community.general.keycloak_authz_authorization_scope module – Allows administration of Keycloak client authorization scopes via Keycloak API
Note
This module is part of the community.general collection (version 9.4.0).
It is not included in ansible-core.
To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install community.general.
To use it in a playbook, specify: community.general.keycloak_authz_authorization_scope.
New in community.general 6.6.0
Synopsis
This module allows the administration of Keycloak client Authorization Scopes via the Keycloak REST API. Authorization Scopes are only available if a client has Authorization enabled.
This module requires access to the REST API via OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
The names of module options are snake_cased versions of the camelCase options used by Keycloak. The Authorization Services paths and payloads have not officially been documented by the Keycloak project. https://www.puppeteers.net/blog/keycloak-authorization-services-rest-api-paths-and-payload/
Parameters
Parameter |
Comments |
|---|---|
OpenID Connect Default: |
|
Client Secret to use in conjunction with |
|
URL to the Keycloak instance. |
|
Password to authenticate for API access with. |
|
Keycloak realm name to authenticate to for API access. |
|
Username to authenticate for API access with. |
|
The This is usually a human-readable name of the Keycloak client. |
|
Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: |
|
The display name of the authorization scope. |
|
Configures the HTTP User-Agent header. Default: |
|
The icon URI for the authorization scope. |
|
Name of the authorization scope to create. |
|
The name of the Keycloak realm the Keycloak client is in. |
|
State of the authorization scope. On On Choices:
|
|
Authentication token for Keycloak API. |
|
Verify TLS certificates (do not disable this in production). Choices:
|
Attributes
Attribute |
Support |
Description |
|---|---|---|
Support: full |
Can run in |
|
Support: full |
Will return details on what has changed (or possibly needs changing in |
Examples
- name: Manage Keycloak file:delete authorization scope
keycloak_authz_authorization_scope:
name: file:delete
state: present
display_name: File delete
client_id: myclient
realm: myrealm
auth_keycloak_url: http://localhost:8080/auth
auth_username: keycloak
auth_password: keycloak
auth_realm: master
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
|---|---|
Representation of the authorization scope after module execution. Returned: on success |
|
Icon URI for the authorization scope. Returned: when Sample: |
|
ID of the authorization scope. Returned: when Sample: |
|
Message as to what action was taken. Returned: always |
Authors
Samuli Seppänen (@mattock)