # add client role
-        client_object = kc.get_client_by_clientid(client_id, realm)
+        client_object = kc.get_client_by_client_id(client_id, realm)
         if not client_object:
             module.fail_json(msg=f"Failed to retrieve client '{realm}.{client_id}'")
         if client_object["fullScopeAllowed"] and state == "present":