`_. It is not included in ``ansible-core``. To check whether it is installed, run :code:`ansible-galaxy collection list`. To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`. To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_client_scope_rolemappings`. .. version_added .. rst-class:: ansible-version-added New in middleware\_automation.keycloak 3.0.0 .. contents:: :local: :depth: 1 .. Deprecated Synopsis -------- .. Description - This module allows you to add or remove Keycloak roles from client scopes using the Keycloak REST API. It requires access to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, :literal:`admin\-cli` and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - Attributes are multi\-valued in the Keycloak API. All attributes are lists of individual values and are returned that way by this module. You may pass single values for attributes when calling the module, and this is translated into a list suitable for the API. .. Aliases .. Requirements .. Options Parameters ---------- .. raw:: html

Parameter	Comments
auth_client_id string	OpenID Connect client_id to authenticate to the API with. Default: `"admin-cli"`
auth_client_secret string	Client Secret to use in conjunction with auth_client_id (if required).
auth_keycloak_url aliases: url string / required	URL to the Keycloak instance.
auth_password aliases: password string	Password to authenticate for API access with.
auth_realm string	Keycloak realm name to authenticate to for API access.
auth_username aliases: username string	Username to authenticate for API access with.
client_id string	If the `role_names` are client roles, the client ID under which it resides. If this parameter is absent, the roles are considered realm roles.
client_scope_id string / required	Roles provided in `role_names` will be added to this client scope.
connection_timeout integer	Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: `10`
http_agent string	Configures the HTTP User-Agent header. Default: `"Ansible"`
realm string	The Keycloak realm under which clients resides. Default: `"master"`
refresh_token string	Authentication refresh token for Keycloak API.
role_names list / elements=string / required	Names of roles to add. If `client_id` is present, all roles must be under this client. If `client_id` is absent, all roles must be under the realm.
state string	State of the role mapping. On `present`, all roles in `role_names` are mapped if not exist yet. On `absent`, all roles mapping in `role_names` are removed if they exist. Choices: `"present"` ← (default) `"absent"`
token string	Authentication token for Keycloak API.
validate_certs boolean	Verify TLS certificates (do not disable this in production). Choices: `false` `true` ← (default)

.. Attributes Attributes ---------- .. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10} .. list-table:: :width: 100% :widths: auto :header-rows: 1 :class: longtable ansible-option-table * - Attribute - Support - Description * - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_rolemappings_module__attribute-action_group: .. rst-class:: ansible-option-title **action_group** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-property:`Action group:` |antsibull-internal-nbsp|:ansible-attribute-support-full:`middleware\_automation.keycloak.keycloak` :ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0` .. raw:: html

- .. raw:: html

Use :literal:`group/middleware\_automation.keycloak.keycloak` in :literal:`module\_defaults` to set defaults for this module. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_rolemappings_module__attribute-check_mode: .. rst-class:: ansible-option-title **check_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Can run in :literal:`check\_mode` and return changed status prediction without modifying target. .. raw:: html

* - .. raw:: html

.. _ansible_collections.middleware_automation.keycloak.keycloak_client_scope_rolemappings_module__attribute-diff_mode: .. rst-class:: ansible-option-title **diff_mode** .. raw:: html .. raw:: html

- .. raw:: html

:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full` .. raw:: html

- .. raw:: html

Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode. .. raw:: html

.. Notes .. Seealso .. Examples Examples -------- .. code-block:: yaml+jinja - name: Add roles to client scope middleware_automation.keycloak.keycloak_client_scope_rolemappings: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm client_id: frontend-client-public client_scope_id: frontend-client-scope role_names: - backend-role-admin - backend-role-user - name: Remove roles from client scope middleware_automation.keycloak.keycloak_client_scope_rolemappings: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm client_id: frontend-client-public client_scope_id: frontend-client-scope role_names: - backend-role-admin state: absent - name: Add realm roles to client scope middleware_automation.keycloak.keycloak_client_scope_rolemappings: auth_keycloak_url: https://auth.example.com auth_realm: master auth_username: USERNAME auth_password: PASSWORD realm: MyCustomRealm client_scope_id: frontend-client-scope role_names: - realm-role-admin - realm-role-user .. Facts .. Return values Return Values ------------- Common return values are documented :ref:`here `, the following are the fields unique to this module: .. raw:: html

Key	Description
end_state list / elements=dictionary	Representation of client scope scope mappings after module execution. Returned: on success Sample: `[{"clientRole": false, "composite": false, "containerId": "77f9bd4e-13a6-451e-9c72-ee6997299c1f", "description": "User role", "id": "9e155ef7-86f5-4def-b507-581ce7b87013", "name": "realm-role-user"}, {"clientRole": false, "composite": false, "containerId": "77f9bd4e-13a6-451e-9c72-ee6997299c1f", "description": "Admin role", "id": "9e155ef7-86f5-4def-b507-581ce7b87013", "name": "realm-role-admin"}]`

Key

Description

end_state

list / elements=dictionary

Representation of client scope scope mappings after module execution.

Returned: on success

Sample: [{"clientRole": false, "composite": false, "containerId": "77f9bd4e-13a6-451e-9c72-ee6997299c1f", "description": "User role", "id": "9e155ef7-86f5-4def-b507-581ce7b87013", "name": "realm-role-user"}, {"clientRole": false, "composite": false, "containerId": "77f9bd4e-13a6-451e-9c72-ee6997299c1f", "description": "Admin role", "id": "9e155ef7-86f5-4def-b507-581ce7b87013", "name": "realm-role-admin"}]

.. Status (Presently only deprecated) .. Authors Authors ~~~~~~~ - Felix Grzelka (@felix-grzelka) .. Extra links .. Parsing errors