search

ansible-collections / community.general

Ansible Community General Collection
https://galaxy.ansible.com/ui/repo/published/community/general/
GNU General Public License v3.0
784 stars 1.45k forks source link

[PR #8545/10535458 backport][stable-8] keycloak_clientscope: ignore ids on diff check #8553

Closed patchback[bot] closed 1 week ago

patchback[bot] commented 1 week ago

This is a backport of PR #8545 as merged into main (1053545870f0f71eae8cb05dddc995f6ee737f50).

SUMMARY

Stumbled upon this when using an older version of the plugin. Originally had the issue with consentRequired which was fixed by Merge #8496 .

If the user supplies no id either in the module.params.get('id') or in one of the module.params.get('protocol_mappers'), the comparison will result in a diff detected, even though all other params might be identical.

Running a task multiple times with no ids set (Keycloak API then creates one) will now result in no change detected, improving idempotence checks.

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

commnity.general.keycloak_clientscope.py

ADDITIONAL INFORMATION

The check on wether the task changed now normalizes the dicts desired_clientscope and before_clientscope to ignore all id fields on all levels, as they are not required to be set if a name has been set instead.

This ensures that the module does not detect a change and does not call the keycloak API unnecessarily.

Before:

if desired_clientscope == before_clientscope:  #...

After:

if normalise_cr(desired_clientscope, remove_ids=True) == normalise_cr(before_clientscope, remove_ids=True):  #...
ansibullbot commented 1 week ago

cc @Gaetan2907 @eikef @mattock @ndclt click here for bot help