ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-01 11:44:24 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

doc style adjustments: modules k*

Browse source
This commit is contained in:
Alexei Znamensky 2025-07-16 21:56:05 +12:00
commit b0e2f1c656
27 changed files with 281 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

4
plugins/modules/kdeconfig.py
View file

@ -17,12 +17,12 @@ description:
options:
path:
description:
- Path to the config file. If the file does not exist it will be created.
- Path to the config file. If the file does not exist it is created.
type: path
required: true
kwriteconfig_path:
description:
- Path to the kwriteconfig executable. If not specified, Ansible will try to discover it.
- Path to the kwriteconfig executable. If not specified, Ansible tries to discover it.
type: path
values:
description:

4
plugins/modules/keycloak_authentication_required_actions.py
View file

@ -49,7 +49,7 @@ options:
type: dict
defaultAction:
description:
- Indicates, if any new user will have the required action assigned to it.
- Indicates whether new users have the required action assigned to them.
type: bool
enabled:
description:
@ -149,7 +149,7 @@ end_state:
type: dict
defaultAction:
description:
- Indicates, if any new user will have the required action assigned to it.
- Indicates whether new users have the required action assigned to them.
sample: false
type: bool
enabled:

4
plugins/modules/keycloak_authz_authorization_scope.py
View file

@ -37,8 +37,8 @@ options:
state:
description:
- State of the authorization scope.
- On V(present), the authorization scope will be created (or updated if it exists already).
- On V(absent), the authorization scope will be removed if it exists.
- On V(present), the authorization scope is created (or updated if it exists already).
- On V(absent), the authorization scope is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

4
plugins/modules/keycloak_authz_custom_policy.py
View file

@ -38,8 +38,8 @@ options:
state:
description:
- State of the custom policy.
- On V(present), the custom policy will be created (or updated if it exists already).
- On V(absent), the custom policy will be removed if it exists.
- On V(present), the custom policy is created (or updated if it exists already).
- On V(absent), the custom policy is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

4
plugins/modules/keycloak_authz_permission.py
View file

@ -43,8 +43,8 @@ options:
state:
description:
- State of the authorization permission.
- On V(present), the authorization permission will be created (or updated if it exists already).
- On V(absent), the authorization permission will be removed if it exists.
- On V(present), the authorization permission is created (or updated if it exists already).
- On V(absent), the authorization permission is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

38
plugins/modules/keycloak_client.py
View file

@ -37,8 +37,8 @@ options:
state:
description:
- State of the client.
- On V(present), the client will be created (or updated if it exists already).
- On V(absent), the client will be removed if it exists.
- On V(present), the client are created (or updated if it exists already).
- On V(absent), the client are removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -116,8 +116,8 @@ options:
secret:
description:
- When using O(client_authenticator_type=client-secret) (the default), you can specify a secret here (otherwise one
will be generated if it does not exit). If changing this secret, the module will not register a change currently (but
the changed secret will be saved).
is generated if it does not exit). If changing this secret, the module does not register a change currently (but the
changed secret is saved).
type: str
registration_access_token:
@ -130,8 +130,8 @@ options:
default_roles:
description:
- List of default roles for this client. If the client roles referenced do not exist yet, they will be created. This
is C(defaultRoles) in the Keycloak REST API.
- List of default roles for this client. If the client roles referenced do not exist yet, they are created. This is
C(defaultRoles) in the Keycloak REST API.
aliases:
- defaultRoles
type: list
@ -232,7 +232,7 @@ options:
protocol:
description:
- Type of client.
- At creation only, default value will be V(openid-connect) if O(protocol) is omitted.
- At creation only, default value is V(openid-connect) if O(protocol) is omitted.
- The V(docker-v2) value was added in community.general 8.6.0.
type: str
choices: ['openid-connect', 'saml', 'docker-v2']
@ -261,7 +261,7 @@ options:
client_template:
description:
- Client template to use for this client. If it does not exist this field will silently be dropped. This is C(clientTemplate)
- Client template to use for this client. If it does not exist this field is silently dropped. This is C(clientTemplate)
in the Keycloak REST API.
type: str
aliases:
@ -454,7 +454,7 @@ options:
- A dict of further attributes for this client. This can contain various configuration settings; an example is given
in the examples section. While an exhaustive list of permissible options is not available; possible options as of
Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol
used; if specified anyway, Keycloak will simply not use it.
used; if specified anyway, Keycloak does not use it.
type: dict
suboptions:
saml.authnstatement:
@ -532,7 +532,7 @@ options:
- For OpenID-Connect clients, client certificate for validating JWT issued by client and signed by its key, base64-encoded.
x509.subjectdn:
description:
- For OpenID-Connect clients, subject which will be used to authenticate the client.
- For OpenID-Connect clients, subject which is used to authenticate the client.
type: str
version_added: 9.5.0
@ -704,19 +704,31 @@ proposed:
description: Representation of proposed client.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description: Representation of existing client (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of client after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

42
plugins/modules/keycloak_client_rolemapping.py
View file

@ -22,9 +22,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
to translate the name into the role ID.
attributes:
@ -39,9 +39,9 @@ options:
state:
description:
- State of the client_rolemapping.
- On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you
provide.
- On V(absent), the client_rolemapping will be removed if it exists.
- On V(present), the client_rolemapping __FIXME__(will) be created if it does not yet exist, or updated with the parameters
you provide.
- On V(absent), the client_rolemapping __FIXME__(will) be removed if it exists.
default: 'present'
type: str
choices:
@ -87,8 +87,8 @@ options:
type: str
description:
- ID of the group to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
client_id:
type: str
description:
@ -98,8 +98,8 @@ options:
type: str
description:
- ID of the client to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the group.
@ -115,8 +115,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -209,7 +209,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -217,7 +217,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -225,7 +231,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (

10
plugins/modules/keycloak_client_rolescope.py
View file

@ -22,9 +22,9 @@ description:
In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with
the scope tailored to your needs and a user having the expected roles.
- Client O(client_id) must have O(community.general.keycloak_client#module:full_scope_allowed) set to V(false).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
attributes:
check_mode:
support: full
@ -37,8 +37,8 @@ options:
state:
description:
- State of the role mapping.
- On V(present), all roles in O(role_names) will be mapped if not exists yet.
- On V(absent), all roles mapping in O(role_names) will be removed if it exists.
- On V(present), all roles in O(role_names) are mapped if not exist yet.
- On V(absent), all roles mapping in O(role_names) are removed if it exists.
default: 'present'
type: str
choices:

32
plugins/modules/keycloak_clientscope.py
View file

@ -22,9 +22,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup to the API
to translate the name into the client_scope ID.
attributes:
@ -39,8 +39,8 @@ options:
state:
description:
- State of the client_scope.
- On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the client_scope will be removed if it exists.
- On V(present), the client_scope is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the client_scope is removed if it exists.
default: 'present'
type: str
choices:
@ -62,8 +62,8 @@ options:
type: str
description:
- The unique identifier for this client_scope.
- This parameter is not required for updating or deleting a client_scope but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting a client_scope but providing it reduces the number of API
calls required.
description:
type: str
description:
@ -263,19 +263,31 @@ proposed:
description: Representation of proposed client scope.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description: Representation of existing client scope (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of client scope after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

29
plugins/modules/keycloak_clientscope_type.py
View file

@ -99,20 +99,43 @@ proposed:
description: Representation of proposed client-scope types mapping.
returned: always
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": []
}
existing:
description:
- Representation of client scopes before module execution.
returned: always
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: ["phone"]}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": [
"phone"
]
}
end_state:
description:
- Representation of client scopes after module execution.
- The sample is truncated.
returned: on success
type: dict
sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []}
sample:
{
"default_clientscopes": [
"profile",
"role"
],
"optional_clientscopes": []
}
"""
from ansible.module_utils.basic import AnsibleModule

4
plugins/modules/keycloak_clientsecret_info.py
View file

@ -39,8 +39,8 @@ options:
id:
description:
- The unique identifier for this client.
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
API calls required.
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
calls required.
type: str
client_id:

4
plugins/modules/keycloak_clientsecret_regenerate.py
View file

@ -43,8 +43,8 @@ options:
id:
description:
- The unique identifier for this client.
- This parameter is not required for getting or generating a client secret but providing it will reduce the number of
API calls required.
- This parameter is not required for getting or generating a client secret but providing it reduces the number of API
calls required.
type: str
client_id:

9
plugins/modules/keycloak_clienttemplate.py
View file

@ -35,8 +35,8 @@ options:
state:
description:
- State of the client template.
- On V(present), the client template will be created (or updated if it exists already).
- On V(absent), the client template will be removed if it exists.
- On V(present), the client template is created (or updated if it exists already).
- On V(absent), the client template is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -238,10 +238,7 @@ proposed:
description: Representation of proposed client template.
returned: always
type: dict
sample:
{
"name": "test01"
}
sample: {"name": "test01"}
existing:
description: Representation of existing client template (sample is truncated).

4
plugins/modules/keycloak_component.py
View file

@ -35,8 +35,8 @@ options:
state:
description:
- State of the Keycloak component.
- On V(present), the component will be created (or updated if it exists already).
- On V(absent), the component will be removed if it exists.
- On V(present), the component is created (or updated if it exists already).
- On V(absent), the component is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str

18
plugins/modules/keycloak_group.py
View file

@ -20,9 +20,9 @@ description:
scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a group, where possible provide the group ID to the module. This removes a lookup to the API to translate
the name into the group ID.
attributes:
@ -37,9 +37,9 @@ options:
state:
description:
- State of the group.
- On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the group will be removed if it exists. Be aware that absenting a group with subgroups will automatically
delete all its subgroups too.
- On V(present), the group is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the group is removed if it exists. Be aware that absenting a group with subgroups automatically deletes
all its subgroups too.
default: 'present'
type: str
choices:
@ -61,8 +61,7 @@ options:
type: str
description:
- The unique identifier for this group.
- This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls
required.
- This parameter is not required for updating or deleting a group but providing it reduces the number of API calls required.
attributes:
type: dict
description:
@ -282,8 +281,7 @@ end_state:
returned: always
sample: []
subGroups:
description: A list of groups that are children of this group. These groups will have the same parameters as documented
here.
description: A list of groups that are children of this group. These groups have the same parameters as documented here.
type: list
returned: always
clientRoles:

13
plugins/modules/keycloak_identity_provider.py
View file

@ -34,9 +34,8 @@ options:
state:
description:
- State of the identity provider.
- On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you
provide.
- On V(absent), the identity provider will be removed if it exists.
- On V(present), the identity provider is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the identity provider is removed if it exists.
default: 'present'
type: str
choices:
@ -148,14 +147,14 @@ options:
sync_mode:
description:
- Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers.
- Default sync mode for all mappers. The sync mode determines when user data is synced using the mappers.
aliases:
- syncMode
type: str
issuer:
description:
- The issuer identifier for the issuer of the response. If not provided, no validation will be performed.
- The issuer identifier for the issuer of the response. If not provided, no validation is performed.
type: str
authorizationUrl:
@ -205,7 +204,7 @@ options:
useJwksUrl:
description:
- If the switch is on, identity provider public keys will be downloaded from given JWKS URL.
- If V(true), identity provider public keys are downloaded from given JWKS URL.
type: bool
jwksUrl:
@ -215,7 +214,7 @@ options:
entityId:
description:
- The Entity ID that will be used to uniquely identify this SAML Service Provider.
- The Entity ID that is used to uniquely identify this SAML Service Provider.
type: str
singleSignOnServiceUrl:

22
plugins/modules/keycloak_realm.py
View file

@ -39,8 +39,8 @@ options:
state:
description:
- State of the realm.
- On V(present), the realm will be created (or updated if it exists already).
- On V(absent), the realm will be removed if it exists.
- On V(present), the realm is created (or updated if it exists already).
- On V(absent), the realm is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -553,19 +553,31 @@ proposed:
description: Representation of proposed realm.
returned: always
type: dict
sample: {realm: "test"}
sample: {"realm": "test"}
existing:
description: Representation of existing realm (sample is truncated).
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description: Representation of realm after module execution (sample is truncated).
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

6
plugins/modules/keycloak_realm_info.py
View file

@ -19,9 +19,9 @@ description:
- This module allows you to get Keycloak realm public information using the Keycloak REST API.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
extends_documentation_fragment:
- community.general.attributes
- community.general.attributes.info_module

32
plugins/modules/keycloak_realm_key.py
View file

@ -25,11 +25,9 @@ description:
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used
as well.
- This module is unable to detect changes to the actual cryptographic key after importing it. However, if some other property
is changed alongside the cryptographic key, then the key will also get changed as a side-effect, as the JSON payload needs
to include the private key. This can be considered either a bug or a feature, as the alternative would be to always update
the realm key whether it has changed or not.
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
state of the certificate to the desired state (which may be empty) is not possible.
is changed alongside the cryptographic key, then the key also changes as a side-effect, as the JSON payload needs to include
the private key. This can be considered either a bug or a feature, as the alternative would be to always update the realm
key whether it has changed or not.
attributes:
check_mode:
support: full
@ -42,8 +40,8 @@ options:
state:
description:
- State of the keycloak realm key.
- On V(present), the realm key will be created (or updated if it exists already).
- On V(absent), the realm key will be removed if it exists.
- On V(present), the realm key is created (or updated if it exists already).
- On V(absent), the realm key is removed if it exists.
choices: ['present', 'absent']
default: 'present'
type: str
@ -119,10 +117,10 @@ options:
notes:
- Current value of the private key cannot be fetched from Keycloak. Therefore comparing its desired state to the current
state is not possible.
- If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current
- If O(config.certificate) is not explicitly provided it is dynamically created by Keycloak. Therefore comparing the current
state of the certificate to the desired state (which may be empty) is not possible.
- Due to the private key and certificate options the module is B(not fully idempotent). You can use O(force=true) to force
the module to always update if you know that the private key might have changed.
the module to ensure update if you know that the private key might have changed.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -208,7 +206,21 @@ end_state:
description: Realm key configuration.
type: dict
returned: when O(state=present)
sample: {"active": ["true"], "algorithm": ["RS256"], "enabled": ["true"], "priority": ["140"]}
sample:
{
"active": [
"true"
],
"algorithm": [
"RS256"
],
"enabled": [
"true"
],
"priority": [
"140"
]
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

37
plugins/modules/keycloak_realm_rolemapping.py
View file

@ -22,9 +22,9 @@ description:
definition with the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API
to translate the name into the role ID.
attributes:
@ -39,9 +39,8 @@ options:
state:
description:
- State of the realm_rolemapping.
- On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you
provide.
- On C(absent), the realm_rolemapping will be removed if it exists.
- On C(present), the realm_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
- On C(absent), the realm_rolemapping is removed if it exists.
default: 'present'
type: str
choices:
@ -86,8 +85,8 @@ options:
type: str
description:
- ID of the group to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the group.
@ -103,8 +102,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -195,7 +194,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -203,7 +202,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -211,7 +216,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import (

15
plugins/modules/keycloak_role.py
View file

@ -22,9 +22,9 @@ description:
scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
attributes:
check_mode:
support: full
@ -37,8 +37,8 @@ options:
state:
description:
- State of the role.
- On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the role will be removed if it exists.
- On V(present), the role is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the role is removed if it exists.
default: 'present'
type: str
choices:
@ -195,10 +195,7 @@ proposed:
description: Representation of proposed role.
returned: always
type: dict
sample:
{
"description": "My updated test description"
}
sample: {"description": "My updated test description"}
existing:
description: Representation of existing role.

6
plugins/modules/keycloak_user.py
View file

@ -101,9 +101,9 @@ options:
groups:
description:
- List of groups for the user.
Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering).
The path syntax allows you to reference subgroups, which is not possible otherwise.
This is possible since community.general 10.6.0.
- Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). The path syntax
allows you to reference subgroups, which is not possible otherwise.
- This is possible since community.general 10.6.0.
type: list
elements: dict
default: []

54
plugins/modules/keycloak_user_federation.py
View file

@ -34,8 +34,8 @@ options:
state:
description:
- State of the user federation.
- On V(present), the user federation will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user federation will be removed if it exists.
- On V(present), the user federation is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user federation is removed if it exists.
default: 'present'
type: str
choices:
@ -50,7 +50,7 @@ options:
id:
description:
- The unique ID for this user federation. If left empty, the user federation will be searched by its O(name).
- The unique ID for this user federation. If left empty, the user federation is searched by its O(name).
type: str
name:
@ -76,7 +76,7 @@ options:
parent_id:
description:
- Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank.
- Unique ID for the parent of this user federation. Realm ID is automatically used if left blank.
aliases:
- parentId
type: str
@ -95,11 +95,11 @@ options:
value with the desired value always evaluates to not equal. This means the before and desired states are never equal
if the parameter is set.
- Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. Because of the
redacted value returned by Keycloak the module will always detect a change and make an update if a O(config.bindCredential)
redacted value returned by Keycloak the module always detects a change and make an update if a O(config.bindCredential)
value is set.
- Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the desired state.
The value of O(config.bindCredential) will only be updated if there are other changes to the user federation that
require an update.
The value of O(config.bindCredential) is only updated if there are other changes to the user federation that require
an update.
type: str
default: always
choices:
@ -129,14 +129,14 @@ options:
importEnabled:
description:
- If V(true), LDAP users will be imported into Keycloak DB and synced by the configured sync policies.
- If V(true), LDAP users are imported into Keycloak DB and synced by the configured sync policies.
default: true
type: bool
editMode:
description:
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP on demand. V(UNSYNCED)
means user data will be imported, but not synced back to LDAP.
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data is synced back to LDAP on demand. V(UNSYNCED) means
user data is imported, but not synced back to LDAP.
type: str
choices:
- READ_ONLY
@ -181,7 +181,7 @@ options:
userObjectClasses:
description:
- All values of LDAP objectClass attribute for users in LDAP divided by comma. For example V(inetOrgPerson, organizationalPerson).
Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records
Newly created Keycloak users are written to LDAP with all those object classes and existing LDAP user records
are found just if they contain all those object classes.
type: str
@ -222,7 +222,7 @@ options:
bindDn:
description:
- DN of LDAP user which will be used by Keycloak to access LDAP server.
- DN of LDAP user which is used by Keycloak to access LDAP server.
type: str
bindCredential:
@ -232,7 +232,7 @@ options:
startTls:
description:
- Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling.
- Encrypts the connection to LDAP using STARTTLS, which disables connection pooling.
default: false
type: bool
@ -258,11 +258,11 @@ options:
useTruststoreSpi:
description:
- Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml.
V(always) means that it will always use it. V(never) means that it will not use it. V(ldapsOnly) means that it
will use if your connection URL use ldaps.
- Specifies whether LDAP connection uses the truststore SPI with the truststore configured in standalone.xml/domain.xml.
V(always) means that it always uses it. V(never) means that it does not use it. V(ldapsOnly) means that it uses
if your connection URL use ldaps.
- Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by
C(javax.net.ssl.trustStore) property will be used.
C(javax.net.ssl.trustStore) property is used.
default: ldapsOnly
type: str
choices:
@ -335,8 +335,8 @@ options:
allowKerberosAuthentication:
description:
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will
be provisioned from this LDAP server.
- Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users is
provisioned from this LDAP server.
default: false
type: bool
@ -348,9 +348,9 @@ options:
krbPrincipalAttribute:
description:
- Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based
on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it will assume that LDAP username is V(john).
successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user is looked up based on
LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG),
it assumes that LDAP username is V(john).
type: str
version_added: 8.1.0
@ -419,17 +419,17 @@ options:
evictionDay:
description:
- Day of the week the entry will become invalid on.
- Day of the week the entry is set to become invalid on.
type: str
evictionHour:
description:
- Hour of day the entry will become invalid on.
- Hour of day the entry is set to become invalid on.
type: str
evictionMinute:
description:
- Minute of day the entry will become invalid on.
- Minute of day the entry is set to become invalid on.
type: str
maxLifespan:
@ -461,12 +461,12 @@ options:
name:
description:
- Name of the mapper. If no ID is given, the mapper will be searched by name.
- Name of the mapper. If no ID is given, the mapper is searched by name.
type: str
parentId:
description:
- Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank.
- Unique ID for the parent of this mapper. ID of the user federation is automatically used if left blank.
type: str
providerId:

44
plugins/modules/keycloak_user_rolemapping.py
View file

@ -21,9 +21,9 @@ description:
the scope tailored to your needs and a user having the expected roles.
- The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation
at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html).
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that
way by this module. You may pass single values for attributes when calling the module, and this will be translated into
a list suitable for the API.
- Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way
by this module. You may pass single values for attributes when calling the module, and this is translated into a list
suitable for the API.
- When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to
translate the name into the role ID.
attributes:
@ -38,8 +38,8 @@ options:
state:
description:
- State of the user_rolemapping.
- On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user_rolemapping will be removed if it exists.
- On V(present), the user_rolemapping is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the user_rolemapping is removed if it exists.
default: 'present'
type: str
choices:
@ -61,14 +61,14 @@ options:
type: str
description:
- ID of the user to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
service_account_user_client_id:
type: str
description:
- Client ID of the service-account-user to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
client_id:
type: str
description:
@ -79,8 +79,8 @@ options:
type: str
description:
- ID of the client to be mapped.
- This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of
API calls required.
- This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
calls required.
roles:
description:
- Roles to be mapped to the user.
@ -96,8 +96,8 @@ options:
type: str
description:
- The unique identifier for this role_representation.
- This parameter is not required for updating or deleting a role_representation but providing it will reduce the
number of API calls required.
- This parameter is not required for updating or deleting a role_representation but providing it reduces the number
of API calls required.
extends_documentation_fragment:
- community.general.keycloak
- community.general.keycloak.actiongroup_keycloak
@ -190,7 +190,7 @@ proposed:
description: Representation of proposed client role mapping.
returned: always
type: dict
sample: {clientId: "test"}
sample: {"clientId": "test"}
existing:
description:
@ -198,7 +198,13 @@ existing:
- The sample is truncated.
returned: always
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
end_state:
description:
@ -206,7 +212,13 @@ end_state:
- The sample is truncated.
returned: on success
type: dict
sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}}
sample:
{
"adminUrl": "http://www.example.com/admin_url",
"attributes": {
"request.object.signature.alg": "RS256"
}
}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \

9
plugins/modules/keycloak_userprofile.py
View file

@ -33,9 +33,8 @@ options:
state:
description:
- State of the User Profile provider.
- On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters
you provide.
- On V(absent), the User Profile provider will be removed if it exists.
- On V(present), the User Profile provider is created if it does not yet exist, or updated with the parameters you provide.
- On V(absent), the User Profile provider is removed if it exists.
default: 'present'
type: str
choices:
@ -171,7 +170,7 @@ options:
group:
description:
- Specifies the User Profile group where this attribute will be added.
- Specifies the User Profile group where this attribute is added.
type: str
permissions:
@ -406,7 +405,7 @@ data:
description: The data returned by the Keycloak API.
returned: when state is present
type: dict
sample: {'...': '...'}
sample: {"...": "..."}
"""
from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \

4
plugins/modules/kibana_plugin.py
View file

@ -59,11 +59,11 @@ options:
version:
description:
- Version of the plugin to be installed.
- If plugin exists with previous version, plugin will B(not) be updated unless O(force) is set to V(true).
- If the plugin is installed with in a previous version, it is B(not) updated unless O(force=true).
type: str
force:
description:
- Delete and re-install the plugin. Can be useful for plugins update.
- Delete and re-install the plugin. It can be useful for plugins update.
type: bool
default: false
allow_root:

14
plugins/modules/krb_ticket.py
View file

@ -30,7 +30,7 @@ options:
principal:
description:
- The principal name.
- If not set, the user running this module will be used.
- If not set, the user running this module is used.
type: str
state:
description:
@ -50,17 +50,17 @@ options:
- Use O(cache_name) as the ticket cache name and location.
- If this option is not used, the default cache name and location are used.
- The default credentials cache may vary between systems.
- If not set the the value of E(KRB5CCNAME) environment variable will be used instead, its value is used to name the
default ticket cache.
- If not set the the value of E(KRB5CCNAME) environment variable is used instead, its value is used to name the default
ticket cache.
type: str
lifetime:
description:
- Requests a ticket with the lifetime, if the O(lifetime) is not specified, the default ticket lifetime is used.
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the
- Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) does not override the
configured maximum ticket lifetime.
- 'The value for O(lifetime) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h)
- hours, V(d) - days.'
- You cannot mix units; a value of V(3h30m) will result in an error.
- You cannot mix units; a value of V(3h30m) results in an error.
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
type: str
start_time:
@ -78,7 +78,7 @@ options:
- Requests renewable tickets, with a total lifetime equal to O(renewable).
- 'The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h)
- hours, V(d) - days.'
- You cannot mix units; a value of V(3h30m) will result in an error.
- You cannot mix units; a value of V(3h30m) results in an error.
- See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference.
type: str
forwardable:
@ -119,7 +119,7 @@ options:
keytab:
description:
- Requests a ticket, obtained from a key in the local host's keytab.
- If O(keytab_path) is not specified will try to use default client keytab path (C(-i) option).
- If O(keytab_path) is not specified it tries to use default client keytab path (C(-i) option).
type: bool
keytab_path:
description: