community / community.general / 6.6.8 / module / keycloak_authz_authorization_scope Allows administration of Keycloak client authorization scopes via Keycloak API | "added in version" 6.6.0 of community.general" Authors: Samuli Seppänen (@mattock)community.general.keycloak_authz_authorization_scope (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST API. Authorization Scopes are only available if a client has Authorization enabled.
This module requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/)
- name: Manage Keycloak file:delete authorization scope keycloak_authz_authorization_scope: name: file:delete state: present display_name: File delete client_id: myclient realm: myrealm auth_keycloak_url: http://localhost:8080/auth auth_username: keycloak auth_password: keycloak auth_realm: master
name: description: - Name of the authorization scope to create. required: true type: str realm: description: - The name of the Keycloak realm the Keycloak client is in. required: true type: str state: choices: - present - absent default: present description: - State of the authorization scope. - On C(present), the authorization scope will be created (or updated if it exists already). - On C(absent), the authorization scope will be removed if it exists. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 3.0.0 version_added_collection: community.general icon_uri: description: - The icon URI for the authorization scope. required: false type: str client_id: description: - The C(clientId) of the Keycloak client that should have the authorization scope. - This is usually a human-readable name of the Keycloak client. required: true type: str auth_realm: description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 5.4.0 version_added_collection: community.general display_name: description: - The display name of the authorization scope. required: false type: str auth_password: aliases: - password description: - Password to authenticate for API access with. type: str auth_username: aliases: - username description: - Username to authenticate for API access with. type: str auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. required: true type: str auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 4.5.0 version_added_collection: community.general
end_state: contains: display_name: description: Display name of the authorization scope. returned: when I(state=present) sample: File delete type: str icon_uri: description: Icon URI for the authorization scope. returned: when I(state=present) sample: http://localhost/icon.png type: str id: description: ID of the authorization scope. returned: when I(state=present) sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41 type: str name: description: Name of the authorization scope. returned: when I(state=present) sample: file:delete type: str description: Representation of the authorization scope after module execution. returned: on success type: complex msg: description: Message as to what action was taken. returned: always type: str