mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-22 21:00:22 -07:00
doc style adjustments: modules [jk]* (#10420)
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
nox / Run extra sanity tests (push) Waiting to run
Some checks are pending
EOL CI / EOL Sanity (Ⓐ2.16) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py2.7) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.11) (push) Waiting to run
EOL CI / EOL Units (Ⓐ2.16+py3.6) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+alpine3+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+fedora38+py:azp/posix/3/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/1/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/2/) (push) Waiting to run
EOL CI / EOL I (Ⓐ2.16+opensuse15+py:azp/posix/3/) (push) Waiting to run
nox / Run extra sanity tests (push) Waiting to run
* doc style adjustments: modules j* * doc style adjustments: modules k* * Apply suggestions from code review Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/keycloak_realm_key.py --------- Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
77cd018427
commit
14f13daa99
37 changed files with 311 additions and 217 deletions
|
@ -32,7 +32,7 @@ options:
|
|||
cert_port:
|
||||
description:
|
||||
- Port to connect to URL.
|
||||
- This will be used to create server URL:PORT.
|
||||
- This is used to create server URL:PORT.
|
||||
type: int
|
||||
default: 443
|
||||
cert_path:
|
||||
|
@ -98,8 +98,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- Defines action which can be either certificate import or removal.
|
||||
- When state is present, the certificate will always idempotently be inserted into the keystore, even if there already
|
||||
exists a cert alias that is different.
|
||||
- When O(state=present), the certificate is always inserted into the keystore, even if there already exists a cert alias
|
||||
that is different.
|
||||
type: str
|
||||
choices: [absent, present]
|
||||
default: present
|
||||
|
|
|
@ -24,8 +24,8 @@ options:
|
|||
name:
|
||||
description:
|
||||
- Name of the certificate in the keystore.
|
||||
- If the provided name does not exist in the keystore, the module will re-create the keystore. This behavior changed
|
||||
in community.general 3.0.0, before that the module would fail when the name did not match.
|
||||
- If the provided name does not exist in the keystore, the module re-creates the keystore. This behavior changed in
|
||||
community.general 3.0.0, before that the module would fail when the name did not match.
|
||||
type: str
|
||||
required: true
|
||||
certificate:
|
||||
|
@ -62,7 +62,7 @@ options:
|
|||
password:
|
||||
description:
|
||||
- Password that should be used to secure the keystore.
|
||||
- If the provided password fails to unlock the keystore, the module will re-create the keystore with the new passphrase.
|
||||
- If the provided password fails to unlock the keystore, the module re-creates the keystore with the new passphrase.
|
||||
This behavior changed in community.general 3.0.0, before that the module would fail when the password did not match.
|
||||
type: str
|
||||
required: true
|
||||
|
@ -130,7 +130,7 @@ notes:
|
|||
or with the P(ansible.builtin.file#lookup) lookup), while O(certificate_path) and O(private_key_path) require that the
|
||||
files are available on the target host.
|
||||
- By design, any change of a value of options O(keystore_type), O(name) or O(password), as well as changes of key or certificate
|
||||
materials will cause the existing O(dest) to be overwritten.
|
||||
materials causes the existing O(dest) to be overwritten.
|
||||
"""
|
||||
|
||||
EXAMPLES = r"""
|
||||
|
|
|
@ -30,7 +30,7 @@ options:
|
|||
build_number:
|
||||
description:
|
||||
- An integer which specifies a build of a job.
|
||||
- If not specified the last build information will be returned.
|
||||
- If not specified the last build information is returned.
|
||||
type: int
|
||||
password:
|
||||
description:
|
||||
|
|
|
@ -10,13 +10,13 @@ from __future__ import absolute_import, division, print_function
|
|||
__metaclass__ = type
|
||||
|
||||
DOCUMENTATION = r"""
|
||||
---
|
||||
module: jenkins_credential
|
||||
short_description: Manage Jenkins credentials and domains via API
|
||||
short_description: Manage Jenkins credentials and domains through API
|
||||
version_added: 11.1.0
|
||||
description:
|
||||
- This module allows managing Jenkins credentials and domain scopes via the Jenkins HTTP API.
|
||||
- Create, update, and delete different credential types such as C(username/password), C(secret text), C(SSH key), C(certificates), C(GitHub App), and domains.
|
||||
- This module allows managing Jenkins credentials and domain scopes through the Jenkins HTTP API.
|
||||
- Create, update, and delete different credential types such as C(username/password), C(secret text), C(SSH key), C(certificates),
|
||||
C(GitHub App), and domains.
|
||||
- For scoped domains (O(type=scope)), it supports restrictions based on V(hostname), V(hostname:port), V(path), and V(scheme).
|
||||
requirements:
|
||||
- urllib3 >= 1.26.0
|
||||
|
@ -170,7 +170,7 @@ options:
|
|||
inc_path:
|
||||
description:
|
||||
- List of URL paths to include when matching credentials to domains.
|
||||
- "B(Matching is hierarchical): subpaths of excluded paths are also excluded, even if explicitly included."
|
||||
- 'B(Matching is hierarchical): subpaths of excluded paths are also excluded, even if explicitly included.'
|
||||
type: list
|
||||
elements: str
|
||||
exc_path:
|
||||
|
|
|
@ -76,8 +76,8 @@ options:
|
|||
type: bool
|
||||
default: true
|
||||
description:
|
||||
- If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally
|
||||
controlled sites using self-signed certificates as it avoids verifying the source site.
