From 3ecbadf694c5f4a44afeabb451f02e3f52af8efc Mon Sep 17 00:00:00 2001 From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com> Date: Wed, 22 Feb 2023 15:23:33 +0100 Subject: [PATCH] [PR #5934/78297e44 backport][stable-6] Fix keycloak sanitize_cr (#6036) Fix keycloak sanitize_cr (#5934) * Fix keycloak sanitize_cr * Update changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml Co-authored-by: Felix Fontein --------- Co-authored-by: Claude Dioudonnat Co-authored-by: Felix Fontein (cherry picked from commit 78297e44b74992c2108b6ffbb9b0b37e0d708c79) Co-authored-by: Claude Dioudonnat --- changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml | 2 ++ plugins/modules/keycloak_client.py | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml diff --git a/changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml b/changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml new file mode 100644 index 00000000000..1c3163023c2 --- /dev/null +++ b/changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml @@ -0,0 +1,2 @@ +bugfixes: + - "keycloak_client - fix accidental replacement of value for attribute ``saml.signing.private.key`` with ``no_log`` in wrong contexts (https://github.com/ansible-collections/community.general/pull/5934)." \ No newline at end of file diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py index 22ba6a810a5..51e516221b7 100644 --- a/plugins/modules/keycloak_client.py +++ b/plugins/modules/keycloak_client.py @@ -712,6 +712,7 @@ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ keycloak_argument_spec, get_token, KeycloakError from ansible.module_utils.basic import AnsibleModule +import copy def normalise_cr(clientrep, remove_ids=False): @@ -750,7 +751,7 @@ def sanitize_cr(clientrep): :param clientrep: the clientrep dict to be sanitized :return: sanitized clientrep dict """ - result = clientrep.copy() + result = copy.deepcopy(clientrep) if 'secret' in result: result['secret'] = 'no_log' if 'attributes' in result: