.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. meta:: :antsibull-docs: 2.24.0 .. Anchors .. _ansible_collections.middleware_automation.keycloak.keycloak_authz_permission_info_module: .. Anchors: short name for ansible.builtin .. Title keycloak_authz_permission_info -- Query Keycloak client authorization permissions information +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `middleware_automation.keycloak collection `_. It is not included in ``ansible-core``. To check whether it is installed, run :code:`ansible-galaxy collection list`. To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_authz_permission_info`. .. version_added .. rst-class:: ansible-version-added New in middleware\_automation.keycloak 3.0.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows querying information about Keycloak client authorization permissions from the resources endpoint using the Keycloak REST API. Authorization permissions are only available if a client has Authorization enabled. - This module requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin\-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles. - The names of module options are snake\_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. \ `https://www.puppeteers.net/blog/keycloak\-authorization\-services\-rest\-api\-paths\-and\-payload/ `__. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter

Comments

auth_client_id

string

OpenID Connect client_id to authenticate to the API with.

Default: "admin-cli"

auth_client_secret

string

Client Secret to use in conjunction with auth_client_id (if required).

auth_keycloak_url

aliases: url

string / required

URL to the Keycloak instance.

auth_password

aliases: password

string

Password to authenticate for API access with.

auth_realm

string

Keycloak realm name to authenticate to for API access.

auth_username

aliases: username

string

Username to authenticate for API access with.

client_id

string / required

The clientId of the keycloak client that should have the authorization scope.

This is usually a human-readable name of the Keycloak client.

connection_timeout

integer

Controls the HTTP connections timeout period (in seconds) to Keycloak API.

Default: 10

http_agent

string

Configures the HTTP User-Agent header.

Default: "Ansible"

name

string / required

Name of the authorization permission to create.

realm

string / required

The name of the Keycloak realm the Keycloak client is in.

refresh_token

string

Authentication refresh token for Keycloak API.

token

string

Authentication token for Keycloak API.

validate_certs

boolean

Verify TLS certificates (do not disable this in production).

Choices:

  • false

  • true ← (default)
.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_authz_permission_info_module__attribute-action_group: .. rst-class:: ansible-option-title **action_group** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-property:`Action group:` |antsibull-internal-nbsp|:ansible-attribute-support-full:`middleware\_automation.keycloak.keycloak` :ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0` .. raw:: html
- .. raw:: html
Use :literal:`group/middleware\_automation.keycloak.keycloak` in :literal:`module\_defaults` to set defaults for this module. .. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_authz_permission_info_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` This action does not modify state. .. raw:: html
- .. raw:: html
Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_authz_permission_info_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ ` \ :ansible-attribute-support-na:`N/A` This action does not modify state. .. raw:: html
- .. raw:: html
Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html
.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Query Keycloak authorization permission middleware_automation.keycloak.keycloak_authz_permission_info: name: ScopePermission client_id: myclient realm: myrealm auth_keycloak_url: http://localhost:8080 auth_username: keycloak auth_password: keycloak auth_realm: master .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key

Description

msg

string

Message as to what action was taken.

Returned: always

queried_state

complex

State of the resource (a policy) as seen by Keycloak.

Returned: on success

config

dictionary

Configuration of the permission (empty in all observed cases).

Returned: success

Sample: {}

decisionStrategy

string

The decision strategy.

Returned: success

Sample: "UNANIMOUS"

description

string

Description of the authorization permission.

Returned: success

Sample: "Resource Permission"

id

string

ID of the authorization permission.

Returned: success

Sample: "9da05cd2-b273-4354-bbd8-0c133918a454"

logic

string

The logic used for the permission (part of the payload, but has a fixed value).

Returned: success

Sample: "POSITIVE"

name

string

Name of the authorization permission.

Returned: success

Sample: "ResourcePermission"

type

string

Type of the authorization permission.

Returned: success

Sample: "resource"
.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Samuli Seppänen (@mattock) .. Extra links .. Parsing errors