Secret in InitProvider is required but should be optional

[denniskniep]

The Property IdentityProviderSpec.InitProvider.ClientSecretSecretRef
(see https://github.com/crossplane-contrib/provider-keycloak/blame/11f3432fc6cbf1f12168f6e3ba425f79ad0d5710/apis/oidc/v1alpha1/zz_identityprovider_types.go#L55-L57)

is a required field since updating upjet to to v1.4.0
(see https://github.com/crossplane/upjet/releases/tag/v1.4.0 -> Support for Secret References in spec.initProvider)

InitProvider properties are set if the value of the property should only be taken into account during creation and not during update
(see https://docs.crossplane.io/latest/concepts/managed-resources/#initprovider)

But from Keycloaks point of view the client secret of an OIDC IdentityProvider is NOT immutable.

It should be possible to set ClientSecretSecretRef via forProvider and skip setting it at the initProvider

Additional Notes:
forProvider defines the field "ClientSecretSecretRef" also as required.
Which leads to the situation that I have to specify both (initProvider and forProvider), which might run into the following issue: #299

ref: crossplane-contrib/provider-keycloak#113

[mergenci]

I was surprised to see that secrets were not optional in spec.initProvider, because all fields are intentionally set to be optional so that they could be specified either in spec.forProvider or in spec.initProvider. This is a bug that we should fix.

As a workaround, users can specify the secrets in both initProvider and forProvider.

[denniskniep]

As a workaround, users can specify the secrets in both initProvider and forProvider

Exactly this is what I am currently using as workaround

[consooo]

We're facing the same issue in our project. This is an additional potential error source as we need to keep config the same.