community / community.general / 8.5.0 / module / keycloak_user Create and configure a user in Keycloak | "added in version" 7.1.0 of community.general" Authors: Philippe Gauthier (@elfelip)community.general.keycloak_user (8.5.0) — module
Install with ansible-galaxy collection install community.general:==8.5.0
collections: - name: community.general version: 8.5.0
This module creates, removes, or updates Keycloak users.
- name: Create a user user1 community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present
- name: Re-create a User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present
- name: Re-create a User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 firstName: user1 lastName: user1 email: user1 enabled: true emailVerified: false credentials: - type: password value: password temporary: false attributes: - name: attr1 values: - value1 state: present - name: attr2 values: - value2 state: absent groups: - name: group1 state: present state: present force: true
- name: Remove User community.general.keycloak_user: auth_keycloak_url: http://localhost:8080/auth auth_username: admin auth_password: password realm: master username: user1 state: absent
id: description: - ID of the user on the Keycloak server if known. type: str self: description: - user self administration. required: false type: str email: description: - User email. required: false type: str force: default: false description: - If V(true), allows to remove user and recreate it. type: bool realm: default: master description: - The name of the realm in which is the client. type: str state: choices: - present - absent default: present description: - Control whether the user should exists or not. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 3.0.0 version_added_collection: community.general access: description: - list user access. required: false type: dict groups: default: [] description: - List of groups for the user. elements: dict suboptions: name: description: - Name of the group. type: str state: choices: - present - absent default: present description: - Control whether the user must be member of this group or not. type: str type: list origin: description: - user origin. required: false type: str enabled: description: - Enabled user. type: bool username: description: - Username for the user. required: true type: str last_name: aliases: - lastName description: - The user's last name. required: false type: str attributes: description: - List of user attributes. elements: dict required: false suboptions: name: description: - Name of the attribute. type: str state: choices: - present - absent default: present description: - Control whether the attribute must exists or not. type: str values: description: - Values for the attribute as list. elements: str type: list type: list auth_realm: description: - Keycloak realm name to authenticate to for API access. type: str first_name: aliases: - firstName description: - The user's first name. required: false type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 5.4.0 version_added_collection: community.general credentials: default: [] description: - User credentials. elements: dict suboptions: temporary: default: false description: - If V(true), the users are required to reset their credentials at next login. type: bool type: description: - Credential type. required: true type: str value: description: - Value of the credential. required: true type: str type: list auth_password: aliases: - password description: - Password to authenticate for API access with. type: str auth_username: aliases: [] description: - Username to authenticate for API access with. type: str auth_client_id: default: admin-cli description: - OpenID Connect C(client_id) to authenticate to the API with. type: str email_verified: aliases: - emailVerified default: false description: - Check the validity of user email. type: bool validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool client_consents: aliases: - clientConsents default: [] description: - Client Authenticator Type. elements: dict suboptions: client_id: aliases: - clientId description: - Client ID of the client role. Not the technical ID of the client. required: true type: str roles: description: - List of client roles to assign to the user. elements: str required: true type: list type: list federation_link: aliases: - federationLink description: - Federation Link. required: false type: str required_actions: aliases: - requiredActions default: [] description: - RequiredActions user Auth. elements: str type: list auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. required: true type: str auth_client_secret: description: - Client Secret to use in conjunction with O(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 4.5.0 version_added_collection: community.general federated_identities: aliases: - federatedIdentities default: [] description: - List of IDPs of user. elements: str type: list service_account_client_id: aliases: - serviceAccountClientId description: - Description of the client Application. required: false type: str disableable_credential_types: aliases: - disableableCredentialTypes default: [] description: - list user Credential Type. elements: str type: list
changed: description: Return V(true) if the operation changed the user on the keycloak server, V(false) otherwise. returned: always type: bool end_state: description: Representation of the user after module execution returned: on success type: dict existing: description: Representation of the existing user. returned: on success type: dict msg: description: Message as to what action was taken. returned: always sample: User f18c709c-03d6-11ee-970b-c74bf2721112 created type: str proposed: description: Representation of the proposed user. returned: on success type: dict