Add support for client auth in Keycloak cllient secrets module (#10933)

* keycloak: add client authentication support for client_secret Signed-off-by: Marius Bertram <marius@brtrm.de> * readd ['token', 'auth_realm'] Signed-off-by: Marius Bertram <marius@brtrm.de> --------- Signed-off-by: Marius Bertram <marius@brtrm.de>
2026-03-26 21:33:12 +00:00 · 2025-10-19 21:12:41 +02:00
parent d4dfc217d8
commit c850e209ab
4 changed files with 24 additions and 2 deletions
--- a/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml
+++ b/changelogs/fragments/10933-keycloak-add-client-auth-for-clientsecret-modules.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_clientsecret, keycloak_clientsecret_info - make ``client_auth`` work (https://github.com/ansible-collections/community.general/issues/10932, https://github.com/ansible-collections/community.general/pull/10933).
--- a/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py
+++ b/plugins/module_utils/identity/keycloak/keycloak_clientsecret.py
@@ -33,8 +33,8 @@ def keycloak_clientsecret_module():
        argument_spec=argument_spec,
        supports_check_mode=True,
        required_one_of=([['id', 'client_id'],
-                         ['token', 'auth_realm', 'auth_username', 'auth_password']]),
-        required_together=([['auth_realm', 'auth_username', 'auth_password']]),
+                         ['token', 'auth_realm', 'auth_username', 'auth_password', 'auth_client_id', 'auth_client_secret']]),
+        required_together=([['auth_username', 'auth_password']]),
        mutually_exclusive=[
            ['token', 'auth_realm'],
            ['token', 'auth_username'],
--- a/plugins/modules/keycloak_clientsecret_info.py
+++ b/plugins/modules/keycloak_clientsecret_info.py
@@ -92,6 +92,16 @@ EXAMPLES = r"""
    token: TOKEN
  delegate_to: localhost
  no_log: true
+
+- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_info:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """

 RETURN = r"""
--- a/plugins/modules/keycloak_clientsecret_regenerate.py
+++ b/plugins/modules/keycloak_clientsecret_regenerate.py
@@ -95,6 +95,16 @@ EXAMPLES = r"""
    token: TOKEN
  delegate_to: localhost
  no_log: true
+
+- name: Regenerate a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
+  community.general.keycloak_clientsecret_regenerate:
+    id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_client_secret: SECRET
+    auth_keycloak_url: https://auth.example.com/auth
+  delegate_to: localhost
+  no_log: true
 """

 RETURN = r"""