mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Fix sanitize for keycloak_identitiy_provider. (#8355)
* Fix sanitize for keycloak_identitiy_provider. * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
7dd7cbdba8
commit
fabf6263f1
3 changed files with 4 additions and 1 deletions
2
changelogs/fragments/8355-keycloak-idp-sanitize.yaml
Normal file
2
changelogs/fragments/8355-keycloak-idp-sanitize.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
security_fixes:
|
||||||
|
- keycloak_identity_provider - the client secret was not correctly sanitized by the module. The return values ``proposed``, ``existing``, and ``end_state``, as well as the diff, did contain the client secret unmasked (https://github.com/ansible-collections/community.general/pull/8355).
|
|
@ -437,7 +437,7 @@ def sanitize(idp):
|
||||||
idpcopy = deepcopy(idp)
|
idpcopy = deepcopy(idp)
|
||||||
if 'config' in idpcopy:
|
if 'config' in idpcopy:
|
||||||
if 'clientSecret' in idpcopy['config']:
|
if 'clientSecret' in idpcopy['config']:
|
||||||
idpcopy['clientSecret'] = '**********'
|
idpcopy['config']['clientSecret'] = '**********'
|
||||||
return idpcopy
|
return idpcopy
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -62,6 +62,7 @@
|
||||||
- result.existing == {}
|
- result.existing == {}
|
||||||
- result.end_state.alias == "{{ idp }}"
|
- result.end_state.alias == "{{ idp }}"
|
||||||
- result.end_state.mappers != []
|
- result.end_state.mappers != []
|
||||||
|
- result.end_state.config.client_secret = "**********"
|
||||||
|
|
||||||
- name: Update existing identity provider (no change)
|
- name: Update existing identity provider (no change)
|
||||||
community.general.keycloak_identity_provider:
|
community.general.keycloak_identity_provider:
|
||||||
|
|
Loading…
Reference in a new issue