W3cubDocs

/Ansible

community.general.keycloak_component module – Allows administration of Keycloak components using Keycloak API

Note

This module is part of the community.general collection (version 10.7.3).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general.

To use it in a playbook, specify: community.general.keycloak_component.

New in community.general 10.0.0

Synopsis

  • This module allows the administration of Keycloak components using the Keycloak REST API. It requires access to the REST API using OpenID Connect; the user connecting and the realm being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate realm definition with the scope tailored to your needs and a user having the expected roles.
  • The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at https://www.keycloak.org/docs-api/latest/rest-api/index.html. Aliases are provided so camelCased versions can be used as well.

Parameters

Parameter

Comments

auth_client_id

string

OpenID Connect client_id to authenticate to the API with.

Default: "admin-cli"

auth_client_secret

string

Client Secret to use in conjunction with auth_client_id (if required).

auth_keycloak_url

aliases: url

string / required

URL to the Keycloak instance.

auth_password

aliases: password

string

Password to authenticate for API access with.

auth_realm

string

Keycloak realm name to authenticate to for API access.

auth_username

aliases: username

string

Username to authenticate for API access with.

config

dictionary

Configuration properties for the provider.

Contents vary depending on the provider type.

connection_timeout

integer

added in community.general 4.5.0

Controls the HTTP connections timeout period (in seconds) to Keycloak API.

Default: 10

http_agent

string

added in community.general 5.4.0

Configures the HTTP User-Agent header.

Default: "Ansible"

name

string / required

Name of the component to create.

parent_id

string / required

The parent_id of the component. In practice the ID (name) of the realm.

provider_id

string / required

The name of the “provider ID” for the key.

provider_type

string / required

The name of the “provider type” for the key. That is, org.keycloak.storage.UserStorageProvider, org.keycloak.userprofile.UserProfileProvider, …

See https://www.keycloak.org/docs/latest/server_development/index.html#_providers.

refresh_token

string

added in community.general 10.3.0

Authentication refresh token for Keycloak API.

state

string

State of the Keycloak component.

On present, the component will be created (or updated if it exists already).

On absent, the component will be removed if it exists.

Choices:

  • "present" ← (default)
  • "absent"

token

string

added in community.general 3.0.0

Authentication token for Keycloak API.

validate_certs

boolean

Verify TLS certificates (do not disable this in production).

Choices:

  • false
  • true ← (default)

Attributes

Attribute

Support

Description

action_group

Action group: community.general.keycloak

added in community.general 10.2.0

Use group/community.general.keycloak in module_defaults to set defaults for this module.

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: full

Will return details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Manage Keycloak User Storage Provider
  community.general.keycloak_component:
    auth_keycloak_url: http://localhost:8080/auth
    auth_username: keycloak
    auth_password: keycloak
    auth_realm: master
    name: my storage provider
    state: present
    parent_id: some_realm
    provider_id: my storage
    provider_type: "org.keycloak.storage.UserStorageProvider"
    config:
      myCustomKey: "my_custom_key"
      cachePolicy: "NO_CACHE"
      enabled: true

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

end_state

dictionary

Representation of the keycloak_component after module execution.

Returned: on success

config

dictionary

Component configuration.

Returned: success

id

string

ID of the component.

Returned: when state=present

Sample: "5b7ec13f-99da-46ad-8326-ab4c73cf4ce4"

name

string

Name of the component.

Returned: when state=present

Sample: "mykey"

parentId

string

ID of the realm this key belongs to.

Returned: when state=present

Sample: "myrealm"

providerId

string

The ID of the key provider.

Returned: when state=present

Sample: "rsa"

providerType

string

The type of provider.

Returned: when state=present

Authors

  • Björn Bösel (@fivetide)

© 2012–2018 Michael DeHaan
© 2018–2025 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/community/general/keycloak_component_module.html