jugasit / jugasit.keycloak / 1.1.0 / module / realm Allows administration of Keycloak realm via Keycloak API | "added in version" 1.0.0 of jugasit.keycloak" Authors: Christophe Gilles (@kris2kris)jugasit.keycloak.realm (1.1.0) — module
Install with ansible-galaxy collection install jugasit.keycloak:==1.1.0
collections: - name: jugasit.keycloak version: 1.1.0
This module allows the administration of Keycloak realm via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used as well.
The Keycloak API does not always sanity check inputs e.g. you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.
- name: Create or update Keycloak realm (minimal example) jugasit.keycloak.realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD id: realm realm: realm state: present
- name: Delete a Keycloak realm jugasit.keycloak.realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD id: test state: absent
id: description: - The realm to create. type: str realm: description: - The realm name. type: str state: choices: - present - absent default: present description: - State of the realm. - On C(present), the realm will be created (or updated if it exists already). - On C(absent), the realm will be removed if it exists. type: str token: description: - Authentication token for Keycloak API. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak enabled: description: - The realm enabled option. type: bool attributes: description: - The realm attributes. type: dict auth_realm: default: master description: - Keycloak realm name to authenticate to for API access. type: str http_agent: default: Ansible description: - Configures the HTTP User-Agent header. type: str version_added: 1.0.0 version_added_collection: jugasit.keycloak not_before: aliases: - notBefore description: - The realm not before. type: int admin_theme: aliases: - adminTheme description: - The realm admin theme. type: str email_theme: aliases: - emailTheme description: - The realm email theme. type: str login_theme: aliases: - loginTheme description: - The realm login theme. type: str remember_me: aliases: - rememberMe description: - The realm remember me option. type: bool smtp_server: aliases: - smtpServer description: - The realm smtp server. type: dict browser_flow: aliases: - browserFlow description: - The realm browser flow. type: str display_name: aliases: - displayName description: - The realm display name. type: str ssl_required: aliases: - sslRequired choices: - all - external - none description: - The realm ssl required option. type: str verify_email: aliases: - verifyEmail description: - The realm verify email option. type: bool account_theme: aliases: - accountTheme description: - The realm account theme. type: str auth_password: description: - Password to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_PASSWORD) or C(SSO_PASSWORD) will be used instead. type: str auth_username: description: - Username to authenticate for API access with. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_USERNAME) or C(SSO_USERNAME) will be used instead. type: str default_roles: aliases: - defaultRoles description: - The realm default roles. elements: str type: list auth_client_id: default: admin-cli description: - OpenID Connect I(client_id) to authenticate to the API with. type: str default_groups: aliases: - defaultGroups description: - The realm default groups. elements: str type: list default_locale: aliases: - defaultLocale description: - The realm default locale. type: str events_enabled: aliases: - eventsEnabled description: - Enables or disables login events for this realm. type: bool version_added: 1.0.0 version_added_collection: jugasit.keycloak failure_factor: aliases: - failureFactor description: - The realm failure factor. type: int validate_certs: default: true description: - Verify TLS certificates (do not disable this in production). type: bool otp_policy_type: aliases: - otpPolicyType description: - The realm otp policy type. type: str password_policy: aliases: - passwordPolicy description: - The realm password policy. type: str events_listeners: aliases: - eventsListeners description: - The realm events listeners. elements: str type: list auth_keycloak_url: aliases: - url description: - URL to the Keycloak instance. - If the value is not specified in the task, the value of environment variable C(KEYCLOAK_URL) or C(SSO_URL) will be used instead. required: false type: str direct_grant_flow: aliases: - directGrantFlow description: - The realm direct grant flow. type: str display_name_html: aliases: - displayNameHtml description: - The realm display name HTML. type: str events_expiration: aliases: - eventsExpiration description: - The realm events expiration. type: int otp_policy_digits: aliases: - otpPolicyDigits description: - The realm otp policy digits. type: int otp_policy_period: aliases: - otpPolicyPeriod description: - The realm otp policy period. type: int permanent_lockout: aliases: - permanentLockout description: - The realm permanent lockout. type: bool registration_flow: aliases: - registrationFlow description: - The realm registration flow. type: str supported_locales: aliases: - supportedLocales description: - The realm supported locales. elements: str type: list auth_client_secret: description: - Client Secret to use in conjunction with I(auth_client_id) (if required). type: str connection_timeout: default: 10 description: - Controls the HTTP connections timeout period (in seconds) to Keycloak API. type: int version_added: 1.0.0 version_added_collection: jugasit.keycloak enabled_event_types: aliases: - enabledEventTypes description: - The realm enabled event types. elements: str type: list access_code_lifespan: aliases: - accessCodeLifespan description: - The realm access code lifespan. type: int admin_events_enabled: aliases: - adminEventsEnabled description: - The realm admin events enabled. type: bool otp_policy_algorithm: aliases: - otpPolicyAlgorithm description: - The realm otp policy algorithm. type: str registration_allowed: aliases: - registrationAllowed