|
||||
- If set to V(false), the SSL certificates are not validated. This should only set to V(false) used on personally controlled
|
||||
sites using self-signed certificates as it avoids verifying the source site.
|
||||
- The C(python-jenkins) library only handles this by using the environment variable E(PYTHONHTTPSVERIFY).
|
||||
version_added: 2.3.0
|
||||
"""
|
||||
|
|
|
@ -53,7 +53,7 @@ options:
|
|||
- User to authenticate with the Jenkins server.
|
||||
validate_certs:
|
||||
description:
|
||||
- If set to V(false), the SSL certificates will not be validated.
|
||||
- If set to V(false), the SSL certificates are not validated.
|
||||
- This should only set to V(false) used on personally controlled sites using self-signed certificates.
|
||||
default: true
|
||||
type: bool
|
||||
|
|
|
@ -65,9 +65,9 @@ options:
|
|||
offline_message:
|
||||
description:
|
||||
- Specifies the offline reason message to be set when configuring the Jenkins node state.
|
||||
- If O(offline_message) is given and requested O(state) is not V(disabled), an error will be raised.
|
||||
- If O(offline_message) is given and requested O(state) is not V(disabled), an error is raised.
|
||||
- Internally O(offline_message) is set using the V(toggleOffline) API, so updating the message when the node is already
|
||||
offline (current state V(disabled)) is not possible. In this case, a warning will be issued.
|
||||
offline (current state V(disabled)) is not possible. In this case, a warning is issued.
|
||||
type: str
|
||||
version_added: 10.0.0
|
||||
"""
|
||||
|
|
|
@ -51,7 +51,7 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- Desired plugin state.
|
||||
- If set to V(latest), the check for new version will be performed every time. This is suitable to keep the plugin up-to-date.
|
||||
- If set to V(latest), the check for new version is performed every time. This is suitable to keep the plugin up-to-date.
|
||||
choices: [absent, present, pinned, unpinned, enabled, disabled, latest]
|
||||
default: present
|
||||
timeout:
|
||||
|
@ -64,8 +64,8 @@ options:
|
|||
description:
|
||||
- Number of seconds after which a new copy of the C(update-center.json) file is downloaded. This is used to avoid the
|
||||
need to download the plugin to calculate its checksum when O(state=latest) is specified.
|
||||
- Set it to V(0) if no cache file should be used. In that case, the plugin file will always be downloaded to calculate
|
||||
its checksum when O(state=latest) is specified.
|
||||
- Set it to V(0) if no cache file should be used. In that case, the plugin file is always downloaded to calculate its
|
||||
checksum when O(state=latest) is specified.
|
||||
default: 86400
|
||||
updates_url:
|
||||
type: list
|
||||
|
|
|
@ -39,8 +39,8 @@ options:
|
|||
default: http://localhost:8080
|
||||
validate_certs:
|
||||
description:
|
||||
- If set to V(false), the SSL certificates will not be validated. This should only set to V(false) used on personally
|
||||
controlled sites using self-signed certificates as it avoids verifying the source site.
|
||||
- If set to V(false), the SSL certificates are not validated. This should only set to V(false) used on personally controlled
|
||||
sites using self-signed certificates as it avoids verifying the source site.
|
||||
type: bool
|
||||
default: true
|
||||
user:
|
||||
|
|
|
@ -117,14 +117,13 @@ options:
|
|||
suboptions:
|
||||
type:
|
||||
description:
|
||||
- Use type to specify which of the JIRA visibility restriction types will be used.
|
||||
- Use O(comment_visibility.type) to specify which of the JIRA visibility restriction types is used.
|
||||
type: str
|
||||
required: true
|
||||
choices: [group, role]
|
||||
value:
|
||||
description:
|
||||
- Use value to specify value corresponding to the type of visibility restriction. For example name of the group
|
||||
or role.
|
||||
- Specify value corresponding to the type of visibility restriction. For example name of the group or role.
|
||||
type: str
|
||||
required: true
|
||||
version_added: '3.2.0'
|
||||
|
@ -165,12 +164,12 @@ options:
|
|||
type: str
|
||||
required: false
|
||||
description:
|
||||
- Set issue from which link will be created.
|
||||
- Set issue from which link is created.
|
||||
outwardissue:
|
||||
type: str
|
||||
required: false
|
||||
description:
|
||||
- Set issue to which link will be created.
|
||||
- Set issue to which link is created.
|
||||
fields:
|
||||
type: dict
|
||||
required: false
|
||||
|
@ -192,7 +191,7 @@ options:
|
|||
maxresults:
|
||||
required: false
|
||||
description:
|
||||
- Limit the result of O(operation=search). If no value is specified, the default jira limit will be used.
|
||||
- Limit the result of O(operation=search). If no value is specified, the default JIRA limit is used.
|
||||
- Used when O(operation=search) only, ignored otherwise.
|
||||
type: int
|
||||
version_added: '0.2.0'
|
||||
|
@ -226,12 +225,12 @@ options:
|
|||
content:
|
||||
type: str
|
||||
description:
|
||||
- The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) will
|
||||
be used instead.
|
||||
- The Base64 encoded contents of the file to attach. If not specified, the contents of O(attachment.filename) is
|
||||
used instead.
|
||||
mimetype:
|
||||
type: str
|
||||
description:
|
||||
- The MIME type to supply for the upload. If not specified, best-effort detection will be done.
|
||||
- The MIME type to supply for the upload. If not specified, best-effort detection is performed.
|
||||
notes:
|
||||
- Currently this only works with basic-auth, or tokens.
