From 6526e0196ae5215a395546c2aad0112d540f80d9 Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Sun, 19 Oct 2025 21:22:44 +0200 Subject: [PATCH] [PR #10933/c850e209 backport][stable-11] Add support for client auth in Keycloak cllient secrets module (#10946) Add support for client auth in Keycloak cllient secrets module (#10933) * keycloak: add client authentication support for client_secret * readd ['token', 'auth_realm'] --------- (cherry picked from commit c850e209abce1e96a525d0037cc27c17da566ac3) Signed-off-by: Marius Bertram Co-authored-by: Marius Bertram --- ...ycloak-add-client-auth-for-clientsecret-modules.yml | 2 ++ .../identity/keycloak/keycloak_clientsecret.py | 4 ++-- plugins/modules/keycloak_clientsecret_info.py | 10 ++++++++++ plugins/modules/keycloak_clientsecret_regenerate.py | 10 ++++++++++ 4 files changed, 24 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml diff --git a/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml new file mode 100644 index 0000000000..df70186ff5 --- /dev/null +++ b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml @@ -0,0 +1,2 @@ +bugfixes: + - keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth`` work (https://github.com/ansible-collections/community.general/issues/10932, https://github.com/ansible-collections/community.general/pull/10933). \ No newline at end of file diff --git a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py index 366322c9df..b49e5c804c 100644 --- a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py +++ b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py @@ -35,8 +35,8 @@ def keycloak_clientsecret_module(): argument_spec=argument_spec, supports_check_mode=True, required_one_of=([['id', 'client_id'], - ['token', 'auth_realm', 'auth_username', 'auth_password']]), - required_together=([['auth_realm', 'auth_username', 'auth_password']]), + ['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]), + required_together=([['auth_username', 'auth_password']]), mutually_exclusive=[ ['token', 'auth_realm'], ['token', 'auth_username'], diff --git a/plugins/modules/keycloak_clientsecret_info.py b/plugins/modules/keycloak_clientsecret_info.py index 0ea48f6a33..98e7ac0e06 100644 --- a/plugins/modules/keycloak_clientsecret_info.py +++ b/plugins/modules/keycloak_clientsecret_info.py @@ -94,6 +94,16 @@ EXAMPLES = r""" token: TOKEN delegate_to: localhost no_log: true + +- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret + community.general.keycloak_clientsecret_info: + id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' + realm: MyCustomRealm + auth_client_id: admin-cli + auth_client_secret: SECRET + auth_keycloak_url: https://auth.example.com/auth + delegate_to: localhost + no_log: true """ RETURN = r""" diff --git a/plugins/modules/keycloak_clientsecret_regenerate.py b/plugins/modules/keycloak_clientsecret_regenerate.py index 2bcaeb3705..bc915fd1d6 100644 --- a/plugins/modules/keycloak_clientsecret_regenerate.py +++ b/plugins/modules/keycloak_clientsecret_regenerate.py @@ -97,6 +97,16 @@ EXAMPLES = r""" token: TOKEN delegate_to: localhost no_log: true + +- name: Regenerate a new Keycloak client secret, authentication with auth_client_id and auth_client_secret + community.general.keycloak_clientsecret_regenerate: + id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' + realm: MyCustomRealm + auth_client_id: admin-cli + auth_client_secret: SECRET + auth_keycloak_url: https://auth.example.com/auth + delegate_to: localhost + no_log: true """ RETURN = r"""