community.general.keycloak_realm – Allows administration of Keycloak realm via Keycloak API
Note
This plugin is part of the community.general collection (version 3.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.keycloak_realm
.
New in version 3.0.0: of community.general
Synopsis
This module allows the administration of Keycloak realm via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/8.0/rest-api/index.html. Aliases are provided so camelCased versions can be used as well.
The Keycloak API does not always sanity check inputs e.g. you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.
Parameters
Parameter |
Comments |
---|---|
The realm access code lifespan. |
|
The realm access code lifespan login. |
|
The realm access code lifespan user action. |
|
The realm access token lifespan. |
|
The realm access token lifespan for implicit flow. |
|
The realm account theme. |
|
The realm action token generated by admin lifespan. |
|
The realm action token generated by user lifespan. |
|
The realm admin events details enabled. Choices:
|
|
The realm admin events enabled. Choices:
|
|
The realm admin theme. |
|
The realm attributes. |
|
OpenID Connect client_id to authenticate to the API with. Default: “admin-cli” |
|
Client Secret to use in conjunction with auth_client_id (if required). |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
The realm browser flow. |
|
The realm browser security headers. |
|
The realm brute force protected. Choices:
|
|
The realm client authentication flow. |
|
The realm client scope mappings. |
|
The realm default default client scopes. |
|
The realm default groups. |
|
The realm default locale. |
|
The realm default optional client scopes. |
|
The realm default roles. |
|
The realm default signature algorithm. |
|
The realm direct grant flow. |
|
The realm display name. |
|
The realm display name HTML. |
|
The realm docker authentication flow. |
|
The realm duplicate emails allowed option. Choices:
|
|
The realm edit username allowed option. Choices:
|
|
The realm email theme. |
|
The realm enabled option. Choices:
|
|
The realm enabled event types. |
|
Enables or disables login events for this realm. Choices:
|
|
The realm events expiration. |
|
The realm events listeners. |
|
The realm failure factor. |
|
The realm to create. |
|
The realm internationalization enabled option. Choices:
|
|
The realm login theme. |
|
The realm login with email allowed option. Choices:
|
|
The realm max delta time in seconds. |
|
The realm max failure wait in seconds. |
|
The realm minimum quick login wait in seconds. |
|
The realm not before. |
|
The realm offline session idle timeout. |
|
The realm offline session max lifespan. |
|
The realm offline session max lifespan enabled option. Choices:
|
|
The realm otp policy algorithm. |
|
The realm otp policy digits. |
|
The realm otp policy initial counter. |
|
The realm otp policy look ahead window. |
|
The realm otp policy period. |
|
The realm otp policy type. |
|
The realm otp supported applications. |
|
The realm password policy. |
|
The realm permanent lockout. Choices:
|
|
The realm quick login check in milliseconds. |
|
The realm name. |
|
The realm refresh token max reuse. |
|
The realm registration allowed option. Choices:
|
|
The realm registration email as username option. Choices:
|
|
The realm registration flow. |
|
The realm remember me option. Choices:
|
|
The realm reset credentials flow. |
|
The realm reset password allowed option. Choices:
|
|
The realm revoke refresh token option. Choices:
|
|
The realm smtp server. |
|
The realm ssl required option. Choices:
|
|
The realm sso session idle timeout. |
|
The realm sso session idle timeout remember me. |
|
The realm sso session max lifespan. |
|
The realm sso session max lifespan remember me. |
|
State of the realm. On On Choices:
|
|
The realm supported locales. |
|
Authentication token for Keycloak API. |
|
The realm user managed access allowed option. Choices:
|
|
Verify TLS certificates (do not disable this in production). Choices:
|
|
The realm verify email option. Choices:
|
|
The realm wait increment in seconds. |
Examples
- name: Create or update Keycloak realm (minimal example)
community.general.keycloak_realm:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
id: realm
state: present
- name: Delete a Keycloak realm
community.general.keycloak_realm:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
id: test
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
realm representation of realm after module execution (sample is truncated) Returned: always Sample: {“adminUrl”: “http://www.example.com/admin_url”, “attributes”: {“request.object.signature.alg”: “RS256”}} |
|
realm representation of existing realm (sample is truncated) Returned: always Sample: {“adminUrl”: “http://www.example.com/admin_url”, “attributes”: {“request.object.signature.alg”: “RS256”}} |
|
Message as to what action was taken Returned: always Sample: “Realm testrealm has been updated” |
|
realm representation of proposed changes to realm Returned: always Sample: {“id”: “test”} |
Authors
Christophe Gilles (@kris2kris)