|
||||
- To use with JIRA Cloud, pass the login e-mail as the O(username) and the API token as O(password).
|
||||
|
|
|
@ -17,12 +17,12 @@ description:
|
|||
options:
|
||||
path:
|
||||
description:
|
||||
- Path to the config file. If the file does not exist it will be created.
|
||||
- Path to the config file. If the file does not exist it is created.
|
||||
type: path
|
||||
required: true
|
||||
kwriteconfig_path:
|
||||
description:
|
||||
- Path to the kwriteconfig executable. If not specified, Ansible will try to discover it.
|
||||
- Path to the kwriteconfig executable. If not specified, Ansible tries to discover it.
|
||||
type: path
|
||||
values:
|
||||
description:
|
||||
|
|
|
@ -49,7 +49,7 @@ options:
|
|||
type: dict
|
||||
defaultAction:
|
||||
description:
|
||||
- Indicates, if any new user will have the required action assigned to it.
|
||||
- Indicates whether new users have the required action assigned to them.
|
||||
type: bool
|
||||
enabled:
|
||||
description:
|
||||
|
@ -149,7 +149,7 @@ end_state:
|
|||
type: dict
|
||||
defaultAction:
|
||||
description:
|
||||
- Indicates, if any new user will have the required action assigned to it.
|
||||
- Indicates whether new users have the required action assigned to them.
|
||||
sample: false
|
||||
type: bool
|
||||
enabled:
|
||||
|
|
|
@ -37,8 +37,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the authorization scope.
|
||||
- On V(present), the authorization scope will be created (or updated if it exists already).
|
||||
- On V(absent), the authorization scope will be removed if it exists.
|
||||
- On V(present), the authorization scope is created (or updated if it exists already).
|
||||
- On V(absent), the authorization scope is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
|
|
@ -38,8 +38,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the custom policy.
|
||||
- On V(present), the custom policy will be created (or updated if it exists already).
|
||||
- On V(absent), the custom policy will be removed if it exists.
|
||||
- On V(present), the custom policy is created (or updated if it exists already).
|
||||
- On V(absent), the custom policy is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
|
|
@ -43,8 +43,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the authorization permission.
|
||||
- On V(present), the authorization permission will be created (or updated if it exists already).
|
||||
- On V(absent), the authorization permission will be removed if it exists.
|
||||
- On V(present), the authorization permission is created (or updated if it exists already).
|
||||
- On V(absent), the authorization permission is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
|
|
@ -37,8 +37,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the client.
|
||||
- On V(present), the client will be created (or updated if it exists already).
|
||||
- On V(absent), the client will be removed if it exists.
|
||||
- On V(present), the client are created (or updated if it exists already).
|
||||
- On V(absent), the client are removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
@ -116,8 +116,8 @@ options:
|
|||
secret:
|
||||
description:
|
||||
- When using O(client_authenticator_type=client-secret) (the default), you can specify a secret here (otherwise one
|
||||
will be generated if it does not exit). If changing this secret, the module will not register a change currently (but
|
||||
the changed secret will be saved).
|
||||
is generated if it does not exit). If changing this secret, the module does not register a change currently (but the
|
||||
changed secret is saved).
|
||||
type: str
|
||||
|
||||
registration_access_token:
|
||||
|
@ -130,8 +130,8 @@ options:
|
|||
|
||||
default_roles:
|
||||
description:
|
||||
- List of default roles for this client. If the client roles referenced do not exist yet, they will be created. This
|
||||
is C(defaultRoles) in the Keycloak REST API.
|
||||
- List of default roles for this client. If the client roles referenced do not exist yet, they are created. This is
|
||||
C(defaultRoles) in the Keycloak REST API.
|
||||
aliases:
|
||||
- defaultRoles
|
||||
type: list
|
||||
|
@ -232,7 +232,7 @@ options:
|
|||
protocol:
|
||||
description:
|
||||
- Type of client.
|
||||
- At creation only, default value will be V(openid-connect) if O(protocol) is omitted.
|
||||
- At creation only, default value is V(openid-connect) if O(protocol) is omitted.
|
||||
- The V(docker-v2) value was added in community.general 8.6.0.
|
||||
type: str
|
||||
choices: ['openid-connect', 'saml', 'docker-v2']
|
||||
|
@ -261,7 +261,7 @@ options:
|
|||
|
||||
client_template:
|
||||
description:
|
||||
- Client template to use for this client. If it does not exist this field will silently be dropped. This is C(clientTemplate)
|
||||
- Client template to use for this client. If it does not exist this field is silently dropped. This is C(clientTemplate)
|
||||
in the Keycloak REST API.
|
||||
type: str
|
||||
aliases:
|
||||
|
@ -454,7 +454,7 @@ options:
|
|||
- A dict of further attributes for this client. This can contain various configuration settings; an example is given
|
||||
in the examples section. While an exhaustive list of permissible options is not available; possible options as of
|
||||
Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol
|
||||
used; if specified anyway, Keycloak will simply not use it.
|
||||
used; if specified anyway, Keycloak does not use it.
|
||||
type: dict
|
||||
suboptions:
|
||||
saml.authnstatement:
|
||||
|
@ -532,7 +532,7 @@ options:
|
|||
- For OpenID-Connect clients, client certificate for validating JWT issued by client and signed by its key, base64-encoded.
|
||||
x509.subjectdn:
|
||||
description:
|
||||
- For OpenID-Connect clients, subject which will be used to authenticate the client.
|
||||
- For OpenID-Connect clients, subject which is used to authenticate the client.
|
||||
type: str
|
||||
version_added: 9.5.0
|
||||
|
||||
|
@ -704,19 +704,31 @@ proposed:
|
|||
description: Representation of proposed client.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {clientId: "test"}
|
||||
sample: {"clientId": "test"}
|
||||
|
||||
existing:
|
||||
description: Representation of existing client (sample is truncated).
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description: Representation of client after module execution (sample is truncated).
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
|
|
|
@ -22,9 +22,9 @@ description:
|
|||
the scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
- When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
|
||||
to translate the name into the role ID.
|
||||
attributes:
|
||||
|
@ -39,9 +39,9 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the client_rolemapping.
|
||||
- On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you
|
||||
provide.
|
||||
- On V(absent), the client_rolemapping will be removed if it exists.
|
||||
- On V(present), the client_rolemapping is created if it does not yet exist, or updated with the parameters
|
||||
you provide.
|
||||
- On V(absent), the client_rolemapping is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -87,8 +87,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- ID of the group to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
client_id:
|
||||
type: str
|
||||
description:
|
||||
|
@ -98,8 +98,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- ID of the client to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
roles:
|
||||
description:
|
||||
- Roles to be mapped to the group.
|
||||
|
@ -115,8 +115,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- The unique identifier for this role_representation.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
|
||||
number of API calls required.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
|
||||
of API calls required.
|
||||
extends_documentation_fragment:
|
||||
- community.general.keycloak
|
||||
- community.general.keycloak.actiongroup_keycloak
|
||||
|
@ -209,7 +209,7 @@ proposed:
|
|||
description: Representation of proposed client role mapping.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {clientId: "test"}
|
||||
sample: {"clientId": "test"}
|
||||
|
||||
existing:
|
||||
description:
|
||||
|
@ -217,7 +217,13 @@ existing:
|
|||
- The sample is truncated.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description:
|
||||
|
@ -225,7 +231,13 @@ end_state:
|
|||
- The sample is truncated.
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
|
||||
|
|
|
@ -22,9 +22,9 @@ description:
|
|||
In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with
|
||||
the scope tailored to your needs and a user having the expected roles.
|
||||
- Client O(client_id) must have O(community.general.keycloak_client#module:full_scope_allowed) set to V(false).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
|
@ -37,8 +37,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the role mapping.
|
||||
- On V(present), all roles in O(role_names) will be mapped if not exists yet.
|
||||
- On V(absent), all roles mapping in O(role_names) will be removed if it exists.
|
||||
- On V(present), all roles in O(role_names) are mapped if not exist yet.
|
||||
- On V(absent), all roles mapping in O(role_names) are removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
|
|
@ -22,9 +22,9 @@ description:
|
|||
the scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
- When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup to the API
|
||||
to translate the name into the client_scope ID.
|
||||
attributes:
|
||||
|
@ -39,8 +39,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the client_scope.
|
||||
- On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the client_scope will be removed if it exists.
|
||||
- On V(present), the client_scope is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the client_scope is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -62,8 +62,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- The unique identifier for this client_scope.
|
||||
- This parameter is not required for updating or deleting a client_scope but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting a client_scope but providing it reduces the number of API
|
||||
calls required.
|
||||
description:
|
||||
type: str
|
||||
description:
|
||||
|
@ -263,19 +263,31 @@ proposed:
|
|||
description: Representation of proposed client scope.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {clientId: "test"}
|
||||
sample: {"clientId": "test"}
|
||||
|
||||
existing:
|
||||
description: Representation of existing client scope (sample is truncated).
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description: Representation of client scope after module execution (sample is truncated).
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
|
|
|
@ -99,20 +99,43 @@ proposed:
|
|||
description: Representation of proposed client-scope types mapping.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
|
||||
sample:
|
||||
{
|
||||
"default_clientscopes": [
|
||||
"profile",
|
||||
"role"
|
||||
],
|
||||
"optional_clientscopes": []
|
||||
}
|
||||
existing:
|
||||
description:
|
||||
- Representation of client scopes before module execution.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: ["phone"]}
|
||||
sample:
|
||||
{
|
||||
"default_clientscopes": [
|
||||
"profile",
|
||||
"role"
|
||||
],
|
||||
"optional_clientscopes": [
|
||||
"phone"
|
||||
]
|
||||
}
|
||||
end_state:
|
||||
description:
|
||||
- Representation of client scopes after module execution.
|
||||
- The sample is truncated.
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
|
||||
sample:
|
||||
{
|
||||
"default_clientscopes": [
|
||||
"profile",
|
||||
"role"
|
||||
],
|
||||
"optional_clientscopes": []
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
|
|
|
@ -39,8 +39,8 @@ options:
|
|||
id:
|
||||
description:
|
||||
- The unique identifier for this client.
|
||||
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
|
||||
calls required.
|
||||
type: str
|
||||
|
||||
client_id:
|
||||
|
|
|
@ -43,8 +43,8 @@ options:
|
|||
id:
|
||||
description:
|
||||
- The unique identifier for this client.
|
||||
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
|
||||
calls required.
|
||||
type: str
|
||||
|
||||
client_id:
|
||||
|
|
|
@ -35,8 +35,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the client template.
|
||||
- On V(present), the client template will be created (or updated if it exists already).
|
||||
- On V(absent), the client template will be removed if it exists.
|
||||
- On V(present), the client template is created (or updated if it exists already).
|
||||
- On V(absent), the client template is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
@ -238,10 +238,7 @@ proposed:
|
|||
description: Representation of proposed client template.
|
||||
returned: always
|
||||
type: dict
|
||||
sample:
|
||||
{
|
||||
"name": "test01"
|
||||
}
|
||||
sample: {"name": "test01"}
|
||||
|
||||
existing:
|
||||
description: Representation of existing client template (sample is truncated).
|
||||
|
|
|
@ -35,8 +35,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the Keycloak component.
|
||||
- On V(present), the component will be created (or updated if it exists already).
|
||||
- On V(absent), the component will be removed if it exists.
|
||||
- On V(present), the component is created (or updated if it exists already).
|
||||
- On V(absent), the component is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
|
|
@ -20,9 +20,9 @@ description:
|
|||
scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
- When updating a group, where possible provide the group ID to the module. This removes a lookup to the API to translate
|
||||
the name into the group ID.
|
||||
attributes:
|
||||
|
@ -37,9 +37,9 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the group.
|
||||
- On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the group will be removed if it exists. Be aware that absenting a group with subgroups will automatically
|
||||
delete all its subgroups too.
|
||||
- On V(present), the group is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the group is removed if it exists. Be aware that absenting a group with subgroups automatically deletes
|
||||
all its subgroups too.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -61,8 +61,7 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- The unique identifier for this group.
|
||||
- This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls
|
||||
required.
|
||||
- This parameter is not required for updating or deleting a group but providing it reduces the number of API calls required.
|
||||
attributes:
|
||||
type: dict
|
||||
description:
|
||||
|
@ -282,8 +281,7 @@ end_state:
|
|||
returned: always
|
||||
sample: []
|
||||
subGroups:
|
||||
description: A list of groups that are children of this group. These groups will have the same parameters as documented
|
||||
here.
|
||||
description: A list of groups that are children of this group. These groups have the same parameters as documented here.
|
||||
type: list
|
||||
returned: always
|
||||
clientRoles:
|
||||
|
|
|
@ -34,9 +34,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the identity provider.
|
||||
- On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you
|
||||
provide.
|
||||
- On V(absent), the identity provider will be removed if it exists.
|
||||
- On V(present), the identity provider is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the identity provider is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -148,14 +147,14 @@ options:
|
|||
|
||||
sync_mode:
|
||||
description:
|
||||
- Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers.
|
||||
- Default sync mode for all mappers. The sync mode determines when user data is synced using the mappers.
|
||||
aliases:
|
||||
- syncMode
|
||||
type: str
|
||||
|
||||
issuer:
|
||||
description:
|
||||
- The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
|
||||
- The issuer identifier for the issuer of the response. If not provided, no validation is performed.
|
||||
type: str
|
||||
|
||||
authorizationUrl:
|
||||
|
@ -205,7 +204,7 @@ options:
|
|||
|
||||
useJwksUrl:
|
||||
description:
|
||||
- If the switch is on, identity provider public keys will be downloaded from given JWKS URL.
|
||||
- If V(true), identity provider public keys are downloaded from given JWKS URL.
|
||||
type: bool
|
||||
|
||||
jwksUrl:
|
||||
|
@ -215,7 +214,7 @@ options:
|
|||
|
||||
entityId:
|
||||
description:
|
||||
- The Entity ID that will be used to uniquely identify this SAML Service Provider.
|
||||
- The Entity ID that is used to uniquely identify this SAML Service Provider.
|
||||
type: str
|
||||
|
||||
singleSignOnServiceUrl:
|
||||
|
|
|
@ -39,8 +39,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the realm.
|
||||
- On V(present), the realm will be created (or updated if it exists already).
|
||||
- On V(absent), the realm will be removed if it exists.
|
||||
- On V(present), the realm is created (or updated if it exists already).
|
||||
- On V(absent), the realm is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
@ -553,19 +553,31 @@ proposed:
|
|||
description: Representation of proposed realm.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {realm: "test"}
|
||||
sample: {"realm": "test"}
|
||||
|
||||
existing:
|
||||
description: Representation of existing realm (sample is truncated).
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description: Representation of realm after module execution (sample is truncated).
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
|
|
|
@ -19,9 +19,9 @@ description:
|
|||
- This module allows you to get Keycloak realm public information using the Keycloak REST API.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
extends_documentation_fragment:
|
||||
- community.general.attributes
|
||||
- community.general.attributes.info_module
|
||||
|
|
|
@ -25,11 +25,9 @@ description:
|
|||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used
|
||||
as well.
|
||||
- This module is unable to detect changes to the actual cryptographic key after importing it. However, if some other property
|
||||
is changed alongside the cryptographic key, then the key will also get changed as a side-effect, as the JSON payload needs
|
||||
to include the private key. This can be considered either a bug or a feature, as the alternative would be to always update
|
||||
the realm key whether it has changed or not.
|
||||
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
|
||||
state of the certificate to the desired state (which may be empty) is not possible.
|
||||
is changed alongside the cryptographic key, then the key also changes as a side-effect, as the JSON payload needs to include
|
||||
the private key. This can be considered either a bug or a feature, as the alternative would be to always update the realm
|
||||
key whether it has changed or not.
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
|
@ -42,8 +40,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the keycloak realm key.
|
||||
- On V(present), the realm key will be created (or updated if it exists already).
|
||||
- On V(absent), the realm key will be removed if it exists.
|
||||
- On V(present), the realm key is created (or updated if it exists already).
|
||||
- On V(absent), the realm key is removed if it exists.
|
||||
choices: ['present', 'absent']
|
||||
default: 'present'
|
||||
type: str
|
||||
|
@ -119,10 +117,10 @@ options:
|
|||
notes:
|
||||
- Current value of the private key cannot be fetched from Keycloak. Therefore comparing its desired state to the current
|
||||
state is not possible.
|
||||
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
|
||||
- If O(config.certificate) is not explicitly provided it is dynamically created by Keycloak. Therefore comparing the current
|
||||
state of the certificate to the desired state (which may be empty) is not possible.
|
||||
- Due to the private key and certificate options the module is B(not fully idempotent). You can use O(force=true) to force
|
||||
the module to always update if you know that the private key might have changed.
|
||||
the module to ensure updating if you know that the private key might have changed.
|
||||
extends_documentation_fragment:
|
||||
- community.general.keycloak
|
||||
- community.general.keycloak.actiongroup_keycloak
|
||||
|
@ -208,7 +206,21 @@ end_state:
|
|||
description: Realm key configuration.
|
||||
type: dict
|
||||
returned: when O(state=present)
|
||||
sample: {"active": ["true"], "algorithm": ["RS256"], "enabled": ["true"], "priority": ["140"]}
|
||||
sample:
|
||||
{
|
||||
"active": [
|
||||
"true"
|
||||
],
|
||||
"algorithm": [
|
||||
"RS256"
|
||||
],
|
||||
"enabled": [
|
||||
"true"
|
||||
],
|
||||
"priority": [
|
||||
"140"
|
||||
]
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
|
|
|
@ -22,9 +22,9 @@ description:
|
|||
definition with the scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
- When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
|
||||
to translate the name into the role ID.
|
||||
attributes:
|
||||
|
@ -39,9 +39,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the realm_rolemapping.
|
||||
- On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you
|
||||
provide.
|
||||
- On C(absent), the realm_rolemapping will be removed if it exists.
|
||||
- On C(present), the realm_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On C(absent), the realm_rolemapping is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -86,8 +85,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- ID of the group to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
roles:
|
||||
description:
|
||||
- Roles to be mapped to the group.
|
||||
|
@ -103,8 +102,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- The unique identifier for this role_representation.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
|
||||
number of API calls required.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
|
||||
of API calls required.
|
||||
extends_documentation_fragment:
|
||||
- community.general.keycloak
|
||||
- community.general.keycloak.actiongroup_keycloak
|
||||
|
@ -195,7 +194,7 @@ proposed:
|
|||
description: Representation of proposed client role mapping.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {clientId: "test"}
|
||||
sample: {"clientId": "test"}
|
||||
|
||||
existing:
|
||||
description:
|
||||
|
@ -203,7 +202,13 @@ existing:
|
|||
- The sample is truncated.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description:
|
||||
|
@ -211,7 +216,13 @@ end_state:
|
|||
- The sample is truncated.
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (
|
||||
|
|
|
@ -22,9 +22,9 @@ description:
|
|||
scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
attributes:
|
||||
check_mode:
|
||||
support: full
|
||||
|
@ -37,8 +37,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the role.
|
||||
- On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the role will be removed if it exists.
|
||||
- On V(present), the role is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the role is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -195,10 +195,7 @@ proposed:
|
|||
description: Representation of proposed role.
|
||||
returned: always
|
||||
type: dict
|
||||
sample:
|
||||
{
|
||||
"description": "My updated test description"
|
||||
}
|
||||
sample: {"description": "My updated test description"}
|
||||
|
||||
existing:
|
||||
description: Representation of existing role.
|
||||
|
|
|
@ -101,9 +101,9 @@ options:
|
|||
groups:
|
||||
description:
|
||||
- List of groups for the user.
|
||||
Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering).
|
||||
The path syntax allows you to reference subgroups, which is not possible otherwise.
|
||||
This is possible since community.general 10.6.0.
|
||||
- Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). The path syntax
|
||||
allows you to reference subgroups, which is not possible otherwise.
|
||||
- Using the path is possible since community.general 10.6.0.
|
||||
type: list
|
||||
elements: dict
|
||||
default: []
|
||||
|
|
|
@ -34,8 +34,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the user federation.
|
||||
- On V(present), the user federation will be created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the user federation will be removed if it exists.
|
||||
- On V(present), the user federation is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the user federation is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -50,7 +50,7 @@ options:
|
|||
|
||||
id:
|
||||
description:
|
||||
- The unique ID for this user federation. If left empty, the user federation will be searched by its O(name).
|
||||
- The unique ID for this user federation. If left empty, the user federation is searched by its O(name).
|
||||
type: str
|
||||
|
||||
name:
|
||||
|
@ -76,7 +76,7 @@ options:
|
|||
|
||||
parent_id:
|
||||
description:
|
||||
- Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank.
|
||||
- Unique ID for the parent of this user federation. Realm ID is automatically used if left blank.
|
||||
aliases:
|
||||
- parentId
|
||||
type: str
|
||||
|
@ -95,11 +95,11 @@ options:
|
|||
value with the desired value always evaluates to not equal. This means the before and desired states are never equal
|
||||
if the parameter is set.
|
||||
- Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. Because of the
|
||||
redacted value returned by Keycloak the module will always detect a change and make an update if a O(config.bindCredential)
|
||||
redacted value returned by Keycloak the module always detects a change and make an update if a O(config.bindCredential)
|
||||
value is set.
|
||||
- Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the desired state.
|
||||
The value of O(config.bindCredential) will only be updated if there are other changes to the user federation that
|
||||
require an update.
|
||||
The value of O(config.bindCredential) is only updated if there are other changes to the user federation that require
|
||||
an update.
|
||||
type: str
|
||||
default: always
|
||||
choices:
|
||||
|
@ -129,14 +129,14 @@ options:
|
|||
|
||||
importEnabled:
|
||||
description:
|
||||
- If V(true), LDAP users will be imported into Keycloak DB and synced by the configured sync policies.
|
||||
- If V(true), LDAP users are imported into Keycloak DB and synced by the configured sync policies.
|
||||
default: true
|
||||
type: bool
|
||||
|
||||
editMode:
|
||||
description:
|
||||
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP on demand. V(UNSYNCED)
|
||||
means user data will be imported, but not synced back to LDAP.
|
||||
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data is synced back to LDAP on demand. V(UNSYNCED) means
|
||||
user data is imported, but not synced back to LDAP.
|
||||
type: str
|
||||
choices:
|
||||
- READ_ONLY
|
||||
|
@ -181,7 +181,7 @@ options:
|
|||
userObjectClasses:
|
||||
description:
|
||||
- All values of LDAP objectClass attribute for users in LDAP divided by comma. For example V(inetOrgPerson, organizationalPerson).
|
||||
Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records
|
||||
Newly created Keycloak users are written to LDAP with all those object classes and existing LDAP user records
|
||||
are found just if they contain all those object classes.
|
||||
type: str
|
||||
|
||||
|
@ -222,7 +222,7 @@ options:
|
|||
|
||||
bindDn:
|
||||
description:
|
||||
- DN of LDAP user which will be used by Keycloak to access LDAP server.
|
||||
- DN of LDAP user which is used by Keycloak to access LDAP server.
|
||||
type: str
|
||||
|
||||
bindCredential:
|
||||
|
@ -232,7 +232,7 @@ options:
|
|||
|
||||
startTls:
|
||||
description:
|
||||
- Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.
|
||||
- Encrypts the connection to LDAP using STARTTLS, which disables connection pooling.
|
||||
default: false
|
||||
type: bool
|
||||
|
||||
|
@ -258,11 +258,11 @@ options:
|
|||
|
||||
useTruststoreSpi:
|
||||
description:
|
||||
- Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml.
|
||||
V(always) means that it will always use it. V(never) means that it will not use it. V(ldapsOnly) means that it
|
||||
will use if your connection URL use ldaps.
|
||||
- Specifies whether LDAP connection uses the truststore SPI with the truststore configured in standalone.xml/domain.xml.
|
||||
V(always) means that it always uses it. V(never) means that it does not use it. V(ldapsOnly) means that it uses
|
||||
if your connection URL use ldaps.
|
||||
- Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by
|
||||
C(javax.net.ssl.trustStore) property will be used.
|
||||
C(javax.net.ssl.trustStore) property is used.
|
||||
default: ldapsOnly
|
||||
type: str
|
||||
choices:
|
||||
|
@ -335,8 +335,8 @@ options:
|
|||
|
||||
allowKerberosAuthentication:
|
||||
description:
|
||||
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will
|
||||
be provisioned from this LDAP server.
|
||||
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users is
|
||||
provisioned from this LDAP server.
|
||||
default: false
|
||||
type: bool
|
||||
|
||||
|
@ -348,9 +348,9 @@ options:
|
|||
krbPrincipalAttribute:
|
||||
description:
|
||||
- Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after
|
||||
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based
|
||||
on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
|
||||
it will assume that LDAP username is V(john).
|
||||
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user is looked up based on
|
||||
LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
|
||||
it assumes that LDAP username is V(john).
|
||||
type: str
|
||||
version_added: 8.1.0
|
||||
|
||||
|
@ -419,17 +419,17 @@ options:
|
|||
|
||||
evictionDay:
|
||||
description:
|
||||
- Day of the week the entry will become invalid on.
|
||||
- Day of the week the entry is set to become invalid on.
|
||||
type: str
|
||||
|
||||
evictionHour:
|
||||
description:
|
||||
- Hour of day the entry will become invalid on.
|
||||
- Hour of day the entry is set to become invalid on.
|
||||
type: str
|
||||
|
||||
evictionMinute:
|
||||
description:
|
||||
- Minute of day the entry will become invalid on.
|
||||
- Minute of day the entry is set to become invalid on.
|
||||
type: str
|
||||
|
||||
maxLifespan:
|
||||
|
@ -461,12 +461,12 @@ options:
|
|||
|
||||
name:
|
||||
description:
|
||||
- Name of the mapper. If no ID is given, the mapper will be searched by name.
|
||||
- Name of the mapper. If no ID is given, the mapper is searched by name.
|
||||
type: str
|
||||
|
||||
parentId:
|
||||
description:
|
||||
- Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank.
|
||||
- Unique ID for the parent of this mapper. ID of the user federation is automatically used if left blank.
|
||||
type: str
|
||||
|
||||
providerId:
|
||||
|
|
|
@ -21,9 +21,9 @@ description:
|
|||
the scope tailored to your needs and a user having the expected roles.
|
||||
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
|
||||
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
|
||||
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
|
||||
a list suitable for the API.
|
||||
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
|
||||
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
|
||||
suitable for the API.
|
||||
- When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to
|
||||
translate the name into the role ID.
|
||||
attributes:
|
||||
|
@ -38,8 +38,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the user_rolemapping.
|
||||
- On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the user_rolemapping will be removed if it exists.
|
||||
- On V(present), the user_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the user_rolemapping is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -61,14 +61,14 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- ID of the user to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
service_account_user_client_id:
|
||||
type: str
|
||||
description:
|
||||
- Client ID of the service-account-user to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
client_id:
|
||||
type: str
|
||||
description:
|
||||
|
@ -79,8 +79,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- ID of the client to be mapped.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
|
||||
API calls required.
|
||||
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
|
||||
calls required.
|
||||
roles:
|
||||
description:
|
||||
- Roles to be mapped to the user.
|
||||
|
@ -96,8 +96,8 @@ options:
|
|||
type: str
|
||||
description:
|
||||
- The unique identifier for this role_representation.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
|
||||
number of API calls required.
|
||||
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
|
||||
of API calls required.
|
||||
extends_documentation_fragment:
|
||||
- community.general.keycloak
|
||||
- community.general.keycloak.actiongroup_keycloak
|
||||
|
@ -190,7 +190,7 @@ proposed:
|
|||
description: Representation of proposed client role mapping.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {clientId: "test"}
|
||||
sample: {"clientId": "test"}
|
||||
|
||||
existing:
|
||||
description:
|
||||
|
@ -198,7 +198,13 @@ existing:
|
|||
- The sample is truncated.
|
||||
returned: always
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
|
||||
end_state:
|
||||
description:
|
||||
|
@ -206,7 +212,13 @@ end_state:
|
|||
- The sample is truncated.
|
||||
returned: on success
|
||||
type: dict
|
||||
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
|
||||
sample:
|
||||
{
|
||||
"adminUrl": "http://www.example.com/admin_url",
|
||||
"attributes": {
|
||||
"request.object.signature.alg": "RS256"
|
||||
}
|
||||
}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \
|
||||
|
|
|
@ -33,9 +33,8 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the User Profile provider.
|
||||
- On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters
|
||||
you provide.
|
||||
- On V(absent), the User Profile provider will be removed if it exists.
|
||||
- On V(present), the User Profile provider is created if it does not yet exist, or updated with the parameters you provide.
|
||||
- On V(absent), the User Profile provider is removed if it exists.
|
||||
default: 'present'
|
||||
type: str
|
||||
choices:
|
||||
|
@ -171,7 +170,7 @@ options:
|
|||
|
||||
group:
|
||||
description:
|
||||
- Specifies the User Profile group where this attribute will be added.
|
||||
- Specifies the User Profile group where this attribute is added.
|
||||
type: str
|
||||
|
||||
permissions:
|
||||
|
@ -406,7 +405,6 @@ data:
|
|||
description: The data returned by the Keycloak API.
|
||||
returned: when state is present
|
||||
type: dict
|
||||
sample: {'...': '...'}
|
||||
"""
|
||||
|
||||
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \
|
||||
|
|
|
@ -59,11 +59,11 @@ options:
|
|||
version:
|
||||
description:
|
||||
- Version of the plugin to be installed.
|
||||
- If plugin exists with previous version, plugin will B(not) be updated unless O(force) is set to V(true).
|
||||
- If the plugin is installed with in a previous version, it is B(not) updated unless O(force=true).
|
||||
type: str
|
||||
force:
|
||||
description:
|
||||
- Delete and re-install the plugin. Can be useful for plugins update.
|
||||
- Delete and re-install the plugin. It can be useful for plugins update.
|
||||
type: bool
|
||||
default: false
|
||||
allow_root:
|
||||
|
|
|
@ -30,7 +30,7 @@ options:
|
|||
principal:
|
||||
description:
|
||||
- The principal name.
|
||||
- If not set, the user running this module will be used.
|
||||
- If not set, the user running this module is used.
|
||||
type: str
|
||||
state:
|
||||
description:
|
||||
|
@ -50,17 +50,17 @@ options:
|
|||
- Use O(cache_name) as the ticket cache name and location.
|
||||
- If this option is not used, the default cache name and location are used.
|
||||
- The default credentials cache may vary between systems.
|
||||
- If not set the the value of E(KRB5CCNAME) environment variable will be used instead, its value is used to name the
|
||||
default ticket cache.
|
||||
- If not set the the value of E(KRB5CCNAME) environment variable is used instead, its value is used to name the default
|
||||
ticket cache.
|
||||
type: str
|
||||
lifetime:
|
||||
description:
|
||||
- Requests a ticket with the lifetime, if the O(lifetime) is not specified, the default ticket lifetime is used.
|
||||
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the
|
||||
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) does not override the
|
||||
configured maximum ticket lifetime.
|
||||
- 'The value for O(lifetime) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h)
|
||||
- hours, V(d) - days.'
|
||||
- You cannot mix units; a value of V(3h30m) will result in an error.
|
||||
- You cannot mix units; a value of V(3h30m) results in an error.
|
||||
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
|
||||
type: str
|
||||
start_time:
|
||||
|
@ -78,7 +78,7 @@ options:
|
|||
- Requests renewable tickets, with a total lifetime equal to O(renewable).
|
||||
- 'The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h)
|
||||
- hours, V(d) - days.'
|
||||
- You cannot mix units; a value of V(3h30m) will result in an error.
|
||||
- You cannot mix units; a value of V(3h30m) results in an error.
|
||||
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
|
||||
type: str
|
||||
forwardable:
|
||||
|
@ -119,7 +119,7 @@ options:
|
|||
keytab:
|
||||
description:
|
||||
- Requests a ticket, obtained from a key in the local host's keytab.
|
||||
- If O(keytab_path) is not specified will try to use default client keytab path (C(-i) option).
|
||||
- If O(keytab_path) is not specified it tries to use default client keytab path (C(-i) option).
|
||||
type: bool
|
||||
keytab_path:
|
||||
description:
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue