ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-26 14:41:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

doc style adjustments: modules [jk]* (#10420)
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
Details
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
Details
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
Details
nox / Run extra sanity tests (push) Waiting to run
Details

Browse source 
* doc style adjustments: modules j*

* doc style adjustments: modules k*

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update plugins/modules/keycloak_realm_key.py

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Alexei Znamensky 2025-07-18 11:22:59 +12:00 committed by GitHub
commit 14f13daa99
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
37 changed files with 311 additions and 217 deletions
Download patch file Download diff file Expand all files Collapse all files

6
plugins/modules/java_cert.py
View file

@ -32,7 +32,7 @@ options:
cert_port:
description:
- Port to connect to URL.
- This will be used to create server URL:PORT.
- This is used to create server URL:PORT.
type: int
default: 443
cert_path:
@ -98,8 +98,8 @@ options:
state:
description:
- Defines action which can be either certificate import or removal.
- When state is present, the certificate will always idempotently be inserted into the keystore, even if there already
exists a cert alias that is different.
- When O(state=present), the certificate is always inserted into the keystore, even if there already exists a cert alias
that is different.
type: str
choices: [absent, present]
default: present

8
plugins/modules/java_keystore.py
View file

@ -24,8 +24,8 @@ options:
name:
description:
- Name of the certificate in the keystore.
- If the provided name does not exist in the keystore, the module will re-create the keystore. This behavior changed
in community.general 3.0.0, before that the module would fail when the name did not match.
- If the provided name does not exist in the keystore, the module re-creates the keystore. This behavior changed in
community.general 3.0.0, before that the module would fail when the name did not match.
type: str
required: true
certificate:
@ -62,7 +62,7 @@ options:
password:
description:
- Password that should be used to secure the keystore.
- If the provided password fails to unlock the keystore, the module will re-create the keystore with the new passphrase.
- If the provided password fails to unlock the keystore, the module re-creates the keystore with the new passphrase.
This behavior changed in community.general 3.0.0, before that the module would fail when the password did not match.
type: str
required: true
@ -130,7 +130,7 @@ notes:
or with the P(ansible.builtin.file#lookup) lookup), while O(certificate_path) and O(private_key_path) require that the
files are available on the target host.
- By design, any change of a value of options O(keystore_type), O(name) or O(password), as well as changes of key or certificate
materials will cause the existing O(dest) to be overwritten.
materials causes the existing O(dest) to be overwritten.
"""
EXAMPLES = r"""

2
plugins/modules/jenkins_build_info.py
View file

@ -30,7 +30,7 @@ options:
build_number:
description:
- An integer which specifies a build of a job.
- If not specified the last build information will be returned.
- If not specified the last build information is returned.
type: int
password:
description:

10
plugins/modules/jenkins_credential.py
View file

@ -10,13 +10,13 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = r"""
---
module: jenkins_credential
short_description: Manage Jenkins credentials and domains via API
short_description: Manage Jenkins credentials and domains through API
version_added: 11.1.0
description:
- This module allows managing Jenkins credentials and domain scopes via the Jenkins HTTP API.
- Create, update, and delete different credential types such as C(username/password), C(secret text), C(SSH key), C(certificates), C(GitHub App), and domains.
- This module allows managing Jenkins credentials and domain scopes through the Jenkins HTTP API.
- Create, update, and delete different credential types such as C(username/password), C(secret text), C(SSH key), C(certificates),
C(GitHub App), and domains.
- For scoped domains (O(type=scope)), it supports restrictions based on V(hostname), V(hostname:port), V(path), and V(scheme).
requirements:
- urllib3 >= 1.26.0
@ -170,7 +170,7 @@ options:
inc_path:
description:
- List of URL paths to include when matching credentials to domains.
- "B(Matching is hierarchical): subpaths of excluded paths are also excluded, even if explicitly included."
- 'B(Matching is hierarchical): subpaths of excluded paths are also excluded, even if explicitly included.'
type: list
elements: str
exc_path:

4
plugins/modules/jenkins_job.py
View file

@ -76,8 +76,8 @@ options:
type: bool
default: true
description:
- If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally
controlled sites using self-signed certificates as it avoids verifying the source site.
- If set to V(false), the SSL certificates are not validated. This should only set to V(false) used on personally controlled
sites using self-signed certificates as it avoids verifying the source site.
- The C(python-jenkins) library only handles this by using the environment variable E(PYTHONHTTPSVERIFY).
version_added: 2.3.0
"""

2
plugins/modules/jenkins_job_info.py
View file

@ -53,7 +53,7 @@ options:
- User to authenticate with the Jenkins server.
validate_certs:
description:
- If set to V(false), the SSL certificates will not be validated.
- If set to V(false), the SSL certificates are not validated.
- This should only set to V(false) used on personally controlled sites using self-signed certificates.
default: true
type: bool

4
plugins/modules/jenkins_node.py
View file

@ -65,9 +65,9 @@ options:
offline_message:
description:
- Specifies the offline reason message to be set when configuring the Jenkins node state.
- If O(offline_message) is given and requested O(state) is not V(disabled), an error will be raised.
- If O(offline_message) is given and requested O(state) is not V(disabled), an error is raised.
- Internally O(offline_message) is set using the V(toggleOffline) API, so updating the message when the node is already
offline (current state V(disabled)) is not possible. In this case, a warning will be issued.
offline (current state V(disabled)) is not possible. In this case, a warning is issued.
type: str
version_added: 10.0.0
"""

6
plugins/modules/jenkins_plugin.py
View file

@ -51,7 +51,7 @@ options:
type: str
description:
- Desired plugin state.
- If set to V(latest), the check for new version will be performed every time. This is suitable to keep the plugin up-to-date.
- If set to V(latest), the check for new version is performed every time. This is suitable to keep the plugin up-to-date.
choices: [absent, present, pinned, unpinned, enabled, disabled, latest]
default: present
timeout:
@ -64,8 +64,8 @@ options:
description:
- Number of seconds after which a new copy of the C(update-center.json) file is downloaded. This is used to avoid the
need to download the plugin to calculate its checksum when O(state=latest) is specified.
- Set it to V(0) if no cache file should be used. In that case, the plugin file will always be downloaded to calculate
its checksum when O(state=latest) is specified.
- Set it to V(0) if no cache file should be used. In that case, the plugin file is always downloaded to calculate its
checksum when O(state=latest) is specified.
default: 86400
updates_url:
type: list

4
plugins/modules/jenkins_script.py
View file

@ -39,8 +39,8 @@ options:
default: http://localhost:8080
validate_certs:
description:
- If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally
controlled sites using self-signed certificates as it avoids verifying the source site.
- If set to V(false), the SSL certificates are not validated. This should only set to V(false) used on personally controlled
sites using self-signed certificates as it avoids verifying the source site.
type: bool
default: true
user:

17
plugins/modules/jira.py
View file

@ -117,14 +117,13 @@ options:
suboptions:
type:
description:
- Use type to specify which of the JIRA visibility restriction types will be used.
- Use O(comment_visibility.type) to specify which of the JIRA visibility restriction types is used.
type: str
required: true
choices: [group, role]
value:
description:
- Use value to specify value corresponding to the type of visibility restriction. For example name of the group
or role.
- Specify value corresponding to the type of visibility restriction. For example name of the group or role.
type: str
required: true
version_added: '3.2.0'
@ -165,12 +164,12 @@ options:
type: str
required: false
description:
- Set issue from which link will be created.
- Set issue from which link is created.
outwardissue:
type: str
required: false
description:
- Set issue to which link will be created.
- Set issue to which link is created.
fields:
type: dict
required: false
@ -192,7 +191,7 @@ options:
maxresults:
required: false
description:
- Limit the result of O(operation=search). If no value is specified, the default jira limit will be used.
- Limit the result of O(operation=search). If no value is specified, the default JIRA limit is used.
- Used when O(operation=search) only, ignored otherwise.
type: int
version_added: '0.2.0'
@ -226,12 +225,12 @@ options:
content:
type: str
description:
- The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) will
be used instead.
- The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) is
used instead.
mimetype:
type: str
description:
- The MIME type to supply for the upload. If not specified, best-effort detection will be done.
- The MIME type to supply for the upload. If not specified, best-effort detection is performed.
notes:
- Currently this only works with basic-auth, or tokens.
- To use with JIRA Cloud, pass the login e-mail as the O(username) and the API token as O(password).

4
plugins/modules/kdeconfig.py
View file

@ -17,12 +17,12 @@ description:
options:
path:
description:
- Path to the config file. If the file does not exist it will be created.
- Path to the config file. If the file does not exist it is created.
type: path
required: true
kwriteconfig_path:
description:
- Path to the kwriteconfig executable. If not specified, Ansible will try to discover it.
- Path to the kwriteconfig executable. If not specified, Ansible tries to discover it.
type: path
values:
description:

4
plugins/modules/keycloak_authentication_required_actions.py
View file

@ -49,7 +49,7 @@ options:
type: dict
defaultAction:
description:
- Indicates, if any new user will have the required action assigned to it.
- Indicates whether new users have the required action assigned to them.
type: bool
enabled:
description:
@ -149,7 +149,7 @@ end_state:
type: dict
defaultAction:
description:
- Indicates, if any new user will have the required action assigned to it.
- Indicates whether new users have the required action assigned to them.
sample: false
type: bool
enabled:

4
plugins/modules/keycloak_authz_authorization_scope.py
View file

@ -37,8 +37,8 @@ options:
state:
description:
- State of the authorization scope.
- On V(present), the authorization scope will be created (or updated if it exists already).
- On V(absent), the authorization scope will be removed if it exists.
- On V(present), the authorization scope is created (or updated if it exists already).
- On V(absent), the authorization scope is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

4
plugins/modules/keycloak_authz_custom_policy.py
View file

@ -38,8 +38,8 @@ options:
state:
description:
- State of the custom policy.
- On V(present), the custom policy will be created (or updated if it exists already).
- On V(absent), the custom policy will be removed if it exists.
- On V(present), the custom policy is created (or updated if it exists already).
- On V(absent), the custom policy is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

4
plugins/modules/keycloak_authz_permission.py
View file

@ -43,8 +43,8 @@ options:
state:
description:
- State of the authorization permission.
- On V(present), the authorization permission will be created (or updated if it exists already).
- On V(absent), the authorization permission will be removed if it exists.
- On V(present), the authorization permission is created (or updated if it exists already).
- On V(absent), the authorization permission is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

38
plugins/modules/keycloak_client.py
View file

@ -37,8 +37,8 @@ options:
state:
description:
- State of the client.
- On V(present), the client will be created (or updated if it exists already).
- On V(absent), the client will be removed if it exists.
- On V(present), the client are created (or updated if it exists already).
- On V(absent), the client are removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -116,8 +116,8 @@ options:
secret:
description:
- When using O(client_authenticator_type=client-secret) (the default), you can specify a secret here (otherwise one
will be generated if it does not exit). If changing this secret, the module will not register a change currently (but
the changed secret will be saved).
is generated if it does not exit). If changing this secret, the module does not register a change currently (but the
changed secret is saved).
type: str
registration_access_token:
@ -130,8 +130,8 @@ options:
default_roles:
description:
- List of default roles for this client. If the client roles referenced do not exist yet, they will be created. This
is C(defaultRoles) in the Keycloak REST API.
- List of default roles for this client. If the client roles referenced do not exist yet, they are created. This is
C(defaultRoles) in the Keycloak REST API.
aliases:
- defaultRoles
type: list
@ -232,7 +232,7 @@ options:
protocol:
description:
- Type of client.
- At creation only, default value will be V(openid-connect) if O(protocol) is omitted.
- At creation only, default value is V(openid-connect) if O(protocol) is omitted.
- The V(docker-v2) value was added in community.general 8.6.0.
type: str
choices: ['openid-connect', 'saml', 'docker-v2']
@ -261,7 +261,7 @@ options:
client_template:
description:
- Client template to use for this client. If it does not exist this field will silently be dropped. This is C(clientTemplate)
- Client template to use for this client. If it does not exist this field is silently dropped. This is C(clientTemplate)
in the Keycloak REST API.
type: str
aliases:
@ -454,7 +454,7 @@ options:
- A dict of further attributes for this client. This can contain various configuration settings; an example is given
in the examples section. While an exhaustive list of permissible options is not available; possible options as of
Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol
used; if specified anyway, Keycloak will simply not use it.
used; if specified anyway, Keycloak does not use it.
type: dict
suboptions:
saml.authnstatement:
@ -532,7 +532,7 @@ options:
- For OpenID-Connect clients, client certificate for validating JWT issued by client and signed by its key, base64-encoded.
x509.subjectdn:
description:
- For OpenID-Connect clients, subject which will be used to authenticate the client.
- For OpenID-Connect clients, subject which is used to authenticate the client.
type: str
version_added: 9.5.0
@ -704,19 +704,31 @@ proposed:
description: Representation of proposed client.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description: Representation of existing client (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of client after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

42
plugins/modules/keycloak_client_rolemapping.py
View file

@ -22,9 +22,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
to translate the name into the role ID.
attributes:
@ -39,9 +39,9 @@ options:
state:
description:
- State of the client_rolemapping.
- On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you
provide.
- On V(absent), the client_rolemapping will be removed if it exists.
- On V(present), the client_rolemapping is created if it does not yet exist, or updated with the parameters
you provide.
- On V(absent), the client_rolemapping is removed if it exists.
default: 'present'
type: str
choices:
@ -87,8 +87,8 @@ options:
type: str
description:
- ID of the group to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
client_id:
type: str
description:
@ -98,8 +98,8 @@ options:
type: str
description:
- ID of the client to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the group.
@ -115,8 +115,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -209,7 +209,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -217,7 +217,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -225,7 +231,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (

10
plugins/modules/keycloak_client_rolescope.py
View file

@ -22,9 +22,9 @@ description:
In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with
the scope tailored to your needs and a user having the expected roles.
- Client O(client_id) must have O(community.general.keycloak_client#module:full_scope_allowed) set to V(false).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
attributes:
check_mode:
support: full
@ -37,8 +37,8 @@ options:
state:
description:
- State of the role mapping.
- On V(present), all roles in O(role_names) will be mapped if not exists yet.
- On V(absent), all roles mapping in O(role_names) will be removed if it exists.
- On V(present), all roles in O(role_names) are mapped if not exist yet.
- On V(absent), all roles mapping in O(role_names) are removed if it exists.
default: 'present'
type: str
choices:

32
plugins/modules/keycloak_clientscope.py
View file

@ -22,9 +22,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup to the API
to translate the name into the client_scope ID.
attributes:
@ -39,8 +39,8 @@ options:
state:
description:
- State of the client_scope.
- On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the client_scope will be removed if it exists.
- On V(present), the client_scope is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the client_scope is removed if it exists.
default: 'present'
type: str
choices:
@ -62,8 +62,8 @@ options:
type: str
description:
- The unique identifier for this client_scope.
- This parameter is not required for updating or deleting a client_scope but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting a client_scope but providing it reduces the number of API
calls required.
description:
type: str
description:
@ -263,19 +263,31 @@ proposed:
description: Representation of proposed client scope.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description: Representation of existing client scope (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of client scope after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

29
plugins/modules/keycloak_clientscope_type.py
View file

@ -99,20 +99,43 @@ proposed:
description: Representation of proposed client-scope types mapping.
returned: always
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": []
}
existing:
description:
- Representation of client scopes before module execution.
returned: always
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: ["phone"]}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": [
"phone"
]
}
end_state:
description:
- Representation of client scopes after module execution.
- The sample is truncated.
returned: on success
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": []
}
"""
from ansible.module_utils.basic import AnsibleModule

4
plugins/modules/keycloak_clientsecret_info.py
View file

@ -39,8 +39,8 @@ options:
id:
description:
- The unique identifier for this client.
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
API calls required.
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
calls required.
type: str
client_id:

