From 8deb34f53f234372299b2188e6867278e8abf71a Mon Sep 17 00:00:00 2001
From: Sebastian Widmer <sebastian.widmer@vshn.net>
Date: Wed, 6 Dec 2023 11:26:14 +0100
Subject: [PATCH] Ignore timestamp in OIDC client

---
 controllers/cluster_controller.go | 5 ++++-
 templates/client.jsonnet          | 1 -
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/controllers/cluster_controller.go b/controllers/cluster_controller.go
index 3b6c66e..2fd4404 100644
--- a/controllers/cluster_controller.go
+++ b/controllers/cluster_controller.go
@@ -128,7 +128,10 @@ func (r *ClusterReconciler) Reconcile(ctx context.Context, req ctrl.Request) (re
 	l.Info("Client found, updating", "client", client.ID)
 	templatedClient.ID = client.ID
 
-	ignores := append([]string{"/secret"}, r.KeycloakClientIgnorePaths...)
+	ignores := append([]string{
+		"/secret",
+		"/attributes/client.secret.creation.time",
+	}, r.KeycloakClientIgnorePaths...)
 	patch, err := jsondiff.Compare(client, templatedClient, jsondiff.Ignores(ignores...))
 	if err != nil {
 		return ctrl.Result{}, fmt.Errorf("unable to compare existing and templated clients: %w", err)
diff --git a/templates/client.jsonnet b/templates/client.jsonnet
index 85600cb..ce3af67 100644
--- a/templates/client.jsonnet
+++ b/templates/client.jsonnet
@@ -28,7 +28,6 @@ local vars = import 'vars.jsonnet';
   protocol: 'openid-connect',
   attributes: {
     'oidc.ciba.grant.enabled': 'false',
-    'client.secret.creation.time': '1698160867',
     'backchannel.logout.session.required': 'true',
     'oauth2.device.authorization.grant.enabled': 'false',
     'display.on.consent.screen': 'false',