community.general.keycloak_realm_keys_metadata_info module – Allows obtaining Keycloak realm keys metadata via Keycloak API

Note

This module is part of the community.general collection (version 9.4.0).

It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.keycloak_realm_keys_metadata_info.

New in community.general 9.3.0

Synopsis

• This module allows you to get Keycloak realm keys metadata via the Keycloak REST API.

• The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/latest/rest-api/index.html.

Parameters

Parameter	Comments
auth_client_id string	OpenID Connect client_id to authenticate to the API with. Default: "admin-cli"
auth_client_secret string	Client Secret to use in conjunction with auth_client_id (if required).
auth_keycloak_url aliases: url string / required	URL to the Keycloak instance.
auth_password aliases: password string	Password to authenticate for API access with.
auth_realm string	Keycloak realm name to authenticate to for API access.
auth_username aliases: username string	Username to authenticate for API access with.
connection_timeout integer added in community.general 4.5.0	Controls the HTTP connections timeout period (in seconds) to Keycloak API. Default: 10
http_agent string added in community.general 5.4.0	Configures the HTTP User-Agent header. Default: "Ansible"
realm string	They Keycloak realm to fetch keys metadata. Default: "master"
token string added in community.general 3.0.0	Authentication token for Keycloak API.
validate_certs boolean	Verify TLS certificates (do not disable this in production). Choices: false true ← (default)

Attributes

Attribute	Support	Description
check_mode	Support: full This action does not modify state.	Can run in check_mode and return changed status prediction without modifying target.
diff_mode	Support: N/A This action does not modify state.	Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Fetch Keys metadata
  community.general.keycloak_realm_keys_metadata_info:
    auth_keycloak_url: https://auth.example.com/auth
    auth_realm: master
    auth_username: USERNAME
    auth_password: PASSWORD
    realm: MyCustomRealm
  delegate_to: localhost
  register: keycloak_keys_metadata

- name: Write the Keycloak keys certificate into a file
  ansible.builtin.copy:
    dest: /tmp/keycloak.cert
    content: |
      {{ keys_metadata['keycloak_keys_metadata']['keys']
      | selectattr('algorithm', 'equalto', 'RS256')
      | map(attribute='certificate')
      | first
      }}
  delegate_to: localhost

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key	Description
keys_metadata dictionary	Representation of the realm keys metadata (see https://www.keycloak.org/docs-api/latest/rest-api/index.html#KeysMetadataRepresentation). Returned: always
active dictionary	A mapping (that is, a dict) from key algorithms to UUIDs. Returned: always
keys list / elements=dictionary	A list of dicts providing detailed information on the keys. Returned: always
msg string	Message as to what action was taken. Returned: always

Authors

• Thomas Bach (@thomasbach-dev)

Collection links

• Issue Tracker
• Repository (Sources)
• Ask for help
• Submit a bug report
• Request a feature
• Communication