Class: Ansible::Ruby::Modules::Keycloak_client
- Inherits:
-
Base
- Object
- Ansible::Ruby::Models::Base
- Base
- Ansible::Ruby::Modules::Keycloak_client
- Defined in:
- lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb
Overview
This module allows the administration of Keycloak clients via the Keycloak REST API. It requires access to the REST API via OpenID Connect; the user connecting and the client being used must have the requisite access rights. In a default Keycloak installation, admin-cli and an admin user would work, as would a separate client definition with the scope tailored to your needs and a user having the expected roles. The names of module options are snake_cased versions of the camelCase ones found in the Keycloak API and its documentation at U(www.keycloak.org/docs-api/3.3/rest-api/). Aliases are provided so camelCased versions can be used as well. The Keycloak API does not always enforce for only sensible settings to be used – you can set SAML-specific settings on an OpenID Connect client for instance and vice versa. Be careful. If you do not specify a setting, usually a sensible default is chosen.
Instance Method Summary collapse
-
#admin_url ⇒ String?
URL to the admin interface of the client This is ‘adminUrl’ in the Keycloak REST API.
-
#attributes ⇒ Hash?
A dict of further attributes for this client.
-
#authorization_services_enabled ⇒ Boolean?
Are authorization services enabled for this client or not (OpenID connect).
-
#authorization_settings ⇒ Object?
A data structure defining the authorization settings for this client.
-
#base_url ⇒ String?
Default URL to use when the auth server needs to redirect or link back to the client This is ‘baseUrl’ in the Keycloak REST API.
-
#bearer_only ⇒ Boolean?
The access type of this client is bearer-only.
-
#client_authenticator_type ⇒ :"client-secret", ...
How do clients authenticate with the auth server? Either C(client-secret) or C(client-jwt) can be chosen.
-
#client_id ⇒ String?
Client id of client to be worked on.
-
#client_template ⇒ String?
Client template to use for this client.
-
#consent_required ⇒ Boolean?
If enabled, users have to consent to client access.
-
#default_roles ⇒ Array<String>, ...
List of default roles for this client.
-
#description ⇒ String?
Description of the client in Keycloak.
-
#direct_access_grants_enabled ⇒ Boolean?
Are direct access grants enabled for this client or not (OpenID connect).
-
#enabled ⇒ Boolean?
Is this client enabled or not?.
-
#frontchannel_logout ⇒ Boolean?
Is frontchannel logout enabled for this client or not.
-
#full_scope_allowed ⇒ Boolean?
Is the “Full Scope Allowed” feature set for this client or not.
-
#id ⇒ String?
Id of client to be worked on.
-
#implicit_flow_enabled ⇒ Boolean?
Enable implicit flow for this client or not (OpenID connect).
-
#name ⇒ String?
Name of the client (this is not the same as I(client_id)).
-
#node_re_registration_timeout ⇒ Integer?
Cluster node re-registration timeout for this client.
-
#not_before ⇒ Integer?
Revoke any tokens issued before this date for this client (this is a UNIX timestamp).
-
#protocol ⇒ :"openid-connect", ...
Type of client (either C(openid-connect) or C(saml)..
-
#protocol_mappers ⇒ Array<Hash>, ...
A list of dicts defining protocol mappers for this client.
-
#public_client ⇒ Boolean?
Is the access type for this client public or not.
-
#realm ⇒ String?
The realm to create the client in.
-
#redirect_uris ⇒ Array<String>, ...
Acceptable redirect URIs for this client.
-
#registered_nodes ⇒ Hash?
Dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value).
-
#registration_access_token ⇒ String?
The registration access token provides access for clients to the client registration service.
-
#root_url ⇒ String?
Root URL appended to relative URLs for this client This is ‘rootUrl’ in the Keycloak REST API.
-
#secret ⇒ String?
When using I(client_authenticator_type) C(client-secret) (the default), you can specify a secret here (otherwise one will be generated if it does not exit).
-
#service_accounts_enabled ⇒ Boolean?
Are service accounts enabled for this client or not (OpenID connect).
-
#standard_flow_enabled ⇒ Boolean?
Enable standard flow for this client or not (OpenID connect).
-
#state ⇒ :present, ...
State of the client,On C(present), the client will be created (or updated if it exists already).,On C(absent), the client will be removed if it exists.
-
#surrogate_auth_required ⇒ Boolean?
Whether or not surrogate auth is required.
-
#use_template_config ⇒ Boolean?
Whether or not to use configuration from the I(client_template).
-
#use_template_mappers ⇒ Boolean?
Whether or not to use mapper configuration from the I(client_template).
-
#use_template_scope ⇒ Boolean?
Whether or not to use scope configuration from the I(client_template).
-
#web_origins ⇒ Array<String>, ...
List of allowed CORS origins.
Methods inherited from Base
Methods inherited from Ansible::Ruby::Models::Base
attr_option, attr_options, attribute, fix_inclusion, #initialize, remove_existing_validations, #to_h, validates
Constructor Details
This class inherits a constructor from Ansible::Ruby::Models::Base
Instance Method Details
#admin_url ⇒ String?
Returns URL to the admin interface of the client This is ‘adminUrl’ in the Keycloak REST API.
42 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 42 attribute :admin_url |
#attributes ⇒ Hash?
Returns A dict of further attributes for this client. This can contain various configuration settings; an example is given in the examples section. While an exhaustive list of permissible options is not available; possible options as of Keycloak 3.4 are listed below. The Keycloak API does not validate whether a given option is appropriate for the protocol used; if specified anyway, Keycloak will simply not use it.
161 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 161 attribute :attributes |
#authorization_services_enabled ⇒ Boolean?
Returns Are authorization services enabled for this client or not (OpenID connect). This is ‘authorizationServicesEnabled’ in the Keycloak REST API.
106 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 106 attribute :authorization_services_enabled |
#authorization_settings ⇒ Object?
Returns a data structure defining the authorization settings for this client. For reference, please see the Keycloak API docs at U(www.keycloak.org/docs-api/3.3/rest-api/index.html#_resourceserverrepresentation). This is ‘authorizationSettings’ in the Keycloak REST API.
154 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 154 attribute :authorization_settings |
#base_url ⇒ String?
Returns Default URL to use when the auth server needs to redirect or link back to the client This is ‘baseUrl’ in the Keycloak REST API.
46 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 46 attribute :base_url |
#bearer_only ⇒ Boolean?
Returns The access type of this client is bearer-only. This is ‘bearerOnly’ in the Keycloak REST API.
82 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 82 attribute :bearer_only |
#client_authenticator_type ⇒ :"client-secret", ...
Returns How do clients authenticate with the auth server? Either C(client-secret) or C(client-jwt) can be chosen. When using C(client-secret), the module parameter I(secret) can set it, while for C(client-jwt), you can use the keys C(use.jwks.url), C(jwks.url), and C(jwt.credential.certificate) in the I(attributes) module parameter to configure its behavior. This is ‘clientAuthenticatorType’ in the Keycloak REST API.
54 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 54 attribute :client_authenticator_type |
#client_id ⇒ String?
Returns Client id of client to be worked on. This is usually an alphanumeric name chosen by you. Either this or I(id) is required. If you specify both, I(id) takes precedence. This is ‘clientId’ in the Keycloak REST API.
22 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 22 attribute :client_id |
#client_template ⇒ String?
Returns Client template to use for this client. If it does not exist this field will silently be dropped. This is ‘clientTemplate’ in the Keycloak REST API.
134 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 134 attribute :client_template |
#consent_required ⇒ Boolean?
Returns If enabled, users have to consent to client access. This is ‘consentRequired’ in the Keycloak REST API.
86 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 86 attribute :consent_required |
#default_roles ⇒ Array<String>, ...
Returns list of default roles for this client. If the client roles referenced do not exist yet, they will be created. This is ‘defaultRoles’ in the Keycloak REST API.
66 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 66 attribute :default_roles |
#description ⇒ String?
Returns Description of the client in Keycloak.
34 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 34 attribute :description |
#direct_access_grants_enabled ⇒ Boolean?
Returns Are direct access grants enabled for this client or not (OpenID connect). This is ‘directAccessGrantsEnabled’ in the Keycloak REST API.
98 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 98 attribute :direct_access_grants_enabled |
#enabled ⇒ Boolean?
Returns Is this client enabled or not?.
50 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 50 attribute :enabled |
#frontchannel_logout ⇒ Boolean?
Returns Is frontchannel logout enabled for this client or not. This is ‘frontchannelLogout’ in the Keycloak REST API.
114 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 114 attribute :frontchannel_logout |
#full_scope_allowed ⇒ Boolean?
Returns Is the “Full Scope Allowed” feature set for this client or not. This is ‘fullScopeAllowed’ in the Keycloak REST API.
122 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 122 attribute :full_scope_allowed |
#id ⇒ String?
Returns Id of client to be worked on. This is usually an UUID. Either this or I(client_id) is required. If you specify both, this takes precedence.
26 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 26 attribute :id |
#implicit_flow_enabled ⇒ Boolean?
Returns Enable implicit flow for this client or not (OpenID connect). This is ‘implictFlowEnabled’ in the Keycloak REST API.
94 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 94 attribute :implicit_flow_enabled |
#name ⇒ String?
Returns Name of the client (this is not the same as I(client_id)).
30 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 30 attribute :name |
#node_re_registration_timeout ⇒ Integer?
Returns Cluster node re-registration timeout for this client. This is ‘nodeReRegistrationTimeout’ in the Keycloak REST API.
126 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 126 attribute :node_re_registration_timeout |
#not_before ⇒ Integer?
Returns Revoke any tokens issued before this date for this client (this is a UNIX timestamp). This is ‘notBefore’ in the Keycloak REST API.
78 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 78 attribute :not_before |
#protocol ⇒ :"openid-connect", ...
Returns Type of client (either C(openid-connect) or C(saml).
118 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 118 attribute :protocol |
#protocol_mappers ⇒ Array<Hash>, ...
Returns a list of dicts defining protocol mappers for this client. This is ‘protocolMappers’ in the Keycloak REST API.
157 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 157 attribute :protocol_mappers |
#public_client ⇒ Boolean?
Returns Is the access type for this client public or not. This is ‘publicClient’ in the Keycloak REST API.
110 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 110 attribute :public_client |
#realm ⇒ String?
Returns The realm to create the client in.
18 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 18 attribute :realm |
#redirect_uris ⇒ Array<String>, ...
Returns Acceptable redirect URIs for this client. This is ‘redirectUris’ in the Keycloak REST API.
70 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 70 attribute :redirect_uris |
#registered_nodes ⇒ Hash?
Returns dict of registered cluster nodes (with C(nodename) as the key and last registration time as the value). This is ‘registeredNodes’ in the Keycloak REST API.
130 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 130 attribute :registered_nodes |
#registration_access_token ⇒ String?
Returns The registration access token provides access for clients to the client registration service. This is ‘registrationAccessToken’ in the Keycloak REST API.
62 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 62 attribute :registration_access_token |
#root_url ⇒ String?
Returns Root URL appended to relative URLs for this client This is ‘rootUrl’ in the Keycloak REST API.
38 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 38 attribute :root_url |
#secret ⇒ String?
Returns When using I(client_authenticator_type) C(client-secret) (the default), you can specify a secret here (otherwise one will be generated if it does not exit). If changing this secret, the module will not register a change currently (but the changed secret will be saved).
58 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 58 attribute :secret |
#service_accounts_enabled ⇒ Boolean?
Returns Are service accounts enabled for this client or not (OpenID connect). This is ‘serviceAccountsEnabled’ in the Keycloak REST API.
102 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 102 attribute :service_accounts_enabled |
#standard_flow_enabled ⇒ Boolean?
Returns Enable standard flow for this client or not (OpenID connect). This is ‘standardFlowEnabled’ in the Keycloak REST API.
90 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 90 attribute :standard_flow_enabled |
#state ⇒ :present, ...
Returns State of the client,On C(present), the client will be created (or updated if it exists already).,On C(absent), the client will be removed if it exists.
14 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 14 attribute :state |
#surrogate_auth_required ⇒ Boolean?
Returns Whether or not surrogate auth is required. This is ‘surrogateAuthRequired’ in the Keycloak REST API.
150 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 150 attribute :surrogate_auth_required |
#use_template_config ⇒ Boolean?
Returns Whether or not to use configuration from the I(client_template). This is ‘useTemplateConfig’ in the Keycloak REST API.
138 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 138 attribute :use_template_config |
#use_template_mappers ⇒ Boolean?
Returns Whether or not to use mapper configuration from the I(client_template). This is ‘useTemplateMappers’ in the Keycloak REST API.
146 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 146 attribute :use_template_mappers |
#use_template_scope ⇒ Boolean?
Returns Whether or not to use scope configuration from the I(client_template). This is ‘useTemplateScope’ in the Keycloak REST API.
142 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 142 attribute :use_template_scope |
#web_origins ⇒ Array<String>, ...
Returns List of allowed CORS origins. This is ‘webOrigins’ in the Keycloak REST API.
74 |
# File 'lib/ansible/ruby/modules/generated/identity/keycloak/keycloak_client.rb', line 74 attribute :web_origins |