From b0e2f1c6567f028853a8d934296c2dec26da99af Mon Sep 17 00:00:00 2001 From: Alexei Znamensky Date: Wed, 16 Jul 2025 21:56:05 +1200 Subject: [PATCH] doc style adjustments: modules k* --- plugins/modules/kdeconfig.py | 4 +- ...eycloak_authentication_required_actions.py | 4 +- .../keycloak_authz_authorization_scope.py | 4 +- .../modules/keycloak_authz_custom_policy.py | 4 +- plugins/modules/keycloak_authz_permission.py | 4 +- plugins/modules/keycloak_client.py | 38 ++++++++----- .../modules/keycloak_client_rolemapping.py | 42 +++++++++------ plugins/modules/keycloak_client_rolescope.py | 10 ++-- plugins/modules/keycloak_clientscope.py | 32 +++++++---- plugins/modules/keycloak_clientscope_type.py | 29 ++++++++-- plugins/modules/keycloak_clientsecret_info.py | 4 +- .../keycloak_clientsecret_regenerate.py | 4 +- plugins/modules/keycloak_clienttemplate.py | 9 ++-- plugins/modules/keycloak_component.py | 4 +- plugins/modules/keycloak_group.py | 18 +++---- plugins/modules/keycloak_identity_provider.py | 13 +++-- plugins/modules/keycloak_realm.py | 22 ++++++-- plugins/modules/keycloak_realm_info.py | 6 +-- plugins/modules/keycloak_realm_key.py | 32 +++++++---- plugins/modules/keycloak_realm_rolemapping.py | 37 ++++++++----- plugins/modules/keycloak_role.py | 15 +++--- plugins/modules/keycloak_user.py | 6 +-- plugins/modules/keycloak_user_federation.py | 54 +++++++++---------- plugins/modules/keycloak_user_rolemapping.py | 44 +++++++++------ plugins/modules/keycloak_userprofile.py | 9 ++-- plugins/modules/kibana_plugin.py | 4 +- plugins/modules/krb_ticket.py | 14 ++--- 27 files changed, 281 insertions(+), 185 deletions(-) diff --git a/plugins/modules/kdeconfig.py b/plugins/modules/kdeconfig.py index 4cc0fcf166..ac542d04e8 100644 --- a/plugins/modules/kdeconfig.py +++ b/plugins/modules/kdeconfig.py @@ -17,12 +17,12 @@ description: options: path: description: - - Path to the config file. If the file does not exist it will be created. + - Path to the config file. If the file does not exist it is created. type: path required: true kwriteconfig_path: description: - - Path to the kwriteconfig executable. If not specified, Ansible will try to discover it. + - Path to the kwriteconfig executable. If not specified, Ansible tries to discover it. type: path values: description: diff --git a/plugins/modules/keycloak_authentication_required_actions.py b/plugins/modules/keycloak_authentication_required_actions.py index 246963202f..69183ce605 100644 --- a/plugins/modules/keycloak_authentication_required_actions.py +++ b/plugins/modules/keycloak_authentication_required_actions.py @@ -49,7 +49,7 @@ options: type: dict defaultAction: description: - - Indicates, if any new user will have the required action assigned to it. + - Indicates whether new users have the required action assigned to them. type: bool enabled: description: @@ -149,7 +149,7 @@ end_state: type: dict defaultAction: description: - - Indicates, if any new user will have the required action assigned to it. + - Indicates whether new users have the required action assigned to them. sample: false type: bool enabled: diff --git a/plugins/modules/keycloak_authz_authorization_scope.py b/plugins/modules/keycloak_authz_authorization_scope.py index ef094830f5..1ce2db5212 100644 --- a/plugins/modules/keycloak_authz_authorization_scope.py +++ b/plugins/modules/keycloak_authz_authorization_scope.py @@ -37,8 +37,8 @@ options: state: description: - State of the authorization scope. - - On V(present), the authorization scope will be created (or updated if it exists already). - - On V(absent), the authorization scope will be removed if it exists. + - On V(present), the authorization scope is created (or updated if it exists already). + - On V(absent), the authorization scope is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str diff --git a/plugins/modules/keycloak_authz_custom_policy.py b/plugins/modules/keycloak_authz_custom_policy.py index 132119f53f..9607c0172c 100644 --- a/plugins/modules/keycloak_authz_custom_policy.py +++ b/plugins/modules/keycloak_authz_custom_policy.py @@ -38,8 +38,8 @@ options: state: description: - State of the custom policy. - - On V(present), the custom policy will be created (or updated if it exists already). - - On V(absent), the custom policy will be removed if it exists. + - On V(present), the custom policy is created (or updated if it exists already). + - On V(absent), the custom policy is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str diff --git a/plugins/modules/keycloak_authz_permission.py b/plugins/modules/keycloak_authz_permission.py index e931fd72f9..781afa87d1 100644 --- a/plugins/modules/keycloak_authz_permission.py +++ b/plugins/modules/keycloak_authz_permission.py @@ -43,8 +43,8 @@ options: state: description: - State of the authorization permission. - - On V(present), the authorization permission will be created (or updated if it exists already). - - On V(absent), the authorization permission will be removed if it exists. + - On V(present), the authorization permission is created (or updated if it exists already). + - On V(absent), the authorization permission is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str diff --git a/plugins/modules/keycloak_client.py b/plugins/modules/keycloak_client.py index 0a7f3fe73f..6c8a7b1383 100644 --- a/plugins/modules/keycloak_client.py +++ b/plugins/modules/keycloak_client.py @@ -37,8 +37,8 @@ options: state: description: - State of the client. - - On V(present), the client will be created (or updated if it exists already). - - On V(absent), the client will be removed if it exists. + - On V(present), the client are created (or updated if it exists already). + - On V(absent), the client are removed if it exists. choices: ['present', 'absent'] default: 'present' type: str @@ -116,8 +116,8 @@ options: secret: description: - When using O(client_authenticator_type=client-secret) (the default), you can specify a secret here (otherwise one - will be generated if it does not exit). If changing this secret, the module will not register a change currently (but - the changed secret will be saved). + is generated if it does not exit). If changing this secret, the module does not register a change currently (but the + changed secret is saved). type: str registration_access_token: @@ -130,8 +130,8 @@ options: default_roles: description: - - List of default roles for this client. If the client roles referenced do not exist yet, they will be created. This - is C(defaultRoles) in the Keycloak REST API. + - List of default roles for this client. If the client roles referenced do not exist yet, they are created. This is + C(defaultRoles) in the Keycloak REST API. aliases: - defaultRoles type: list @@ -232,7 +232,7 @@ options: protocol: description: - Type of client. - - At creation only, default value will be V(openid-connect) if O(protocol) is omitted. + - At creation only, default value is V(openid-connect) if O(protocol) is omitted. - The V(docker-v2) value was added in community.general 8.6.0. type: str choices: ['openid-connect', 'saml', 'docker-v2'] @@ -261,7 +261,7 @@ options: client_template: description: - - Client template to use for this client. If it does not exist this field will silently be dropped. This is C(clientTemplate) + - Client template to use for this client. If it does not exist this field is silently dropped. This is C(clientTemplate) in the Keycloak REST API. type: str aliases: @@ -454,7 +454,7 @@ options: - A dict of further attributes for this client. This can contain various configuration settings; an example is given in the examples section. While an exhaustive list of permissible options is not available; possible options as of Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol - used; if specified anyway, Keycloak will simply not use it. + used; if specified anyway, Keycloak does not use it. type: dict suboptions: saml.authnstatement: @@ -532,7 +532,7 @@ options: - For OpenID-Connect clients, client certificate for validating JWT issued by client and signed by its key, base64-encoded. x509.subjectdn: description: - - For OpenID-Connect clients, subject which will be used to authenticate the client. + - For OpenID-Connect clients, subject which is used to authenticate the client. type: str version_added: 9.5.0 @@ -704,19 +704,31 @@ proposed: description: Representation of proposed client. returned: always type: dict - sample: {clientId: "test"} + sample: {"clientId": "test"} existing: description: Representation of existing client (sample is truncated). returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: Representation of client after module execution (sample is truncated). returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ diff --git a/plugins/modules/keycloak_client_rolemapping.py b/plugins/modules/keycloak_client_rolemapping.py index ff41486873..c28951f791 100644 --- a/plugins/modules/keycloak_client_rolemapping.py +++ b/plugins/modules/keycloak_client_rolemapping.py @@ -22,9 +22,9 @@ description: the scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. - When updating a client_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to translate the name into the role ID. attributes: @@ -39,9 +39,9 @@ options: state: description: - State of the client_rolemapping. - - On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you - provide. - - On V(absent), the client_rolemapping will be removed if it exists. + - On V(present), the client_rolemapping __FIXME__(will) be created if it does not yet exist, or updated with the parameters + you provide. + - On V(absent), the client_rolemapping __FIXME__(will) be removed if it exists. default: 'present' type: str choices: @@ -87,8 +87,8 @@ options: type: str description: - ID of the group to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. client_id: type: str description: @@ -98,8 +98,8 @@ options: type: str description: - ID of the client to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. roles: description: - Roles to be mapped to the group. @@ -115,8 +115,8 @@ options: type: str description: - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but providing it will reduce the - number of API calls required. + - This parameter is not required for updating or deleting a role_representation but providing it reduces the number + of API calls required. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak @@ -209,7 +209,7 @@ proposed: description: Representation of proposed client role mapping. returned: always type: dict - sample: {clientId: "test"} + sample: {"clientId": "test"} existing: description: @@ -217,7 +217,13 @@ existing: - The sample is truncated. returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: @@ -225,7 +231,13 @@ end_state: - The sample is truncated. returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( diff --git a/plugins/modules/keycloak_client_rolescope.py b/plugins/modules/keycloak_client_rolescope.py index db11f37098..fcf57c2e4a 100644 --- a/plugins/modules/keycloak_client_rolescope.py +++ b/plugins/modules/keycloak_client_rolescope.py @@ -22,9 +22,9 @@ description: In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. - Client O(client_id) must have O(community.general.keycloak_client#module:full_scope_allowed) set to V(false). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. attributes: check_mode: support: full @@ -37,8 +37,8 @@ options: state: description: - State of the role mapping. - - On V(present), all roles in O(role_names) will be mapped if not exists yet. - - On V(absent), all roles mapping in O(role_names) will be removed if it exists. + - On V(present), all roles in O(role_names) are mapped if not exist yet. + - On V(absent), all roles mapping in O(role_names) are removed if it exists. default: 'present' type: str choices: diff --git a/plugins/modules/keycloak_clientscope.py b/plugins/modules/keycloak_clientscope.py index ed9fe97043..ddb4e1b04b 100644 --- a/plugins/modules/keycloak_clientscope.py +++ b/plugins/modules/keycloak_clientscope.py @@ -22,9 +22,9 @@ description: the scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. - When updating a client_scope, where possible provide the client_scope ID to the module. This removes a lookup to the API to translate the name into the client_scope ID. attributes: @@ -39,8 +39,8 @@ options: state: description: - State of the client_scope. - - On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the client_scope will be removed if it exists. + - On V(present), the client_scope is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the client_scope is removed if it exists. default: 'present' type: str choices: @@ -62,8 +62,8 @@ options: type: str description: - The unique identifier for this client_scope. - - This parameter is not required for updating or deleting a client_scope but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting a client_scope but providing it reduces the number of API + calls required. description: type: str description: @@ -263,19 +263,31 @@ proposed: description: Representation of proposed client scope. returned: always type: dict - sample: {clientId: "test"} + sample: {"clientId": "test"} existing: description: Representation of existing client scope (sample is truncated). returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: Representation of client scope after module execution (sample is truncated). returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ diff --git a/plugins/modules/keycloak_clientscope_type.py b/plugins/modules/keycloak_clientscope_type.py index 493363f391..85308f1a22 100644 --- a/plugins/modules/keycloak_clientscope_type.py +++ b/plugins/modules/keycloak_clientscope_type.py @@ -99,20 +99,43 @@ proposed: description: Representation of proposed client-scope types mapping. returned: always type: dict - sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []} + sample: + { + "default_clientscopes": [ + "profile", + "role" + ], + "optional_clientscopes": [] + } existing: description: - Representation of client scopes before module execution. returned: always type: dict - sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: ["phone"]} + sample: + { + "default_clientscopes": [ + "profile", + "role" + ], + "optional_clientscopes": [ + "phone" + ] + } end_state: description: - Representation of client scopes after module execution. - The sample is truncated. returned: on success type: dict - sample: {default_clientscopes: ["profile", "role"], optional_clientscopes: []} + sample: + { + "default_clientscopes": [ + "profile", + "role" + ], + "optional_clientscopes": [] + } """ from ansible.module_utils.basic import AnsibleModule diff --git a/plugins/modules/keycloak_clientsecret_info.py b/plugins/modules/keycloak_clientsecret_info.py index da07d03248..0ea48f6a33 100644 --- a/plugins/modules/keycloak_clientsecret_info.py +++ b/plugins/modules/keycloak_clientsecret_info.py @@ -39,8 +39,8 @@ options: id: description: - The unique identifier for this client. - - This parameter is not required for getting or generating a client secret but providing it will reduce the number of - API calls required. + - This parameter is not required for getting or generating a client secret but providing it reduces the number of API + calls required. type: str client_id: diff --git a/plugins/modules/keycloak_clientsecret_regenerate.py b/plugins/modules/keycloak_clientsecret_regenerate.py index bb449abc10..2bcaeb3705 100644 --- a/plugins/modules/keycloak_clientsecret_regenerate.py +++ b/plugins/modules/keycloak_clientsecret_regenerate.py @@ -43,8 +43,8 @@ options: id: description: - The unique identifier for this client. - - This parameter is not required for getting or generating a client secret but providing it will reduce the number of - API calls required. + - This parameter is not required for getting or generating a client secret but providing it reduces the number of API + calls required. type: str client_id: diff --git a/plugins/modules/keycloak_clienttemplate.py b/plugins/modules/keycloak_clienttemplate.py index 53b1266c7c..ee357605f1 100644 --- a/plugins/modules/keycloak_clienttemplate.py +++ b/plugins/modules/keycloak_clienttemplate.py @@ -35,8 +35,8 @@ options: state: description: - State of the client template. - - On V(present), the client template will be created (or updated if it exists already). - - On V(absent), the client template will be removed if it exists. + - On V(present), the client template is created (or updated if it exists already). + - On V(absent), the client template is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str @@ -238,10 +238,7 @@ proposed: description: Representation of proposed client template. returned: always type: dict - sample: - { - "name": "test01" - } + sample: {"name": "test01"} existing: description: Representation of existing client template (sample is truncated). diff --git a/plugins/modules/keycloak_component.py b/plugins/modules/keycloak_component.py index 15c3c8e731..8b0c67b321 100644 --- a/plugins/modules/keycloak_component.py +++ b/plugins/modules/keycloak_component.py @@ -35,8 +35,8 @@ options: state: description: - State of the Keycloak component. - - On V(present), the component will be created (or updated if it exists already). - - On V(absent), the component will be removed if it exists. + - On V(present), the component is created (or updated if it exists already). + - On V(absent), the component is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str diff --git a/plugins/modules/keycloak_group.py b/plugins/modules/keycloak_group.py index 865b52213a..7053b33a35 100644 --- a/plugins/modules/keycloak_group.py +++ b/plugins/modules/keycloak_group.py @@ -20,9 +20,9 @@ description: scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/20.0.2/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. - When updating a group, where possible provide the group ID to the module. This removes a lookup to the API to translate the name into the group ID. attributes: @@ -37,9 +37,9 @@ options: state: description: - State of the group. - - On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the group will be removed if it exists. Be aware that absenting a group with subgroups will automatically - delete all its subgroups too. + - On V(present), the group is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the group is removed if it exists. Be aware that absenting a group with subgroups automatically deletes + all its subgroups too. default: 'present' type: str choices: @@ -61,8 +61,7 @@ options: type: str description: - The unique identifier for this group. - - This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls - required. + - This parameter is not required for updating or deleting a group but providing it reduces the number of API calls required. attributes: type: dict description: @@ -282,8 +281,7 @@ end_state: returned: always sample: [] subGroups: - description: A list of groups that are children of this group. These groups will have the same parameters as documented - here. + description: A list of groups that are children of this group. These groups have the same parameters as documented here. type: list returned: always clientRoles: diff --git a/plugins/modules/keycloak_identity_provider.py b/plugins/modules/keycloak_identity_provider.py index eea168a14b..40a06846d6 100644 --- a/plugins/modules/keycloak_identity_provider.py +++ b/plugins/modules/keycloak_identity_provider.py @@ -34,9 +34,8 @@ options: state: description: - State of the identity provider. - - On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you - provide. - - On V(absent), the identity provider will be removed if it exists. + - On V(present), the identity provider is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the identity provider is removed if it exists. default: 'present' type: str choices: @@ -148,14 +147,14 @@ options: sync_mode: description: - - Default sync mode for all mappers. The sync mode determines when user data will be synced using the mappers. + - Default sync mode for all mappers. The sync mode determines when user data is synced using the mappers. aliases: - syncMode type: str issuer: description: - - The issuer identifier for the issuer of the response. If not provided, no validation will be performed. + - The issuer identifier for the issuer of the response. If not provided, no validation is performed. type: str authorizationUrl: @@ -205,7 +204,7 @@ options: useJwksUrl: description: - - If the switch is on, identity provider public keys will be downloaded from given JWKS URL. + - If V(true), identity provider public keys are downloaded from given JWKS URL. type: bool jwksUrl: @@ -215,7 +214,7 @@ options: entityId: description: - - The Entity ID that will be used to uniquely identify this SAML Service Provider. + - The Entity ID that is used to uniquely identify this SAML Service Provider. type: str singleSignOnServiceUrl: diff --git a/plugins/modules/keycloak_realm.py b/plugins/modules/keycloak_realm.py index c2d4dceb21..c8bc7dc7df 100644 --- a/plugins/modules/keycloak_realm.py +++ b/plugins/modules/keycloak_realm.py @@ -39,8 +39,8 @@ options: state: description: - State of the realm. - - On V(present), the realm will be created (or updated if it exists already). - - On V(absent), the realm will be removed if it exists. + - On V(present), the realm is created (or updated if it exists already). + - On V(absent), the realm is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str @@ -553,19 +553,31 @@ proposed: description: Representation of proposed realm. returned: always type: dict - sample: {realm: "test"} + sample: {"realm": "test"} existing: description: Representation of existing realm (sample is truncated). returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: Representation of realm after module execution (sample is truncated). returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ diff --git a/plugins/modules/keycloak_realm_info.py b/plugins/modules/keycloak_realm_info.py index 838b19513d..501ca48c21 100644 --- a/plugins/modules/keycloak_realm_info.py +++ b/plugins/modules/keycloak_realm_info.py @@ -19,9 +19,9 @@ description: - This module allows you to get Keycloak realm public information using the Keycloak REST API. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. extends_documentation_fragment: - community.general.attributes - community.general.attributes.info_module diff --git a/plugins/modules/keycloak_realm_key.py b/plugins/modules/keycloak_realm_key.py index 4f6caa4464..8036c6e3ce 100644 --- a/plugins/modules/keycloak_realm_key.py +++ b/plugins/modules/keycloak_realm_key.py @@ -25,11 +25,9 @@ description: at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). Aliases are provided so camelCased versions can be used as well. - This module is unable to detect changes to the actual cryptographic key after importing it. However, if some other property - is changed alongside the cryptographic key, then the key will also get changed as a side-effect, as the JSON payload needs - to include the private key. This can be considered either a bug or a feature, as the alternative would be to always update - the realm key whether it has changed or not. - - If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current - state of the certificate to the desired state (which may be empty) is not possible. + is changed alongside the cryptographic key, then the key also changes as a side-effect, as the JSON payload needs to include + the private key. This can be considered either a bug or a feature, as the alternative would be to always update the realm + key whether it has changed or not. attributes: check_mode: support: full @@ -42,8 +40,8 @@ options: state: description: - State of the keycloak realm key. - - On V(present), the realm key will be created (or updated if it exists already). - - On V(absent), the realm key will be removed if it exists. + - On V(present), the realm key is created (or updated if it exists already). + - On V(absent), the realm key is removed if it exists. choices: ['present', 'absent'] default: 'present' type: str @@ -119,10 +117,10 @@ options: notes: - Current value of the private key cannot be fetched from Keycloak. Therefore comparing its desired state to the current state is not possible. - - If certificate is not explicitly provided it will be dynamically created by Keycloak. Therefore comparing the current + - If O(config.certificate) is not explicitly provided it is dynamically created by Keycloak. Therefore comparing the current state of the certificate to the desired state (which may be empty) is not possible. - Due to the private key and certificate options the module is B(not fully idempotent). You can use O(force=true) to force - the module to always update if you know that the private key might have changed. + the module to ensure update if you know that the private key might have changed. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak @@ -208,7 +206,21 @@ end_state: description: Realm key configuration. type: dict returned: when O(state=present) - sample: {"active": ["true"], "algorithm": ["RS256"], "enabled": ["true"], "priority": ["140"]} + sample: + { + "active": [ + "true" + ], + "algorithm": [ + "RS256" + ], + "enabled": [ + "true" + ], + "priority": [ + "140" + ] + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ diff --git a/plugins/modules/keycloak_realm_rolemapping.py b/plugins/modules/keycloak_realm_rolemapping.py index 2e3366d422..2b6b6a4eda 100644 --- a/plugins/modules/keycloak_realm_rolemapping.py +++ b/plugins/modules/keycloak_realm_rolemapping.py @@ -22,9 +22,9 @@ description: definition with the scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/18.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. - When updating a group_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to translate the name into the role ID. attributes: @@ -39,9 +39,8 @@ options: state: description: - State of the realm_rolemapping. - - On C(present), the realm_rolemapping will be created if it does not yet exist, or updated with the parameters you - provide. - - On C(absent), the realm_rolemapping will be removed if it exists. + - On C(present), the realm_rolemapping is created if it does not yet exist, or updated with the parameters you provide. + - On C(absent), the realm_rolemapping is removed if it exists. default: 'present' type: str choices: @@ -86,8 +85,8 @@ options: type: str description: - ID of the group to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. roles: description: - Roles to be mapped to the group. @@ -103,8 +102,8 @@ options: type: str description: - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but providing it will reduce the - number of API calls required. + - This parameter is not required for updating or deleting a role_representation but providing it reduces the number + of API calls required. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak @@ -195,7 +194,7 @@ proposed: description: Representation of proposed client role mapping. returned: always type: dict - sample: {clientId: "test"} + sample: {"clientId": "test"} existing: description: @@ -203,7 +202,13 @@ existing: - The sample is truncated. returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: @@ -211,7 +216,13 @@ end_state: - The sample is truncated. returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import ( diff --git a/plugins/modules/keycloak_role.py b/plugins/modules/keycloak_role.py index c9979653c5..f49d55f599 100644 --- a/plugins/modules/keycloak_role.py +++ b/plugins/modules/keycloak_role.py @@ -22,9 +22,9 @@ description: scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. attributes: check_mode: support: full @@ -37,8 +37,8 @@ options: state: description: - State of the role. - - On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the role will be removed if it exists. + - On V(present), the role is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the role is removed if it exists. default: 'present' type: str choices: @@ -195,10 +195,7 @@ proposed: description: Representation of proposed role. returned: always type: dict - sample: - { - "description": "My updated test description" - } + sample: {"description": "My updated test description"} existing: description: Representation of existing role. diff --git a/plugins/modules/keycloak_user.py b/plugins/modules/keycloak_user.py index 83bf8f5d02..8c9d8bb023 100644 --- a/plugins/modules/keycloak_user.py +++ b/plugins/modules/keycloak_user.py @@ -101,9 +101,9 @@ options: groups: description: - List of groups for the user. - Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). - The path syntax allows you to reference subgroups, which is not possible otherwise. - This is possible since community.general 10.6.0. + - Groups can be referenced by their name, like V(staff), or their path, like V(/staff/engineering). The path syntax + allows you to reference subgroups, which is not possible otherwise. + - This is possible since community.general 10.6.0. type: list elements: dict default: [] diff --git a/plugins/modules/keycloak_user_federation.py b/plugins/modules/keycloak_user_federation.py index b3b86111c0..3290ab8dd9 100644 --- a/plugins/modules/keycloak_user_federation.py +++ b/plugins/modules/keycloak_user_federation.py @@ -34,8 +34,8 @@ options: state: description: - State of the user federation. - - On V(present), the user federation will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the user federation will be removed if it exists. + - On V(present), the user federation is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the user federation is removed if it exists. default: 'present' type: str choices: @@ -50,7 +50,7 @@ options: id: description: - - The unique ID for this user federation. If left empty, the user federation will be searched by its O(name). + - The unique ID for this user federation. If left empty, the user federation is searched by its O(name). type: str name: @@ -76,7 +76,7 @@ options: parent_id: description: - - Unique ID for the parent of this user federation. Realm ID will be automatically used if left blank. + - Unique ID for the parent of this user federation. Realm ID is automatically used if left blank. aliases: - parentId type: str @@ -95,11 +95,11 @@ options: value with the desired value always evaluates to not equal. This means the before and desired states are never equal if the parameter is set. - Set to V(always) to include O(config.bindCredential) in the comparison of before and desired state. Because of the - redacted value returned by Keycloak the module will always detect a change and make an update if a O(config.bindCredential) + redacted value returned by Keycloak the module always detects a change and make an update if a O(config.bindCredential) value is set. - Set to V(only_indirect) to exclude O(config.bindCredential) when comparing the before state with the desired state. - The value of O(config.bindCredential) will only be updated if there are other changes to the user federation that - require an update. + The value of O(config.bindCredential) is only updated if there are other changes to the user federation that require + an update. type: str default: always choices: @@ -129,14 +129,14 @@ options: importEnabled: description: - - If V(true), LDAP users will be imported into Keycloak DB and synced by the configured sync policies. + - If V(true), LDAP users are imported into Keycloak DB and synced by the configured sync policies. default: true type: bool editMode: description: - - V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP on demand. V(UNSYNCED) - means user data will be imported, but not synced back to LDAP. + - V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data is synced back to LDAP on demand. V(UNSYNCED) means + user data is imported, but not synced back to LDAP. type: str choices: - READ_ONLY @@ -181,7 +181,7 @@ options: userObjectClasses: description: - All values of LDAP objectClass attribute for users in LDAP divided by comma. For example V(inetOrgPerson, organizationalPerson). - Newly created Keycloak users will be written to LDAP with all those object classes and existing LDAP user records + Newly created Keycloak users are written to LDAP with all those object classes and existing LDAP user records are found just if they contain all those object classes. type: str @@ -222,7 +222,7 @@ options: bindDn: description: - - DN of LDAP user which will be used by Keycloak to access LDAP server. + - DN of LDAP user which is used by Keycloak to access LDAP server. type: str bindCredential: @@ -232,7 +232,7 @@ options: startTls: description: - - Encrypts the connection to LDAP using STARTTLS, which will disable connection pooling. + - Encrypts the connection to LDAP using STARTTLS, which disables connection pooling. default: false type: bool @@ -258,11 +258,11 @@ options: useTruststoreSpi: description: - - Specifies whether LDAP connection will use the truststore SPI with the truststore configured in standalone.xml/domain.xml. - V(always) means that it will always use it. V(never) means that it will not use it. V(ldapsOnly) means that it - will use if your connection URL use ldaps. + - Specifies whether LDAP connection uses the truststore SPI with the truststore configured in standalone.xml/domain.xml. + V(always) means that it always uses it. V(never) means that it does not use it. V(ldapsOnly) means that it uses + if your connection URL use ldaps. - Note even if standalone.xml/domain.xml is not configured, the default Java cacerts or certificate specified by - C(javax.net.ssl.trustStore) property will be used. + C(javax.net.ssl.trustStore) property is used. default: ldapsOnly type: str choices: @@ -335,8 +335,8 @@ options: allowKerberosAuthentication: description: - - Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users will - be provisioned from this LDAP server. + - Enable/disable HTTP authentication of users with SPNEGO/Kerberos tokens. The data about authenticated users is + provisioned from this LDAP server. default: false type: bool @@ -348,9 +348,9 @@ options: krbPrincipalAttribute: description: - Name of the LDAP attribute, which refers to Kerberos principal. This is used to lookup appropriate LDAP user after - successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user will be looked based - on LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG), - it will assume that LDAP username is V(john). + successful Kerberos/SPNEGO authentication in Keycloak. When this is empty, the LDAP user is looked up based on + LDAP username corresponding to the first part of his Kerberos principal. For instance, for principal C(john@KEYCLOAK.ORG), + it assumes that LDAP username is V(john). type: str version_added: 8.1.0 @@ -419,17 +419,17 @@ options: evictionDay: description: - - Day of the week the entry will become invalid on. + - Day of the week the entry is set to become invalid on. type: str evictionHour: description: - - Hour of day the entry will become invalid on. + - Hour of day the entry is set to become invalid on. type: str evictionMinute: description: - - Minute of day the entry will become invalid on. + - Minute of day the entry is set to become invalid on. type: str maxLifespan: @@ -461,12 +461,12 @@ options: name: description: - - Name of the mapper. If no ID is given, the mapper will be searched by name. + - Name of the mapper. If no ID is given, the mapper is searched by name. type: str parentId: description: - - Unique ID for the parent of this mapper. ID of the user federation will automatically be used if left blank. + - Unique ID for the parent of this mapper. ID of the user federation is automatically used if left blank. type: str providerId: diff --git a/plugins/modules/keycloak_user_rolemapping.py b/plugins/modules/keycloak_user_rolemapping.py index 794ea369d7..49d71e2ca9 100644 --- a/plugins/modules/keycloak_user_rolemapping.py +++ b/plugins/modules/keycloak_user_rolemapping.py @@ -21,9 +21,9 @@ description: the scope tailored to your needs and a user having the expected roles. - The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(https://www.keycloak.org/docs-api/8.0/rest-api/index.html). - - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and will be returned that - way by this module. You may pass single values for attributes when calling the module, and this will be translated into - a list suitable for the API. + - Attributes are multi-valued in the Keycloak API. All attributes are lists of individual values and are returned that way + by this module. You may pass single values for attributes when calling the module, and this is translated into a list + suitable for the API. - When updating a user_rolemapping, where possible provide the role ID to the module. This removes a lookup to the API to translate the name into the role ID. attributes: @@ -38,8 +38,8 @@ options: state: description: - State of the user_rolemapping. - - On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. - - On V(absent), the user_rolemapping will be removed if it exists. + - On V(present), the user_rolemapping is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the user_rolemapping is removed if it exists. default: 'present' type: str choices: @@ -61,14 +61,14 @@ options: type: str description: - ID of the user to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. service_account_user_client_id: type: str description: - Client ID of the service-account-user to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. client_id: type: str description: @@ -79,8 +79,8 @@ options: type: str description: - ID of the client to be mapped. - - This parameter is not required for updating or deleting the rolemapping but providing it will reduce the number of - API calls required. + - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API + calls required. roles: description: - Roles to be mapped to the user. @@ -96,8 +96,8 @@ options: type: str description: - The unique identifier for this role_representation. - - This parameter is not required for updating or deleting a role_representation but providing it will reduce the - number of API calls required. + - This parameter is not required for updating or deleting a role_representation but providing it reduces the number + of API calls required. extends_documentation_fragment: - community.general.keycloak - community.general.keycloak.actiongroup_keycloak @@ -190,7 +190,7 @@ proposed: description: Representation of proposed client role mapping. returned: always type: dict - sample: {clientId: "test"} + sample: {"clientId": "test"} existing: description: @@ -198,7 +198,13 @@ existing: - The sample is truncated. returned: always type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } end_state: description: @@ -206,7 +212,13 @@ end_state: - The sample is truncated. returned: on success type: dict - sample: {"adminUrl": "http://www.example.com/admin_url", "attributes": {"request.object.signature.alg": "RS256"}} + sample: + { + "adminUrl": "http://www.example.com/admin_url", + "attributes": { + "request.object.signature.alg": "RS256" + } + } """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, \ diff --git a/plugins/modules/keycloak_userprofile.py b/plugins/modules/keycloak_userprofile.py index a79ca93890..e2c7079bb5 100644 --- a/plugins/modules/keycloak_userprofile.py +++ b/plugins/modules/keycloak_userprofile.py @@ -33,9 +33,8 @@ options: state: description: - State of the User Profile provider. - - On V(present), the User Profile provider will be created if it does not yet exist, or updated with the parameters - you provide. - - On V(absent), the User Profile provider will be removed if it exists. + - On V(present), the User Profile provider is created if it does not yet exist, or updated with the parameters you provide. + - On V(absent), the User Profile provider is removed if it exists. default: 'present' type: str choices: @@ -171,7 +170,7 @@ options: group: description: - - Specifies the User Profile group where this attribute will be added. + - Specifies the User Profile group where this attribute is added. type: str permissions: @@ -406,7 +405,7 @@ data: description: The data returned by the Keycloak API. returned: when state is present type: dict - sample: {'...': '...'} + sample: {"...": "..."} """ from ansible_collections.community.general.plugins.module_utils.identity.keycloak.keycloak import KeycloakAPI, camel, \ diff --git a/plugins/modules/kibana_plugin.py b/plugins/modules/kibana_plugin.py index 09703b504c..8e8ccd106d 100644 --- a/plugins/modules/kibana_plugin.py +++ b/plugins/modules/kibana_plugin.py @@ -59,11 +59,11 @@ options: version: description: - Version of the plugin to be installed. - - If plugin exists with previous version, plugin will B(not) be updated unless O(force) is set to V(true). + - If the plugin is installed with in a previous version, it is B(not) updated unless O(force=true). type: str force: description: - - Delete and re-install the plugin. Can be useful for plugins update. + - Delete and re-install the plugin. It can be useful for plugins update. type: bool default: false allow_root: diff --git a/plugins/modules/krb_ticket.py b/plugins/modules/krb_ticket.py index e021050c22..3a01944535 100644 --- a/plugins/modules/krb_ticket.py +++ b/plugins/modules/krb_ticket.py @@ -30,7 +30,7 @@ options: principal: description: - The principal name. - - If not set, the user running this module will be used. + - If not set, the user running this module is used. type: str state: description: @@ -50,17 +50,17 @@ options: - Use O(cache_name) as the ticket cache name and location. - If this option is not used, the default cache name and location are used. - The default credentials cache may vary between systems. - - If not set the the value of E(KRB5CCNAME) environment variable will be used instead, its value is used to name the - default ticket cache. + - If not set the the value of E(KRB5CCNAME) environment variable is used instead, its value is used to name the default + ticket cache. type: str lifetime: description: - Requests a ticket with the lifetime, if the O(lifetime) is not specified, the default ticket lifetime is used. - - Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) will not override the + - Specifying a ticket lifetime longer than the maximum ticket lifetime (configured by each site) does not override the configured maximum ticket lifetime. - 'The value for O(lifetime) must be followed by one of the following suffixes: V(s) - seconds, V(m) - minutes, V(h) - hours, V(d) - days.' - - You cannot mix units; a value of V(3h30m) will result in an error. + - You cannot mix units; a value of V(3h30m) results in an error. - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference. type: str start_time: @@ -78,7 +78,7 @@ options: - Requests renewable tickets, with a total lifetime equal to O(renewable). - 'The value for O(renewable) must be followed by one of the following delimiters: V(s) - seconds, V(m) - minutes, V(h) - hours, V(d) - days.' - - You cannot mix units; a value of V(3h30m) will result in an error. + - You cannot mix units; a value of V(3h30m) results in an error. - See U(https://web.mit.edu/kerberos/krb5-1.12/doc/basic/date_format.html) for reference. type: str forwardable: @@ -119,7 +119,7 @@ options: keytab: description: - Requests a ticket, obtained from a key in the local host's keytab. - - If O(keytab_path) is not specified will try to use default client keytab path (C(-i) option). + - If O(keytab_path) is not specified it tries to use default client keytab path (C(-i) option). type: bool keytab_path: description: