community.general.keycloak_user_execute_actions_email module – Send a Keycloak execute-actions email to a user
Note
This module is part of the community.general collection (version 12.0.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.keycloak_user_execute_actions_email.
New in community.general 12.0.0
Synopsis
Triggers the Keycloak endpoint
execute-actions-emailfor a user. This sends an email with one or more required actions the user must complete (for example resetting the password).If no
actionslist is provided, the default actionUPDATE_PASSWORDis used.You must supply either the user’s
idorusername. Supplying onlyusernamecauses an extra lookup call.This module always reports
changed=truebecause sending an email is a side effect and cannot be made idempotent.
Parameters
Parameter |
Comments |
|---|---|
List of required actions to include in the email. Default: |
|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
Optional client ID used for the redirect link. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
Configures the HTTP User-Agent header. Default: |
|
The unique ID (UUID) of the user. Mutually exclusive with |
|
Optional lifespan (in seconds) for the action token (supported on newer Keycloak versions). Forwarded as query parameter if provided. |
|
The Keycloak realm where the user resides. Default: |
|
Optional redirect URI. Must be valid for the given client if |
|
Authentication refresh token for Keycloak API. |
|
Authentication token for Keycloak API. |
|
Username of the user. Mutually exclusive with |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Action group: community.general.keycloak |
Use |
|
Support: full |
Can run in |
|
Support: none |
Returns details on what has changed (or possibly needs changing in |
Examples
- name: Password reset email (default action) with 1h lifespan
community.general.keycloak_user_execute_actions_email:
username: johndoe
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: ADMIN
auth_password: SECRET
lifespan: 3600
delegate_to: localhost
- name: Multiple required actions using token auth
community.general.keycloak_user_execute_actions_email:
username: johndoe
actions:
- UPDATE_PASSWORD
- VERIFY_EMAIL
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
token: TOKEN
delegate_to: localhost
- name: Email by user id with redirect
community.general.keycloak_user_execute_actions_email:
id: 9d59aa76-2755-48c6-b1af-beb70a82c3cd
client_id: my-frontend
redirect_uri: https://app.example.com/post-actions
actions:
- UPDATE_PASSWORD
realm: MyRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: ADMIN
auth_password: SECRET
delegate_to: localhost
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
List of actions included in the email. Returned: success |
|
The user ID the email was (or would be, in check mode) sent to. Returned: success |