community.general.keycloak_authz_authorization_scope module – Allows administration of Keycloak client authorization scopes via Keycloak API
Note
This module is part of the community.general collection (version 8.6.0).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.keycloak_authz_authorization_scope.
New in community.general 6.6.0
Synopsis
This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST API. Authorization Scopes are only available if a client has Authorization enabled.
This module requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/
Parameters
Parameter |
Comments |
|---|---|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
The This is usually a human-readable name of the Keycloak client. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
The display name of the authorization scope. |
|
Configures the HTTP User-Agent header. Default: |
|
The icon URI for the authorization scope. |
|
Name of the authorization scope to create. |
|
The name of the Keycloak realm the Keycloak client is in. |
|
State of the authorization scope. On On Choices:
|
|
Authentication token for Keycloak API. |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in |
|
Support: full |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Manage Keycloak file:delete authorization scope
keycloak_authz_authorization_scope:
name: file:delete
state: present
display_name: File delete
client_id: myclient
realm: myrealm
auth_keycloak_url: http://localhost:8080/auth
auth_username: keycloak
auth_password: keycloak
auth_realm: master
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Representation of the authorization scope after module execution. Returned: on success |
|
Icon URI for the authorization scope. Returned: when Sample: |
|
ID of the authorization scope. Returned: when Sample: |
|
Message as to what action was taken. Returned: always |
Authors
Samuli Seppänen (@mattock)