4
plugins/modules/keycloak_clientsecret_regenerate.py
View file

@ -43,8 +43,8 @@ options:
id:
description:
- The unique identifier for this client.
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
API calls required.
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
calls required.
type: str
client_id:

9
plugins/modules/keycloak_clienttemplate.py
View file

@ -35,8 +35,8 @@ options:
state:
description:
- State of the client template.
- On V(present), the client template will be created (or updated if it exists already).
- On V(absent), the client template will be removed if it exists.
- On V(present), the client template is created (or updated if it exists already).
- On V(absent), the client template is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -238,10 +238,7 @@ proposed:
description: Representation of proposed client template.
returned: always
type: dict
sample:
{
"name": "test01"
}
sample: {"name": "test01"}
existing:
description: Representation of existing client template (sample is truncated).

4
plugins/modules/keycloak_component.py
View file

@ -35,8 +35,8 @@ options:
state:
description:
- State of the Keycloak component.
- On V(present), the component will be created (or updated if it exists already).
- On V(absent), the component will be removed if it exists.
- On V(present), the component is created (or updated if it exists already).
- On V(absent), the component is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

18
plugins/modules/keycloak_group.py
View file

@ -20,9 +20,9 @@ description:
scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a group, where possible provide the group ID to the module. This removes a lookup to the API to translate
the name into the group ID.
attributes:
@ -37,9 +37,9 @@ options:
state:
description:
- State of the group.
- On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the group will be removed if it exists. Be aware that absenting a group with subgroups will automatically
delete all its subgroups too.
- On V(present), the group is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the group is removed if it exists. Be aware that absenting a group with subgroups automatically deletes
all its subgroups too.
default: 'present'
type: str
choices:
@ -61,8 +61,7 @@ options:
type: str
description:
- The unique identifier for this group.
- This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls
required.
- This parameter is not required for updating or deleting a group but providing it reduces the number of API calls required.
attributes:
type: dict
description:
@ -282,8 +281,7 @@ end_state:
returned: always
sample: []
subGroups:
description: A list of groups that are children of this group. These groups will have the same parameters as documented
here.
description: A list of groups that are children of this group. These groups have the same parameters as documented here.
type: list
returned: always
clientRoles:

13
plugins/modules/keycloak_identity_provider.py
View file

@ -34,9 +34,8 @@ options:
state:
description:
- State of the identity provider.
- On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you
provide.
- On V(absent), the identity provider will be removed if it exists.
- On V(present), the identity provider is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the identity provider is removed if it exists.
default: 'present'
type: str
choices:
@ -148,14 +147,14 @@ options:
sync_mode:
description:
- Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers.
- Default sync mode for all mappers. The sync mode determines when user data is synced using the mappers.
aliases:
- syncMode
type: str
issuer:
description:
- The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
- The issuer identifier for the issuer of the response. If not provided, no validation is performed.
type: str
authorizationUrl:
@ -205,7 +204,7 @@ options:
useJwksUrl:
description:
- If the switch is on, identity provider public keys will be downloaded from given JWKS URL.
- If V(true), identity provider public keys are downloaded from given JWKS URL.
type: bool
jwksUrl:
@ -215,7 +214,7 @@ options:
entityId:
description:
- The Entity ID that will be used to uniquely identify this SAML Service Provider.
- The Entity ID that is used to uniquely identify this SAML Service Provider.
type: str
singleSignOnServiceUrl:

22
plugins/modules/keycloak_realm.py
View file

@ -39,8 +39,8 @@ options:
state:
description:
- State of the realm.
- On V(present), the realm will be created (or updated if it exists already).
- On V(absent), the realm will be removed if it exists.
- On V(present), the realm is created (or updated if it exists already).
- On V(absent), the realm is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -553,19 +553,31 @@ proposed:
description: Representation of proposed realm.
returned: always
type: dict
sample: {realm: "test"}
sample: {"realm": "test"}
existing:
description: Representation of existing realm (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of realm after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

