Try SpotterSet the type of aclientscope in realm or client via Keycloak API
| "added in version" 6.6.0 of community.general"
Authors: Simon Pahl (@simonpahl)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0This module allows you to set the type (optional, default) of clientscopes via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.
- name: Set default client scopes on realm level
community.general.keycloak_clientscope_type:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
realm: "MyCustomRealm"
default_clientscopes: ['profile', 'roles']
delegate_to: localhost
- name: Set default and optional client scopes on client level with token auth
community.general.keycloak_clientscope_type:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
token: TOKEN
realm: "MyCustomRealm"
client_id: "MyCustomClient"
default_clientscopes: ['profile', 'roles']
optional_clientscopes: ['phone']
delegate_to: localhost
realm:
default: master
description:
- The Keycloak realm.
type: str
token:
description:
- Authentication token for Keycloak API.
type: str
version_added: 3.0.0
version_added_collection: community.general
client_id:
aliases:
- clientId
description:
- The O(client_id) of the client. If not set the clientscop types are set as a default
for the realm.
type: str
auth_realm:
description:
- Keycloak realm name to authenticate to for API access.
type: str
http_agent:
default: Ansible
description:
- Configures the HTTP User-Agent header.
type: str
version_added: 5.4.0
version_added_collection: community.general
auth_password:
aliases:
- password
description:
- Password to authenticate for API access with.
type: str
auth_username:
aliases:
- username
description:
- Username to authenticate for API access with.
type: str
auth_client_id:
default: admin-cli
description:
- OpenID Connect C(client_id) to authenticate to the API with.
type: str
validate_certs:
default: true
description:
- Verify TLS certificates (do not disable this in production).
type: bool
auth_keycloak_url:
aliases:
- url
description:
- URL to the Keycloak instance.
required: true
type: str
auth_client_secret:
description:
- Client Secret to use in conjunction with O(auth_client_id) (if required).
type: str
connection_timeout:
default: 10
description:
- Controls the HTTP connections timeout period (in seconds) to Keycloak API.
type: int
version_added: 4.5.0
version_added_collection: community.general
default_clientscopes:
description:
- Client scopes that should be of type default.
elements: str
type: list
optional_clientscopes:
description:
- Client scopes that should be of type optional.
elements: str
type: list
end_state:
description:
- Representation of client scopes after module execution.
- The sample is truncated.
returned: on success
sample:
default_clientscopes:
- profile
- role
optional_clientscopes: []
type: dict
existing:
description:
- Representation of client scopes before module execution.
returned: always
sample:
default_clientscopes:
- profile
- role
optional_clientscopes:
- phone
type: dict
msg:
description: Message as to what action was taken.
returned: always
sample: ''
type: str
proposed:
description: Representation of proposed client-scope types mapping.
returned: always
sample:
default_clientscopes:
- profile
- role
optional_clientscopes: []
type: dict