community / community.general / 6.6.8 / module / keycloak_clientscope_type Set the type of aclientscope in realm or client via Keycloak API | "added in version" 6.6.0 of community.general" Authors: Simon Pahl (@simonpahl)community.general.keycloak_clientscope_type (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
This module allows you to set the type (optional, default) of clientscopes via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.
- name: Set default client scopes on realm level community.general.keycloak_clientscope_type: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: "MyCustomRealm" default_clientscopes: ['profile', 'roles'] delegate_to: localhost
- name: Set default and optional client scopes on client level with token auth community.general.keycloak_clientscope_type: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth token: TOKEN realm: "MyCustomRealm" client_id: "MyCustomClient" default_clientscopes: ['profile', 'roles'] optional_clientscopes: ['phone'] delegate_to: localhost
realm: default: master description: - The Keycloak realm. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 3.0.0 version_added_collection: community.general client_id: aliases: - clientId description: - The I(client_id) of the client. If not set the clientscop types are set as a default for the realm. type: str auth_realm: description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 5.4.0 version_added_collection: community.general auth_password: aliases: - password description: - Password to authenticate for API access with. type: str auth_username: aliases: - username description: - Username to authenticate for API access with. type: str auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. required: true type: str auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 4.5.0 version_added_collection: community.general default_clientscopes: description: - Client scopes that should be of type default. elements: str type: list optional_clientscopes: description: - Client scopes that should be of type optional. elements: str type: list
end_state: description: - Representation of client scopes after module execution. - The sample is truncated. returned: on success sample: default_clientscopes: - profile - role optional_clientscopes: [] type: dict existing: description: - Representation of client scopes before module execution. returned: always sample: default_clientscopes: - profile - role optional_clientscopes: - phone type: dict msg: description: Message as to what action was taken. returned: always sample: '' type: str proposed: description: Representation of proposed client-scope types mapping. returned: always sample: default_clientscopes: - profile - role optional_clientscopes: [] type: dict