[PR #6931/91152cb1 backport][stable-7] Keycloak client secret (#7077)

Keycloak client secret (#6931)

* fixe missing secret at creation

* Update doc

* changelogs

* Default protocol only when creation

* Fix sanity test

* Add documentation

* Update plugins/modules/keycloak_client.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Andre Desrosiers <andre.desrosiers@ssss.gouv.qc.ca>
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 91152cb123)

Co-authored-by: desand01 <desrosiers.a@hotmail.com>

changelogs/fragments/6931-keycloak_client-inventory-bugfix.yml

@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_client inventory plugin - fix missing client secret (https://github.com/ansible-collections/community.general/pull/6931).

plugins/modules/keycloak_client.py

@@ -247,6 +247,7 @@ options:
     protocol:
         description:
             - Type of client.
+            - At creation only, default value will be V(openid-connect) if O(protocol) is omitted.
         type: str
         choices: ['openid-connect', 'saml']
 
@@ -721,6 +722,10 @@ from ansible.module_utils.basic import AnsibleModule
 import copy
 
 
+PROTOCOL_OPENID_CONNECT = 'openid-connect'
+PROTOCOL_SAML = 'saml'
+
+
 def normalise_cr(clientrep, remove_ids=False):
     """ Re-sorts any properties where the order so that diff's is minimised, and adds default values where appropriate so that the
     the change detection is more effective.
@@ -779,7 +784,7 @@ def main():
         consentText=dict(type='str'),
         id=dict(type='str'),
         name=dict(type='str'),
-        protocol=dict(type='str', choices=['openid-connect', 'saml']),
+        protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]),
         protocolMapper=dict(type='str'),
         config=dict(type='dict'),
     )
@@ -813,7 +818,7 @@ def main():
         authorization_services_enabled=dict(type='bool', aliases=['authorizationServicesEnabled']),
         public_client=dict(type='bool', aliases=['publicClient']),
         frontchannel_logout=dict(type='bool', aliases=['frontchannelLogout']),
-        protocol=dict(type='str', choices=['openid-connect', 'saml']),
+        protocol=dict(type='str', choices=[PROTOCOL_OPENID_CONNECT, PROTOCOL_SAML]),
         attributes=dict(type='dict'),
         full_scope_allowed=dict(type='bool', aliases=['fullScopeAllowed']),
         node_re_registration_timeout=dict(type='int', aliases=['nodeReRegistrationTimeout']),
@@ -911,6 +916,8 @@ def main():
 
         if 'clientId' not in desired_client:
             module.fail_json(msg='client_id needs to be specified when creating a new client')
+        if 'protocol' not in desired_client:
+            desired_client['protocol'] = PROTOCOL_OPENID_CONNECT
 
         if module._diff:
             result['diff'] = dict(before='', after=sanitize_cr(desired_client))