keycloak_user_execute_actions_email – Send a Keycloak execute-actions email to a user
Note
This module is part of the middleware_automation.keycloak collection.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install middleware_automation.keycloak.
To use it in a playbook, specify: middleware_automation.keycloak.keycloak_user_execute_actions_email.
New in middleware_automation.keycloak 3.0.0
Synopsis
Triggers the Keycloak endpoint
execute-actions-emailfor a user. This sends an email with one or more required actions the user must complete (for example resetting the password).If no
actionslist is provided, the default actionUPDATE_PASSWORDis used.You must supply either the user’s
idorusername. Supplying onlyusernamecauses an extra lookup call.This module always reports
changed=truebecause sending an email is a side effect and cannot be made idempotent.
Parameters
Parameter |
Comments |
|---|---|
List of required actions to include in the email. Default: |
|
OpenID Connect client_id to authenticate to the API with. Default: |
|
Client Secret to use in conjunction with auth_client_id (if required). |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
Optional client ID used for the redirect link. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
Configures the HTTP User-Agent header. Default: |
|
The unique ID (UUID) of the user. Mutually exclusive with |
|
Optional lifespan (in seconds) for the action token (supported on newer Keycloak versions). Forwarded as query parameter if provided. |
|
The Keycloak realm where the user resides. Default: |
|
Optional redirect URI. Must be valid for the given client if |
|
Authentication refresh token for Keycloak API. |
|
Authentication token for Keycloak API. |
|
Username of the user. Mutually exclusive with |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Action group: middleware_automation.keycloak.keycloak |
Use |
|
Support: full |
Can run in |
|
Support: none |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Password reset email (default action) with 1h lifespan
middleware_automation.keycloak.keycloak_user_execute_actions_email:
username: johndoe
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
auth_realm: master
auth_username: ADMIN
auth_password: SECRET
lifespan: 3600
delegate_to: localhost
- name: Multiple required actions using token auth
middleware_automation.keycloak.keycloak_user_execute_actions_email:
username: johndoe
actions:
- UPDATE_PASSWORD
- VERIFY_EMAIL
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
token: TOKEN
delegate_to: localhost
- name: Email by user id with redirect
middleware_automation.keycloak.keycloak_user_execute_actions_email:
id: 9d59aa76-2755-48c6-b1af-beb70a82c3cd
client_id: my-frontend
redirect_uri: https://app.example.com/post-actions
actions:
- UPDATE_PASSWORD
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com
auth_realm: master
auth_username: ADMIN
auth_password: SECRET
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
List of actions included in the email. Returned: success |
|
The user ID the email was (or would be, in check mode) sent to. Returned: success |