community.general.keycloak_realm – Allows administration of Keycloak realm via Keycloak API
This plugin is part of the community.general collection (version 4.2.0).
You might already have this collection installed if you are using the
It is not included in
To check whether it is installed, run
ansible-galaxy collection list.
To install it, use:
ansible-galaxy collection install community.general.
To use it in a playbook, specify:
New in version 3.0.0: of community.general
This module allows the administration of Keycloak realm via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/8.0/rest-api/index.html. Aliases are provided so camelCased versions can be used as well.
The Keycloak API does not always sanity check inputs e.g. you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.
- name: Create or update Keycloak realm (minimal example) community.general.keycloak_realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD id: realm state: present - name: Delete a Keycloak realm community.general.keycloak_realm: auth_client_id: admin-cli auth_keycloak_url: https://auth.example.com/auth auth_realm: master auth_username: USERNAME auth_password: PASSWORD id: test state: absent
Common return values are documented here, the following are the fields unique to this module: