[PR #1270/c6906a3f backport][stable-5] elbv2: respect UseExistingClientSecret

[patchback]

This is a backport of PR #1270 as merged into main (c6906a3).

SUMMARY

Since amazon.aws 5.0.0, elb_application_lb runs into an exception, when using Type: authenticate-oidc in a rule, even when UseExistingClientSecret: True parameter is given. That works as expected with amazon.aws 4.x.x.

The logic gets broken in #940

Basically AWS won't return both, UseExistingClientSecret and ClientSecret.
But when requesting against boto3, both parameters are mutually exclusive!

When the user set UseExistingClientSecret: True, the ClientSecret must be removed for the request.
When the user does not set UseExistingClientSecret or set it to False, the UseExistingClientSecret must be included in the request.

While diving deeper, I've noticed a basic change detection problem for default values, that are not requested, but AWS will return them. I've summerized it in #1284
However, this PR does not target #1284, it just fixes the exception and restores the functionality and hotfix the change-detection only for Type: authenticate-oidc.

origin PR description

---

The error was: botocore.errorfactory.InvalidLoadBalancerActionException: An error occurred (InvalidLoadBalancerAction) when calling the ModifyRule operation: You must either specify a client secret or set UseExistingClientSecret to true

UseExistingClientSecret is not respected anymore since a.a 5

Introduced in #940

Furthermore, AWS returns also Scope and SessionTimeout parameters that are filled with default values if not requested.

'Scope': 'openid',
'SessionTimeout': 604800,

That make the module always returns a change, if they are not requested.
This fix does not break backwards compatibility, because the values are already set by aws, when not requested yet.

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

plugins/module_utils/elbv2.yml

ADDITIONAL INFORMATION

          - Conditions:
              - Field: host-header
                Values:
                  - some.tld
              - Field: path-pattern
                Values:
                  - "/admin/*"
            Actions:
              - Type: authenticate-oidc
                Order: 1
                AuthenticateOidcConfig:
                  Issuer: https://login.microsoftonline.com/32rw-ewad53te-ef/v2.0
                  AuthorizationEndpoint: https://login.microsoftonline.com/324re-dafs6-6tw/oauth2/v2.0/authorize
                  TokenEndpoint: https://login.microsoftonline.com/432535ez-rfes-32543ter/oauth2/v2.0/token
                  UserInfoEndpoint: https://graph.microsoft.com/oidc/userinfo
                  ClientId: fasgd-235463-fsgd-243
                  ClientSecret: "{{ lookup('onepassword', 'some cool secret', vault='some important vault') }}"
                  SessionCookieName: AWSELBAuthSessionCookie
                  OnUnauthenticatedRequest: authenticate
                  UseExistingClientSecret: True
              - TargetGroupName: "{{ some_tg }}"
                Type: forward
                Order: 2

[github-actions]

Docs Build 📝

Thank you for contribution!✨

This PR has been merged and your docs changes will be incorporated when they are next published.

[softwarefactory-project-zuul]

Build succeeded.
https://ansible.softwarefactory-project.io/zuul/buildset/20438a88648e4660844eeabca5057584

✔️ ansible-galaxy-importer SUCCESS in 4m 18s
✔️ build-ansible-collection SUCCESS in 13m 06s
✔️ ansible-test-sanity-aws-ansible-python38 SUCCESS in 10m 15s (non-voting)
✔️ ansible-test-sanity-aws-ansible-2.12-python38 SUCCESS in 10m 16s
✔️ ansible-test-sanity-aws-ansible-2.13-python38 SUCCESS in 10m 17s
✔️ ansible-test-sanity-aws-ansible-2.14 SUCCESS in 8m 17s
✔️ ansible-test-units-amazon-aws-python36 SUCCESS in 9m 38s
✔️ ansible-test-units-amazon-aws-python38 SUCCESS in 7m 48s
✔️ ansible-test-units-amazon-aws-python39 SUCCESS in 5m 45s
✔️ ansible-test-units-amazon-aws-python310 SUCCESS in 8m 00s
✔️ cloud-tox-py3 SUCCESS in 4m 48s
✔️ ansible-test-changelog SUCCESS in 4m 19s
✔️ ansible-test-splitter SUCCESS in 4m 45s
✔️ integration-amazon.aws-1 SUCCESS in 11m 11s
✔️ integration-community.aws-1 SUCCESS in 18m 35s
Skipped 42 jobs

[softwarefactory-project-zuul]

Build succeeded (gate pipeline).
https://ansible.softwarefactory-project.io/zuul/buildset/ce609f6fad0442a78a16aaae4426b311

✔️ ansible-galaxy-importer SUCCESS in 3m 44s
✔️ build-ansible-collection SUCCESS in 12m 44s
✔️ ansible-test-splitter SUCCESS in 4m 46s
✔️ integration-amazon.aws-1 SUCCESS in 8m 21s
✔️ integration-community.aws-1 SUCCESS in 18m 58s
Skipped 42 jobs