From 7b65a965f1c72c907338f9fb584855a5b720c980 Mon Sep 17 00:00:00 2001
From: damu <damu>
Date: Mon, 24 Feb 2025 11:06:35 +0100
Subject: [PATCH] Fix check mode and modify mode coherence on cleared
 attributes

---
 .../module_utils/identity/keycloak/keycloak.py  |  8 ++++++++
 plugins/modules/keycloak_client.py              | 17 +++++++++++------
 2 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/plugins/module_utils/identity/keycloak/keycloak.py b/plugins/module_utils/identity/keycloak/keycloak.py
index b8ff6e8ee31..2595e4ae5cf 100644
--- a/plugins/module_utils/identity/keycloak/keycloak.py
+++ b/plugins/module_utils/identity/keycloak/keycloak.py
@@ -126,6 +126,14 @@ def camel(words):
     return words.split('_')[0] + ''.join(x.capitalize() or '_' for x in words.split('_')[1:])
 
 
+def nonify_absences(before, desired):
+    for k, v in before.items():
+        if k not in desired.keys():
+            desired[k] = None
+        elif isinstance(v, dict):
+            nonify_absences(v, desired[k])
+
+
 class KeycloakError(Exception):
     pass
 
diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py
index 26bb9e59a30..db4a8048d8a 100644
--- a/plugins/modules/keycloak_client.py
+++ b/plugins/modules/keycloak_client.py
@@ -713,6 +713,7 @@
 from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
     KeycloakAPI,
     camel,
+    nonify_absences,
     keycloak_argument_spec,
     get_token,
     KeycloakError,
@@ -793,16 +794,17 @@ def sanitize_cr(clientrep):
 
 def get_clientscope_id(kc, clientscope_name, realm):
     """Retrieves the id of a clientscope from its name
-    
+
     :param kc: the keycloak module instance
     :param clientscope_name: the name of the clientscope
-    :return: 
+    :return:
     """
     found_clientscope = kc.get_clientscope_by_name(clientscope_name, realm=realm)
     if not found_clientscope:
         raise Exception("The provided clientscope name was not found")
     return found_clientscope["id"]
 
+
 def main():
     """
     Module execution
@@ -936,7 +938,7 @@ def main():
             cid = before_client["id"]
     else:
         before_client = kc.get_client_by_id(cid, realm=realm)
-        
+
     if before_client is None:
         before_client = {}
     # Build a proposed changeset from parameters given to this module
@@ -1033,7 +1035,7 @@ def main():
                 before_norm = normalise_cr(before_client, remove_ids=True)
                 desired_client["attributes"] = dict((k,v) for k,v in desired_client["attributes"].items() if v is not None)
                 desired_norm = normalise_cr(desired_client, remove_ids=True)
-                
+
                 if module._diff:
                     result["diff"] = dict(
                         before=sanitize_cr(before_norm), after=sanitize_cr(desired_norm)
@@ -1042,9 +1044,12 @@ def main():
 
                 module.exit_json(**result)
 
+            # Necessary to clear values (e.g. themes)
+            nonify_absences(before_client, desired_client)
+
             # do the update
             kc.update_client(cid, desired_client, realm=realm)
-            
+
             # Handle clientscopes: unfortunately, they require other API calls
             for opt in ["optional", "default"]:
                 before_scopes = before_client.get("{}ClientScopes".format(opt))
@@ -1058,7 +1063,7 @@ def main():
                     else:
                         for scope in before_scopes:
                             kc.delete_clientscope_from_client(cid, get_clientscope_id(kc, scope, realm=realm), opt, realm=realm)
-                        
+
             after_client = kc.get_client_by_id(cid, realm=realm)
             if before_client == after_client:
                 result["changed"] = False