From 3d418d9ede9951cfbb9b9705a93c8a4e408b3dc7 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 16 Feb 2025 12:38:04 +0100 Subject: [PATCH] [PR #9739/b2e2d2d3 backport][stable-10] keycloak_client: compare desired and before dicts directly in checkmode (#9759) keycloak_client: compare desired and before dicts directly in checkmode (#9739) * compare desired and before dicts directly in checkmode * fix authorizationServicesEnabled being dropped by kc if unset * only add authorizationsServicesEnabled=false if before_client exists * add changelog fragment * Update changelog. --------- Co-authored-by: Felix Fontein (cherry picked from commit b2e2d2d37b37c44835d024262f68a3f1f4577063) Co-authored-by: gruenbauer@b1-systems.de --- ...keycloak_client-compare-before-desired-directly.yml | 2 ++ plugins/modules/keycloak_client.py | 10 ++++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/9739-keycloak_client-compare-before-desired-directly.yml diff --git a/changelogs/fragments/9739-keycloak_client-compare-before-desired-directly.yml b/changelogs/fragments/9739-keycloak_client-compare-before-desired-directly.yml new file mode 100644 index 0000000000..1d1a3da737 --- /dev/null +++ b/changelogs/fragments/9739-keycloak_client-compare-before-desired-directly.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_client - in check mode, detect whether the lists in before client (for example redirect URI list) contain items that the lists in the desired client do not contain (https://github.com/ansible-collections/community.general/pull/9739). \ No newline at end of file diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py index f02a0bfb9e..70ff21a915 100644 --- a/plugins/modules/keycloak_client.py +++ b/plugins/modules/keycloak_client.py @@ -720,7 +720,7 @@ end_state: """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ - keycloak_argument_spec, get_token, KeycloakError, is_struct_included + keycloak_argument_spec, get_token, KeycloakError from ansible.module_utils.basic import AnsibleModule import copy @@ -771,6 +771,7 @@ def normalise_cr(clientrep, remove_ids=False): for key, value in clientrep['attributes'].items(): if isinstance(value, bool): clientrep['attributes'][key] = str(value).lower() + clientrep['attributes'].pop('client.secret.creation.time', None) return clientrep @@ -965,6 +966,11 @@ def main(): else: before_client = kc.get_client_by_id(cid, realm=realm) + # kc drops the variable 'authorizationServicesEnabled' if set to false + # to minimize diff/changes we set it to false if not set by kc + if before_client and 'authorizationServicesEnabled' not in before_client: + before_client['authorizationServicesEnabled'] = False + if before_client is None: before_client = {} @@ -1036,7 +1042,7 @@ def main(): if module._diff: result['diff'] = dict(before=sanitize_cr(before_norm), after=sanitize_cr(desired_norm)) - result['changed'] = not is_struct_included(desired_norm, before_norm, CLIENT_META_DATA) + result['changed'] = desired_norm != before_norm module.exit_json(**result)