Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SX5-868 New keycloak_realm module PR. #56062

Open
wants to merge 1 commit into
base: devel
from

Conversation

Projects
None yet
2 participants
@elfelip
Copy link

commented May 3, 2019

SUMMARY

Realm configuration Keycloak module.

ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

keycloak_realm

ADDITIONAL INFORMATION

module: keycloak_realm
short_description: Configure a realm in Keycloak
description:

  • This module creates, removes or update Keycloak realms.
    version_added: "2.9"
    options:
    realm:
    description:
    - The name of the realm.
    default: master
    displayName:
    description:
    - The display name of the realm.
    required: false
    aliases: ['name']
    displayNameHtml:
    description:
    - The name to use within the HTML page of the realm.
    required: true
    aliases: ['namehtml']
    loginTheme:
    description:
    - Theme to use at logon for this realm.
    required: false
    adminTheme:
    description:
    - Theme to use for this realm's admin console.
    required: false
    emailTheme:
    description:
    - Theme to use for this realm's emails.
    required: false
    accountTheme:
    description:
    - Theme to use for this realm's accounts.
    required: false
    internationalizationEnabled:
    description:
    - Is internationalization enabled for this realm?
    required: false
    supportedLocales:
    description:
    - List of supported languages for the realm.
    required: false
    defaultLocale:
    description:
    - If multiple locales are supported, which one will be used as default language.
    required: false
    accessCodeLifespan:
    description:
    - access code lifespan.
    default: 60
    accessCodeLifespanLogin:
    description:
    - access code lifespan login.
    default: 1800
    accessCodeLifespanUserAction:
    description:
    - access code lifespan user action.
    default: 300
    accessTokenLifespan:
    description:
    - Access token lifespan.
    default: 300
    accessTokenLifespanForImplicitFlow:
    description:
    - Access token lifespan for implicit flow.
    default: 900
    notBefore:
    description:
    - Not Before.
    revokeRefreshToken:
    description:
    - Revoke Refresh Token.
    type: bool
    ssoSessionMaxLifespan:
    description:
    - Sso Session Max Lifespan.
    default: 36000
    offlineSessionIdleTimeout:
    description:
    - Offline Session Idle Timeout.
    default: 2592000
    ssoSessionIdleTimeout:
    description:
    - SSO session idle timeout.
    default: 1800
    enabled:
    description:
    - Enabled.
    default: True
    sslRequired:
    description:
    - SSL Required.
    default: external
    registrationAllowed:
    description:
    - Registration Allowed.
    default: False
    registrationEmailAsUsername:
    description:
    - Registration Email As Username.
    default: False
    rememberMe:
    description:
    - Remember me.
    default: False
    verifyEmail:
    description:
    - Verify Email.
    default: False
    loginWithEmailAllowed:
    description:
    - Login With Email Allowed.
    default: True
    duplicateEmailsAllowed:
    description:
    - Duplicate Emails Allowed.
    type: bool
    required: false
    resetPasswordAllowed:
    description:
    - Reset Password Allowed.
    default: False
    type: bool
    editUsernameAllowed:
    description:
    - Edit Username Allowed.
    default: False
    bruteForceProtected:
    description:
    - Brute Force Protected.
    default: False
    permanentLockout:
    description:
    - Permanent Lockout.
    default: False
    maxFailureWaitSeconds:
    description:
    - Max Failure Wait Seconds.
    default: 900
    minimumQuickLoginWaitSeconds:
    description:
    - Minimum Quick Login Wait Seconds.
    default: 60
    waitIncrementSeconds:
    description:
    - Wait Increment Seconds.
    default: 60
    quickLoginCheckMilliSeconds:
    description:
    - Quick Login Check MilliSeconds.
    default: 1000
    maxDeltaTimeSeconds:
    description:
    - Max Delta Time Seconds.
    default: 43200
    required: false
    failureFactor:
    description:
    - Failure Factor.
    default: 30
    defaultRoles:
    description:
    - Default roles.
    default: [ "offline_access", "uma_authorization" ]
    requiredCredentials:
    description:
    - Required Credentials.
    default: [ "password" ]
    passwordPolicy:
    description:
    - Password Policy.
    default: hashIterations(20000)
    required: false
    otpPolicyType:
    description:
    - Otp Policy Type.
    default: totp
    otpPolicyAlgorithm:
    description:
    - Otp Policy Algorithm.
    default: HmacSHA1
    otpPolicyInitialCounter:
    description:
    - Otp Policy Initial Counter.
    default: 0
    otpPolicyDigits:
    description:
    - Otp Policy Digits.
    default: 6
    otpPolicyLookAheadWindow:
    description:
    - Otp Policy Look Ahead Window.
    default: 1
    otpPolicyPeriod:
    description:
    - Otp Policy Period.
    default: 30
    smtpServer:
    description:
    - SMTP Server.
    default: {}
    required: false
    suboptions:
    replyToDisplayName:
    description:
    - Name to display in sent email reply to field.
    type: str
    starttls:
    description:
    - If true, enable Start TLS.
    - Default is false if not defined.
    type: str
    choices:
    - true
    - false
    default: false
    auth:
    description:
    - Is authentication enabled on the SMTP server.
    - Default is false if not defined.
    type: str
    choices:
    - true
    - false
    default: false
    port:
    description:
    - SMTP server port.
    type: str
    default: 25
    host:
    description:
    - SMTP server host name or ip address.
    type: str
    replyTo:
    description:
    - Reply to address to put in sent email.
    type: str
    from:
    description:
    - From address to put in sent email.
    type: str
    fromDisplayName:
    description:
    - Name to put in from field for sent email.
    type: str
    envelopeFrom:
    description:
    - Address to put in envelopeFrom field for sent email.
    type: str
    ssl:
    description:
    - If true, SSL will be used to connect to SMTP server
    type: str
    choices:
    - true
    - false
    default: false
    user:
    description:
    - User name to authenticate on SMTP server if authentication is enabled.
    type: str
    password:
    description:
    - Password of the user to authenticate on SMTP server.
    type: str
    eventsExpiration:
    description:
    - backup time of logs in keycloak.
    required: false
    eventsConfig:
    description:
    - Event configuration for the realm.
    required: false
    suboptions:
    eventsEnabled:
    description:
    - If true, enable event loggin for the realm.
    type: bool
    enabledEventTypes:
    description:
    - Types of event to log.
    type: list
    choices:
    - SEND_RESET_PASSWORD
    - UPDATE_TOTP
    - REMOVE_TOTP
    - REVOKE_GRANT
    - LOGIN_ERROR
    - CLIENT_LOGIN
    - RESET_PASSWORD_ERROR
    - IMPERSONATE_ERROR
    - CODE_TO_TOKEN_ERROR
    - CUSTOM_REQUIRED_ACTION
    - UPDATE_PROFILE_ERROR
    - IMPERSONATE
    - LOGIN
    - UPDATE_PASSWORD_ERROR
    - REGISTER
    - LOGOUT
    - CLIENT_REGISTER
    - UPDATE_PASSWORD
    - FEDERATED_IDENTITY_LINK_ERROR
    - CLIENT_DELETE
    - IDENTITY_PROVIDER_FIRST_LOGIN
    - VERIFY_EMAIL
    - CLIENT_DELETE_ERROR
    - CLIENT_LOGIN_ERROR
    - REMOVE_FEDERATED_IDENTITY_ERROR
    - EXECUTE_ACTIONS
    - SEND_IDENTITY_PROVIDER_LINK_ERROR
    - SEND_VERIFY_EMAIL
    - EXECUTE_ACTIONS_ERROR
    - REMOVE_FEDERATED_IDENTITY
    - IDENTITY_PROVIDER_POST_LOGIN
    - UPDATE_EMAIL
    - REGISTER_ERROR
    - REVOKE_GRANT_ERROR
    - LOGOUT_ERROR
    - UPDATE_EMAIL_ERROR
    - CLIENT_UPDATE_ERROR
    - UPDATE_PROFILE
    - FEDERATED_IDENTITY_LINK
    - CLIENT_REGISTER_ERROR
    - SEND_VERIFY_EMAIL_ERROR
    - SEND_IDENTITY_PROVIDER_LINK
    - RESET_PASSWORD
    - REMOVE_TOTP_ERROR
    - VERIFY_EMAIL_ERROR
    - SEND_RESET_PASSWORD_ERROR
    - CLIENT_UPDATE
    - IDENTITY_PROVIDER_POST_LOGIN_ERROR
    - CUSTOM_REQUIRED_ACTION_ERROR
    - UPDATE_TOTP_ERROR
    - CODE_TO_TOKEN
    - IDENTITY_PROVIDER_FIRST_LOGIN_ERROR
    eventsListeners:
    description:
    - List of event listeners to log.
    type: list
    adminEventsEnabled:
    description:
    - If true, administration events will be logged.
    type: bool
    adminEventsDetailsEnabled:
    description:
    - If true, detail of administration event will be added to the logs.
    type: bool
    browserFlow:
    description:
    - Browser Flow.
    default: browser
    registrationFlow:
    description:
    - Registration Flow.
    default: registration
    required: false
    directGrantFlow:
    description:
    - Direct Grant Flow.
    default: direct grant
    resetCredentialsFlow:
    description:
    - Reset Credentials Flow.
    default: reset credentials
    clientAuthenticationFlow:
    description:
    - Client Authentication Flow.
    default: clients
    attributes:
    description:
    - Attributes.
    required: false
    browserSecurityHeaders:
    description:
    - Browser Security Headers.
    required: false
    state:
    choices: [ "present", "absent" ]
    default: present
    description:
    - Control if the realm exists.
    force:
    type: bool
    default: false
    description:
    - If true, allows to remove realm and recreate it.
@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 3, 2019

@adamgoossens @eikef

As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add shipit if you would like to see it merged.

click here for bot help

@ansibot

This comment has been minimized.

Copy link
Contributor

commented May 3, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.