[PR #5934/78297e44 backport][stable-5] Fix keycloak sanitize_cr (#6035)

Fix keycloak sanitize_cr (#5934) * Fix keycloak sanitize_cr * Update changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml Co-authored-by: Felix Fontein <[email protected]> --------- Co-authored-by: Claude Dioudonnat <[email protected]> Co-authored-by: Felix Fontein <[email protected]> (cherry picked from commit 78297e4) Co-authored-by: Claude Dioudonnat <[email protected]>
ansible-collections · Feb 22, 2023 · 7ff20a5 · 7ff20a5
1 parent 865a8e9
commit 7ff20a5
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml b/changelogs/fragments/5934-fix-keycloak-sanitize_cr.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - "keycloak_client - fix accidental replacement of value for attribute ``saml.signing.private.key`` with ``no_log`` in wrong contexts (https://github.com/ansible-collections/community.general/pull/5934)."
diff --git a/plugins/modules/identity/keycloak/keycloak_client.py b/plugins/modules/identity/keycloak/keycloak_client.py
@@ -712,6 +712,7 @@
 from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
     keycloak_argument_spec, get_token, KeycloakError
 from ansible.module_utils.basic import AnsibleModule
+import copy
 
 
 def normalise_cr(clientrep, remove_ids=False):
@@ -750,7 +751,7 @@ def sanitize_cr(clientrep):
     :param clientrep: the clientrep dict to be sanitized
     :return: sanitized clientrep dict
     """
-    result = clientrep.copy()
+    result = copy.deepcopy(clientrep)
     if 'secret' in result:
         result['secret'] = 'no_log'
     if 'attributes' in result: