From 0e818c48120628b3ac3e39061e12492357a024b8 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Mon, 14 Apr 2025 22:51:23 +0200
Subject: [PATCH] [PR #9976/04137746 backport][stable-10] keycloak_client: fix
 idempotency regression (#9997)

keycloak_client: fix idempotency regression (#9976)

* add function to normalize kc responses

* add changelog fragment

* Update changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml

Co-authored-by: Felix Fontein <felix@fontein.de>

* add newline to changelog fragment

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit 041377464196cc30c16719a61d2a03e2a6d14c36)

Co-authored-by: gruenbauer@b1-systems.de <gruenbauer@b1-systems.de>
---
 ...-keycloak_client-fix-idempotency-regression.yml |  2 ++
 plugins/modules/keycloak_client.py                 | 14 ++++++++++----
 2 files changed, 12 insertions(+), 4 deletions(-)
 create mode 100644 changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml

diff --git a/changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml b/changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml
new file mode 100644
index 0000000000..593298d303
--- /dev/null
+++ b/changelogs/fragments/9976-keycloak_client-fix-idempotency-regression.yml
@@ -0,0 +1,2 @@
+bugfixes:
+  - keycloak_client - fix the idempotency regression by normalizing the Keycloak response for ``after_client`` (https://github.com/ansible-collections/community.general/issues/9905, https://github.com/ansible-collections/community.general/pull/9976).
diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py
index 70ff21a915..e7a2de7c85 100644
--- a/plugins/modules/keycloak_client.py
+++ b/plugins/modules/keycloak_client.py
@@ -775,6 +775,13 @@ def normalise_cr(clientrep, remove_ids=False):
     return clientrep
 
 
+def normalize_kc_resp(clientrep):
+    # kc drops the variable 'authorizationServicesEnabled' if set to false
+    # to minimize diff/changes we set it to false if not set by kc
+    if clientrep and 'authorizationServicesEnabled' not in clientrep:
+        clientrep['authorizationServicesEnabled'] = False
+
+
 def sanitize_cr(clientrep):
     """ Removes probably sensitive details from a client representation.
 
@@ -966,10 +973,7 @@ def main():
     else:
         before_client = kc.get_client_by_id(cid, realm=realm)
 
-    # kc drops the variable 'authorizationServicesEnabled' if set to false
-    # to minimize diff/changes we set it to false if not set by kc
-    if before_client and 'authorizationServicesEnabled' not in before_client:
-        before_client['authorizationServicesEnabled'] = False
+    normalize_kc_resp(before_client)
 
     if before_client is None:
         before_client = {}
@@ -1050,6 +1054,8 @@ def main():
             kc.update_client(cid, desired_client, realm=realm)
 
             after_client = kc.get_client_by_id(cid, realm=realm)
+            normalize_kc_resp(after_client)
+
             if before_client == after_client:
                 result['changed'] = False
             if module._diff: