`_. It is not included in ``ansible-core``. To check whether it is installed, run :code:`ansible-galaxy collection list`. To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_client_rolescope`. .. version_added .. rst-class:: ansible-version-added New in middleware\_automation.keycloak 3.0.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows you to add or remove Keycloak roles from clients scope using the Keycloak REST API. It requires access to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin\-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - Client :ansopt:`middleware\_automation.keycloak.keycloak\_client\_rolescope#module:target\_client\_id` must have :ansopt:`middleware\_automation.keycloak.keycloak\_client#module:full\_scope\_allowed` set to :ansval:`false`. - Attributes are multi\-valued in the Keycloak API. All attributes are lists of individual values and are returned that way by this module. You may pass single values for attributes when calling the module, and this is translated into a list suitable for the API. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter	Comments
auth_client_id string	OpenID Connect client_id to authenticate to the API with. Default: `"admin-cli"`
auth_client_secret string	Client Secret to use in conjunction with auth_client_id (if required).
auth_keycloak_url aliases: url string / required	URL to the Keycloak instance.
auth_password aliases: password string	Password to authenticate for API access with.
auth_realm string	Keycloak realm name to authenticate to for API access.
auth_username aliases: username string	Username to authenticate for API access with.
connection_timeout integer	Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: `10`
http_agent string	Configures the HTTP User-Agent header. Default: `"Ansible"`
realm string	The Keycloak realm under which clients resides. Default: `"master"`
refresh_token string	Authentication refresh token for Keycloak API.
role_names list / elements=string / required	Names of roles to manipulate. If `role_owner_client_id` is present, all roles must be under this client. If `role_owner_client_id` is absent, all roles must be under the realm.
role_owner_client_id string	If the `role_names` are client role, the client ID under which it resides. If this parameter is absent, the roles are considered a realm role.
state string	State of the role mapping. On `present`, all roles in `role_names` are mapped if not exist yet. On `absent`, all roles mapping in `role_names` are removed if it exists. Choices: `"present"` ← (default) `"absent"`
target_client_id string / required	Roles provided in `role_names` while be added to this client scope.
token string	Authentication token for Keycloak API.
validate_certs boolean	Verify TLS certificates (do not disable this in production). Choices: `false` `true` ← (default)

.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_rolescope_module__attribute-action_group: .. rst-class:: ansible-option-title **action_group** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-property:`Action group:` |antsibull-internal-nbsp|:ansible-attribute-support-full:`middleware\_automation.keycloak.keycloak` :ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0` .. raw:: html

- .. raw:: html

Use :literal:`group/middleware\_automation.keycloak.keycloak` in :literal:`module\_defaults` to set defaults for this module. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_rolescope_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_rolescope_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html

.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Add roles to public client scope middleware_automation.keycloak.keycloak_client_rolescope: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm target_client_id: frontend-client-public role_owner_client_id: backend-client-private role_names: - backend-role-admin - backend-role-user - name: Remove roles from public client scope middleware_automation.keycloak.keycloak_client_rolescope: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm target_client_id: frontend-client-public role_owner_client_id: backend-client-private role_names: - backend-role-admin state: absent - name: Add realm roles to public client scope middleware_automation.keycloak.keycloak_client_rolescope: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm target_client_id: frontend-client-public role_names: - realm-role-admin - realm-role-user .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key	Description
end_state list / elements=dictionary	Representation of role role scope after module execution. Returned: on success Sample: `[{"clientRole": false, "composite": false, "containerId": "MyCustomRealm", "id": "47293104-59a6-46f0-b460-2e9e3c9c424c", "name": "backend-role-admin"}, {"clientRole": false, "composite": false, "containerId": "MyCustomRealm", "id": "39c62a6d-542c-4715-92d2-41021eb33967", "name": "backend-role-user"}]`
msg string	Message as to what action was taken. Returned: always Sample: `"Client role scope for frontend-client-public has been updated"`

Key

Description

end_state

list / elements=dictionary

Representation of role role scope after module execution.

Returned: on success

Sample: [{"clientRole": false, "composite": false, "containerId": "MyCustomRealm", "id": "47293104-59a6-46f0-b460-2e9e3c9c424c", "name": "backend-role-admin"}, {"clientRole": false, "composite": false, "containerId": "MyCustomRealm", "id": "39c62a6d-542c-4715-92d2-41021eb33967", "name": "backend-role-user"}]

msg

string

Message as to what action was taken.

Returned: always

Sample: "Client role scope for frontend-client-public has been updated"

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Andre Desrosiers (@desand01) .. Extra links .. Parsing errors