.. Document meta :orphan: .. |antsibull-internal-nbsp| unicode:: 0xA0 :trim: .. meta:: :antsibull-docs: 2.24.0 .. Anchors .. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_module: .. Anchors: short name for ansible.builtin .. Title keycloak_client_scope -- Allows administration of Keycloak client scopes via Keycloak API +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. Collection note .. note:: This module is part of the `middleware_automation.keycloak collection `_. It is not included in ``ansible-core``. To check whether it is installed, run :code:`ansible-galaxy collection list`. To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_client_scope`. .. version_added .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows you to add, remove or modify Keycloak client scopes via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin\-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - This module also supports managing protocol mappers within a client scope. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter

Comments

attributes

dictionary

A dict of key/value pairs to set as attributes for the client scope.

auth_client_id

string

OpenID Connect client_id to authenticate to the API with.

Default: "admin-cli"

auth_client_secret

string

Client Secret to use in conjunction with auth_client_id (if required).

auth_keycloak_url

aliases: url

string / required

URL to the Keycloak instance.

auth_password

aliases: password

string

Password to authenticate for API access with.

auth_realm

string

Keycloak realm name to authenticate to for API access.

auth_username

aliases: username

string

Username to authenticate for API access with.

connection_timeout

integer

added in middleware_automation.keycloak 4.5.0

Controls the HTTP connections timeout period (in seconds) to Keycloak API.

Default: 10

description

string

Description of the client scope.

Default: ""

http_agent

string

added in middleware_automation.keycloak 5.4.0

Configures the HTTP User-Agent header.

Default: "Ansible"

name

string / required

Name of the client scope.

protocol

string

The protocol associated with the client scope.

Choices:

  • "openid-connect" ← (default)

  • "saml"

protocol_mappers

list / elements=dictionary

A list of protocol mappers to associate with the client scope.

Each mapper is a dict with the keys name, protocol, protocolMapper, and config.

Default: []

config

dictionary / required

Configuration for the protocol mapper.

name

string / required

Name of the protocol mapper.

protocol

string

Protocol for the mapper.

Default: "openid-connect"

protocolMapper

aliases: protocol_mapper_type

string / required

The mapper type (e.g. oidc-usermodel-attribute-mapper, oidc-audience-mapper).

realm

string

The Keycloak realm under which this client scope resides.

Default: "master"

state

string

State of the client scope.

On present, the client scope will be created if it does not yet exist, or updated with the parameters you provide.

On absent, the client scope will be removed if it exists.

Choices:

  • "present" ← (default)

  • "absent"

token

string

added in middleware_automation.keycloak 3.0.0

Authentication token for Keycloak API.

validate_certs

boolean

Verify TLS certificates (do not disable this in production).

Choices:

  • false

  • true ← (default)
.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html
- .. raw:: html
Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html
- .. raw:: html
Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html
.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Create a client scope with protocol mappers middleware_automation.keycloak.keycloak_client_scope: auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: password realm: TestRealm name: my-client-scope description: "A custom client scope" protocol: openid-connect protocol_mappers: - name: email protocol: openid-connect protocolMapper: oidc-usermodel-attribute-mapper config: user.attribute: email claim.name: email jsonType.label: String id.token.claim: "true" access.token.claim: "true" userinfo.token.claim: "true" state: present delegate_to: localhost - name: Create a client scope using token authentication middleware_automation.keycloak.keycloak_client_scope: auth_keycloak_url: http://localhost:8080 token: MY_TOKEN realm: TestRealm name: my-scope state: present delegate_to: localhost - name: Delete a client scope middleware_automation.keycloak.keycloak_client_scope: auth_keycloak_url: http://localhost:8080 auth_realm: master auth_username: admin auth_password: password realm: TestRealm name: my-client-scope state: absent delegate_to: localhost .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key

Description

end_state

dictionary

Representation of the client scope after module execution.

Returned: on success

Sample: {"description": "A custom scope", "id": "uuid-here", "name": "my-scope", "protocol": "openid-connect"}

msg

string

Message as to what action was taken.

Returned: always

Sample: "Client scope my-scope has been created"
.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Paulo Menon (@paulomenon) .. Extra links .. Parsing errors