1--- 2- name: Create realm 3 community.general.keycloak_realm: 4 auth_keycloak_url: "{{ url }}" 5 auth_realm: "{{ admin_realm }}" 6 auth_username: "{{ admin_user }}" 7 auth_password: "{{ admin_password }}" 8 id: "{{ realm }}" 9 realm: "{{ realm }}" 10 state: present 11 12- name: Create new identity provider 13 community.general.keycloak_identity_provider: 14 auth_keycloak_url: "{{ url }}" 15 auth_realm: "{{ admin_realm }}" 16 auth_username: "{{ admin_user }}" 17 auth_password: "{{ admin_password }}" 18 realm: "{{ realm }}" 19 alias: "{{ idp }}" 20 display_name: OpenID Connect IdP 21 enabled: true 22 provider_id: oidc 23 config: 24 issuer: https://idp.example.com 25 authorizationUrl: https://idp.example.com/auth 26 tokenUrl: https://idp.example.com/token 27 userInfoUrl: https://idp.example.com/userinfo 28 clientAuthMethod: client_secret_post 29 clientId: clientid 30 clientSecret: clientsecret 31 syncMode: FORCE 32 mappers: 33 - name: "first_name" 34 identityProviderAlias: "oidc-idp" 35 identityProviderMapper: "oidc-user-attribute-idp-mapper" 36 config: 37 claim: "first_name" 38 user.attribute: "first_name" 39 syncMode: "INHERIT" 40 - name: "last_name" 41 identityProviderAlias: "oidc-idp" 42 identityProviderMapper: "oidc-user-attribute-idp-mapper" 43 config: 44 claim: "last_name" 45 user.attribute: "last_name" 46 syncMode: "INHERIT" 47 state: present 48 register: result 49 50- name: Debug 51 debug: 52 var: result 53 54- name: Assert identity provider created 55 assert: 56 that: 57 - result is changed 58 - result.existing == {} 59 - result.end_state.alias == "{{ idp }}" 60 - result.end_state.mappers != [] 61 62- name: Update existing identity provider (no change) 63 community.general.keycloak_identity_provider: 64 auth_keycloak_url: "{{ url }}" 65 auth_realm: "{{ admin_realm }}" 66 auth_username: "{{ admin_user }}" 67 auth_password: "{{ admin_password }}" 68 realm: "{{ realm }}" 69 alias: "{{ idp }}" 70 enabled: true 71 provider_id: oidc 72 config: 73 issuer: https://idp.example.com 74 authorizationUrl: https://idp.example.com/auth 75 tokenUrl: https://idp.example.com/token 76 userInfoUrl: https://idp.example.com/userinfo 77 clientAuthMethod: client_secret_post 78 clientId: clientid 79 clientSecret: "**********" 80 syncMode: FORCE 81 mappers: 82 - name: "first_name" 83 identityProviderAlias: "oidc-idp" 84 identityProviderMapper: "oidc-user-attribute-idp-mapper" 85 config: 86 claim: "first_name" 87 user.attribute: "first_name" 88 syncMode: "INHERIT" 89 - name: "last_name" 90 identityProviderAlias: "oidc-idp" 91 identityProviderMapper: "oidc-user-attribute-idp-mapper" 92 config: 93 claim: "last_name" 94 user.attribute: "last_name" 95 syncMode: "INHERIT" 96 state: present 97 register: result 98 99- name: Debug 100 debug: 101 var: result 102 103- name: Assert identity provider unchanged 104 assert: 105 that: 106 - result is not changed 107 108- name: Update existing identity provider (with change) 109 community.general.keycloak_identity_provider: 110 auth_keycloak_url: "{{ url }}" 111 auth_realm: "{{ admin_realm }}" 112 auth_username: "{{ admin_user }}" 113 auth_password: "{{ admin_password }}" 114 realm: "{{ realm }}" 115 alias: "{{ idp }}" 116 enabled: false 117 state: present 118 register: result 119 120- name: Debug 121 debug: 122 var: result 123 124- name: Assert identity provider updated 125 assert: 126 that: 127 - result is changed 128 - result.existing.enabled == true 129 - result.end_state.enabled == false 130 131- name: Delete existing identity provider 132 community.general.keycloak_identity_provider: 133 auth_keycloak_url: "{{ url }}" 134 auth_realm: "{{ admin_realm }}" 135 auth_username: "{{ admin_user }}" 136 auth_password: "{{ admin_password }}" 137 realm: "{{ realm }}" 138 alias: "{{ idp }}" 139 state: absent 140 register: result 141 142- name: Debug 143 debug: 144 var: result 145 146- name: Assert identity provider deleted 147 assert: 148 that: 149 - result is changed 150 - result.end_state == {} 151 152- name: Delete absent identity provider 153 community.general.keycloak_identity_provider: 154 auth_keycloak_url: "{{ url }}" 155 auth_realm: "{{ admin_realm }}" 156 auth_username: "{{ admin_user }}" 157 auth_password: "{{ admin_password }}" 158 realm: "{{ realm }}" 159 alias: "{{ idp }}" 160 state: absent 161 register: result 162 163- name: Debug 164 debug: 165 var: result 166 167- name: Assert identity provider unchanged 168 assert: 169 that: 170 - result is not changed 171 - result.end_state == {} 172