Class: Ansible::Ruby::Modules::Keycloak_client

Inherits:

Base

• Object
• Ansible::Ruby::Models::Base
• Base
• Ansible::Ruby::Modules::Keycloak_client

Defined in:

lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb

Overview

This module allows the administration of Keycloak clients via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(www.keycloak.org/docs-api/3.3/rest-api/). Aliases are provided so camelCased versions can be used as well. The Keycloak API does not always enforce for only sensible settings to be used – you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.

Instance Method Summary

• #admin_url ⇒ String^?

  URL to the admin interface of the client This is ‘adminUrl’ in the Keycloak REST API.

• #attributes ⇒ Hash^?

  A dict of further attributes for this client.

• #authorization_services_enabled ⇒ Boolean^?

  Are authorization services enabled for this client or not (OpenID connect).

• #authorization_settings ⇒ Object^?

  A data structure defining the authorization settings for this client.

• #base_url ⇒ String^?

  Default URL to use when the auth server needs to redirect or link back to the client This is ‘baseUrl’ in the Keycloak REST API.

• #bearer_only ⇒ Boolean^?

  The access type of this client is bearer-only.

• #client_authenticator_type ⇒ :"client-secret", ...

  How do clients authenticate with the auth server? Either C(client-secret) or C(client-jwt) can be chosen.

• #client_id ⇒ String^?

  Client id of client to be worked on.

• #client_template ⇒ String^?

  Client template to use for this client.

• #consent_required ⇒ Boolean^?

  If enabled, users have to consent to client access.

• #default_roles ⇒ Array<String>, ...

  List of default roles for this client.

• #description ⇒ String^?

  Description of the client in Keycloak.

• #direct_access_grants_enabled ⇒ Boolean^?

  Are direct access grants enabled for this client or not (OpenID connect).

• #enabled ⇒ Boolean^?

  Is this client enabled or not?.

• #frontchannel_logout ⇒ Boolean^?

  Is frontchannel logout enabled for this client or not.

• #full_scope_allowed ⇒ Boolean^?

  Is the “Full Scope Allowed” feature set for this client or not.

• #id ⇒ String^?

  Id of client to be worked on.

• #implicit_flow_enabled ⇒ Boolean^?

  Enable implicit flow for this client or not (OpenID connect).

• #name ⇒ String^?

  Name of the client (this is not the same as I(client_id)).

• #node_re_registration_timeout ⇒ Integer^?

  Cluster node re-registration timeout for this client.

• #not_before ⇒ Integer^?

  Revoke any tokens issued before this date for this client (this is a UNIX timestamp).

• #protocol ⇒ :"openid-connect", ...

  Type of client (either C(openid-connect) or C(saml)..

• #protocol_mappers ⇒ Array<Hash>, ...

  A list of dicts defining protocol mappers for this client.

• #public_client ⇒ Boolean^?

  Is the access type for this client public or not.

• #realm ⇒ String^?

  The realm to create the client in.

• #redirect_uris ⇒ Array<String>, ...

  Acceptable redirect URIs for this client.

• #registered_nodes ⇒ Hash^?

  Dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value).

• #registration_access_token ⇒ String^?

  The registration access token provides access for clients to the client registration service.

• #root_url ⇒ String^?

  Root URL appended to relative URLs for this client This is ‘rootUrl’ in the Keycloak REST API.

• #secret ⇒ String^?

  When using I(client_authenticator_type) C(client-secret) (the default), you can specify a secret here (otherwise one will be generated if it does not exit).

• #service_accounts_enabled ⇒ Boolean^?

  Are service accounts enabled for this client or not (OpenID connect).

• #standard_flow_enabled ⇒ Boolean^?

  Enable standard flow for this client or not (OpenID connect).

• #state ⇒ :present, ...

  State of the client,On C(present), the client will be created (or updated if it exists already).,On C(absent), the client will be removed if it exists.

• #surrogate_auth_required ⇒ Boolean^?

  Whether or not surrogate auth is required.

• #use_template_config ⇒ Boolean^?

  Whether or not to use configuration from the I(client_template).

• #use_template_mappers ⇒ Boolean^?

  Whether or not to use mapper configuration from the I(client_template).

• #use_template_scope ⇒ Boolean^?

  Whether or not to use scope configuration from the I(client_template).

• #web_origins ⇒ Array<String>, ...

  List of allowed CORS origins.

Methods inherited from Base

#ansible_name, #to_h

Methods inherited from Ansible::Ruby::Models::Base

attr_option, attr_options, attribute, fix_inclusion, #initialize, remove_existing_validations, #to_h, validates

Constructor Details

This class inherits a constructor from Ansible::Ruby::Models::Base

Instance Method Details

#admin_url ⇒ String^?

Returns URL to the admin interface of the client This is ‘adminUrl’ in the Keycloak REST API.

Returns:

• (String, nil) —

  URL to the admin interface of the client This is ‘adminUrl’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 42

attribute :admin_url

#attributes ⇒ Hash^?

Returns A dict of further attributes for this client. This can contain various configuration settings; an example is given in the examples section. While an exhaustive list of permissible options is not available; possible options as of Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol used; if specified anyway, Keycloak will simply not use it.

Returns:

• (Hash, nil) —

  A dict of further attributes for this client. This can contain various configuration settings; an example is given in the examples section. While an exhaustive list of permissible options is not available; possible options as of Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol used; if specified anyway, Keycloak will simply not use it.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 161

attribute :attributes

#authorization_services_enabled ⇒ Boolean^?

Returns Are authorization services enabled for this client or not (OpenID connect). This is ‘authorizationServicesEnabled’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Are authorization services enabled for this client or not (OpenID connect). This is ‘authorizationServicesEnabled’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 106

attribute :authorization_services_enabled

#authorization_settings ⇒ Object^?

Returns a data structure defining the authorization settings for this client. For reference, please see the Keycloak API docs at U(www.keycloak.org/docs-api/3.3/rest-api/index.html#_resourceserverrepresentation). This is ‘authorizationSettings’ in the Keycloak REST API.

Returns:

• (Object, nil) —

  a data structure defining the authorization settings for this client. For reference, please see the Keycloak API docs at U(www.keycloak.org/docs-api/3.3/rest-api/index.html#_resourceserverrepresentation). This is ‘authorizationSettings’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 154

attribute :authorization_settings

#base_url ⇒ String^?

Returns Default URL to use when the auth server needs to redirect or link back to the client This is ‘baseUrl’ in the Keycloak REST API.

Returns:

• (String, nil) —

  Default URL to use when the auth server needs to redirect or link back to the client This is ‘baseUrl’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 46

attribute :base_url

#bearer_only ⇒ Boolean^?

Returns The access type of this client is bearer-only. This is ‘bearerOnly’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  The access type of this client is bearer-only. This is ‘bearerOnly’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 82

attribute :bearer_only

#client_authenticator_type ⇒ :"client-secret", ...

Returns How do clients authenticate with the auth server? Either C(client-secret) or C(client-jwt) can be chosen. When using C(client-secret), the module parameter I(secret) can set it, while for C(client-jwt), you can use the keys C(use.jwks.url), C(jwks.url), and C(jwt.credential.certificate) in the I(attributes) module parameter to configure its behavior. This is ‘clientAuthenticatorType’ in the Keycloak REST API.

Returns:

• (:"client-secret", :"client-jwt", nil) —

  How do clients authenticate with the auth server? Either C(client-secret) or C(client-jwt) can be chosen. When using C(client-secret), the module parameter I(secret) can set it, while for C(client-jwt), you can use the keys C(use.jwks.url), C(jwks.url), and C(jwt.credential.certificate) in the I(attributes) module parameter to configure its behavior. This is ‘clientAuthenticatorType’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 54

attribute :client_authenticator_type

#client_id ⇒ String^?

Returns Client id of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or I(id) is required. If you specify both, I(id) takes precedence. This is ‘clientId’ in the Keycloak REST API.

Returns:

• (String, nil) —

  Client id of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or I(id) is required. If you specify both, I(id) takes precedence. This is ‘clientId’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 22

attribute :client_id

#client_template ⇒ String^?

Returns Client template to use for this client. If it does not exist this field will silently be dropped. This is ‘clientTemplate’ in the Keycloak REST API.

Returns:

• (String, nil) —

  Client template to use for this client. If it does not exist this field will silently be dropped. This is ‘clientTemplate’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 134

attribute :client_template

#consent_required ⇒ Boolean^?

Returns If enabled, users have to consent to client access. This is ‘consentRequired’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  If enabled, users have to consent to client access. This is ‘consentRequired’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 86

attribute :consent_required

#default_roles ⇒ Array<String>, ...

Returns list of default roles for this client. If the client roles referenced do not exist yet, they will be created. This is ‘defaultRoles’ in the Keycloak REST API.

Returns:

• (Array<String>, String, nil) —

  list of default roles for this client. If the client roles referenced do not exist yet, they will be created. This is ‘defaultRoles’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 66

attribute :default_roles

#description ⇒ String^?

Returns Description of the client in Keycloak.

Returns:

• (String, nil) —

  Description of the client in Keycloak

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 34

attribute :description

#direct_access_grants_enabled ⇒ Boolean^?

Returns Are direct access grants enabled for this client or not (OpenID connect). This is ‘directAccessGrantsEnabled’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Are direct access grants enabled for this client or not (OpenID connect). This is ‘directAccessGrantsEnabled’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 98

attribute :direct_access_grants_enabled

#enabled ⇒ Boolean^?

Returns Is this client enabled or not?.

Returns:

• (Boolean, nil) —

  Is this client enabled or not?

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 50

attribute :enabled

#frontchannel_logout ⇒ Boolean^?

Returns Is frontchannel logout enabled for this client or not. This is ‘frontchannelLogout’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Is frontchannel logout enabled for this client or not. This is ‘frontchannelLogout’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 114

attribute :frontchannel_logout

#full_scope_allowed ⇒ Boolean^?

Returns Is the “Full Scope Allowed” feature set for this client or not. This is ‘fullScopeAllowed’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Is the “Full Scope Allowed” feature set for this client or not. This is ‘fullScopeAllowed’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 122

attribute :full_scope_allowed

#id ⇒ String^?

Returns Id of client to be worked on. This is usually an UUID. Either this or I(client_id) is required. If you specify both, this takes precedence.

Returns:

• (String, nil) —

  Id of client to be worked on. This is usually an UUID. Either this or I(client_id) is required. If you specify both, this takes precedence.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 26

attribute :id

#implicit_flow_enabled ⇒ Boolean^?

Returns Enable implicit flow for this client or not (OpenID connect). This is ‘implictFlowEnabled’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Enable implicit flow for this client or not (OpenID connect). This is ‘implictFlowEnabled’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 94

attribute :implicit_flow_enabled

#name ⇒ String^?

Returns Name of the client (this is not the same as I(client_id)).

Returns:

• (String, nil) —

  Name of the client (this is not the same as I(client_id))

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 30

attribute :name

#node_re_registration_timeout ⇒ Integer^?

Returns Cluster node re-registration timeout for this client. This is ‘nodeReRegistrationTimeout’ in the Keycloak REST API.

Returns:

• (Integer, nil) —

  Cluster node re-registration timeout for this client. This is ‘nodeReRegistrationTimeout’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 126

attribute :node_re_registration_timeout

#not_before ⇒ Integer^?

Returns Revoke any tokens issued before this date for this client (this is a UNIX timestamp). This is ‘notBefore’ in the Keycloak REST API.

Returns:

• (Integer, nil) —

  Revoke any tokens issued before this date for this client (this is a UNIX timestamp). This is ‘notBefore’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 78

attribute :not_before

#protocol ⇒ :"openid-connect", ...

Returns Type of client (either C(openid-connect) or C(saml).

Returns:

• (:"openid-connect", :saml, nil) —

  Type of client (either C(openid-connect) or C(saml).

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 118

attribute :protocol

#protocol_mappers ⇒ Array<Hash>, ...

Returns a list of dicts defining protocol mappers for this client. This is ‘protocolMappers’ in the Keycloak REST API.

Returns:

• (Array<Hash>, Hash, nil) —

  a list of dicts defining protocol mappers for this client. This is ‘protocolMappers’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 157

attribute :protocol_mappers

#public_client ⇒ Boolean^?

Returns Is the access type for this client public or not. This is ‘publicClient’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Is the access type for this client public or not. This is ‘publicClient’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 110

attribute :public_client

#realm ⇒ String^?

Returns The realm to create the client in.

Returns:

• (String, nil) —

  The realm to create the client in.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 18

attribute :realm

#redirect_uris ⇒ Array<String>, ...

Returns Acceptable redirect URIs for this client. This is ‘redirectUris’ in the Keycloak REST API.

Returns:

• (Array<String>, String, nil) —

  Acceptable redirect URIs for this client. This is ‘redirectUris’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 70

attribute :redirect_uris

#registered_nodes ⇒ Hash^?

Returns dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value). This is ‘registeredNodes’ in the Keycloak REST API.

Returns:

• (Hash, nil) —

  dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value). This is ‘registeredNodes’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 130

attribute :registered_nodes

#registration_access_token ⇒ String^?

Returns The registration access token provides access for clients to the client registration service. This is ‘registrationAccessToken’ in the Keycloak REST API.

Returns:

• (String, nil) —

  The registration access token provides access for clients to the client registration service. This is ‘registrationAccessToken’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 62

attribute :registration_access_token

#root_url ⇒ String^?

Returns Root URL appended to relative URLs for this client This is ‘rootUrl’ in the Keycloak REST API.

Returns:

• (String, nil) —

  Root URL appended to relative URLs for this client This is ‘rootUrl’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 38

attribute :root_url

#secret ⇒ String^?

Returns When using I(client_authenticator_type) C(client-secret) (the default), you can specify a secret here (otherwise one will be generated if it does not exit). If changing this secret, the module will not register a change currently (but the changed secret will be saved).

Returns:

• (String, nil) —

  When using I(client_authenticator_type) C(client-secret) (the default), you can specify a secret here (otherwise one will be generated if it does not exit). If changing this secret, the module will not register a change currently (but the changed secret will be saved).

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 58

attribute :secret

#service_accounts_enabled ⇒ Boolean^?

Returns Are service accounts enabled for this client or not (OpenID connect). This is ‘serviceAccountsEnabled’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Are service accounts enabled for this client or not (OpenID connect). This is ‘serviceAccountsEnabled’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 102

attribute :service_accounts_enabled

#standard_flow_enabled ⇒ Boolean^?

Returns Enable standard flow for this client or not (OpenID connect). This is ‘standardFlowEnabled’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Enable standard flow for this client or not (OpenID connect). This is ‘standardFlowEnabled’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 90

attribute :standard_flow_enabled

#state ⇒ :present, ...

Returns State of the client,On C(present), the client will be created (or updated if it exists already).,On C(absent), the client will be removed if it exists.

Returns:

• (:present, :absent, nil) —

  State of the client,On C(present), the client will be created (or updated if it exists already).,On C(absent), the client will be removed if it exists

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 14

attribute :state

#surrogate_auth_required ⇒ Boolean^?

Returns Whether or not surrogate auth is required. This is ‘surrogateAuthRequired’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Whether or not surrogate auth is required. This is ‘surrogateAuthRequired’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 150

attribute :surrogate_auth_required

#use_template_config ⇒ Boolean^?

Returns Whether or not to use configuration from the I(client_template). This is ‘useTemplateConfig’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Whether or not to use configuration from the I(client_template). This is ‘useTemplateConfig’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 138

attribute :use_template_config

#use_template_mappers ⇒ Boolean^?

Returns Whether or not to use mapper configuration from the I(client_template). This is ‘useTemplateMappers’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Whether or not to use mapper configuration from the I(client_template). This is ‘useTemplateMappers’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 146

attribute :use_template_mappers

#use_template_scope ⇒ Boolean^?

Returns Whether or not to use scope configuration from the I(client_template). This is ‘useTemplateScope’ in the Keycloak REST API.

Returns:

• (Boolean, nil) —

  Whether or not to use scope configuration from the I(client_template). This is ‘useTemplateScope’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 142

attribute :use_template_scope

#web_origins ⇒ Array<String>, ...

Returns List of allowed CORS origins. This is ‘webOrigins’ in the Keycloak REST API.

Returns:

• (Array<String>, String, nil) —

  List of allowed CORS origins. This is ‘webOrigins’ in the Keycloak REST API.

# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 74

attribute :web_origins