Ignore timestamp in OIDC client

projectsyn · Dec 6, 2023 · 8deb34f · 8deb34f
1 parent 601976a
commit 8deb34f
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go
@@ -128,7 +128,10 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	l.Info("Client found, updating", "client", client.ID)
 	templatedClient.ID = client.ID
 
-	ignores := append([]string{"/secret"}, r.KeycloakClientIgnorePaths...)
+	ignores := append([]string{
+		"/secret",
+		"/attributes/client.secret.creation.time",
+	}, r.KeycloakClientIgnorePaths...)
 	patch, err := jsondiff.Compare(client, templatedClient, jsondiff.Ignores(ignores...))
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("unable to compare existing and templated clients: %w", err)

diff --git a/templates/client.jsonnet b/templates/client.jsonnet
@@ -28,7 +28,6 @@ local vars = import 'vars.jsonnet';
   protocol: 'openid-connect',
   attributes: {
     'oidc.ciba.grant.enabled': 'false',
-    'client.secret.creation.time': '1698160867',
     'backchannel.logout.session.required': 'true',
     'oauth2.device.authorization.grant.enabled': 'false',
     'display.on.consent.screen': 'false',