From c850e209abce1e96a525d0037cc27c17da566ac3 Mon Sep 17 00:00:00 2001 From: Marius Bertram Date: Sun, 19 Oct 2025 21:12:41 +0200 Subject: [PATCH] Add support for client auth in Keycloak cllient secrets module (#10933) * keycloak: add client authentication support for client_secret Signed-off-by: Marius Bertram * readd ['token', 'auth_realm'] Signed-off-by: Marius Bertram --------- Signed-off-by: Marius Bertram --- ...ycloak-add-client-auth-for-clientsecret-modules.yml | 2 ++ .../identity/keycloak/keycloak_clientsecret.py | 4 ++-- plugins/modules/keycloak_clientsecret_info.py | 10 ++++++++++ plugins/modules/keycloak_clientsecret_regenerate.py | 10 ++++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml diff --git a/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml new file mode 100644 index 0000000000..df70186ff5 --- /dev/null +++ b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth`` work (https://github.com/ansible-collections/community.general/issues/10932, https://github.com/ansible-collections/community.general/pull/10933). \ No newline at end of file diff --git a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py index 24751847bb..2118e8f6e2 100644 --- a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py +++ b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py @@ -33,8 +33,8 @@ def keycloak_clientsecret_module(): argument_spec=argument_spec, supports_check_mode=True, required_one_of=([['id', 'client_id'], - ['token', 'auth_realm', 'auth_username', 'auth_password']]), - required_together=([['auth_realm', 'auth_username', 'auth_password']]), + ['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]), + required_together=([['auth_username', 'auth_password']]), mutually_exclusive=[ ['token', 'auth_realm'], ['token', 'auth_username'], diff --git a/plugins/modules/keycloak_clientsecret_info.py b/plugins/modules/keycloak_clientsecret_info.py index 47d2679c44..8b92516eb9 100644 --- a/plugins/modules/keycloak_clientsecret_info.py +++ b/plugins/modules/keycloak_clientsecret_info.py @@ -92,6 +92,16 @@ EXAMPLES = r""" token: TOKEN delegate_to: localhost no_log: true + +- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret + community.general.keycloak_clientsecret_info: + id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' + realm: MyCustomRealm + auth_client_id: admin-cli + auth_client_secret: SECRET + auth_keycloak_url: https://auth.example.com/auth + delegate_to: localhost + no_log: true """ RETURN = r""" diff --git a/plugins/modules/keycloak_clientsecret_regenerate.py b/plugins/modules/keycloak_clientsecret_regenerate.py index ae7c1af4f3..823c011a96 100644 --- a/plugins/modules/keycloak_clientsecret_regenerate.py +++ b/plugins/modules/keycloak_clientsecret_regenerate.py @@ -95,6 +95,16 @@ EXAMPLES = r""" token: TOKEN delegate_to: localhost no_log: true + +- name: Regenerate a new Keycloak client secret, authentication with auth_client_id and auth_client_secret + community.general.keycloak_clientsecret_regenerate: + id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' + realm: MyCustomRealm + auth_client_id: admin-cli + auth_client_secret: SECRET + auth_keycloak_url: https://auth.example.com/auth + delegate_to: localhost + no_log: true """ RETURN = r"""