1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

Fix sanitize for keycloak_identitiy_provider. (#8355)

* Fix sanitize for keycloak_identitiy_provider.

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Florian Apolloner 2024-05-15 18:46:12 +02:00 committed by GitHub
parent 7dd7cbdba8
commit fabf6263f1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 4 additions and 1 deletions

View file

@ -0,0 +1,2 @@
security_fixes:
- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).

View file

@ -437,7 +437,7 @@ def sanitize(idp):
idpcopy = deepcopy(idp) idpcopy = deepcopy(idp)
if 'config' in idpcopy: if 'config' in idpcopy:
if 'clientSecret' in idpcopy['config']: if 'clientSecret' in idpcopy['config']:
idpcopy['clientSecret'] = '**********' idpcopy['config']['clientSecret'] = '**********'
return idpcopy return idpcopy

View file

@ -62,6 +62,7 @@
- result.existing == {} - result.existing == {}
- result.end_state.alias == "{{ idp }}" - result.end_state.alias == "{{ idp }}"
- result.end_state.mappers != [] - result.end_state.mappers != []
- result.end_state.config.client_secret = "**********"
- name: Update existing identity provider (no change) - name: Update existing identity provider (no change)
community.general.keycloak_identity_provider: community.general.keycloak_identity_provider: