[PR #11455/af4dbafe backport][stable-12] keycloak_client: fix diff for keycloak client auth flow overrides (#11477)

keycloak_client: fix diff for keycloak client auth flow overrides (#11455) * 11430: fix diff for keycloak client auth flow overrides * 11430: add changelog fragment * 11430: move util function merge_settings_without_absent_nulls to the util functions file _keycloak_utils * 11443: code cleanup --------- (cherry picked from commit af4dbafe86) Co-authored-by: thomasbargetz <thomas.bargetz@gmail.com> Co-authored-by: Thomas Bargetz <thomas.bargetz@rise-world.com>
2026-03-22 05:09:12 +00:00 · 2026-02-07 16:34:29 +01:00 · 2026-02-07 16:34:29 +01:00 · a0d6487f6d
commit a0d6487f6d
parent 88bfb6dda3
3 changed files with 47 additions and 8 deletions
--- a/plugins/modules/keycloak_client.py
+++ b/plugins/modules/keycloak_client.py
@ -748,6 +748,9 @@ import copy

 from ansible.module_utils.basic import AnsibleModule

+from ansible_collections.community.general.plugins.module_utils.identity.keycloak._keycloak_utils import (
+    merge_settings_without_absent_nulls,
+)
 from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
    KeycloakAPI,
    KeycloakError,
@ -1316,15 +1319,17 @@ def main():
        if client_param == "protocol_mappers":
            new_param_value = [{k: v for k, v in x.items() if v is not None} for x in new_param_value]
        elif client_param == "authentication_flow_binding_overrides":
-            new_param_value = flow_binding_from_dict_to_model(new_param_value, realm, kc)
-        elif client_param == "attributes" and "attributes" in before_client:
-            attributes_copy = copy.deepcopy(before_client["attributes"])
-            # Merge client attributes while excluding null-valued attributes that are not present in Keycloak's response.
-            # This ensures idempotency by treating absent attributes and null attributes as equivalent.
-            attributes_copy.update(
-                {key: value for key, value in new_param_value.items() if value is not None or key in attributes_copy}
+            desired_flow_binding_overrides = flow_binding_from_dict_to_model(new_param_value, realm, kc)
+            existing_flow_binding_overrides = before_client.get("authenticationFlowBindingOverrides")
+            # ensures idempotency
+            new_param_value = merge_settings_without_absent_nulls(
+                existing_flow_binding_overrides, desired_flow_binding_overrides
            )
-            new_param_value = attributes_copy
+        elif client_param == "attributes" and "attributes" in before_client:
+            desired_attributes = new_param_value
+            existing_attributes = copy.deepcopy(before_client["attributes"])
+            # ensures idempotency
+            new_param_value = merge_settings_without_absent_nulls(existing_attributes, desired_attributes)
        elif client_param in ["clientScopesBehavior", "client_scopes_behavior"]:
            continue