New in version 2.8.
| Parameter | Choices/Defaults | Comments |
|---|---|---|
|
attributes
dictionary
|
A dict of key/value pairs to set as custom attributes for the group.
Values may be single values (e.g. a string) or a list of strings.
|
|
|
auth_client_id
string
/ required
|
Default: "admin-cli"
|
OpenID Connect client_id to authenticate to the API with.
|
|
auth_client_secret
string
|
Client Secret to use in conjunction with auth_client_id (if required).
|
|
|
auth_keycloak_url
string
/ required
|
URL to the Keycloak instance.
aliases: url |
|
|
auth_password
string
/ required
|
Password to authenticate for API access with.
aliases: password |
|
|
auth_realm
string
/ required
|
Keycloak realm name to authenticate to for API access.
|
|
|
auth_username
string
/ required
|
Username to authenticate for API access with.
aliases: username |
|
|
id
string
|
The unique identifier for this group.
This parameter is not required for updating or deleting a group but providing it will reduce the number of API calls required.
|
|
|
name
string
|
Name of the group.
This parameter is required only when creating or updating the group.
|
|
|
realm
string
|
Default: "master"
|
They Keycloak realm under which this group resides.
|
|
state
string
/ required
|
|
State of the group.
On
present, the group will be created if it does not yet exist, or updated with the parameters you provide.On
absent, the group will be removed if it exists. |
|
validate_certs
boolean
|
|
Verify TLS certificates (do not disable this in production).
|
Note
- name: Create a Keycloak group
keycloak_group:
name: my-new-kc-group
realm: MyCustomRealm
state: present
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Delete a keycloak group
keycloak_group:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
state: absent
realm: MyCustomRealm
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Delete a Keycloak group based on name
keycloak_group:
name: my-group-for-deletion
state: absent
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Update the name of a Keycloak group
keycloak_group:
id: '9d59aa76-2755-48c6-b1af-beb70a82c3cd'
name: an-updated-kc-group-name
state: present
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
delegate_to: localhost
- name: Create a keycloak group with some custom attributes
keycloak_group:
auth_client_id: admin-cli
auth_keycloak_url: https://auth.example.com/auth
auth_realm: master
auth_username: USERNAME
auth_password: PASSWORD
name: my-new_group
attributes:
attrib1: value1
attrib2: value2
attrib3:
- with
- numerous
- individual
- list
- items
delegate_to: localhost
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | |
|---|---|---|---|
|
group
complex
|
always |
Group representation of the group after module execution (sample is truncated).
|
|
|
access
dictionary
|
always |
A dict describing the accesses you have to this group based on the credentials used.
Sample:
{'manage': True, 'manageMembership': True, 'view': True}
|
|
|
attributes
dictionary
|
always |
Attributes applied to this group
Sample:
{'attr1': ['val1', 'val2', 'val3']}
|
|
|
clientRoles
list
|
always |
A list of client-level roles granted to this group
|
|
|
id
string
|
always |
GUID that identifies the group
Sample:
23f38145-3195-462c-97e7-97041ccea73e
|
|
|
name
string
|
always |
Name of the group
Sample:
grp-test-123
|
|
|
path
string
|
always |
URI path to the group
Sample:
/grp-test-123
|
|
|
realmRoles
list
|
always |
An array of the realm-level roles granted to this group
|
|
|
subGroups
list
|
always |
A list of groups that are children of this group. These groups will have the same parameters as documented here.
|
|
Hint
If you notice any issues in this documentation you can edit this document to improve it.