community.general.keycloak_user module – Create and configure a user in Keycloak
Note
This module is part of the community.general collection (version 8.6.8).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.keycloak_user
.
New in community.general 7.1.0
Synopsis
This module creates, removes, or updates Keycloak users.
Parameters
Parameter |
Comments |
---|---|
list user access. |
|
List of user attributes. |
|
Name of the attribute. |
|
Control whether the attribute must exists or not. Choices:
|
|
Values for the attribute as list. |
|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
Client Authenticator Type. Default: |
|
Client ID of the client role. Not the technical ID of the client. |
|
List of client roles to assign to the user. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
User credentials. Default: |
|
If Choices:
|
|
Credential type. |
|
Value of the credential. |
|
list user Credential Type. Default: |
|
User email. |
|
Check the validity of user email. Choices:
|
|
Enabled user. Choices:
|
|
List of IDPs of user. Default: |
|
Federation Link. |
|
The user’s first name. |
|
If Choices:
|
|
List of groups for the user. Default: |
|
Name of the group. |
|
Control whether the user must be member of this group or not. Choices:
|
|
Configures the HTTP User-Agent header. Default: |
|
ID of the user on the Keycloak server if known. |
|
The user’s last name. |
|
user origin. |
|
The name of the realm in which is the client. Default: |
|
RequiredActions user Auth. Default: |
|
user self administration. |
|
Description of the client Application. |
|
Control whether the user should exists or not. Choices:
|
|
Authentication token for Keycloak API. |
|
Username for the user. |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
---|---|---|
Support: full |
Can run in |
|
Support: full |
Will return details on what has changed (or possibly needs changing in |
Notes
Note
The module does not modify the user ID of an existing user.
Examples
- name: Create a user user1
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
- name: Re-create a User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
- name: Re-create a User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
firstName: user1
lastName: user1
email: user1
enabled: true
emailVerified: false
credentials:
- type: password
value: password
temporary: false
attributes:
- name: attr1
values:
- value1
state: present
- name: attr2
values:
- value2
state: absent
groups:
- name: group1
state: present
state: present
force: true
- name: Remove User
community.general.keycloak_user:
auth_keycloak_url: http://localhost:8080/auth
auth_username: admin
auth_password: password
realm: master
username: user1
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
Return Returned: always |
|
Representation of the user after module execution Returned: on success |
|
Representation of the existing user. Returned: on success |
|
Message as to what action was taken. Returned: always Sample: |
|
Representation of the proposed user. Returned: on success |