jugasit / jugasit.keycloak / 1.1.0 / module / authz_authorization_scope Allows administration of Keycloak client authorization scopes via Keycloak API | "added in version" 1.0.0 of jugasit.keycloak" Authors: Samuli Seppänen (@mattock)jugasit.keycloak.authz_authorization_scope (1.1.0) — module
Install with ansible-galaxy collection install jugasit.keycloak:==1.1.0
collections: - name: jugasit.keycloak version: 1.1.0
This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST API. Authorization Scopes are only available if a client has Authorization enabled.
This module requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. U(https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/)
- name: Manage Keycloak file:delete authorization scope keycloak_authz_authorization_scope: name: file:delete state: present display_name: File delete client_id: myclient realm: myrealm auth_keycloak_url: http://localhost:8080/auth auth_username: keycloak auth_password: keycloak auth_realm: master
name: description: - Name of the authorization scope to create. required: true type: str realm: description: - The name of the Keycloak realm the Keycloak client is in. required: true type: str state: choices: - present - absent default: present description: - State of the authorization scope. - On C(present), the authorization scope will be created (or updated if it exists already). - On C(absent), the authorization scope will be removed if it exists. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak icon_uri: description: - The icon URI for the authorization scope. required: false type: str client_id: description: - The C(clientId) of the Keycloak client that should have the authorization scope. - This is usually a human-readable name of the Keycloak client. required: true type: str auth_realm: default: master description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak display_name: description: - The display name of the authorization scope. required: false type: str auth_password: description: - Password to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_PASSWORD) or C(SSO_PASSWORD) will be used instead. type: str auth_username: description: - Username to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_USERNAME) or C(SSO_USERNAME) will be used instead. type: str auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_URL) or C(SSO_URL) will be used instead. required: false type: str auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 1.0.0 version_added_collection: jugasit.keycloak
end_state: contains: display_name: description: Display name of the authorization scope. returned: when I(state=present) sample: File delete type: str icon_uri: description: Icon URI for the authorization scope. returned: when I(state=present) sample: http://localhost/icon.png type: str id: description: ID of the authorization scope. returned: when I(state=present) sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41 type: str name: description: Name of the authorization scope. returned: when I(state=present) sample: file:delete type: str description: Representation of the authorization scope after module execution. returned: on success type: complex msg: description: Message as to what action was taken. returned: always type: str