description: - The realm registration allowed option. type: bool revoke_refresh_token: aliases: - revokeRefreshToken description: - The realm revoke refresh token option. type: bool access_token_lifespan: aliases: - accessTokenLifespan description: - The realm access token lifespan. type: int brute_force_protected: aliases: - bruteForceProtected description: - The realm brute force protected. type: bool client_scope_mappings: aliases: - clientScopeMappings description: - The realm client scope mappings. type: dict edit_username_allowed: aliases: - editUsernameAllowed description: - The realm edit username allowed option. type: bool max_delta_time_seconds: aliases: - maxDeltaTimeSeconds description: - The realm max delta time in seconds. type: int reset_credentials_flow: aliases: - resetCredentialsFlow description: - The realm reset credentials flow. type: str reset_password_allowed: aliases: - resetPasswordAllowed description: - The realm reset password allowed option. type: bool wait_increment_seconds: aliases: - waitIncrementSeconds description: - The realm wait increment in seconds. type: int refresh_token_max_reuse: aliases: - refreshTokenMaxReuse description: - The realm refresh token max reuse. type: int browser_security_headers: aliases: - browserSecurityHeaders description: - The realm browser security headers. type: dict duplicate_emails_allowed: aliases: - duplicateEmailsAllowed description: - The realm duplicate emails allowed option. type: bool login_with_email_allowed: aliases: - loginWithEmailAllowed description: - The realm login with email allowed option. type: bool max_failure_wait_seconds: aliases: - maxFailureWaitSeconds description: - The realm max failure wait in seconds. type: int sso_session_idle_timeout: aliases: - ssoSessionIdleTimeout description: - The realm sso session idle timeout. type: int sso_session_max_lifespan: aliases: - ssoSessionMaxLifespan description: - The realm sso session max lifespan. type: int access_code_lifespan_login: aliases: - accessCodeLifespanLogin description: - The realm access code lifespan login. type: int client_authentication_flow: aliases: - clientAuthenticationFlow description: - The realm client authentication flow. type: str docker_authentication_flow: aliases: - dockerAuthenticationFlow description: - The realm docker authentication flow. type: str otp_policy_initial_counter: aliases: - otpPolicyInitialCounter description: - The realm otp policy initial counter. type: int otp_supported_applications: aliases: - otpSupportedApplications description: - The realm otp supported applications. elements: str type: list default_signature_algorithm: aliases: - defaultSignatureAlgorithm description: - The realm default signature algorithm. type: str user_managed_access_allowed: aliases: - userManagedAccessAllowed description: - The realm user managed access allowed option. type: bool admin_events_details_enabled: aliases: - adminEventsDetailsEnabled description: - The realm admin events details enabled. type: bool internationalization_enabled: aliases: - internationalizationEnabled description: - The realm internationalization enabled option. type: bool offline_session_idle_timeout: aliases: - offlineSessionIdleTimeout description: - The realm offline session idle timeout. type: int offline_session_max_lifespan: aliases: - offlineSessionMaxLifespan description: - The realm offline session max lifespan. type: int otp_policy_look_ahead_window: aliases: - otpPolicyLookAheadWindow description: - The realm otp policy look ahead window. type: int default_default_client_scopes: aliases: - defaultDefaultClientScopes description: - The realm default default client scopes. elements: str type: list default_optional_client_scopes: aliases: - defaultOptionalClientScopes description: - The realm default optional client scopes. elements: str type: list registration_email_as_username: aliases: - registrationEmailAsUsername description: - The realm registration email as username option. type: bool quick_login_check_milli_seconds: aliases: - quickLoginCheckMilliSeconds description: - The realm quick login check in milliseconds. type: int access_code_lifespan_user_action: aliases: - accessCodeLifespanUserAction description: - The realm access code lifespan user action. type: int minimum_quick_login_wait_seconds: aliases: - minimumQuickLoginWaitSeconds description: - The realm minimum quick login wait in seconds. type: int offline_session_max_lifespan_enabled: aliases: - offlineSessionMaxLifespanEnabled description: - The realm offline session max lifespan enabled option. type: bool sso_session_idle_timeout_remember_me: aliases: - ssoSessionIdleTimeoutRememberMe description: - The realm sso session idle timeout remember me. type: int sso_session_max_lifespan_remember_me: aliases: - ssoSessionMaxLifespanRememberMe description: - The realm sso session max lifespan remember me. type: int access_token_lifespan_for_implicit_flow: aliases: - accessTokenLifespanForImplicitFlow description: - The realm access token lifespan for implicit flow. type: int action_token_generated_by_user_lifespan: aliases: - actionTokenGeneratedByUserLifespan description: - The realm action token generated by user lifespan. type: int action_token_generated_by_admin_lifespan: aliases: - actionTokenGeneratedByAdminLifespan description: - The realm action token generated by admin lifespan. type: int
end_state: description: Representation of realm after module execution (sample is truncated). returned: on success sample: adminUrl: http://www.example.com/admin_url attributes: request.object.signature.alg: RS256 type: dict existing: description: Representation of existing realm (sample is truncated). returned: always sample: adminUrl: http://www.example.com/admin_url attributes: request.object.signature.alg: RS256 type: dict msg: description: Message as to what action was taken. returned: always sample: Realm testrealm has been updated type: str proposed: description: Representation of proposed realm. returned: always sample: id: test type: dict