jugasit / jugasit.keycloak / 1.1.0 / module / clientsecret_info Retrieve client secret via Keycloak API | "added in version" 1.0.0 of jugasit.keycloak" Authors: Fynn Chen (@fynncfchen), John Cant (@johncant)jugasit.keycloak.clientsecret_info (1.1.0) — module
Install with ansible-galaxy collection install jugasit.keycloak:==1.1.0
collections: - name: jugasit.keycloak version: 1.1.0
This module allows you to get a Keycloak client secret via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.
When retrieving a new client secret, where possible provide the client's I(id) (not I(client_id)) to the module. This removes a lookup to the API to translate the I(client_id) into the client ID.
Note that this module returns the client secret. To avoid this showing up in the logs, please add C(no_log: true) to the task.
- name: Get a Keycloak client secret, authentication with credentials jugasit.keycloak.clientsecret_info: id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' realm: MyCustomRealm auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD delegate_to: localhost no_log: true
- name: Get a new Keycloak client secret, authentication with token jugasit.keycloak.clientsecret_info: id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd' realm: MyCustomRealm auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth token: TOKEN delegate_to: localhost no_log: true
- name: Get a new Keycloak client secret, passing client_id instead of id jugasit.keycloak.clientsecret_info: client_id: 'myClientId' realm: MyCustomRealm auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth token: TOKEN delegate_to: localhost no_log: true
id: description: - The unique identifier for this client. - This parameter is not required for getting or generating a client secret but providing it will reduce the number of API calls required. type: str realm: default: master description: - They Keycloak realm under which this client resides. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak client_id: aliases: - clientId description: - The I(client_id) of the client. Passing this instead of I(id) results in an extra API call. type: str auth_realm: default: master description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak auth_password: description: - Password to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_PASSWORD) or C(SSO_PASSWORD) will be used instead. type: str auth_username: description: - Username to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_USERNAME) or C(SSO_USERNAME) will be used instead. type: str auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_URL) or C(SSO_URL) will be used instead. required: false type: str auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 1.0.0 version_added_collection: jugasit.keycloak
clientsecret_info: contains: type: description: Credential type. returned: always sample: secret type: str value: description: Client secret. returned: always sample: cUGnX1EIeTtPPAkcyGMv0ncyqDPu68P1 type: str description: Representation of the client secret returned: on success type: complex msg: description: Textual description of whether we succeeded or failed returned: always type: str