New in version 2.8.
Parameter | Choices/Defaults | Comments |
---|---|---|
attributes
dictionary
|
A dict of key/value pairs to set as custom attributes for the group.
Values may be single values (e.g. a string) or a list of strings.
|
|
auth_client_id
string
/ required
|
Default: "admin-cli"
|
OpenID Connect client_id to authenticate to the API with.
|
auth_client_secret
string
|
Client Secret to use in conjunction with auth_client_id (if required).
|
|
auth_keycloak_url
string
/ required
|
URL to the Keycloak instance.
aliases: url |
|
auth_password
string
/ required
|
Password to authenticate for API access with.
aliases: password |
|
auth_realm
string
/ required
|
Keycloak realm name to authenticate to for API access.
|
|
auth_username
string
/ required
|
Username to authenticate for API access with.
aliases: username |
|
id
string
|
The unique identifier for this group.
This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls required.
|
|
name
string
|
Name of the group.
This parameter is required only when creating or updating the group.
|
|
realm
string
|
Default: "master"
|
They Keycloak realm under which this group resides.
|
state
string
/ required
|
|
State of the group.
On
present , the group will be created if it does not yet exist, or updated with the parameters you provide.On
absent , the group will be removed if it exists. |
validate_certs
boolean
|
|
Verify TLS certificates (do not disable this in production).
|
Note
- name: Create a Keycloak group
keycloak_group:
name: my-new-kc-group
realm: MyCustomRealm
state: present
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Delete a keycloak group
keycloak_group:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
state: absent
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Delete a Keycloak group based on name
keycloak_group:
name: my-group-for-deletion
state: absent
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Update the name of a Keycloak group
keycloak_group:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
name: an-updated-kc-group-name
state: present
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Create a keycloak group with some custom attributes
keycloak_group:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
name: my-new_group
attributes:
attrib1: value1
attrib2: value2
attrib3:
- with
- numerous
- individual
- list
- items
delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
Key | Returned | Description | |
---|---|---|---|
group
complex
|
always |
Group representation of the group after module execution (sample is truncated).
|
|
access
dictionary
|
always |
A dict describing the accesses you have to this group based on the credentials used.
Sample:
{'manage': True, 'manageMembership': True, 'view': True}
|
|
attributes
dictionary
|
always |
Attributes applied to this group
Sample:
{'attr1': ['val1', 'val2', 'val3']}
|
|
clientRoles
list
|
always |
A list of client-level roles granted to this group
|
|
id
string
|
always |
GUID that identifies the group
Sample:
23f38145-3195-462c-97e7-97041ccea73e
|
|
name
string
|
always |
Name of the group
Sample:
grp-test-123
|
|
path
string
|
always |
URI path to the group
Sample:
/grp-test-123
|
|
realmRoles
list
|
always |
An array of the realm-level roles granted to this group
|
|
subGroups
list
|
always |
A list of groups that are children of this group. These groups will have the same parameters as documented here.
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.