.. Document meta
:orphan:
.. |antsibull-internal-nbsp| unicode:: 0xA0
:trim:
.. meta::
:antsibull-docs: 2.24.0
.. Anchors
.. _ansible_collections.middleware_automation.keycloak.keycloak_clientsecret_info_module:
.. Anchors: short name for ansible.builtin
.. Title
keycloak_clientsecret_info -- Retrieve client secret using Keycloak API
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.. Collection note
.. note::
This module is part of the `middleware_automation.keycloak collection `_.
It is not included in ``ansible-core``.
To check whether it is installed, run :code:`ansible-galaxy collection list`.
To install it, use: :code:`ansible\-galaxy collection install middleware\_automation.keycloak`.
To use it in a playbook, specify: :code:`middleware_automation.keycloak.keycloak_clientsecret_info`.
.. version_added
.. rst-class:: ansible-version-added
New in middleware\_automation.keycloak 3.0.0
.. contents::
:local:
:depth: 1
.. Deprecated
Synopsis
--------
.. Description
- This module allows you to get a Keycloak client secret using the Keycloak REST API. It requires access to the REST API using OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin\-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles.
- When retrieving a new client secret, where possible provide the client's :ansopt:`middleware\_automation.keycloak.keycloak\_clientsecret\_info#module:id` (not :ansopt:`middleware\_automation.keycloak.keycloak\_clientsecret\_info#module:client\_id`\ ) to the module. This removes a lookup to the API to translate the :ansopt:`middleware\_automation.keycloak.keycloak\_clientsecret\_info#module:client\_id` into the client ID.
- Note that this module returns the client secret. To avoid this showing up in the logs, please add :literal:`no\_log: true` to the task.
.. Aliases
.. Requirements
.. Options
Parameters
----------
.. raw:: html
Parameter |
Comments |
|
OpenID Connect client_id to authenticate to the API with.
Default: "admin-cli"
|
auth_client_secret
string
|
Client Secret to use in conjunction with auth_client_id (if required).
|
auth_keycloak_url
aliases: url
string
/ required
|
URL to the Keycloak instance.
|
auth_password
aliases: password
string
|
Password to authenticate for API access with.
|
|
Keycloak realm name to authenticate to for API access.
|
auth_username
aliases: username
string
|
Username to authenticate for API access with.
|
client_id
aliases: clientId
string
|
The client_id of the client. Passing this instead of id results in an extra API call.
|
connection_timeout
integer
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API.
Default: 10
|
|
Configures the HTTP User-Agent header.
Default: "Ansible"
|
|
The unique identifier for this client.
This parameter is not required for getting or generating a client secret but providing it reduces the number of API calls required.
|
|
They Keycloak realm under which this client resides.
Default: "master"
|
|
Authentication refresh token for Keycloak API.
|
|
Authentication token for Keycloak API.
|
|
Verify TLS certificates (do not disable this in production).
Choices:
|
.. Attributes
Attributes
----------
.. tabularcolumns:: \X{2}{10}\X{3}{10}\X{5}{10}
.. list-table::
:width: 100%
:widths: auto
:header-rows: 1
:class: longtable ansible-option-table
* - Attribute
- Support
- Description
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_clientsecret_info_module__attribute-action_group:
.. rst-class:: ansible-option-title
**action_group**
.. raw:: html
.. raw:: html
- .. raw:: html
:ansible-attribute-support-property:`Action group:` |antsibull-internal-nbsp|:ansible-attribute-support-full:`middleware\_automation.keycloak.keycloak`
:ansible-option-versionadded:`added in middleware\_automation.keycloak 3.0.0`
.. raw:: html
- .. raw:: html
Use :literal:`group/middleware\_automation.keycloak.keycloak` in :literal:`module\_defaults` to set defaults for this module.
.. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_clientsecret_info_module__attribute-check_mode:
.. rst-class:: ansible-option-title
**check_mode**
.. raw:: html
.. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ `\ :ansible-attribute-support-full:`full`
This action does not modify state.
.. raw:: html
- .. raw:: html
Can run in :literal:`check\_mode` and return changed status prediction without modifying target.
.. raw:: html
* - .. raw:: html
.. _ansible_collections.middleware_automation.keycloak.keycloak_clientsecret_info_module__attribute-diff_mode:
.. rst-class:: ansible-option-title
**diff_mode**
.. raw:: html
.. raw:: html
- .. raw:: html
:ansible-attribute-support-label:`Support: \ ` \ :ansible-attribute-support-na:`N/A`
This action does not modify state.
.. raw:: html
- .. raw:: html
Will return details on what has changed (or possibly needs changing in :literal:`check\_mode`\ ), when in diff mode.
.. raw:: html
.. Notes
.. Seealso
.. Examples
Examples
--------
.. code-block:: yaml+jinja
- name: Get a Keycloak client secret, authentication with credentials
middleware_automation.keycloak.keycloak_clientsecret_info:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
no_log: true
- name: Get a new Keycloak client secret, authentication with token
middleware_automation.keycloak.keycloak_clientsecret_info:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
token: TOKEN
delegate_to: localhost
no_log: true
- name: Get a new Keycloak client secret, passing client_id instead of id
middleware_automation.keycloak.keycloak_clientsecret_info:
client_id: 'myClientId'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
token: TOKEN
delegate_to: localhost
no_log: true
- name: Get a new Keycloak client secret, authentication with auth_client_id and auth_client_secret
middleware_automation.keycloak.keycloak_clientsecret_info:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
realm: MyCustomRealm
auth_client_id: admin-cli
auth_client_secret: SECRET
auth_keycloak_url: https://auth.example.com
delegate_to: localhost
no_log: true
.. Facts
.. Return values
Return Values
-------------
Common return values are documented :ref:`here `, the following are the fields unique to this module:
.. raw:: html
Key |
Description |
clientsecret_info
complex
|
Representation of the client secret.
Returned: on success
|
|
Credential type.
Returned: always
Sample: "secret"
|
|
Client secret.
Returned: always
Sample: "cUGnX1EIeTtPPAkcyGMv0ncyqDPu68P1"
|
|
Textual description of whether we succeeded or failed.
Returned: always
|
.. Status (Presently only deprecated)
.. Authors
Authors
~~~~~~~
- Fynn Chen (@fynncfchen)
- John Cant (@johncant)
.. Extra links
.. Parsing errors