XLAB Steampunk logo Try Spotter
 / home / community / community.general / 8.5.0 / module / keycloak_authz_authorization_scope

community.general.keycloak_authz_authorization_scope (8.5.0) — module

Allows administration of Keycloak client authorization scopes via Keycloak API

| "added in version" 6.6.0 of community.general"

Authors: Samuli Seppänen (@mattock)

Install collection | Add to requirements.yml | Description | Usage examples | Inputs | Outputs

Install collection

Install with ansible-galaxy collection install community.general:==8.5.0


Add to requirements.yml

  collections:
    - name: community.general
      version: 8.5.0

Description

This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST API. Authorization Scopes are only available if a client has Authorization enabled.

This module requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.

The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/)

Usage examples

Scanned by Steampunk Spotter
  • Success
    Steampunk Spotter scan finished with no errors, warnings or hints.
- name: Manage Keycloak file:delete authorization scope
  keycloak_authz_authorization_scope:
    name: file:delete
    state: present
    display_name: File delete
    client_id: myclient
    realm: myrealm
    auth_keycloak_url: http://localhost:8080/auth
    auth_username: keycloak
    auth_password: keycloak
    auth_realm: master

Inputs

    
name:
    description:
    - Name of the authorization scope to create.
    required: true
    type: str

realm:
    description:
    - The name of the Keycloak realm the Keycloak client is in.
    required: true
    type: str

state:
    choices:
    - present
    - absent
    default: present
    description:
    - State of the authorization scope.
    - On V(present), the authorization scope will be created (or updated if it exists
      already).
    - On V(absent), the authorization scope will be removed if it exists.
    type: str

token:
    description:
    - Authentication token for Keycloak API.
    type: str
    version_added: 3.0.0
    version_added_collection: community.general

icon_uri:
    description:
    - The icon URI for the authorization scope.
    required: false
    type: str

client_id:
    description:
    - The C(clientId) of the Keycloak client that should have the authorization scope.
    - This is usually a human-readable name of the Keycloak client.
    required: true
    type: str

auth_realm:
    description:
    - Keycloak realm name to authenticate to for API access.
    type: str

http_agent:
    default: Ansible
    description:
    - Configures the HTTP User-Agent header.
    type: str
    version_added: 5.4.0
    version_added_collection: community.general

display_name:
    description:
    - The display name of the authorization scope.
    required: false
    type: str

auth_password:
    aliases:
    - password
    description:
    - Password to authenticate for API access with.
    type: str

auth_username:
    aliases:
    - username
    description:
    - Username to authenticate for API access with.
    type: str

auth_client_id:
    default: admin-cli
    description:
    - OpenID Connect C(client_id) to authenticate to the API with.
    type: str

validate_certs:
    default: true
    description:
    - Verify TLS certificates (do not disable this in production).
    type: bool

auth_keycloak_url:
    aliases:
    - url
    description:
    - URL to the Keycloak instance.
    required: true
    type: str

auth_client_secret:
    description:
    - Client Secret to use in conjunction with O(auth_client_id) (if required).
    type: str

connection_timeout:
    default: 10
    description:
    - Controls the HTTP connections timeout period (in seconds) to Keycloak API.
    type: int
    version_added: 4.5.0
    version_added_collection: community.general

Outputs

end_state:
  contains:
    display_name:
      description: Display name of the authorization scope.
      returned: when O(state=present)
      sample: File delete
      type: str
    icon_uri:
      description: Icon URI for the authorization scope.
      returned: when O(state=present)
      sample: http://localhost/icon.png
      type: str
    id:
      description: ID of the authorization scope.
      returned: when O(state=present)
      sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41
      type: str
    name:
      description: Name of the authorization scope.
      returned: when O(state=present)
      sample: file:delete
      type: str
  description: Representation of the authorization scope after module execution.
  returned: on success
  type: complex
msg:
  description: Message as to what action was taken.
  returned: always
  type: str
Got feedback? steampunk@xlab.si | © 2024. All rights reserved.
Cookie policy-Privacy policy-Terms of use-Security policy