search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
827 stars 1.52k forks source link

keycloak_client should provide a mechanism to return the secret #4468

Open lod opened 2 years ago

lod commented 2 years ago

Summary

The current keycloak_client code scrubs the secret from the return data https://github.com/ansible-collections/community.general/blob/main/plugins/modules/identity/keycloak/keycloak_client.py#L753

I think this is fantastic default behaviour, but it limits functionality. Sometimes you want to retrieve the secret, it allows syncing work with the other end. There is also the feature where the secret will be autogenerated if not supplied, great, but there is no way of retrieving this value.

Adding an option to request that the secret be returned would be wonderful, off by default provides safe behaviour by default, and backwards compatibility. However an option would allow folks who need it and are willing to wear the risks.

An alternative option would be to return when the nolog option was set on the task, however I'm not sure if this is determinable within the module. More importantly I think this kind of magic behaviour should be avoided.

Issue Type

Feature Idea

Component Name

keycloak_client

Additional Information

No response

Code of Conduct

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 2 years ago

cc @eikef @ndclt click here for bot help

felixfontein commented 2 years ago

An alternative option would be to return when the nolog option was set on the task, however I'm not sure if this is determinable within the module. More importantly I think this kind of magic behaviour should be avoided.

I agree. Having an option would be best.

ansibullbot commented 2 years ago

Files identified in the description:

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @mattock click here for bot help

ansibullbot commented 3 months ago

cc @thomasbach-dev click here for bot help