community.general.keycloak_component module – Allows administration of Keycloak components via Keycloak API
Note
This module is part of the community.general collection (version 10.0.1).
You might already have this collection installed if you are using the ansible package.
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.keycloak_component.
New in community.general 10.0.0
Synopsis
This module allows the administration of Keycloak components via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation,
admin-cliand anadminuser would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/latest/rest-api/index.html. Aliases are provided so camelCased versions can be used as well.
Parameters
Parameter |
Comments |
|---|---|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
Configuration properties for the provider. Contents vary depending on the provider type. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
Configures the HTTP User-Agent header. Default: |
|
Name of the component to create. |
|
The parent_id of the component. In practice the ID (name) of the realm. |
|
The name of the “provider ID” for the key. |
|
The name of the “provider type” for the key. That is, See https://www.keycloak.org/docs/latest/server_development/index.html#_providers. |
|
State of the Keycloak component. On On Choices:
|
|
Authentication token for Keycloak API. |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in |
|
Support: full |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Manage Keycloak User Storage Provider
community.general.keycloak_component:
auth_keycloak_url: http://localhost:8080/auth
auth_username: keycloak
auth_password: keycloak
auth_realm: master
name: my storage provider
state: present
parent_id: some_realm
provider_id: my storage
provider_type: "org.keycloak.storage.UserStorageProvider"
config:
myCustomKey: "my_custom_key"
cachePolicy: "NO_CACHE"
enabled: true
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Representation of the keycloak_component after module execution. Returned: on success |
|
component configuration. Returned: success |
|
The type of provider. Returned: when |