6
plugins/modules/keycloak_realm_info.py
View file

@ -19,9 +19,9 @@ description:
- This module allows you to get Keycloak realm public information using the Keycloak REST API.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
extends_documentation_fragment:
- community.general.attributes
- community.general.attributes.info_module

32
plugins/modules/keycloak_realm_key.py
View file

@ -25,11 +25,9 @@ description:
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used
as well.
- This module is unable to detect changes to the actual cryptographic key after importing it. However, if some other property
is changed alongside the cryptographic key, then the key will also get changed as a side-effect, as the JSON payload needs
to include the private key. This can be considered either a bug or a feature, as the alternative would be to always update
the realm key whether it has changed or not.
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
state of the certificate to the desired state (which may be empty) is not possible.
is changed alongside the cryptographic key, then the key also changes as a side-effect, as the JSON payload needs to include
the private key. This can be considered either a bug or a feature, as the alternative would be to always update the realm
key whether it has changed or not.
attributes:
check_mode:
support: full
@ -42,8 +40,8 @@ options:
state:
description:
- State of the keycloak realm key.
- On V(present), the realm key will be created (or updated if it exists already).
- On V(absent), the realm key will be removed if it exists.
- On V(present), the realm key is created (or updated if it exists already).
- On V(absent), the realm key is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -119,10 +117,10 @@ options:
notes:
- Current value of the private key cannot be fetched from Keycloak. Therefore comparing its desired state to the current
state is not possible.
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
- If O(config.certificate) is not explicitly provided it is dynamically created by Keycloak. Therefore comparing the current
state of the certificate to the desired state (which may be empty) is not possible.
- Due to the private key and certificate options the module is B(not fully idempotent). You can use O(force=true) to force
the module to always update if you know that the private key might have changed.
the module to ensure updating if you know that the private key might have changed.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -208,7 +206,21 @@ end_state:
description: Realm key configuration.
type: dict
returned: when O(state=present)
sample: {"active": ["true"], "algorithm": ["RS256"], "enabled": ["true"], "priority": ["140"]}
sample:
{
"active": [
"true"
],
"algorithm": [
"RS256"
],
"enabled": [
"true"
],
"priority": [
"140"
]
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

37
plugins/modules/keycloak_realm_rolemapping.py
View file

@ -22,9 +22,9 @@ description:
definition with the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
to translate the name into the role ID.
attributes:
@ -39,9 +39,8 @@ options:
state:
description:
- State of the realm_rolemapping.
- On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you
provide.
- On C(absent), the realm_rolemapping will be removed if it exists.
- On C(present), the realm_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
- On C(absent), the realm_rolemapping is removed if it exists.
default: 'present'
type: str
choices:
@ -86,8 +85,8 @@ options:
type: str
description:
- ID of the group to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the group.
@ -103,8 +102,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -195,7 +194,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -203,7 +202,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -211,7 +216,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (

15
plugins/modules/keycloak_role.py
View file

@ -22,9 +22,9 @@ description:
scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
attributes:
check_mode:
support: full
@ -37,8 +37,8 @@ options:
state:
description:
- State of the role.
- On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the role will be removed if it exists.
- On V(present), the role is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the role is removed if it exists.
default: 'present'
type: str
choices:
@ -195,10 +195,7 @@ proposed:
description: Representation of proposed role.
returned: always
type: dict
sample:
{
"description": "My updated test description"
}
sample: {"description": "My updated test description"}
existing:
description: Representation of existing role.

6
plugins/modules/keycloak_user.py
View file

@ -101,9 +101,9 @@ options:
groups:
description:
- List of groups for the user.
Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering).
The path syntax allows you to reference subgroups, which is not possible otherwise.
This is possible since community.general 10.6.0.
- Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). The path syntax
allows you to reference subgroups, which is not possible otherwise.
- Using the path is possible since community.general 10.6.0.
type: list
elements: dict
default: []

54
plugins/modules/keycloak_user_federation.py
View file

@ -34,8 +34,8 @@ options:
state:
description:
- State of the user federation.
- On V(present), the user federation will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user federation will be removed if it exists.
- On V(present), the user federation is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user federation is removed if it exists.
default: 'present'
type: str
choices:
@ -50,7 +50,7 @@ options:
id:
description:
- The unique ID for this user federation. If left empty, the user federation will be searched by its O(name).
- The unique ID for this user federation. If left empty, the user federation is searched by its O(name).
type: str
name:
@ -76,7 +76,7 @@ options:
parent_id:
description:
- Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank.
- Unique ID for the parent of this user federation. Realm ID is automatically used if left blank.
aliases:
- parentId
type: str
@ -95,11 +95,11 @@ options:
value with the desired value always evaluates to not equal. This means the before and desired states are never equal
if the parameter is set.
- Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. Because of the
redacted value returned by Keycloak the module will always detect a change and make an update if a O(config.bindCredential)
redacted value returned by Keycloak the module always detects a change and make an update if a O(config.bindCredential)
value is set.
- Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the desired state.
The value of O(config.bindCredential) will only be updated if there are other changes to the user federation that
require an update.
The value of O(config.bindCredential) is only updated if there are other changes to the user federation that require
an update.
type: str
default: always
choices:
@ -129,14 +129,14 @@ options:
importEnabled:
description:
- If V(true), LDAP users will be imported into Keycloak DB and synced by the configured sync policies.
- If V(true), LDAP users are imported into Keycloak DB and synced by the configured sync policies.
default: true
type: bool
editMode:
description:
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP on demand. V(UNSYNCED)
means user data will be imported, but not synced back to LDAP.
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data is synced back to LDAP on demand. V(UNSYNCED) means
user data is imported, but not synced back to LDAP.
type: str
choices:
- READ_ONLY
@ -181,7 +181,7 @@ options:
userObjectClasses:
description:
- All values of LDAP objectClass attribute for users in LDAP divided by comma. For example V(inetOrgPerson, organizationalPerson).
Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records
Newly created Keycloak users are written to LDAP with all those object classes and existing LDAP user records
are found just if they contain all those object classes.
type: str
@ -222,7 +222,7 @@ options:
bindDn:
description:
- DN of LDAP user which will be used by Keycloak to access LDAP server.
- DN of LDAP user which is used by Keycloak to access LDAP server.
type: str
bindCredential:
@ -232,7 +232,7 @@ options:
startTls:
description:
- Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.
- Encrypts the connection to LDAP using STARTTLS, which disables connection pooling.
default: false
type: bool
@ -258,11 +258,11 @@ options:
useTruststoreSpi:
description:
- Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml.
V(always) means that it will always use it. V(never) means that it will not use it. V(ldapsOnly) means that it
will use if your connection URL use ldaps.
- Specifies whether LDAP connection uses the truststore SPI with the truststore configured in standalone.xml/domain.xml.
V(always) means that it always uses it. V(never) means that it does not use it. V(ldapsOnly) means that it uses
if your connection URL use ldaps.
- Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by
C(javax.net.ssl.trustStore) property will be used.
C(javax.net.ssl.trustStore) property is used.
default: ldapsOnly
type: str
choices:
@ -335,8 +335,8 @@ options:
allowKerberosAuthentication:
description:
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will
be provisioned from this LDAP server.
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users is
provisioned from this LDAP server.
default: false
type: bool
@ -348,9 +348,9 @@ options:
krbPrincipalAttribute:
description:
- Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based
on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it will assume that LDAP username is V(john).
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user is looked up based on
LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it assumes that LDAP username is V(john).
type: str
version_added: 8.1.0
@ -419,17 +419,17 @@ options:
evictionDay:
description:
- Day of the week the entry will become invalid on.
- Day of the week the entry is set to become invalid on.
type: str
evictionHour:
description:
- Hour of day the entry will become invalid on.
- Hour of day the entry is set to become invalid on.
type: str
evictionMinute:
description:
- Minute of day the entry will become invalid on.
- Minute of day the entry is set to become invalid on.
type: str
maxLifespan:
@ -461,12 +461,12 @@ options:
name:
description:
- Name of the mapper. If no ID is given, the mapper will be searched by name.
- Name of the mapper. If no ID is given, the mapper is searched by name.
type: str
parentId:
description:
- Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank.
- Unique ID for the parent of this mapper. ID of the user federation is automatically used if left blank.
type: str
providerId:

