This is a backport of PR #8545 as merged into main (1053545870f0f71eae8cb05dddc995f6ee737f50).
SUMMARY
Stumbled upon this when using an older version of the plugin.
Originally had the issue with consentRequired which was fixed by Merge #8496 .
If the user supplies no id either in the module.params.get('id') or in one of the module.params.get('protocol_mappers'), the comparison will result in a diff detected, even though all other params might be identical.
Running a task multiple times with no ids set (Keycloak API then creates one) will now result in no change detected, improving idempotence checks.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
commnity.general.keycloak_clientscope.py
ADDITIONAL INFORMATION
The check on wether the task changed now normalizes the dicts desired_clientscope and before_clientscope to ignore all id fields on all levels, as they are not required to be set if a name has been set instead.
This ensures that the module does not detect a change and does not call the keycloak API unnecessarily.
Before:
if desired_clientscope == before_clientscope: #...
After:
if normalise_cr(desired_clientscope, remove_ids=True) == normalise_cr(before_clientscope, remove_ids=True): #...
This is a backport of PR #8545 as merged into main (1053545870f0f71eae8cb05dddc995f6ee737f50).
SUMMARY
Stumbled upon this when using an older version of the plugin. Originally had the issue with
consentRequired
which was fixed by Merge #8496 .If the user supplies no
id
either in themodule.params.get('id')
or in one of themodule.params.get('protocol_mappers')
, the comparison will result in a diff detected, even though all other params might be identical.Running a task multiple times with no
id
s set (Keycloak API then creates one) will now result in no change detected, improving idempotence checks.ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
commnity.general.keycloak_clientscope.py
ADDITIONAL INFORMATION
The check on wether the task
changed
now normalizes the dictsdesired_clientscope
andbefore_clientscope
to ignore allid
fields on all levels, as they are not required to be set if aname
has been set instead.This ensures that the module does not detect a change and does not call the keycloak API unnecessarily.
Before:
After: