[PR #8735/57e28e5a backport][stable-9] keycloak_identity_provider: get cleartext clientsecret (#8744)

keycloak_identity_provider: get cleartext clientsecret (#8735) * get cleartext `clientSecret` from full realm info * add mock get_realm call to existing tests; add new no_change_when_present test * add changelog fragment * remove blank lines * Update changelog. --------- Co-authored-by: Felix Fontein <felix@fontein.de> (cherry picked from commit 57e28e5a73) Co-authored-by: fgruenbauer <gruenbauer@b1-systems.de>
2025-04-25 11:51:26 -07:00 · 2024-08-12 08:07:10 +02:00 · 2024-08-12 08:07:10 +02:00 · e10f95836e
commit e10f95836e
parent 176f6a62ae
3 changed files with 304 additions and 11 deletions
--- a/plugins/modules/keycloak_identity_provider.py
+++ b/plugins/modules/keycloak_identity_provider.py
@ -445,6 +445,15 @@ def get_identity_provider_with_mappers(kc, alias, realm):
    idp = kc.get_identity_provider(alias, realm)
    if idp is not None:
        idp['mappers'] = sorted(kc.get_identity_provider_mappers(alias, realm), key=lambda x: x.get('name'))
+        # clientSecret returned by API when using `get_identity_provider(alias, realm)` is always **********
+        # to detect changes to the secret, we get the actual cleartext secret from the full realm info
+        if 'config' in idp:
+            if 'clientSecret' in idp['config']:
+                for idp_from_realm in kc.get_realm_by_id(realm).get('identityProviders', []):
+                    if idp_from_realm['internalId'] == idp['internalId']:
+                        cleartext_secret = idp_from_realm.get('config', {}).get('clientSecret')
+                        if cleartext_secret:
+                            idp['config']['clientSecret'] = cleartext_secret
    if idp is None:
        idp = {}
    return idp