This ensures that the KeycloakClient secret is not regenerated on each reconcilation loop. We also no longer generate a password and instead allow the Keycloak operator to do so - when the Client is created on the server a UUID is generated for the client secret, which the Operator then fetches and stores in the Secret.
Unfortunately, this change means that Gitea config no longer has a simple means to identify when the client-secret has changed and issue the update-oauth commands, and so with this change that capability is removed. This should probably end up being a function of the Gitea operator (e.g. watching for last updated times of the corresponding Secret compared with the last reconciliation time of the CR).
This ensures that the KeycloakClient secret is not regenerated on each reconcilation loop. We also no longer generate a password and instead allow the Keycloak operator to do so - when the Client is created on the server a UUID is generated for the client secret, which the Operator then fetches and stores in the Secret.
Unfortunately, this change means that Gitea config no longer has a simple means to identify when the client-secret has changed and issue the update-oauth commands, and so with this change that capability is removed. This should probably end up being a function of the Gitea operator (e.g. watching for last updated times of the corresponding Secret compared with the last reconciliation time of the CR).