Try SpotterCreate and configure a user in Keycloak
| "added in version" 7.1.0 of community.general"
Authors: Philippe Gauthier (@elfelip)
Install with ansible-galaxy collection install community.general:==8.5.0
collections:
- name: community.general
version: 8.5.0This module creates, removes, or updates Keycloak users.
- name: Create a user user1
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
- name: Re-create a User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
- name: Re-create a User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
force: true
- name: Remove User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
state: absent
id:
description:
- ID of the user on the Keycloak server if known.
type: str
self:
description:
- user self administration.
required: false
type: str
email:
description:
- User email.
required: false
type: str
force:
default: false
description:
- If V(true), allows to remove user and recreate it.
type: bool
realm:
default: master
description:
- The name of the realm in which is the client.
type: str
state:
choices:
- present
- absent
default: present
description:
- Control whether the user should exists or not.
type: str
token:
description:
- Authentication token for Keycloak API.
type: str
version_added: 3.0.0
version_added_collection: community.general
access:
description:
- list user access.
required: false
type: dict
groups:
default: []
description:
- List of groups for the user.
elements: dict
suboptions:
name:
description:
- Name of the group.
type: str
state:
choices:
- present
- absent
default: present
description:
- Control whether the user must be member of this group or not.
type: str
type: list
origin:
description:
- user origin.
required: false
type: str
enabled:
description:
- Enabled user.
type: bool
username:
description:
- Username for the user.
required: true
type: str
last_name:
aliases:
- lastName
description:
- The user's last name.
required: false
type: str
attributes:
description:
- List of user attributes.
elements: dict
required: false
suboptions:
name:
description:
- Name of the attribute.
type: str
state:
choices:
- present
- absent
default: present
description:
- Control whether the attribute must exists or not.
type: str
values:
description:
- Values for the attribute as list.
elements: str
type: list
type: list
auth_realm:
description:
- Keycloak realm name to authenticate to for API access.
type: str
first_name:
aliases:
- firstName
description:
- The user's first name.
required: false
type: str
http_agent:
default: Ansible
description:
- Configures the HTTP User-Agent header.
type: str
version_added: 5.4.0
version_added_collection: community.general
credentials:
default: []
description:
- User credentials.
elements: dict
suboptions:
temporary:
default: false
description:
- If V(true), the users are required to reset their credentials at next login.
type: bool
type:
description:
- Credential type.
required: true
type: str
value:
description:
- Value of the credential.
required: true
type: str
type: list
auth_password:
aliases:
- password
description:
- Password to authenticate for API access with.
type: str
auth_username:
aliases: []
description:
- Username to authenticate for API access with.
type: str
auth_client_id:
default: admin-cli
description:
- OpenID Connect C(client_id) to authenticate to the API with.
type: str
email_verified:
aliases:
- emailVerified
default: false
description:
- Check the validity of user email.
type: bool
validate_certs:
default: true
description:
- Verify TLS certificates (do not disable this in production).
type: bool
client_consents:
aliases:
- clientConsents
default: []
description:
- Client Authenticator Type.
elements: dict
suboptions:
client_id:
aliases:
- clientId
description:
- Client ID of the client role. Not the technical ID of the client.
required: true
type: str
roles:
description:
- List of client roles to assign to the user.
elements: str
required: true
type: list
type: list
federation_link:
aliases:
- federationLink
description:
- Federation Link.
required: false
type: str
required_actions:
aliases:
- requiredActions
default: []
description:
- RequiredActions user Auth.
elements: str
type: list
auth_keycloak_url:
aliases:
- url
description:
- URL to the Keycloak instance.
required: true
type: str
auth_client_secret:
description:
- Client Secret to use in conjunction with O(auth_client_id) (if required).
type: str
connection_timeout:
default: 10
description:
- Controls the HTTP connections timeout period (in seconds) to Keycloak API.
type: int
version_added: 4.5.0
version_added_collection: community.general
federated_identities:
aliases:
- federatedIdentities
default: []
description:
- List of IDPs of user.
elements: str
type: list
service_account_client_id:
aliases:
- serviceAccountClientId
description:
- Description of the client Application.
required: false
type: str
disableable_credential_types:
aliases:
- disableableCredentialTypes
default: []
description:
- list user Credential Type.
elements: str
type: list
changed:
description: Return V(true) if the operation changed the user on the keycloak server,
V(false) otherwise.
returned: always
type: bool
end_state:
description: Representation of the user after module execution
returned: on success
type: dict
existing:
description: Representation of the existing user.
returned: on success
type: dict
msg:
description: Message as to what action was taken.
returned: always
sample: User f18c709c-03d6-11ee-970b-c74bf2721112 created
type: str
proposed:
description: Representation of the proposed user.
returned: on success
type: dict