1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[PR #8355/fabf6263 backport][stable-6] Fix sanitize for keycloak_identitiy_provider. (#8369)

Fix sanitize for keycloak_identitiy_provider. (#8355)

* Fix sanitize for keycloak_identitiy_provider.

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit fabf6263f1)

Co-authored-by: Florian Apolloner <florian@apolloner.eu>
This commit is contained in:
patchback[bot] 2024-05-15 19:59:51 +02:00 committed by GitHub
parent 7efdcb618d
commit 1f3fefa31c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 4 additions and 1 deletions

View file

@ -0,0 +1,2 @@
security_fixes:
- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).

View file

@ -436,7 +436,7 @@ def sanitize(idp):
idpcopy = deepcopy(idp)
if 'config' in idpcopy:
if 'clientSecret' in idpcopy['config']:
idpcopy['clientSecret'] = '**********'
idpcopy['config']['clientSecret'] = '**********'
return idpcopy

View file

@ -62,6 +62,7 @@
- result.existing == {}
- result.end_state.alias == "{{ idp }}"
- result.end_state.mappers != []
- result.end_state.config.client_secret = "**********"
- name: Update existing identity provider (no change)
community.general.keycloak_identity_provider: