keycloak_realm_keys_metadata_info – Allows obtaining Keycloak realm keys metadata using Keycloak API

Note

This module is part of the middleware_automation.keycloak collection.

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install middleware_automation.keycloak.

To use it in a playbook, specify: middleware_automation.keycloak.keycloak_realm_keys_metadata_info.

New in middleware_automation.keycloak 3.0.0

Synopsis

Parameters

Parameter

Comments

auth_client_id

string

OpenID Connect client_id to authenticate to the API with.

Default: "admin-cli"

auth_client_secret

string

Client Secret to use in conjunction with auth_client_id (if required).

auth_keycloak_url

aliases: url

string / required

URL to the Keycloak instance.

auth_password

aliases: password

string

Password to authenticate for API access with.

auth_realm

string

Keycloak realm name to authenticate to for API access.

auth_username

aliases: username

string

Username to authenticate for API access with.

connection_timeout

integer

Controls the HTTP connections timeout period (in seconds) to Keycloak API.

Default: 10

http_agent

string

Configures the HTTP User-Agent header.

Default: "Ansible"

realm

string

They Keycloak realm to fetch keys metadata.

Default: "master"

refresh_token

string

Authentication refresh token for Keycloak API.

token

string

Authentication token for Keycloak API.

validate_certs

boolean

Verify TLS certificates (do not disable this in production).

Choices:

  • false

  • true ← (default)

Attributes

Attribute

Support

Description

action_group

Action group: middleware_automation.keycloak.keycloak

added in middleware_automation.keycloak 3.0.0

Use group/middleware_automation.keycloak.keycloak in module_defaults to set defaults for this module.

check_mode

Support: full

This action does not modify state.

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: N/A

This action does not modify state.

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Fetch Keys metadata
  middleware_automation.keycloak.keycloak_realm_keys_metadata_info:
    auth_keycloak_url: https://auth.example.com
    auth_realm: master
    auth_username: USERNAME
    auth_password: PASSWORD
    realm: MyCustomRealm
  delegate_to: localhost
  register: keycloak_keys_metadata

- name: Write the Keycloak keys certificate into a file
  ansible.builtin.copy:
    dest: /tmp/keycloak.cert
    content: |
      {{ keys_metadata['keycloak_keys_metadata']['keys']
      | selectattr('algorithm', 'equalto', 'RS256')
      | map(attribute='certificate')
      | first
      }}
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

keys_metadata

dictionary

Representation of the realm keys metadata (see https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation).

Returned: always

active

dictionary

A mapping (that is, a dict) from key algorithms to UUIDs.

Returned: always

keys

list / elements=dictionary

A list of dicts providing detailed information on the keys.

Returned: always

msg

string

Message as to what action was taken.

Returned: always

Authors

  • Thomas Bach (@thomasbach-dev)