44
plugins/modules/keycloak_user_rolemapping.py
View file

@ -21,9 +21,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to
translate the name into the role ID.
attributes:
@ -38,8 +38,8 @@ options:
state:
description:
- State of the user_rolemapping.
- On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user_rolemapping will be removed if it exists.
- On V(present), the user_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user_rolemapping is removed if it exists.
default: 'present'
type: str
choices:
@ -61,14 +61,14 @@ options:
type: str
description:
- ID of the user to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
service_account_user_client_id:
type: str
description:
- Client ID of the service-account-user to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
client_id:
type: str
description:
@ -79,8 +79,8 @@ options:
type: str
description:
- ID of the client to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the user.
@ -96,8 +96,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -190,7 +190,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -198,7 +198,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -206,7 +212,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \

8
plugins/modules/keycloak_userprofile.py
View file

@ -33,9 +33,8 @@ options:
state:
description:
- State of the User Profile provider.
- On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters
you provide.
- On V(absent), the User Profile provider will be removed if it exists.
- On V(present), the User Profile provider is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the User Profile provider is removed if it exists.
default: 'present'
type: str
choices:
@ -171,7 +170,7 @@ options:
group:
description:
- Specifies the User Profile group where this attribute will be added.
- Specifies the User Profile group where this attribute is added.
type: str
permissions:
@ -406,7 +405,6 @@ data:
description: The data returned by the Keycloak API.
returned: when state is present
type: dict
sample: {'...': '...'}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

4
plugins/modules/kibana_plugin.py
View file

@ -59,11 +59,11 @@ options:
version:
description:
- Version of the plugin to be installed.
- If plugin exists with previous version, plugin will B(not) be updated unless O(force) is set to V(true).
- If the plugin is installed with in a previous version, it is B(not) updated unless O(force=true).
type: str
force:
description:
- Delete and re-install the plugin. Can be useful for plugins update.
- Delete and re-install the plugin. It can be useful for plugins update.
type: bool
default: false
allow_root:

14
plugins/modules/krb_ticket.py
View file

@ -30,7 +30,7 @@ options:
principal:
description:
- The principal name.
- If not set, the user running this module will be used.
- If not set, the user running this module is used.
type: str
state:
description:
@ -50,17 +50,17 @@ options:
- Use O(cache_name) as the ticket cache name and location.
- If this option is not used, the default cache name and location are used.
- The default credentials cache may vary between systems.
- If not set the the value of E(KRB5CCNAME) environment variable will be used instead, its value is used to name the
default ticket cache.
- If not set the the value of E(KRB5CCNAME) environment variable is used instead, its value is used to name the default
ticket cache.
type: str
lifetime:
description:
- Requests a ticket with the lifetime, if the O(lifetime) is not specified, the default ticket lifetime is used.
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) does not override the
configured maximum ticket lifetime.
- 'The value for O(lifetime) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h)
- hours, V(d) - days.'
- You cannot mix units; a value of V(3h30m) will result in an error.
- You cannot mix units; a value of V(3h30m) results in an error.
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
type: str
start_time:
@ -78,7 +78,7 @@ options:
- Requests renewable tickets, with a total lifetime equal to O(renewable).
- 'The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h)
- hours, V(d) - days.'
- You cannot mix units; a value of V(3h30m) will result in an error.
- You cannot mix units; a value of V(3h30m) results in an error.
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
type: str
forwardable:
@ -119,7 +119,7 @@ options:
keytab:
description:
- Requests a ticket, obtained from a key in the local host's keytab.
- If O(keytab_path) is not specified will try to use default client keytab path (C(-i) option).
- If O(keytab_path) is not specified it tries to use default client keytab path (C(-i) option).
type: bool
keytab_path:
description: