mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-25 13:34:01 -07:00 
			
		
		
		
	Use semantic markup (modules k-l) (#6678)
* Use semantic markup. * Use option instead of alias.
This commit is contained in:
		
					parent
					
						
							
								3e0d84bdda
							
						
					
				
			
			
				commit
				
					
						c694abbdf9
					
				
			
		
					 26 changed files with 249 additions and 250 deletions
				
			
		|  | @ -35,11 +35,11 @@ options: | |||
|     suboptions: | ||||
|       group: | ||||
|         description: | ||||
|           - The option's group. One between this and I(groups) is required. | ||||
|           - The option's group. One between this and O(values[].groups) is required. | ||||
|         type: str | ||||
|       groups: | ||||
|         description: | ||||
|           - List of the option's groups. One between this and I(group) is required. | ||||
|           - List of the option's groups. One between this and O(values[].group) is required. | ||||
|         type: list | ||||
|         elements: str | ||||
|       key: | ||||
|  | @ -49,12 +49,12 @@ options: | |||
|         required: true | ||||
|       value: | ||||
|         description: | ||||
|           - The option's value. One between this and I(bool_value) is required. | ||||
|           - The option's value. One between this and O(values[].bool_value) is required. | ||||
|         type: str | ||||
|       bool_value: | ||||
|         description: | ||||
|           - Boolean value. | ||||
|           - One between this and I(value) is required. | ||||
|           - One between this and O(values[].value) is required. | ||||
|         type: bool | ||||
|     required: true | ||||
|   backup: | ||||
|  |  | |||
|  | @ -97,7 +97,7 @@ options: | |||
|         type: bool | ||||
|         default: false | ||||
|         description: | ||||
|             - If C(true), allows to remove the authentication flow and recreate it. | ||||
|             - If V(true), allows to remove the authentication flow and recreate it. | ||||
| 
 | ||||
| extends_documentation_fragment: | ||||
|     - community.general.keycloak | ||||
|  |  | |||
|  | @ -40,8 +40,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the authorization scope. | ||||
|             - On C(present), the authorization scope will be created (or updated if it exists already). | ||||
|             - On C(absent), the authorization scope will be removed if it exists. | ||||
|             - On V(present), the authorization scope will be created (or updated if it exists already). | ||||
|             - On V(absent), the authorization scope will be removed if it exists. | ||||
|         choices: ['present', 'absent'] | ||||
|         default: 'present' | ||||
|         type: str | ||||
|  | @ -108,22 +108,22 @@ end_state: | |||
|         id: | ||||
|             description: ID of the authorization scope. | ||||
|             type: str | ||||
|             returned: when I(state=present) | ||||
|             returned: when O(state=present) | ||||
|             sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41 | ||||
|         name: | ||||
|             description: Name of the authorization scope. | ||||
|             type: str | ||||
|             returned: when I(state=present) | ||||
|             returned: when O(state=present) | ||||
|             sample: file:delete | ||||
|         display_name: | ||||
|             description: Display name of the authorization scope. | ||||
|             type: str | ||||
|             returned: when I(state=present) | ||||
|             returned: when O(state=present) | ||||
|             sample: File delete | ||||
|         icon_uri: | ||||
|             description: Icon URI for the authorization scope. | ||||
|             type: str | ||||
|             returned: when I(state=present) | ||||
|             returned: when O(state=present) | ||||
|             sample: http://localhost/icon.png | ||||
| 
 | ||||
| ''' | ||||
|  |  | |||
|  | @ -40,8 +40,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the client | ||||
|             - On C(present), the client will be created (or updated if it exists already). | ||||
|             - On C(absent), the client will be removed if it exists | ||||
|             - On V(present), the client will be created (or updated if it exists already). | ||||
|             - On V(absent), the client will be removed if it exists | ||||
|         choices: ['present', 'absent'] | ||||
|         default: 'present' | ||||
|         type: str | ||||
|  | @ -55,7 +55,7 @@ options: | |||
|     client_id: | ||||
|         description: | ||||
|             - Client id of client to be worked on. This is usually an alphanumeric name chosen by | ||||
|               you. Either this or I(id) is required. If you specify both, I(id) takes precedence. | ||||
|               you. Either this or O(id) is required. If you specify both, O(id) takes precedence. | ||||
|               This is 'clientId' in the Keycloak REST API. | ||||
|         aliases: | ||||
|             - clientId | ||||
|  | @ -63,13 +63,13 @@ options: | |||
| 
 | ||||
|     id: | ||||
|         description: | ||||
|             - Id of client to be worked on. This is usually an UUID. Either this or I(client_id) | ||||
|             - Id of client to be worked on. This is usually an UUID. Either this or O(client_id) | ||||
|               is required. If you specify both, this takes precedence. | ||||
|         type: str | ||||
| 
 | ||||
|     name: | ||||
|         description: | ||||
|             - Name of the client (this is not the same as I(client_id)). | ||||
|             - Name of the client (this is not the same as O(client_id)). | ||||
|         type: str | ||||
| 
 | ||||
|     description: | ||||
|  | @ -108,12 +108,12 @@ options: | |||
| 
 | ||||
|     client_authenticator_type: | ||||
|         description: | ||||
|             - How do clients authenticate with the auth server? Either C(client-secret) or | ||||
|               C(client-jwt) can be chosen. When using C(client-secret), the module parameter | ||||
|               I(secret) can set it, while for C(client-jwt), you can use the keys C(use.jwks.url), | ||||
|               C(jwks.url), and C(jwt.credential.certificate) in the I(attributes) module parameter | ||||
|             - How do clients authenticate with the auth server? Either V(client-secret) or | ||||
|               V(client-jwt) can be chosen. When using V(client-secret), the module parameter | ||||
|               O(secret) can set it, while for V(client-jwt), you can use the keys C(use.jwks.url), | ||||
|               C(jwks.url), and C(jwt.credential.certificate) in the O(attributes) module parameter | ||||
|               to configure its behavior. | ||||
|               This is 'clientAuthenticatorType' in the Keycloak REST API. | ||||
|             - This is 'clientAuthenticatorType' in the Keycloak REST API. | ||||
|         choices: ['client-secret', 'client-jwt'] | ||||
|         aliases: | ||||
|             - clientAuthenticatorType | ||||
|  | @ -121,7 +121,7 @@ options: | |||
| 
 | ||||
|     secret: | ||||
|         description: | ||||
|             - When using I(client_authenticator_type) C(client-secret) (the default), you can | ||||
|             - When using O(client_authenticator_type=client-secret) (the default), you can | ||||
|               specify a secret here (otherwise one will be generated if it does not exit). If | ||||
|               changing this secret, the module will not register a change currently (but the | ||||
|               changed secret will be saved). | ||||
|  | @ -246,7 +246,7 @@ options: | |||
| 
 | ||||
|     protocol: | ||||
|         description: | ||||
|             - Type of client (either C(openid-connect) or C(saml). | ||||
|             - Type of client. | ||||
|         type: str | ||||
|         choices: ['openid-connect', 'saml'] | ||||
| 
 | ||||
|  | @ -286,7 +286,7 @@ options: | |||
| 
 | ||||
|     use_template_config: | ||||
|         description: | ||||
|             - Whether or not to use configuration from the I(client_template). | ||||
|             - Whether or not to use configuration from the O(client_template). | ||||
|               This is 'useTemplateConfig' in the Keycloak REST API. | ||||
|         aliases: | ||||
|             - useTemplateConfig | ||||
|  | @ -294,7 +294,7 @@ options: | |||
| 
 | ||||
|     use_template_scope: | ||||
|         description: | ||||
|             - Whether or not to use scope configuration from the I(client_template). | ||||
|             - Whether or not to use scope configuration from the O(client_template). | ||||
|               This is 'useTemplateScope' in the Keycloak REST API. | ||||
|         aliases: | ||||
|             - useTemplateScope | ||||
|  | @ -302,7 +302,7 @@ options: | |||
| 
 | ||||
|     use_template_mappers: | ||||
|         description: | ||||
|             - Whether or not to use mapper configuration from the I(client_template). | ||||
|             - Whether or not to use mapper configuration from the O(client_template). | ||||
|               This is 'useTemplateMappers' in the Keycloak REST API. | ||||
|         aliases: | ||||
|             - useTemplateMappers | ||||
|  | @ -391,38 +391,37 @@ options: | |||
| 
 | ||||
|             protocol: | ||||
|                 description: | ||||
|                     - This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper. | ||||
|                       is active. | ||||
|                     - This specifies for which protocol this protocol mapper is active. | ||||
|                 choices: ['openid-connect', 'saml'] | ||||
|                 type: str | ||||
| 
 | ||||
|             protocolMapper: | ||||
|                 description: | ||||
|                     - The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is | ||||
|                     - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is | ||||
|                       impossible to provide since this may be extended through SPIs by the user of Keycloak, | ||||
|                       by default Keycloak as of 3.4 ships with at least | ||||
|                     - C(docker-v2-allow-all-mapper) | ||||
|                     - C(oidc-address-mapper) | ||||
|                     - C(oidc-full-name-mapper) | ||||
|                     - C(oidc-group-membership-mapper) | ||||
|                     - C(oidc-hardcoded-claim-mapper) | ||||
|                     - C(oidc-hardcoded-role-mapper) | ||||
|                     - C(oidc-role-name-mapper) | ||||
|                     - C(oidc-script-based-protocol-mapper) | ||||
|                     - C(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - C(oidc-usermodel-attribute-mapper) | ||||
|                     - C(oidc-usermodel-client-role-mapper) | ||||
|                     - C(oidc-usermodel-property-mapper) | ||||
|                     - C(oidc-usermodel-realm-role-mapper) | ||||
|                     - C(oidc-usersessionmodel-note-mapper) | ||||
|                     - C(saml-group-membership-mapper) | ||||
|                     - C(saml-hardcode-attribute-mapper) | ||||
|                     - C(saml-hardcode-role-mapper) | ||||
|                     - C(saml-role-list-mapper) | ||||
|                     - C(saml-role-name-mapper) | ||||
|                     - C(saml-user-attribute-mapper) | ||||
|                     - C(saml-user-property-mapper) | ||||
|                     - C(saml-user-session-note-mapper) | ||||
|                       by default Keycloak as of 3.4 ships with at least:" | ||||
|                     - V(docker-v2-allow-all-mapper) | ||||
|                     - V(oidc-address-mapper) | ||||
|                     - V(oidc-full-name-mapper) | ||||
|                     - V(oidc-group-membership-mapper) | ||||
|                     - V(oidc-hardcoded-claim-mapper) | ||||
|                     - V(oidc-hardcoded-role-mapper) | ||||
|                     - V(oidc-role-name-mapper) | ||||
|                     - V(oidc-script-based-protocol-mapper) | ||||
|                     - V(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - V(oidc-usermodel-attribute-mapper) | ||||
|                     - V(oidc-usermodel-client-role-mapper) | ||||
|                     - V(oidc-usermodel-property-mapper) | ||||
|                     - V(oidc-usermodel-realm-role-mapper) | ||||
|                     - V(oidc-usersessionmodel-note-mapper) | ||||
|                     - V(saml-group-membership-mapper) | ||||
|                     - V(saml-hardcode-attribute-mapper) | ||||
|                     - V(saml-hardcode-role-mapper) | ||||
|                     - V(saml-role-list-mapper) | ||||
|                     - V(saml-role-name-mapper) | ||||
|                     - V(saml-user-attribute-mapper) | ||||
|                     - V(saml-user-property-mapper) | ||||
|                     - V(saml-user-session-note-mapper) | ||||
|                     - An exhaustive list of available mappers on your installation can be obtained on | ||||
|                       the admin console by going to Server Info -> Providers and looking under | ||||
|                       'protocol-mapper'. | ||||
|  | @ -431,10 +430,10 @@ options: | |||
|             config: | ||||
|                 description: | ||||
|                     - Dict specifying the configuration options for the protocol mapper; the | ||||
|                       contents differ depending on the value of I(protocolMapper) and are not documented | ||||
|                       contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented | ||||
|                       other than by the source of the mappers and its parent class(es). An example is given | ||||
|                       below. It is easiest to obtain valid config values by dumping an already-existing | ||||
|                       protocol mapper configuration through check-mode in the I(existing) field. | ||||
|                       protocol mapper configuration through check-mode in the RV(existing) field. | ||||
|                 type: dict | ||||
| 
 | ||||
|     attributes: | ||||
|  | @ -478,7 +477,7 @@ options: | |||
| 
 | ||||
|             saml.signature.algorithm: | ||||
|                 description: | ||||
|                     - Signature algorithm used to sign SAML documents. One of C(RSA_SHA256), C(RSA_SHA1), C(RSA_SHA512), or C(DSA_SHA1). | ||||
|                     - Signature algorithm used to sign SAML documents. One of V(RSA_SHA256), V(RSA_SHA1), V(RSA_SHA512), or V(DSA_SHA1). | ||||
| 
 | ||||
|             saml.signing.certificate: | ||||
|                 description: | ||||
|  | @ -503,15 +502,15 @@ options: | |||
| 
 | ||||
|             saml_name_id_format: | ||||
|                 description: | ||||
|                     - For SAML clients, the NameID format to use (one of C(username), C(email), C(transient), or C(persistent)) | ||||
|                     - For SAML clients, the NameID format to use (one of V(username), V(email), V(transient), or V(persistent)) | ||||
| 
 | ||||
|             saml_signature_canonicalization_method: | ||||
|                 description: | ||||
|                     - SAML signature canonicalization method. This is one of four values, namely | ||||
|                       C(http://www.w3.org/2001/10/xml-exc-c14n#) for EXCLUSIVE, | ||||
|                       C(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS, | ||||
|                       C(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) for INCLUSIVE, and | ||||
|                       C(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS. | ||||
|                       V(http://www.w3.org/2001/10/xml-exc-c14n#) for EXCLUSIVE, | ||||
|                       V(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS, | ||||
|                       V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) for INCLUSIVE, and | ||||
|                       V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS. | ||||
| 
 | ||||
|             saml_single_logout_service_url_post: | ||||
|                 description: | ||||
|  | @ -523,12 +522,12 @@ options: | |||
| 
 | ||||
|             user.info.response.signature.alg: | ||||
|                 description: | ||||
|                     - For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of C(RS256) or C(unsigned). | ||||
|                     - For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of V(RS256) or V(unsigned). | ||||
| 
 | ||||
|             request.object.signature.alg: | ||||
|                 description: | ||||
|                     - For OpenID-Connect clients, JWA algorithm which the client needs to use when sending | ||||
|                       OIDC request object. One of C(any), C(none), C(RS256). | ||||
|                       OIDC request object. One of V(any), V(none), V(RS256). | ||||
| 
 | ||||
|             use.jwks.url: | ||||
|                 description: | ||||
|  |  | |||
|  | @ -43,8 +43,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the client_rolemapping. | ||||
|             - On C(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On C(absent), the client_rolemapping will be removed if it exists. | ||||
|             - On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(absent), the client_rolemapping will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  | @ -73,7 +73,7 @@ options: | |||
|     client_id: | ||||
|         type: str | ||||
|         description: | ||||
|             - Name of the client to be mapped (different than I(cid)). | ||||
|             - Name of the client to be mapped (different than O(cid)). | ||||
|             - This parameter is required (can be replaced by cid for less API call). | ||||
| 
 | ||||
|     cid: | ||||
|  |  | |||
|  | @ -43,8 +43,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the client_scope. | ||||
|             - On C(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On C(absent), the client_scope will be removed if it exists. | ||||
|             - On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(absent), the client_scope will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  | @ -103,28 +103,28 @@ options: | |||
|                     - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is | ||||
|                       impossible to provide since this may be extended through SPIs by the user of Keycloak, | ||||
|                       by default Keycloak as of 3.4 ships with at least:" | ||||
|                     - C(docker-v2-allow-all-mapper) | ||||
|                     - C(oidc-address-mapper) | ||||
|                     - C(oidc-full-name-mapper) | ||||
|                     - C(oidc-group-membership-mapper) | ||||
|                     - C(oidc-hardcoded-claim-mapper) | ||||
|                     - C(oidc-hardcoded-role-mapper) | ||||
|                     - C(oidc-role-name-mapper) | ||||
|                     - C(oidc-script-based-protocol-mapper) | ||||
|                     - C(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - C(oidc-usermodel-attribute-mapper) | ||||
|                     - C(oidc-usermodel-client-role-mapper) | ||||
|                     - C(oidc-usermodel-property-mapper) | ||||
|                     - C(oidc-usermodel-realm-role-mapper) | ||||
|                     - C(oidc-usersessionmodel-note-mapper) | ||||
|                     - C(saml-group-membership-mapper) | ||||
|                     - C(saml-hardcode-attribute-mapper) | ||||
|                     - C(saml-hardcode-role-mapper) | ||||
|                     - C(saml-role-list-mapper) | ||||
|                     - C(saml-role-name-mapper) | ||||
|                     - C(saml-user-attribute-mapper) | ||||
|                     - C(saml-user-property-mapper) | ||||
|                     - C(saml-user-session-note-mapper) | ||||
|                     - V(docker-v2-allow-all-mapper) | ||||
|                     - V(oidc-address-mapper) | ||||
|                     - V(oidc-full-name-mapper) | ||||
|                     - V(oidc-group-membership-mapper) | ||||
|                     - V(oidc-hardcoded-claim-mapper) | ||||
|                     - V(oidc-hardcoded-role-mapper) | ||||
|                     - V(oidc-role-name-mapper) | ||||
|                     - V(oidc-script-based-protocol-mapper) | ||||
|                     - V(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - V(oidc-usermodel-attribute-mapper) | ||||
|                     - V(oidc-usermodel-client-role-mapper) | ||||
|                     - V(oidc-usermodel-property-mapper) | ||||
|                     - V(oidc-usermodel-realm-role-mapper) | ||||
|                     - V(oidc-usersessionmodel-note-mapper) | ||||
|                     - V(saml-group-membership-mapper) | ||||
|                     - V(saml-hardcode-attribute-mapper) | ||||
|                     - V(saml-hardcode-role-mapper) | ||||
|                     - V(saml-role-list-mapper) | ||||
|                     - V(saml-role-name-mapper) | ||||
|                     - V(saml-user-attribute-mapper) | ||||
|                     - V(saml-user-property-mapper) | ||||
|                     - V(saml-user-session-note-mapper) | ||||
|                     - An exhaustive list of available mappers on your installation can be obtained on | ||||
|                       the admin console by going to Server Info -> Providers and looking under | ||||
|                       'protocol-mapper'. | ||||
|  | @ -143,10 +143,10 @@ options: | |||
|             config: | ||||
|                 description: | ||||
|                     - Dict specifying the configuration options for the protocol mapper; the | ||||
|                       contents differ depending on the value of I(protocolMapper) and are not documented | ||||
|                       contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented | ||||
|                       other than by the source of the mappers and its parent class(es). An example is given | ||||
|                       below. It is easiest to obtain valid config values by dumping an already-existing | ||||
|                       protocol mapper configuration through check-mode in the C(existing) return value. | ||||
|                       protocol mapper configuration through check-mode in the RV(existing) return value. | ||||
|                 type: dict | ||||
| 
 | ||||
|     attributes: | ||||
|  |  | |||
|  | @ -40,7 +40,7 @@ options: | |||
| 
 | ||||
|   client_id: | ||||
|     description: | ||||
|       - The I(client_id) of the client. If not set the clientscop types are set as a default for the realm. | ||||
|       - The O(client_id) of the client. If not set the clientscop types are set as a default for the realm. | ||||
|     aliases: | ||||
|       - clientId | ||||
|     type: str | ||||
|  |  | |||
|  | @ -26,8 +26,8 @@ description: | |||
|     and a user having the expected roles. | ||||
| 
 | ||||
|   - When retrieving a new client secret, where possible provide the client's | ||||
|     I(id) (not I(client_id)) to the module. This removes a lookup to the API to | ||||
|     translate the I(client_id) into the client ID. | ||||
|     O(id) (not O(client_id)) to the module. This removes a lookup to the API to | ||||
|     translate the O(client_id) into the client ID. | ||||
| 
 | ||||
|   - "Note that this module returns the client secret. To avoid this showing up in the logs, | ||||
|      please add C(no_log: true) to the task." | ||||
|  | @ -48,7 +48,7 @@ options: | |||
| 
 | ||||
|   client_id: | ||||
|     description: | ||||
|       - The I(client_id) of the client. Passing this instead of I(id) results in an | ||||
|       - The O(client_id) of the client. Passing this instead of O(id) results in an | ||||
|         extra API call. | ||||
|     aliases: | ||||
|       - clientId | ||||
|  |  | |||
|  | @ -38,8 +38,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the client template. | ||||
|             - On C(present), the client template will be created (or updated if it exists already). | ||||
|             - On C(absent), the client template will be removed if it exists | ||||
|             - On V(present), the client template will be created (or updated if it exists already). | ||||
|             - On V(absent), the client template will be removed if it exists | ||||
|         choices: ['present', 'absent'] | ||||
|         default: 'present' | ||||
|         type: str | ||||
|  | @ -67,7 +67,7 @@ options: | |||
| 
 | ||||
|     protocol: | ||||
|         description: | ||||
|             - Type of client template (either C(openid-connect) or C(saml). | ||||
|             - Type of client template. | ||||
|         choices: ['openid-connect', 'saml'] | ||||
|         type: str | ||||
| 
 | ||||
|  | @ -106,38 +106,37 @@ options: | |||
| 
 | ||||
|             protocol: | ||||
|                 description: | ||||
|                     - This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper. | ||||
|                       is active. | ||||
|                     - This specifies for which protocol this protocol mapper is active. | ||||
|                 choices: ['openid-connect', 'saml'] | ||||
|                 type: str | ||||
| 
 | ||||
|             protocolMapper: | ||||
|                 description: | ||||
|                     - The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is | ||||
|                     - "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is | ||||
|                       impossible to provide since this may be extended through SPIs by the user of Keycloak, | ||||
|                       by default Keycloak as of 3.4 ships with at least | ||||
|                     - C(docker-v2-allow-all-mapper) | ||||
|                     - C(oidc-address-mapper) | ||||
|                     - C(oidc-full-name-mapper) | ||||
|                     - C(oidc-group-membership-mapper) | ||||
|                     - C(oidc-hardcoded-claim-mapper) | ||||
|                     - C(oidc-hardcoded-role-mapper) | ||||
|                     - C(oidc-role-name-mapper) | ||||
|                     - C(oidc-script-based-protocol-mapper) | ||||
|                     - C(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - C(oidc-usermodel-attribute-mapper) | ||||
|                     - C(oidc-usermodel-client-role-mapper) | ||||
|                     - C(oidc-usermodel-property-mapper) | ||||
|                     - C(oidc-usermodel-realm-role-mapper) | ||||
|                     - C(oidc-usersessionmodel-note-mapper) | ||||
|                     - C(saml-group-membership-mapper) | ||||
|                     - C(saml-hardcode-attribute-mapper) | ||||
|                     - C(saml-hardcode-role-mapper) | ||||
|                     - C(saml-role-list-mapper) | ||||
|                     - C(saml-role-name-mapper) | ||||
|                     - C(saml-user-attribute-mapper) | ||||
|                     - C(saml-user-property-mapper) | ||||
|                     - C(saml-user-session-note-mapper) | ||||
|                       by default Keycloak as of 3.4 ships with at least:" | ||||
|                     - V(docker-v2-allow-all-mapper) | ||||
|                     - V(oidc-address-mapper) | ||||
|                     - V(oidc-full-name-mapper) | ||||
|                     - V(oidc-group-membership-mapper) | ||||
|                     - V(oidc-hardcoded-claim-mapper) | ||||
|                     - V(oidc-hardcoded-role-mapper) | ||||
|                     - V(oidc-role-name-mapper) | ||||
|                     - V(oidc-script-based-protocol-mapper) | ||||
|                     - V(oidc-sha256-pairwise-sub-mapper) | ||||
|                     - V(oidc-usermodel-attribute-mapper) | ||||
|                     - V(oidc-usermodel-client-role-mapper) | ||||
|                     - V(oidc-usermodel-property-mapper) | ||||
|                     - V(oidc-usermodel-realm-role-mapper) | ||||
|                     - V(oidc-usersessionmodel-note-mapper) | ||||
|                     - V(saml-group-membership-mapper) | ||||
|                     - V(saml-hardcode-attribute-mapper) | ||||
|                     - V(saml-hardcode-role-mapper) | ||||
|                     - V(saml-role-list-mapper) | ||||
|                     - V(saml-role-name-mapper) | ||||
|                     - V(saml-user-attribute-mapper) | ||||
|                     - V(saml-user-property-mapper) | ||||
|                     - V(saml-user-session-note-mapper) | ||||
|                     - An exhaustive list of available mappers on your installation can be obtained on | ||||
|                       the admin console by going to Server Info -> Providers and looking under | ||||
|                       'protocol-mapper'. | ||||
|  | @ -146,10 +145,10 @@ options: | |||
|             config: | ||||
|                 description: | ||||
|                     - Dict specifying the configuration options for the protocol mapper; the | ||||
|                       contents differ depending on the value of I(protocolMapper) and are not documented | ||||
|                       contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented | ||||
|                       other than by the source of the mappers and its parent class(es). An example is given | ||||
|                       below. It is easiest to obtain valid config values by dumping an already-existing | ||||
|                       protocol mapper configuration through check-mode in the I(existing) field. | ||||
|                       protocol mapper configuration through check-mode in the RV(existing) field. | ||||
|                 type: dict | ||||
| 
 | ||||
|     attributes: | ||||
|  | @ -160,9 +159,9 @@ options: | |||
|         type: dict | ||||
| 
 | ||||
| notes: | ||||
|     - The Keycloak REST API defines further fields (namely I(bearerOnly), I(consentRequired), I(standardFlowEnabled), | ||||
|       I(implicitFlowEnabled), I(directAccessGrantsEnabled), I(serviceAccountsEnabled), I(publicClient), and | ||||
|       I(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on | ||||
|     - The Keycloak REST API defines further fields (namely C(bearerOnly), C(consentRequired), C(standardFlowEnabled), | ||||
|       C(implicitFlowEnabled), C(directAccessGrantsEnabled), C(serviceAccountsEnabled), C(publicClient), and | ||||
|       C(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on | ||||
|       Keycloak client-templates and are discarded if supplied with an API request changing client-templates. As such, | ||||
|       they are not available through this module. | ||||
| 
 | ||||
|  |  | |||
|  | @ -41,9 +41,9 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the group. | ||||
|             - On C(present), the group will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - >- | ||||
|               On C(absent), the group will be removed if it exists. Be aware that absenting | ||||
|               On V(absent), the group will be removed if it exists. Be aware that absenting | ||||
|               a group with subgroups will automatically delete all its subgroups too. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|  | @ -93,7 +93,7 @@ options: | |||
|             type: str | ||||
|             description: | ||||
|               - Identify parent by ID. | ||||
|               - Needs less API calls than using I(name). | ||||
|               - Needs less API calls than using O(parents[].name). | ||||
|               - A deep parent chain can be started at any point when first given parent is given as ID. | ||||
|               - Note that in principle both ID and name can be specified at the same time | ||||
|                 but current implementation only always use just one of them, with ID | ||||
|  | @ -102,14 +102,14 @@ options: | |||
|             type: str | ||||
|             description: | ||||
|               - Identify parent by name. | ||||
|               - Needs more internal API calls than using I(id) to map names to ID's under the hood. | ||||
|               - Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood. | ||||
|               - When giving a parent chain with only names it must be complete up to the top. | ||||
|               - Note that in principle both ID and name can be specified at the same time | ||||
|                 but current implementation only always use just one of them, with ID | ||||
|                 being preferred. | ||||
| 
 | ||||
| notes: | ||||
|     - Presently, the I(realmRoles), I(clientRoles) and I(access) attributes returned by the Keycloak API | ||||
|     - Presently, the RV(end_state.realmRoles), RV(end_state.clientRoles), and RV(end_state.access) attributes returned by the Keycloak API | ||||
|       are read-only for groups. This limitation will be removed in a later version of this module. | ||||
| 
 | ||||
| extends_documentation_fragment: | ||||
|  |  | |||
|  | @ -36,8 +36,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the identity provider. | ||||
|             - On C(present), the identity provider will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On C(absent), the identity provider will be removed if it exists. | ||||
|             - On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(absent), the identity provider will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  | @ -120,16 +120,16 @@ options: | |||
| 
 | ||||
|     provider_id: | ||||
|         description: | ||||
|             - Protocol used by this provider (supported values are C(oidc) or C(saml)). | ||||
|             - Protocol used by this provider (supported values are V(oidc) or V(saml)). | ||||
|         aliases: | ||||
|             - providerId | ||||
|         type: str | ||||
| 
 | ||||
|     config: | ||||
|         description: | ||||
|             - Dict specifying the configuration options for the provider; the contents differ depending on the value of I(providerId). | ||||
|               Examples are given below for C(oidc) and C(saml). It is easiest to obtain valid config values by dumping an already-existing | ||||
|               identity provider configuration through check-mode in the I(existing) field. | ||||
|             - Dict specifying the configuration options for the provider; the contents differ depending on the value of O(provider_id). | ||||
|               Examples are given below for V(oidc) and V(saml). It is easiest to obtain valid config values by dumping an already-existing | ||||
|               identity provider configuration through check-mode in the RV(existing) field. | ||||
|         type: dict | ||||
|         suboptions: | ||||
|             hide_on_login_page: | ||||
|  | @ -271,7 +271,8 @@ options: | |||
| 
 | ||||
|             config: | ||||
|                 description: | ||||
|                     - Dict specifying the configuration options for the mapper; the contents differ depending on the value of I(identityProviderMapper). | ||||
|                     - Dict specifying the configuration options for the mapper; the contents differ depending on the value of | ||||
|                       O(mappers[].identityProviderMapper). | ||||
|                 type: dict | ||||
| 
 | ||||
| extends_documentation_fragment: | ||||
|  |  | |||
|  | @ -42,8 +42,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the realm. | ||||
|             - On C(present), the realm will be created (or updated if it exists already). | ||||
|             - On C(absent), the realm will be removed if it exists. | ||||
|             - On V(present), the realm will be created (or updated if it exists already). | ||||
|             - On V(absent), the realm will be removed if it exists. | ||||
|         choices: ['present', 'absent'] | ||||
|         default: 'present' | ||||
|         type: str | ||||
|  |  | |||
|  | @ -40,8 +40,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the role. | ||||
|             - On C(present), the role will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On C(absent), the role will be removed if it exists. | ||||
|             - On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(absent), the role will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  |  | |||
|  | @ -135,7 +135,7 @@ options: | |||
|                 required: true | ||||
|             temporary: | ||||
|                 description: | ||||
|                     - If C(true), the users are required to reset their credentials at next login. | ||||
|                     - If V(true), the users are required to reset their credentials at next login. | ||||
|                 type: bool | ||||
|                 default: false | ||||
|     required_actions: | ||||
|  | @ -207,7 +207,7 @@ options: | |||
|         type: str | ||||
|     force: | ||||
|         description: | ||||
|             - If C(true), allows to remove user and recreate it. | ||||
|             - If V(true), allows to remove user and recreate it. | ||||
|         type: bool | ||||
|         default: false | ||||
| extends_documentation_fragment: | ||||
|  | @ -345,7 +345,7 @@ end_state: | |||
|   returned: on success | ||||
|   type: dict | ||||
| changed: | ||||
|   description: Return C(true) if the operation changed the user on the keycloak server, C(false) otherwise. | ||||
|   description: Return V(true) if the operation changed the user on the keycloak server, V(false) otherwise. | ||||
|   returned: always | ||||
|   type: bool | ||||
| ''' | ||||
|  |  | |||
|  | @ -36,9 +36,9 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the user federation. | ||||
|             - On C(present), the user federation will be created if it does not yet exist, or updated with | ||||
|             - On V(present), the user federation will be created if it does not yet exist, or updated with | ||||
|               the parameters you provide. | ||||
|             - On C(absent), the user federation will be removed if it exists. | ||||
|             - On V(absent), the user federation will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  | @ -54,7 +54,7 @@ options: | |||
|     id: | ||||
|         description: | ||||
|             - The unique ID for this user federation. If left empty, the user federation will be searched | ||||
|               by its I(name). | ||||
|               by its O(name). | ||||
|         type: str | ||||
| 
 | ||||
|     name: | ||||
|  | @ -75,7 +75,7 @@ options: | |||
| 
 | ||||
|     provider_type: | ||||
|         description: | ||||
|             - Component type for user federation (only supported value is C(org.keycloak.storage.UserStorageProvider)). | ||||
|             - Component type for user federation (only supported value is V(org.keycloak.storage.UserStorageProvider)). | ||||
|         aliases: | ||||
|             - providerType | ||||
|         default: org.keycloak.storage.UserStorageProvider | ||||
|  | @ -91,10 +91,10 @@ options: | |||
|     config: | ||||
|         description: | ||||
|             - Dict specifying the configuration options for the provider; the contents differ depending on | ||||
|               the value of I(provider_id). Examples are given below for C(ldap), C(kerberos) and C(sssd). | ||||
|               the value of O(provider_id). Examples are given below for V(ldap), V(kerberos) and V(sssd). | ||||
|               It is easiest to obtain valid config values by dumping an already-existing user federation | ||||
|               configuration through check-mode in the I(existing) field. | ||||
|             - The value C(sssd) has been supported since community.general 4.2.0. | ||||
|               configuration through check-mode in the RV(existing) field. | ||||
|             - The value V(sssd) has been supported since community.general 4.2.0. | ||||
|         type: dict | ||||
|         suboptions: | ||||
|             enabled: | ||||
|  | @ -111,15 +111,15 @@ options: | |||
| 
 | ||||
|             importEnabled: | ||||
|                 description: | ||||
|                     - If C(true), LDAP users will be imported into Keycloak DB and synced by the configured | ||||
|                     - If V(true), LDAP users will be imported into Keycloak DB and synced by the configured | ||||
|                       sync policies. | ||||
|                 default: true | ||||
|                 type: bool | ||||
| 
 | ||||
|             editMode: | ||||
|                 description: | ||||
|                     - C(READ_ONLY) is a read-only LDAP store. C(WRITABLE) means data will be synced back to LDAP | ||||
|                       on demand. C(UNSYNCED) means user data will be imported, but not synced back to LDAP. | ||||
|                     - V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP | ||||
|                       on demand. V(UNSYNCED) means user data will be imported, but not synced back to LDAP. | ||||
|                 type: str | ||||
|                 choices: | ||||
|                     - READ_ONLY | ||||
|  | @ -136,13 +136,13 @@ options: | |||
|             vendor: | ||||
|                 description: | ||||
|                     - LDAP vendor (provider). | ||||
|                     - Use short name. For instance, write C(rhds) for "Red Hat Directory Server". | ||||
|                     - Use short name. For instance, write V(rhds) for "Red Hat Directory Server". | ||||
|                 type: str | ||||
| 
 | ||||
|             usernameLDAPAttribute: | ||||
|                 description: | ||||
|                     - Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server | ||||
|                       vendors it can be C(uid). For Active directory it can be C(sAMAccountName) or C(cn). | ||||
|                       vendors it can be V(uid). For Active directory it can be V(sAMAccountName) or V(cn). | ||||
|                       The attribute should be filled for all LDAP user records you want to import from | ||||
|                       LDAP to Keycloak. | ||||
|                 type: str | ||||
|  | @ -151,15 +151,15 @@ options: | |||
|                 description: | ||||
|                     - Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN. | ||||
|                       Usually it's the same as Username LDAP attribute, however it is not required. For | ||||
|                       example for Active directory, it is common to use C(cn) as RDN attribute when | ||||
|                       username attribute might be C(sAMAccountName). | ||||
|                       example for Active directory, it is common to use V(cn) as RDN attribute when | ||||
|                       username attribute might be V(sAMAccountName). | ||||
|                 type: str | ||||
| 
 | ||||
|             uuidLDAPAttribute: | ||||
|                 description: | ||||
|                     - Name of LDAP attribute, which is used as unique object identifier (UUID) for objects | ||||
|                       in LDAP. For many LDAP server vendors, it is C(entryUUID); however some are different. | ||||
|                       For example for Active directory it should be C(objectGUID). If your LDAP server does | ||||
|                       in LDAP. For many LDAP server vendors, it is V(entryUUID); however some are different. | ||||
|                       For example for Active directory it should be V(objectGUID). If your LDAP server does | ||||
|                       not support the notion of UUID, you can use any other attribute that is supposed to | ||||
|                       be unique among LDAP users in tree. | ||||
|                 type: str | ||||
|  | @ -167,7 +167,7 @@ options: | |||
|             userObjectClasses: | ||||
|                 description: | ||||
|                     - All values of LDAP objectClass attribute for users in LDAP divided by comma. | ||||
|                       For example C(inetOrgPerson, organizationalPerson). Newly created Keycloak users | ||||
|                       For example V(inetOrgPerson, organizationalPerson). Newly created Keycloak users | ||||
|                       will be written to LDAP with all those object classes and existing LDAP user records | ||||
|                       are found just if they contain all those object classes. | ||||
|                 type: str | ||||
|  | @ -251,8 +251,8 @@ options: | |||
|             useTruststoreSpi: | ||||
|                 description: | ||||
|                     - Specifies whether LDAP connection will use the truststore SPI with the truststore | ||||
|                       configured in standalone.xml/domain.xml. C(Always) means that it will always use it. | ||||
|                       C(Never) means that it will not use it. C(Only for ldaps) means that it will use if | ||||
|                       configured in standalone.xml/domain.xml. V(always) means that it will always use it. | ||||
|                       V(never) means that it will not use it. V(ldapsOnly) means that it will use if | ||||
|                       your connection URL use ldaps. Note even if standalone.xml/domain.xml is not | ||||
|                       configured, the default Java cacerts or certificate specified by | ||||
|                       C(javax.net.ssl.trustStore) property will be used. | ||||
|  | @ -297,7 +297,7 @@ options: | |||
|             connectionPoolingDebug: | ||||
|                 description: | ||||
|                     - A string that indicates the level of debug output to produce. Example valid values are | ||||
|                       C(fine) (trace connection creation and removal) and C(all) (all debugging information). | ||||
|                       V(fine) (trace connection creation and removal) and V(all) (all debugging information). | ||||
|                 type: str | ||||
| 
 | ||||
|             connectionPoolingInitSize: | ||||
|  | @ -321,7 +321,7 @@ options: | |||
|             connectionPoolingProtocol: | ||||
|                 description: | ||||
|                     - A list of space-separated protocol types of connections that may be pooled. | ||||
|                       Valid types are C(plain) and C(ssl). | ||||
|                       Valid types are V(plain) and V(ssl). | ||||
|                 type: str | ||||
| 
 | ||||
|             connectionPoolingTimeout: | ||||
|  | @ -345,14 +345,14 @@ options: | |||
|             serverPrincipal: | ||||
|                 description: | ||||
|                     - Full name of server principal for HTTP service including server and domain name. For | ||||
|                       example C(HTTP/host.foo.org@FOO.ORG). Use C(*) to accept any service principal in the | ||||
|                       example V(HTTP/host.foo.org@FOO.ORG). Use V(*) to accept any service principal in the | ||||
|                       KeyTab file. | ||||
|                 type: str | ||||
| 
 | ||||
|             keyTab: | ||||
|                 description: | ||||
|                     - Location of Kerberos KeyTab file containing the credentials of server principal. For | ||||
|                       example C(/etc/krb5.keytab). | ||||
|                       example V(/etc/krb5.keytab). | ||||
|                 type: str | ||||
| 
 | ||||
|             debug: | ||||
|  | @ -451,7 +451,7 @@ options: | |||
| 
 | ||||
|             providerId: | ||||
|                 description: | ||||
|                     - The mapper type for this mapper (for instance C(user-attribute-ldap-mapper)). | ||||
|                     - The mapper type for this mapper (for instance V(user-attribute-ldap-mapper)). | ||||
|                 type: str | ||||
| 
 | ||||
|             providerType: | ||||
|  | @ -464,6 +464,7 @@ options: | |||
|                 description: | ||||
|                     - Dict specifying the configuration options for the mapper; the contents differ | ||||
|                       depending on the value of I(identityProviderMapper). | ||||
|                     # TODO: what is identityProviderMapper above??? | ||||
|                 type: dict | ||||
| 
 | ||||
| extends_documentation_fragment: | ||||
|  |  | |||
|  | @ -42,8 +42,8 @@ options: | |||
|     state: | ||||
|         description: | ||||
|             - State of the user_rolemapping. | ||||
|             - On C(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On C(absent), the user_rolemapping will be removed if it exists. | ||||
|             - On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide. | ||||
|             - On V(absent), the user_rolemapping will be removed if it exists. | ||||
|         default: 'present' | ||||
|         type: str | ||||
|         choices: | ||||
|  | @ -79,8 +79,8 @@ options: | |||
|     client_id: | ||||
|         type: str | ||||
|         description: | ||||
|             - Name of the client to be mapped (different than I(cid)). | ||||
|             - This parameter is required if I(cid) is not provided (can be replaced by I(cid) | ||||
|             - Name of the client to be mapped (different than O(cid)). | ||||
|             - This parameter is required if O(cid) is not provided (can be replaced by O(cid) | ||||
|               to reduce the number of API calls that must be made). | ||||
| 
 | ||||
|     cid: | ||||
|  |  | |||
|  | @ -32,27 +32,27 @@ options: | |||
|   name: | ||||
|     description: | ||||
|       - The overlay id to install, synchronize, or uninstall. | ||||
|         Use 'ALL' to sync all of the installed overlays (can be used only when I(state=updated)). | ||||
|         Use 'ALL' to sync all of the installed overlays (can be used only when O(state=updated)). | ||||
|     required: true | ||||
|     type: str | ||||
|   list_url: | ||||
|     description: | ||||
|       - An URL of the alternative overlays list that defines the overlay to install. | ||||
|         This list will be fetched and saved under C(${overlay_defs})/${name}.xml), where | ||||
|         This list will be fetched and saved under C(${overlay_defs}/${name}.xml), where | ||||
|         C(overlay_defs) is readed from the Layman's configuration. | ||||
|     aliases: [url] | ||||
|     type: str | ||||
|   state: | ||||
|     description: | ||||
|       - Whether to install (C(present)), sync (C(updated)), or uninstall (C(absent)) the overlay. | ||||
|       - Whether to install (V(present)), sync (V(updated)), or uninstall (V(absent)) the overlay. | ||||
|     default: present | ||||
|     choices: [present, absent, updated] | ||||
|     type: str | ||||
|   validate_certs: | ||||
|     description: | ||||
|       - If C(false), SSL certificates will not be validated. This should only be | ||||
|         set to C(false) when no other option exists.  Prior to 1.9.3 the code | ||||
|         defaulted to C(false). | ||||
|       - If V(false), SSL certificates will not be validated. This should only be | ||||
|         set to V(false) when no other option exists.  Prior to 1.9.3 the code | ||||
|         defaulted to V(false). | ||||
|     type: bool | ||||
|     default: true | ||||
| ''' | ||||
|  |  | |||
|  | @ -25,10 +25,10 @@ notes: | |||
|     bind over a UNIX domain socket. This works well with the default Ubuntu | ||||
|     install for example, which includes a cn=peercred,cn=external,cn=auth ACL | ||||
|     rule allowing root to modify the server configuration. If you need to use | ||||
|     a simple bind to access your server, pass the credentials in I(bind_dn) | ||||
|     and I(bind_pw). | ||||
|   - For I(state=present) and I(state=absent), all value comparisons are | ||||
|     performed on the server for maximum accuracy. For I(state=exact), values | ||||
|     a simple bind to access your server, pass the credentials in O(bind_dn) | ||||
|     and O(bind_pw). | ||||
|   - For O(state=present) and O(state=absent), all value comparisons are | ||||
|     performed on the server for maximum accuracy. For O(state=exact), values | ||||
|     have to be compared in Python, which obviously ignores LDAP matching | ||||
|     rules. This should work out in most cases, but it is theoretically | ||||
|     possible to see spurious changes when target and actual values are | ||||
|  | @ -52,11 +52,11 @@ options: | |||
|     choices: [present, absent, exact] | ||||
|     default: present | ||||
|     description: | ||||
|       - The state of the attribute values. If C(present), all given attribute | ||||
|         values will be added if they're missing. If C(absent), all given | ||||
|         attribute values will be removed if present. If C(exact), the set of | ||||
|       - The state of the attribute values. If V(present), all given attribute | ||||
|         values will be added if they're missing. If V(absent), all given | ||||
|         attribute values will be removed if present. If V(exact), the set of | ||||
|         attribute values will be forced to exactly those provided and no others. | ||||
|         If I(state=exact) and the attribute I(value) is empty, all values for | ||||
|         If O(state=exact) and the attribute value is empty, all values for | ||||
|         this attribute will be removed. | ||||
|   attributes: | ||||
|     required: true | ||||
|  | @ -69,16 +69,16 @@ options: | |||
|         readability for long string values by using YAML block modifiers as seen in the | ||||
|         examples for this module. | ||||
|       - Note that when using values that YAML/ansible-core interprets as other types, | ||||
|         like C(yes), C(no) (booleans), or C(2.10) (float), make sure to quote them if | ||||
|         like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if | ||||
|         these are meant to be strings. Otherwise the wrong values may be sent to LDAP. | ||||
|   ordered: | ||||
|     required: false | ||||
|     type: bool | ||||
|     default: false | ||||
|     description: | ||||
|       - If C(true), prepend list values with X-ORDERED index numbers in all | ||||
|       - If V(true), prepend list values with X-ORDERED index numbers in all | ||||
|         attributes specified in the current task. This is useful mostly with | ||||
|         I(olcAccess) attribute to easily manage LDAP Access Control Lists. | ||||
|         C(olcAccess) attribute to easily manage LDAP Access Control Lists. | ||||
| extends_documentation_fragment: | ||||
|   - community.general.ldap.documentation | ||||
|   - community.general.attributes | ||||
|  |  | |||
|  | @ -24,8 +24,8 @@ notes: | |||
|     bind over a UNIX domain socket. This works well with the default Ubuntu | ||||
|     install for example, which includes a cn=peercred,cn=external,cn=auth ACL | ||||
|     rule allowing root to modify the server configuration. If you need to use | ||||
|     a simple bind to access your server, pass the credentials in I(bind_dn) | ||||
|     and I(bind_pw). | ||||
|     a simple bind to access your server, pass the credentials in O(bind_dn) | ||||
|     and O(bind_pw). | ||||
| author: | ||||
|   - Jiri Tyr (@jtyr) | ||||
| requirements: | ||||
|  | @ -38,7 +38,7 @@ attributes: | |||
| options: | ||||
|   attributes: | ||||
|     description: | ||||
|       - If I(state=present), attributes necessary to create an entry. Existing | ||||
|       - If O(state=present), attributes necessary to create an entry. Existing | ||||
|         entries are never modified. To assert specific attribute values on an | ||||
|         existing entry, use M(community.general.ldap_attrs) module instead. | ||||
|       - Each attribute value can be a string for single-valued attributes or | ||||
|  | @ -47,13 +47,13 @@ options: | |||
|         readability for long string values by using YAML block modifiers as seen in the | ||||
|         examples for this module. | ||||
|       - Note that when using values that YAML/ansible-core interprets as other types, | ||||
|         like C(yes), C(no) (booleans), or C(2.10) (float), make sure to quote them if | ||||
|         like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if | ||||
|         these are meant to be strings. Otherwise the wrong values may be sent to LDAP. | ||||
|     type: dict | ||||
|     default: {} | ||||
|   objectClass: | ||||
|     description: | ||||
|       - If I(state=present), value or list of values to use when creating | ||||
|       - If O(state=present), value or list of values to use when creating | ||||
|         the entry. It can either be a string or an actual list of | ||||
|         strings. | ||||
|     type: list | ||||
|  | @ -66,7 +66,7 @@ options: | |||
|     type: str | ||||
|   recursive: | ||||
|     description: | ||||
|       - If I(state=delete), a flag indicating whether a single entry or the | ||||
|       - If O(state=delete), a flag indicating whether a single entry or the | ||||
|         whole branch must be deleted. | ||||
|     type: bool | ||||
|     default: false | ||||
|  |  | |||
|  | @ -20,10 +20,10 @@ description: | |||
| notes: | ||||
|   - The default authentication settings will attempt to use a SASL EXTERNAL | ||||
|     bind over a UNIX domain socket. This works well with the default Ubuntu | ||||
|     install for example, which includes a cn=peercred,cn=external,cn=auth ACL | ||||
|     install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL | ||||
|     rule allowing root to modify the server configuration. If you need to use | ||||
|     a simple bind to access your server, pass the credentials in I(bind_dn) | ||||
|     and I(bind_pw). | ||||
|     a simple bind to access your server, pass the credentials in O(bind_dn) | ||||
|     and O(bind_pw). | ||||
| author: | ||||
|   - Keller Fuchs (@KellerFuchs) | ||||
| requirements: | ||||
|  | @ -36,7 +36,7 @@ attributes: | |||
| options: | ||||
|   passwd: | ||||
|     description: | ||||
|       - The (plaintext) password to be set for I(dn). | ||||
|       - The (plaintext) password to be set for O(dn). | ||||
|     type: str | ||||
| extends_documentation_fragment: | ||||
|   - community.general.ldap.documentation | ||||
|  |  | |||
|  | @ -21,8 +21,8 @@ notes: | |||
|     bind over a UNIX domain socket. This works well with the default Ubuntu | ||||
|     install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL | ||||
|     rule allowing root to modify the server configuration. If you need to use | ||||
|     a simple bind to access your server, pass the credentials in I(bind_dn) | ||||
|     and I(bind_pw). | ||||
|     a simple bind to access your server, pass the credentials in O(bind_dn) | ||||
|     and O(bind_pw). | ||||
| author: | ||||
|   - Sebastian Pfahl (@eryx12o45) | ||||
| requirements: | ||||
|  | @ -59,8 +59,8 @@ options: | |||
|     default: false | ||||
|     type: bool | ||||
|     description: | ||||
|       - Set to C(true) to return the full attribute schema of entries, not | ||||
|         their attribute values. Overrides I(attrs) when provided. | ||||
|       - Set to V(true) to return the full attribute schema of entries, not | ||||
|         their attribute values. Overrides O(attrs) when provided. | ||||
|   page_size: | ||||
|     default: 0 | ||||
|     type: int | ||||
|  | @ -73,7 +73,7 @@ options: | |||
|     description: | ||||
|       - If provided, all attribute values returned that are listed in this option | ||||
|         will be Base64 encoded. | ||||
|       - If the special value C(*) appears in this list, all attributes will be | ||||
|       - If the special value V(*) appears in this list, all attributes will be | ||||
|         Base64 encoded. | ||||
|       - All other attribute values will be converted to UTF-8 strings. If they | ||||
|         contain binary data, please note that invalid UTF-8 bytes will be omitted. | ||||
|  | @ -110,7 +110,7 @@ results: | |||
|       value is a list. | ||||
|     - Note that all values (for single-element lists) and list elements (for multi-valued | ||||
|       lists) will be UTF-8 strings. Some might contain Base64-encoded binary data; which | ||||
|       ones is determined by the I(base64_attributes) option. | ||||
|       ones is determined by the O(base64_attributes) option. | ||||
|   type: list | ||||
|   elements: dict | ||||
| """ | ||||
|  |  | |||
|  | @ -40,7 +40,8 @@ options: | |||
|   include_non_listening: | ||||
|     description: | ||||
|         - Show both listening and non-listening sockets (for TCP this means established connections). | ||||
|         - Adds the return values C(state) and C(foreign_address) to the returned facts. | ||||
|         - Adds the return values RV(ansible_facts.tcp_listen[].state), RV(ansible_facts.udp_listen[].state), | ||||
|           RV(ansible_facts.tcp_listen[].foreign_address), and RV(ansible_facts.udp_listen[].foreign_address) to the returned facts. | ||||
|     type: bool | ||||
|     default: false | ||||
|     version_added: 5.4.0 | ||||
|  | @ -96,13 +97,13 @@ ansible_facts: | |||
|           sample: "0.0.0.0" | ||||
|         foreign_address: | ||||
|           description: The address of the remote end of the socket. | ||||
|           returned: if I(include_non_listening=true) | ||||
|           returned: if O(include_non_listening=true) | ||||
|           type: str | ||||
|           sample: "10.80.0.1" | ||||
|           version_added: 5.4.0 | ||||
|         state: | ||||
|           description: The state of the socket. | ||||
|           returned: if I(include_non_listening=true) | ||||
|           returned: if O(include_non_listening=true) | ||||
|           type: str | ||||
|           sample: "ESTABLISHED" | ||||
|           version_added: 5.4.0 | ||||
|  | @ -148,13 +149,13 @@ ansible_facts: | |||
|           sample: "0.0.0.0" | ||||
|         foreign_address: | ||||
|           description: The address of the remote end of the socket. | ||||
|           returned: if I(include_non_listening=true) | ||||
|           returned: if O(include_non_listening=true) | ||||
|           type: str | ||||
|           sample: "10.80.0.1" | ||||
|           version_added: 5.4.0 | ||||
|         state: | ||||
|           description: The state of the socket. UDP is a connectionless protocol. Shows UCONN or ESTAB. | ||||
|           returned: if I(include_non_listening=true) | ||||
|           returned: if O(include_non_listening=true) | ||||
|           type: str | ||||
|           sample: "UCONN" | ||||
|           version_added: 5.4.0 | ||||
|  |  | |||
|  | @ -39,7 +39,7 @@ options: | |||
|     elements: str | ||||
|   pesize: | ||||
|     description: | ||||
|     - "The size of the physical extent. I(pesize) must be a power of 2 of at least 1 sector | ||||
|     - "The size of the physical extent. O(pesize) must be a power of 2 of at least 1 sector | ||||
|        (where the sector size is the largest sector size of the PVs currently used in the VG), | ||||
|        or at least 128KiB." | ||||
|     - Since Ansible 2.6, pesize can be optionally suffixed by a UNIT (k/K/m/M/g/G), default unit is megabyte. | ||||
|  | @ -52,7 +52,7 @@ options: | |||
|     default: '' | ||||
|   pvresize: | ||||
|     description: | ||||
|     - If C(true), resize the physical volume to the maximum available size. | ||||
|     - If V(true), resize the physical volume to the maximum available size. | ||||
|     type: bool | ||||
|     default: false | ||||
|     version_added: '0.2.0' | ||||
|  | @ -69,7 +69,7 @@ options: | |||
|     default: present | ||||
|   force: | ||||
|     description: | ||||
|     - If C(true), allows to remove volume group with logical volumes. | ||||
|     - If V(true), allows to remove volume group with logical volumes. | ||||
|     type: bool | ||||
|     default: false | ||||
| seealso: | ||||
|  |  | |||
|  | @ -111,7 +111,7 @@ options: | |||
|           - debug | ||||
|           - DEBUG | ||||
|         description: | ||||
|           - Set the log level for a container where I(container_log) was set. | ||||
|           - Set the log level for a container where O(container_log) was set. | ||||
|         type: str | ||||
|         required: false | ||||
|         default: INFO | ||||
|  | @ -158,7 +158,7 @@ options: | |||
|           - clone | ||||
|         description: | ||||
|           - Define the state of a container. | ||||
|           - If you clone a container using I(clone_name) the newly cloned | ||||
|           - If you clone a container using O(clone_name) the newly cloned | ||||
|             container created in a stopped state. | ||||
|           - The running container will be stopped while the clone operation is | ||||
|             happening and upon completion of the clone the original container | ||||
|  | @ -178,17 +178,17 @@ notes: | |||
|   - Containers must have a unique name. If you attempt to create a container | ||||
|     with a name that already exists in the users namespace the module will | ||||
|     simply return as "unchanged". | ||||
|   - The I(container_command) can be used with any state except C(absent). If | ||||
|     used with state C(stopped) the container will be C(started), the command | ||||
|     executed, and then the container C(stopped) again. Likewise if I(state=stopped) | ||||
|   - The O(container_command) can be used with any state except V(absent). If | ||||
|     used with state V(stopped) the container will be V(started), the command | ||||
|     executed, and then the container V(stopped) again. Likewise if O(state=stopped) | ||||
|     and the container does not exist it will be first created, | ||||
|     C(started), the command executed, and then C(stopped). If you use a "|" | ||||
|     V(started), the command executed, and then V(stopped). If you use a "|" | ||||
|     in the variable you can use common script formatting within the variable | ||||
|     itself. The I(container_command) option will always execute as BASH. | ||||
|     When using I(container_command), a log file is created in the C(/tmp/) directory | ||||
|     itself. The O(container_command) option will always execute as BASH. | ||||
|     When using O(container_command), a log file is created in the C(/tmp/) directory | ||||
|     which contains both C(stdout) and C(stderr) of any command executed. | ||||
|   - If I(archive=true) the system will attempt to create a compressed | ||||
|     tarball of the running container. The I(archive) option supports LVM backed | ||||
|   - If O(archive=true) the system will attempt to create a compressed | ||||
|     tarball of the running container. The O(archive) option supports LVM backed | ||||
|     containers and will create a snapshot of the running container when | ||||
|     creating the archive. | ||||
|   - If your distro does not have a package for C(python3-lxc), which is a | ||||
|  |  | |||
|  | @ -40,26 +40,26 @@ options: | |||
|         version_added: 4.8.0 | ||||
|     architecture: | ||||
|         description: | ||||
|           - 'The architecture for the instance (for example C(x86_64) or C(i686)). | ||||
|           - 'The architecture for the instance (for example V(x86_64) or V(i686)). | ||||
|             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).' | ||||
|         type: str | ||||
|         required: false | ||||
|     config: | ||||
|         description: | ||||
|           - 'The config for the instance (for example C({"limits.cpu": "2"})). | ||||
|           - 'The config for the instance (for example V({"limits.cpu": "2"})). | ||||
|             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).' | ||||
|           - If the instance already exists and its "config" values in metadata | ||||
|             obtained from the LXD API U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#instances-containers-and-virtual-machines) | ||||
|             are different, this module tries to apply the configurations. | ||||
|           - The keys starting with C(volatile.) are ignored for this comparison when I(ignore_volatile_options=true). | ||||
|           - The keys starting with C(volatile.) are ignored for this comparison when O(ignore_volatile_options=true). | ||||
|         type: dict | ||||
|         required: false | ||||
|     ignore_volatile_options: | ||||
|         description: | ||||
|           - If set to C(true), options starting with C(volatile.) are ignored. As a result, | ||||
|           - If set to V(true), options starting with C(volatile.) are ignored. As a result, | ||||
|             they are reapplied for each execution. | ||||
|           - This default behavior can be changed by setting this option to C(false). | ||||
|           - The default value changed from C(true) to C(false) in community.general 6.0.0. | ||||
|           - This default behavior can be changed by setting this option to V(false). | ||||
|           - The default value changed from V(true) to V(false) in community.general 6.0.0. | ||||
|         type: bool | ||||
|         required: false | ||||
|         default: false | ||||
|  | @ -72,26 +72,23 @@ options: | |||
|     devices: | ||||
|         description: | ||||
|           - 'The devices for the instance | ||||
|             (for example C({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})). | ||||
|             (for example V({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})). | ||||
|             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).' | ||||
|         type: dict | ||||
|         required: false | ||||
|     ephemeral: | ||||
|         description: | ||||
|           - Whether or not the instance is ephemeral (for example C(true) or C(false)). | ||||
|           - Whether or not the instance is ephemeral (for example V(true) or V(false)). | ||||
|             See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1). | ||||
|         required: false | ||||
|         type: bool | ||||
|     source: | ||||
|         description: | ||||
|           - 'The source for the instance | ||||
|             (e.g. { "type": "image", | ||||
|                     "mode": "pull", | ||||
|                     "server": "https://images.linuxcontainers.org", | ||||
|                     "protocol": "lxd", | ||||
|                     "alias": "ubuntu/xenial/amd64" }).' | ||||
|             (for example V({ "type": "image", "mode": "pull", "server": "https://images.linuxcontainers.org", | ||||
|             "protocol": "lxd", "alias": "ubuntu/xenial/amd64" })).' | ||||
|           - 'See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1) for complete API documentation.' | ||||
|           - 'Note that C(protocol) accepts two choices: C(lxd) or C(simplestreams).' | ||||
|           - 'Note that C(protocol) accepts two choices: V(lxd) or V(simplestreams).' | ||||
|         required: false | ||||
|         type: dict | ||||
|     state: | ||||
|  | @ -125,7 +122,7 @@ options: | |||
|         type: int | ||||
|     type: | ||||
|         description: | ||||
|           - Instance type can be either C(virtual-machine) or C(container). | ||||
|           - Instance type can be either V(virtual-machine) or V(container). | ||||
|         required: false | ||||
|         default: container | ||||
|         choices: | ||||
|  | @ -135,7 +132,7 @@ options: | |||
|         version_added: 4.1.0 | ||||
|     wait_for_ipv4_addresses: | ||||
|         description: | ||||
|           - If this is true, the C(lxd_container) waits until IPv4 addresses | ||||
|           - If this is V(true), the C(lxd_container) waits until IPv4 addresses | ||||
|             are set to the all network interfaces in the instance after | ||||
|             starting or restarting. | ||||
|         required: false | ||||
|  | @ -143,14 +140,14 @@ options: | |||
|         type: bool | ||||
|     wait_for_container: | ||||
|         description: | ||||
|             - If set to C(true), the tasks will wait till the task reports a | ||||
|             - If set to V(true), the tasks will wait till the task reports a | ||||
|               success status when performing container operations. | ||||
|         default: false | ||||
|         type: bool | ||||
|         version_added: 4.4.0 | ||||
|     force_stop: | ||||
|         description: | ||||
|           - If this is true, the C(lxd_container) forces to stop the instance | ||||
|           - If this is V(true), the C(lxd_container) forces to stop the instance | ||||
|             when it stops or restarts the instance. | ||||
|         required: false | ||||
|         default: false | ||||
|  | @ -201,7 +198,8 @@ notes: | |||
|     2.1, the later requires python to be installed in the instance which can | ||||
|     be done with the command module. | ||||
|   - You can copy a file from the host to the instance | ||||
|     with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module and the C(community.general.lxd) connection plugin. | ||||
|     with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module | ||||
|     and the P(community.general.lxd#connection) connection plugin. | ||||
|     See the example below. | ||||
|   - You can copy a file in the created instance to the localhost | ||||
|     with C(command=lxc file pull instance_name/dir/filename filename). | ||||
|  |  | |||
|  | @ -34,7 +34,7 @@ options: | |||
|         type: str | ||||
|     config: | ||||
|         description: | ||||
|           - 'The config for the project (for example C({"features.profiles": "true"})). | ||||
|           - 'The config for the project (for example V({"features.profiles": "true"})). | ||||
|             See U(https://linuxcontainers.org/lxd/docs/master/projects/).' | ||||
|           - If the project already exists and its "config" value in metadata | ||||
|             obtained from | ||||
|  | @ -98,7 +98,7 @@ options: | |||
|             running this module using the following command: | ||||
|             C(lxc config set core.trust_password <some random password>) | ||||
|             See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).' | ||||
|           - If I(trust_password) is set, this module send a request for | ||||
|           - If O(trust_password) is set, this module send a request for | ||||
|             authentication before sending any requests. | ||||
|         required: false | ||||
|         type: str | ||||
|  | @ -146,7 +146,7 @@ logs: | |||
|   elements: dict | ||||
|   contains: | ||||
|     type: | ||||
|       description: Type of actions performed, currently only C(sent request). | ||||
|       description: Type of actions performed, currently only V(sent request). | ||||
|       type: str | ||||
|       sample: "sent request" | ||||
|     request: | ||||
|  | @ -166,7 +166,7 @@ logs: | |||
|           type: str | ||||
|           sample: "(too long to be placed here)" | ||||
|         timeout: | ||||
|           description: Timeout of HTTP request, C(null) if unset. | ||||
|           description: Timeout of HTTP request, V(null) if unset. | ||||
|           type: int | ||||
|           sample: null | ||||
|     response: | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue