mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #6678/c694abbd backport][stable-7] Use semantic markup (modules k-l) (#6703)
Use semantic markup (modules k-l) (#6678)
* Use semantic markup.
* Use option instead of alias.
(cherry picked from commit c694abbdf9
)
Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
parent
e968f89125
commit
be0d207f90
26 changed files with 249 additions and 250 deletions
|
@ -35,11 +35,11 @@ options:
|
||||||
suboptions:
|
suboptions:
|
||||||
group:
|
group:
|
||||||
description:
|
description:
|
||||||
- The option's group. One between this and I(groups) is required.
|
- The option's group. One between this and O(values[].groups) is required.
|
||||||
type: str
|
type: str
|
||||||
groups:
|
groups:
|
||||||
description:
|
description:
|
||||||
- List of the option's groups. One between this and I(group) is required.
|
- List of the option's groups. One between this and O(values[].group) is required.
|
||||||
type: list
|
type: list
|
||||||
elements: str
|
elements: str
|
||||||
key:
|
key:
|
||||||
|
@ -49,12 +49,12 @@ options:
|
||||||
required: true
|
required: true
|
||||||
value:
|
value:
|
||||||
description:
|
description:
|
||||||
- The option's value. One between this and I(bool_value) is required.
|
- The option's value. One between this and O(values[].bool_value) is required.
|
||||||
type: str
|
type: str
|
||||||
bool_value:
|
bool_value:
|
||||||
description:
|
description:
|
||||||
- Boolean value.
|
- Boolean value.
|
||||||
- One between this and I(value) is required.
|
- One between this and O(values[].value) is required.
|
||||||
type: bool
|
type: bool
|
||||||
required: true
|
required: true
|
||||||
backup:
|
backup:
|
||||||
|
|
|
@ -97,7 +97,7 @@ options:
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
description:
|
description:
|
||||||
- If C(true), allows to remove the authentication flow and recreate it.
|
- If V(true), allows to remove the authentication flow and recreate it.
|
||||||
|
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- community.general.keycloak
|
- community.general.keycloak
|
||||||
|
|
|
@ -40,8 +40,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the authorization scope.
|
- State of the authorization scope.
|
||||||
- On C(present), the authorization scope will be created (or updated if it exists already).
|
- On V(present), the authorization scope will be created (or updated if it exists already).
|
||||||
- On C(absent), the authorization scope will be removed if it exists.
|
- On V(absent), the authorization scope will be removed if it exists.
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
|
@ -108,22 +108,22 @@ end_state:
|
||||||
id:
|
id:
|
||||||
description: ID of the authorization scope.
|
description: ID of the authorization scope.
|
||||||
type: str
|
type: str
|
||||||
returned: when I(state=present)
|
returned: when O(state=present)
|
||||||
sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41
|
sample: a6ab1cf2-1001-40ec-9f39-48f23b6a0a41
|
||||||
name:
|
name:
|
||||||
description: Name of the authorization scope.
|
description: Name of the authorization scope.
|
||||||
type: str
|
type: str
|
||||||
returned: when I(state=present)
|
returned: when O(state=present)
|
||||||
sample: file:delete
|
sample: file:delete
|
||||||
display_name:
|
display_name:
|
||||||
description: Display name of the authorization scope.
|
description: Display name of the authorization scope.
|
||||||
type: str
|
type: str
|
||||||
returned: when I(state=present)
|
returned: when O(state=present)
|
||||||
sample: File delete
|
sample: File delete
|
||||||
icon_uri:
|
icon_uri:
|
||||||
description: Icon URI for the authorization scope.
|
description: Icon URI for the authorization scope.
|
||||||
type: str
|
type: str
|
||||||
returned: when I(state=present)
|
returned: when O(state=present)
|
||||||
sample: http://localhost/icon.png
|
sample: http://localhost/icon.png
|
||||||
|
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -40,8 +40,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the client
|
- State of the client
|
||||||
- On C(present), the client will be created (or updated if it exists already).
|
- On V(present), the client will be created (or updated if it exists already).
|
||||||
- On C(absent), the client will be removed if it exists
|
- On V(absent), the client will be removed if it exists
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
|
@ -55,7 +55,7 @@ options:
|
||||||
client_id:
|
client_id:
|
||||||
description:
|
description:
|
||||||
- Client id of client to be worked on. This is usually an alphanumeric name chosen by
|
- Client id of client to be worked on. This is usually an alphanumeric name chosen by
|
||||||
you. Either this or I(id) is required. If you specify both, I(id) takes precedence.
|
you. Either this or O(id) is required. If you specify both, O(id) takes precedence.
|
||||||
This is 'clientId' in the Keycloak REST API.
|
This is 'clientId' in the Keycloak REST API.
|
||||||
aliases:
|
aliases:
|
||||||
- clientId
|
- clientId
|
||||||
|
@ -63,13 +63,13 @@ options:
|
||||||
|
|
||||||
id:
|
id:
|
||||||
description:
|
description:
|
||||||
- Id of client to be worked on. This is usually an UUID. Either this or I(client_id)
|
- Id of client to be worked on. This is usually an UUID. Either this or O(client_id)
|
||||||
is required. If you specify both, this takes precedence.
|
is required. If you specify both, this takes precedence.
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- Name of the client (this is not the same as I(client_id)).
|
- Name of the client (this is not the same as O(client_id)).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
description:
|
description:
|
||||||
|
@ -108,12 +108,12 @@ options:
|
||||||
|
|
||||||
client_authenticator_type:
|
client_authenticator_type:
|
||||||
description:
|
description:
|
||||||
- How do clients authenticate with the auth server? Either C(client-secret) or
|
- How do clients authenticate with the auth server? Either V(client-secret) or
|
||||||
C(client-jwt) can be chosen. When using C(client-secret), the module parameter
|
V(client-jwt) can be chosen. When using V(client-secret), the module parameter
|
||||||
I(secret) can set it, while for C(client-jwt), you can use the keys C(use.jwks.url),
|
O(secret) can set it, while for V(client-jwt), you can use the keys C(use.jwks.url),
|
||||||
C(jwks.url), and C(jwt.credential.certificate) in the I(attributes) module parameter
|
C(jwks.url), and C(jwt.credential.certificate) in the O(attributes) module parameter
|
||||||
to configure its behavior.
|
to configure its behavior.
|
||||||
This is 'clientAuthenticatorType' in the Keycloak REST API.
|
- This is 'clientAuthenticatorType' in the Keycloak REST API.
|
||||||
choices: ['client-secret', 'client-jwt']
|
choices: ['client-secret', 'client-jwt']
|
||||||
aliases:
|
aliases:
|
||||||
- clientAuthenticatorType
|
- clientAuthenticatorType
|
||||||
|
@ -121,7 +121,7 @@ options:
|
||||||
|
|
||||||
secret:
|
secret:
|
||||||
description:
|
description:
|
||||||
- When using I(client_authenticator_type) C(client-secret) (the default), you can
|
- When using O(client_authenticator_type=client-secret) (the default), you can
|
||||||
specify a secret here (otherwise one will be generated if it does not exit). If
|
specify a secret here (otherwise one will be generated if it does not exit). If
|
||||||
changing this secret, the module will not register a change currently (but the
|
changing this secret, the module will not register a change currently (but the
|
||||||
changed secret will be saved).
|
changed secret will be saved).
|
||||||
|
@ -246,7 +246,7 @@ options:
|
||||||
|
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
- Type of client (either C(openid-connect) or C(saml).
|
- Type of client.
|
||||||
type: str
|
type: str
|
||||||
choices: ['openid-connect', 'saml']
|
choices: ['openid-connect', 'saml']
|
||||||
|
|
||||||
|
@ -286,7 +286,7 @@ options:
|
||||||
|
|
||||||
use_template_config:
|
use_template_config:
|
||||||
description:
|
description:
|
||||||
- Whether or not to use configuration from the I(client_template).
|
- Whether or not to use configuration from the O(client_template).
|
||||||
This is 'useTemplateConfig' in the Keycloak REST API.
|
This is 'useTemplateConfig' in the Keycloak REST API.
|
||||||
aliases:
|
aliases:
|
||||||
- useTemplateConfig
|
- useTemplateConfig
|
||||||
|
@ -294,7 +294,7 @@ options:
|
||||||
|
|
||||||
use_template_scope:
|
use_template_scope:
|
||||||
description:
|
description:
|
||||||
- Whether or not to use scope configuration from the I(client_template).
|
- Whether or not to use scope configuration from the O(client_template).
|
||||||
This is 'useTemplateScope' in the Keycloak REST API.
|
This is 'useTemplateScope' in the Keycloak REST API.
|
||||||
aliases:
|
aliases:
|
||||||
- useTemplateScope
|
- useTemplateScope
|
||||||
|
@ -302,7 +302,7 @@ options:
|
||||||
|
|
||||||
use_template_mappers:
|
use_template_mappers:
|
||||||
description:
|
description:
|
||||||
- Whether or not to use mapper configuration from the I(client_template).
|
- Whether or not to use mapper configuration from the O(client_template).
|
||||||
This is 'useTemplateMappers' in the Keycloak REST API.
|
This is 'useTemplateMappers' in the Keycloak REST API.
|
||||||
aliases:
|
aliases:
|
||||||
- useTemplateMappers
|
- useTemplateMappers
|
||||||
|
@ -391,38 +391,37 @@ options:
|
||||||
|
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
- This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper.
|
- This specifies for which protocol this protocol mapper is active.
|
||||||
is active.
|
|
||||||
choices: ['openid-connect', 'saml']
|
choices: ['openid-connect', 'saml']
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
protocolMapper:
|
protocolMapper:
|
||||||
description:
|
description:
|
||||||
- The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
- "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
||||||
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
||||||
by default Keycloak as of 3.4 ships with at least
|
by default Keycloak as of 3.4 ships with at least:"
|
||||||
- C(docker-v2-allow-all-mapper)
|
- V(docker-v2-allow-all-mapper)
|
||||||
- C(oidc-address-mapper)
|
- V(oidc-address-mapper)
|
||||||
- C(oidc-full-name-mapper)
|
- V(oidc-full-name-mapper)
|
||||||
- C(oidc-group-membership-mapper)
|
- V(oidc-group-membership-mapper)
|
||||||
- C(oidc-hardcoded-claim-mapper)
|
- V(oidc-hardcoded-claim-mapper)
|
||||||
- C(oidc-hardcoded-role-mapper)
|
- V(oidc-hardcoded-role-mapper)
|
||||||
- C(oidc-role-name-mapper)
|
- V(oidc-role-name-mapper)
|
||||||
- C(oidc-script-based-protocol-mapper)
|
- V(oidc-script-based-protocol-mapper)
|
||||||
- C(oidc-sha256-pairwise-sub-mapper)
|
- V(oidc-sha256-pairwise-sub-mapper)
|
||||||
- C(oidc-usermodel-attribute-mapper)
|
- V(oidc-usermodel-attribute-mapper)
|
||||||
- C(oidc-usermodel-client-role-mapper)
|
- V(oidc-usermodel-client-role-mapper)
|
||||||
- C(oidc-usermodel-property-mapper)
|
- V(oidc-usermodel-property-mapper)
|
||||||
- C(oidc-usermodel-realm-role-mapper)
|
- V(oidc-usermodel-realm-role-mapper)
|
||||||
- C(oidc-usersessionmodel-note-mapper)
|
- V(oidc-usersessionmodel-note-mapper)
|
||||||
- C(saml-group-membership-mapper)
|
- V(saml-group-membership-mapper)
|
||||||
- C(saml-hardcode-attribute-mapper)
|
- V(saml-hardcode-attribute-mapper)
|
||||||
- C(saml-hardcode-role-mapper)
|
- V(saml-hardcode-role-mapper)
|
||||||
- C(saml-role-list-mapper)
|
- V(saml-role-list-mapper)
|
||||||
- C(saml-role-name-mapper)
|
- V(saml-role-name-mapper)
|
||||||
- C(saml-user-attribute-mapper)
|
- V(saml-user-attribute-mapper)
|
||||||
- C(saml-user-property-mapper)
|
- V(saml-user-property-mapper)
|
||||||
- C(saml-user-session-note-mapper)
|
- V(saml-user-session-note-mapper)
|
||||||
- An exhaustive list of available mappers on your installation can be obtained on
|
- An exhaustive list of available mappers on your installation can be obtained on
|
||||||
the admin console by going to Server Info -> Providers and looking under
|
the admin console by going to Server Info -> Providers and looking under
|
||||||
'protocol-mapper'.
|
'protocol-mapper'.
|
||||||
|
@ -431,10 +430,10 @@ options:
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the protocol mapper; the
|
- Dict specifying the configuration options for the protocol mapper; the
|
||||||
contents differ depending on the value of I(protocolMapper) and are not documented
|
contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented
|
||||||
other than by the source of the mappers and its parent class(es). An example is given
|
other than by the source of the mappers and its parent class(es). An example is given
|
||||||
below. It is easiest to obtain valid config values by dumping an already-existing
|
below. It is easiest to obtain valid config values by dumping an already-existing
|
||||||
protocol mapper configuration through check-mode in the I(existing) field.
|
protocol mapper configuration through check-mode in the RV(existing) field.
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
attributes:
|
attributes:
|
||||||
|
@ -478,7 +477,7 @@ options:
|
||||||
|
|
||||||
saml.signature.algorithm:
|
saml.signature.algorithm:
|
||||||
description:
|
description:
|
||||||
- Signature algorithm used to sign SAML documents. One of C(RSA_SHA256), C(RSA_SHA1), C(RSA_SHA512), or C(DSA_SHA1).
|
- Signature algorithm used to sign SAML documents. One of V(RSA_SHA256), V(RSA_SHA1), V(RSA_SHA512), or V(DSA_SHA1).
|
||||||
|
|
||||||
saml.signing.certificate:
|
saml.signing.certificate:
|
||||||
description:
|
description:
|
||||||
|
@ -503,15 +502,15 @@ options:
|
||||||
|
|
||||||
saml_name_id_format:
|
saml_name_id_format:
|
||||||
description:
|
description:
|
||||||
- For SAML clients, the NameID format to use (one of C(username), C(email), C(transient), or C(persistent))
|
- For SAML clients, the NameID format to use (one of V(username), V(email), V(transient), or V(persistent))
|
||||||
|
|
||||||
saml_signature_canonicalization_method:
|
saml_signature_canonicalization_method:
|
||||||
description:
|
description:
|
||||||
- SAML signature canonicalization method. This is one of four values, namely
|
- SAML signature canonicalization method. This is one of four values, namely
|
||||||
C(http://www.w3.org/2001/10/xml-exc-c14n#) for EXCLUSIVE,
|
V(http://www.w3.org/2001/10/xml-exc-c14n#) for EXCLUSIVE,
|
||||||
C(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS,
|
V(http://www.w3.org/2001/10/xml-exc-c14n#WithComments) for EXCLUSIVE_WITH_COMMENTS,
|
||||||
C(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) for INCLUSIVE, and
|
V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315) for INCLUSIVE, and
|
||||||
C(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS.
|
V(http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments) for INCLUSIVE_WITH_COMMENTS.
|
||||||
|
|
||||||
saml_single_logout_service_url_post:
|
saml_single_logout_service_url_post:
|
||||||
description:
|
description:
|
||||||
|
@ -523,12 +522,12 @@ options:
|
||||||
|
|
||||||
user.info.response.signature.alg:
|
user.info.response.signature.alg:
|
||||||
description:
|
description:
|
||||||
- For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of C(RS256) or C(unsigned).
|
- For OpenID-Connect clients, JWA algorithm for signed UserInfo-endpoint responses. One of V(RS256) or V(unsigned).
|
||||||
|
|
||||||
request.object.signature.alg:
|
request.object.signature.alg:
|
||||||
description:
|
description:
|
||||||
- For OpenID-Connect clients, JWA algorithm which the client needs to use when sending
|
- For OpenID-Connect clients, JWA algorithm which the client needs to use when sending
|
||||||
OIDC request object. One of C(any), C(none), C(RS256).
|
OIDC request object. One of V(any), V(none), V(RS256).
|
||||||
|
|
||||||
use.jwks.url:
|
use.jwks.url:
|
||||||
description:
|
description:
|
||||||
|
|
|
@ -43,8 +43,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the client_rolemapping.
|
- State of the client_rolemapping.
|
||||||
- On C(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the client_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- On C(absent), the client_rolemapping will be removed if it exists.
|
- On V(absent), the client_rolemapping will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
@ -73,7 +73,7 @@ options:
|
||||||
client_id:
|
client_id:
|
||||||
type: str
|
type: str
|
||||||
description:
|
description:
|
||||||
- Name of the client to be mapped (different than I(cid)).
|
- Name of the client to be mapped (different than O(cid)).
|
||||||
- This parameter is required (can be replaced by cid for less API call).
|
- This parameter is required (can be replaced by cid for less API call).
|
||||||
|
|
||||||
cid:
|
cid:
|
||||||
|
|
|
@ -43,8 +43,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the client_scope.
|
- State of the client_scope.
|
||||||
- On C(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the client_scope will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- On C(absent), the client_scope will be removed if it exists.
|
- On V(absent), the client_scope will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
@ -103,28 +103,28 @@ options:
|
||||||
- "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
- "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
||||||
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
||||||
by default Keycloak as of 3.4 ships with at least:"
|
by default Keycloak as of 3.4 ships with at least:"
|
||||||
- C(docker-v2-allow-all-mapper)
|
- V(docker-v2-allow-all-mapper)
|
||||||
- C(oidc-address-mapper)
|
- V(oidc-address-mapper)
|
||||||
- C(oidc-full-name-mapper)
|
- V(oidc-full-name-mapper)
|
||||||
- C(oidc-group-membership-mapper)
|
- V(oidc-group-membership-mapper)
|
||||||
- C(oidc-hardcoded-claim-mapper)
|
- V(oidc-hardcoded-claim-mapper)
|
||||||
- C(oidc-hardcoded-role-mapper)
|
- V(oidc-hardcoded-role-mapper)
|
||||||
- C(oidc-role-name-mapper)
|
- V(oidc-role-name-mapper)
|
||||||
- C(oidc-script-based-protocol-mapper)
|
- V(oidc-script-based-protocol-mapper)
|
||||||
- C(oidc-sha256-pairwise-sub-mapper)
|
- V(oidc-sha256-pairwise-sub-mapper)
|
||||||
- C(oidc-usermodel-attribute-mapper)
|
- V(oidc-usermodel-attribute-mapper)
|
||||||
- C(oidc-usermodel-client-role-mapper)
|
- V(oidc-usermodel-client-role-mapper)
|
||||||
- C(oidc-usermodel-property-mapper)
|
- V(oidc-usermodel-property-mapper)
|
||||||
- C(oidc-usermodel-realm-role-mapper)
|
- V(oidc-usermodel-realm-role-mapper)
|
||||||
- C(oidc-usersessionmodel-note-mapper)
|
- V(oidc-usersessionmodel-note-mapper)
|
||||||
- C(saml-group-membership-mapper)
|
- V(saml-group-membership-mapper)
|
||||||
- C(saml-hardcode-attribute-mapper)
|
- V(saml-hardcode-attribute-mapper)
|
||||||
- C(saml-hardcode-role-mapper)
|
- V(saml-hardcode-role-mapper)
|
||||||
- C(saml-role-list-mapper)
|
- V(saml-role-list-mapper)
|
||||||
- C(saml-role-name-mapper)
|
- V(saml-role-name-mapper)
|
||||||
- C(saml-user-attribute-mapper)
|
- V(saml-user-attribute-mapper)
|
||||||
- C(saml-user-property-mapper)
|
- V(saml-user-property-mapper)
|
||||||
- C(saml-user-session-note-mapper)
|
- V(saml-user-session-note-mapper)
|
||||||
- An exhaustive list of available mappers on your installation can be obtained on
|
- An exhaustive list of available mappers on your installation can be obtained on
|
||||||
the admin console by going to Server Info -> Providers and looking under
|
the admin console by going to Server Info -> Providers and looking under
|
||||||
'protocol-mapper'.
|
'protocol-mapper'.
|
||||||
|
@ -143,10 +143,10 @@ options:
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the protocol mapper; the
|
- Dict specifying the configuration options for the protocol mapper; the
|
||||||
contents differ depending on the value of I(protocolMapper) and are not documented
|
contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented
|
||||||
other than by the source of the mappers and its parent class(es). An example is given
|
other than by the source of the mappers and its parent class(es). An example is given
|
||||||
below. It is easiest to obtain valid config values by dumping an already-existing
|
below. It is easiest to obtain valid config values by dumping an already-existing
|
||||||
protocol mapper configuration through check-mode in the C(existing) return value.
|
protocol mapper configuration through check-mode in the RV(existing) return value.
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
attributes:
|
attributes:
|
||||||
|
|
|
@ -40,7 +40,7 @@ options:
|
||||||
|
|
||||||
client_id:
|
client_id:
|
||||||
description:
|
description:
|
||||||
- The I(client_id) of the client. If not set the clientscop types are set as a default for the realm.
|
- The O(client_id) of the client. If not set the clientscop types are set as a default for the realm.
|
||||||
aliases:
|
aliases:
|
||||||
- clientId
|
- clientId
|
||||||
type: str
|
type: str
|
||||||
|
|
|
@ -26,8 +26,8 @@ description:
|
||||||
and a user having the expected roles.
|
and a user having the expected roles.
|
||||||
|
|
||||||
- When retrieving a new client secret, where possible provide the client's
|
- When retrieving a new client secret, where possible provide the client's
|
||||||
I(id) (not I(client_id)) to the module. This removes a lookup to the API to
|
O(id) (not O(client_id)) to the module. This removes a lookup to the API to
|
||||||
translate the I(client_id) into the client ID.
|
translate the O(client_id) into the client ID.
|
||||||
|
|
||||||
- "Note that this module returns the client secret. To avoid this showing up in the logs,
|
- "Note that this module returns the client secret. To avoid this showing up in the logs,
|
||||||
please add C(no_log: true) to the task."
|
please add C(no_log: true) to the task."
|
||||||
|
@ -48,7 +48,7 @@ options:
|
||||||
|
|
||||||
client_id:
|
client_id:
|
||||||
description:
|
description:
|
||||||
- The I(client_id) of the client. Passing this instead of I(id) results in an
|
- The O(client_id) of the client. Passing this instead of O(id) results in an
|
||||||
extra API call.
|
extra API call.
|
||||||
aliases:
|
aliases:
|
||||||
- clientId
|
- clientId
|
||||||
|
|
|
@ -38,8 +38,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the client template.
|
- State of the client template.
|
||||||
- On C(present), the client template will be created (or updated if it exists already).
|
- On V(present), the client template will be created (or updated if it exists already).
|
||||||
- On C(absent), the client template will be removed if it exists
|
- On V(absent), the client template will be removed if it exists
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
|
@ -67,7 +67,7 @@ options:
|
||||||
|
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
- Type of client template (either C(openid-connect) or C(saml).
|
- Type of client template.
|
||||||
choices: ['openid-connect', 'saml']
|
choices: ['openid-connect', 'saml']
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
|
@ -106,38 +106,37 @@ options:
|
||||||
|
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
- This is either C(openid-connect) or C(saml), this specifies for which protocol this protocol mapper.
|
- This specifies for which protocol this protocol mapper is active.
|
||||||
is active.
|
|
||||||
choices: ['openid-connect', 'saml']
|
choices: ['openid-connect', 'saml']
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
protocolMapper:
|
protocolMapper:
|
||||||
description:
|
description:
|
||||||
- The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
- "The Keycloak-internal name of the type of this protocol-mapper. While an exhaustive list is
|
||||||
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
impossible to provide since this may be extended through SPIs by the user of Keycloak,
|
||||||
by default Keycloak as of 3.4 ships with at least
|
by default Keycloak as of 3.4 ships with at least:"
|
||||||
- C(docker-v2-allow-all-mapper)
|
- V(docker-v2-allow-all-mapper)
|
||||||
- C(oidc-address-mapper)
|
- V(oidc-address-mapper)
|
||||||
- C(oidc-full-name-mapper)
|
- V(oidc-full-name-mapper)
|
||||||
- C(oidc-group-membership-mapper)
|
- V(oidc-group-membership-mapper)
|
||||||
- C(oidc-hardcoded-claim-mapper)
|
- V(oidc-hardcoded-claim-mapper)
|
||||||
- C(oidc-hardcoded-role-mapper)
|
- V(oidc-hardcoded-role-mapper)
|
||||||
- C(oidc-role-name-mapper)
|
- V(oidc-role-name-mapper)
|
||||||
- C(oidc-script-based-protocol-mapper)
|
- V(oidc-script-based-protocol-mapper)
|
||||||
- C(oidc-sha256-pairwise-sub-mapper)
|
- V(oidc-sha256-pairwise-sub-mapper)
|
||||||
- C(oidc-usermodel-attribute-mapper)
|
- V(oidc-usermodel-attribute-mapper)
|
||||||
- C(oidc-usermodel-client-role-mapper)
|
- V(oidc-usermodel-client-role-mapper)
|
||||||
- C(oidc-usermodel-property-mapper)
|
- V(oidc-usermodel-property-mapper)
|
||||||
- C(oidc-usermodel-realm-role-mapper)
|
- V(oidc-usermodel-realm-role-mapper)
|
||||||
- C(oidc-usersessionmodel-note-mapper)
|
- V(oidc-usersessionmodel-note-mapper)
|
||||||
- C(saml-group-membership-mapper)
|
- V(saml-group-membership-mapper)
|
||||||
- C(saml-hardcode-attribute-mapper)
|
- V(saml-hardcode-attribute-mapper)
|
||||||
- C(saml-hardcode-role-mapper)
|
- V(saml-hardcode-role-mapper)
|
||||||
- C(saml-role-list-mapper)
|
- V(saml-role-list-mapper)
|
||||||
- C(saml-role-name-mapper)
|
- V(saml-role-name-mapper)
|
||||||
- C(saml-user-attribute-mapper)
|
- V(saml-user-attribute-mapper)
|
||||||
- C(saml-user-property-mapper)
|
- V(saml-user-property-mapper)
|
||||||
- C(saml-user-session-note-mapper)
|
- V(saml-user-session-note-mapper)
|
||||||
- An exhaustive list of available mappers on your installation can be obtained on
|
- An exhaustive list of available mappers on your installation can be obtained on
|
||||||
the admin console by going to Server Info -> Providers and looking under
|
the admin console by going to Server Info -> Providers and looking under
|
||||||
'protocol-mapper'.
|
'protocol-mapper'.
|
||||||
|
@ -146,10 +145,10 @@ options:
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the protocol mapper; the
|
- Dict specifying the configuration options for the protocol mapper; the
|
||||||
contents differ depending on the value of I(protocolMapper) and are not documented
|
contents differ depending on the value of O(protocol_mappers[].protocolMapper) and are not documented
|
||||||
other than by the source of the mappers and its parent class(es). An example is given
|
other than by the source of the mappers and its parent class(es). An example is given
|
||||||
below. It is easiest to obtain valid config values by dumping an already-existing
|
below. It is easiest to obtain valid config values by dumping an already-existing
|
||||||
protocol mapper configuration through check-mode in the I(existing) field.
|
protocol mapper configuration through check-mode in the RV(existing) field.
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
attributes:
|
attributes:
|
||||||
|
@ -160,9 +159,9 @@ options:
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
notes:
|
notes:
|
||||||
- The Keycloak REST API defines further fields (namely I(bearerOnly), I(consentRequired), I(standardFlowEnabled),
|
- The Keycloak REST API defines further fields (namely C(bearerOnly), C(consentRequired), C(standardFlowEnabled),
|
||||||
I(implicitFlowEnabled), I(directAccessGrantsEnabled), I(serviceAccountsEnabled), I(publicClient), and
|
C(implicitFlowEnabled), C(directAccessGrantsEnabled), C(serviceAccountsEnabled), C(publicClient), and
|
||||||
I(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on
|
C(frontchannelLogout)) which, while available with keycloak_client, do not have any effect on
|
||||||
Keycloak client-templates and are discarded if supplied with an API request changing client-templates. As such,
|
Keycloak client-templates and are discarded if supplied with an API request changing client-templates. As such,
|
||||||
they are not available through this module.
|
they are not available through this module.
|
||||||
|
|
||||||
|
|
|
@ -41,9 +41,9 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the group.
|
- State of the group.
|
||||||
- On C(present), the group will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the group will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- >-
|
- >-
|
||||||
On C(absent), the group will be removed if it exists. Be aware that absenting
|
On V(absent), the group will be removed if it exists. Be aware that absenting
|
||||||
a group with subgroups will automatically delete all its subgroups too.
|
a group with subgroups will automatically delete all its subgroups too.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
|
@ -93,7 +93,7 @@ options:
|
||||||
type: str
|
type: str
|
||||||
description:
|
description:
|
||||||
- Identify parent by ID.
|
- Identify parent by ID.
|
||||||
- Needs less API calls than using I(name).
|
- Needs less API calls than using O(parents[].name).
|
||||||
- A deep parent chain can be started at any point when first given parent is given as ID.
|
- A deep parent chain can be started at any point when first given parent is given as ID.
|
||||||
- Note that in principle both ID and name can be specified at the same time
|
- Note that in principle both ID and name can be specified at the same time
|
||||||
but current implementation only always use just one of them, with ID
|
but current implementation only always use just one of them, with ID
|
||||||
|
@ -102,14 +102,14 @@ options:
|
||||||
type: str
|
type: str
|
||||||
description:
|
description:
|
||||||
- Identify parent by name.
|
- Identify parent by name.
|
||||||
- Needs more internal API calls than using I(id) to map names to ID's under the hood.
|
- Needs more internal API calls than using O(parents[].id) to map names to ID's under the hood.
|
||||||
- When giving a parent chain with only names it must be complete up to the top.
|
- When giving a parent chain with only names it must be complete up to the top.
|
||||||
- Note that in principle both ID and name can be specified at the same time
|
- Note that in principle both ID and name can be specified at the same time
|
||||||
but current implementation only always use just one of them, with ID
|
but current implementation only always use just one of them, with ID
|
||||||
being preferred.
|
being preferred.
|
||||||
|
|
||||||
notes:
|
notes:
|
||||||
- Presently, the I(realmRoles), I(clientRoles) and I(access) attributes returned by the Keycloak API
|
- Presently, the RV(end_state.realmRoles), RV(end_state.clientRoles), and RV(end_state.access) attributes returned by the Keycloak API
|
||||||
are read-only for groups. This limitation will be removed in a later version of this module.
|
are read-only for groups. This limitation will be removed in a later version of this module.
|
||||||
|
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
|
|
|
@ -36,8 +36,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the identity provider.
|
- State of the identity provider.
|
||||||
- On C(present), the identity provider will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the identity provider will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- On C(absent), the identity provider will be removed if it exists.
|
- On V(absent), the identity provider will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
@ -120,16 +120,16 @@ options:
|
||||||
|
|
||||||
provider_id:
|
provider_id:
|
||||||
description:
|
description:
|
||||||
- Protocol used by this provider (supported values are C(oidc) or C(saml)).
|
- Protocol used by this provider (supported values are V(oidc) or V(saml)).
|
||||||
aliases:
|
aliases:
|
||||||
- providerId
|
- providerId
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the provider; the contents differ depending on the value of I(providerId).
|
- Dict specifying the configuration options for the provider; the contents differ depending on the value of O(provider_id).
|
||||||
Examples are given below for C(oidc) and C(saml). It is easiest to obtain valid config values by dumping an already-existing
|
Examples are given below for V(oidc) and V(saml). It is easiest to obtain valid config values by dumping an already-existing
|
||||||
identity provider configuration through check-mode in the I(existing) field.
|
identity provider configuration through check-mode in the RV(existing) field.
|
||||||
type: dict
|
type: dict
|
||||||
suboptions:
|
suboptions:
|
||||||
hide_on_login_page:
|
hide_on_login_page:
|
||||||
|
@ -271,7 +271,8 @@ options:
|
||||||
|
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the mapper; the contents differ depending on the value of I(identityProviderMapper).
|
- Dict specifying the configuration options for the mapper; the contents differ depending on the value of
|
||||||
|
O(mappers[].identityProviderMapper).
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
|
|
|
@ -42,8 +42,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the realm.
|
- State of the realm.
|
||||||
- On C(present), the realm will be created (or updated if it exists already).
|
- On V(present), the realm will be created (or updated if it exists already).
|
||||||
- On C(absent), the realm will be removed if it exists.
|
- On V(absent), the realm will be removed if it exists.
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
|
|
|
@ -40,8 +40,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the role.
|
- State of the role.
|
||||||
- On C(present), the role will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the role will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- On C(absent), the role will be removed if it exists.
|
- On V(absent), the role will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
|
|
@ -135,7 +135,7 @@ options:
|
||||||
required: true
|
required: true
|
||||||
temporary:
|
temporary:
|
||||||
description:
|
description:
|
||||||
- If C(true), the users are required to reset their credentials at next login.
|
- If V(true), the users are required to reset their credentials at next login.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
required_actions:
|
required_actions:
|
||||||
|
@ -207,7 +207,7 @@ options:
|
||||||
type: str
|
type: str
|
||||||
force:
|
force:
|
||||||
description:
|
description:
|
||||||
- If C(true), allows to remove user and recreate it.
|
- If V(true), allows to remove user and recreate it.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
|
@ -345,7 +345,7 @@ end_state:
|
||||||
returned: on success
|
returned: on success
|
||||||
type: dict
|
type: dict
|
||||||
changed:
|
changed:
|
||||||
description: Return C(true) if the operation changed the user on the keycloak server, C(false) otherwise.
|
description: Return V(true) if the operation changed the user on the keycloak server, V(false) otherwise.
|
||||||
returned: always
|
returned: always
|
||||||
type: bool
|
type: bool
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -36,9 +36,9 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the user federation.
|
- State of the user federation.
|
||||||
- On C(present), the user federation will be created if it does not yet exist, or updated with
|
- On V(present), the user federation will be created if it does not yet exist, or updated with
|
||||||
the parameters you provide.
|
the parameters you provide.
|
||||||
- On C(absent), the user federation will be removed if it exists.
|
- On V(absent), the user federation will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
@ -54,7 +54,7 @@ options:
|
||||||
id:
|
id:
|
||||||
description:
|
description:
|
||||||
- The unique ID for this user federation. If left empty, the user federation will be searched
|
- The unique ID for this user federation. If left empty, the user federation will be searched
|
||||||
by its I(name).
|
by its O(name).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
name:
|
name:
|
||||||
|
@ -75,7 +75,7 @@ options:
|
||||||
|
|
||||||
provider_type:
|
provider_type:
|
||||||
description:
|
description:
|
||||||
- Component type for user federation (only supported value is C(org.keycloak.storage.UserStorageProvider)).
|
- Component type for user federation (only supported value is V(org.keycloak.storage.UserStorageProvider)).
|
||||||
aliases:
|
aliases:
|
||||||
- providerType
|
- providerType
|
||||||
default: org.keycloak.storage.UserStorageProvider
|
default: org.keycloak.storage.UserStorageProvider
|
||||||
|
@ -91,10 +91,10 @@ options:
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the provider; the contents differ depending on
|
- Dict specifying the configuration options for the provider; the contents differ depending on
|
||||||
the value of I(provider_id). Examples are given below for C(ldap), C(kerberos) and C(sssd).
|
the value of O(provider_id). Examples are given below for V(ldap), V(kerberos) and V(sssd).
|
||||||
It is easiest to obtain valid config values by dumping an already-existing user federation
|
It is easiest to obtain valid config values by dumping an already-existing user federation
|
||||||
configuration through check-mode in the I(existing) field.
|
configuration through check-mode in the RV(existing) field.
|
||||||
- The value C(sssd) has been supported since community.general 4.2.0.
|
- The value V(sssd) has been supported since community.general 4.2.0.
|
||||||
type: dict
|
type: dict
|
||||||
suboptions:
|
suboptions:
|
||||||
enabled:
|
enabled:
|
||||||
|
@ -111,15 +111,15 @@ options:
|
||||||
|
|
||||||
importEnabled:
|
importEnabled:
|
||||||
description:
|
description:
|
||||||
- If C(true), LDAP users will be imported into Keycloak DB and synced by the configured
|
- If V(true), LDAP users will be imported into Keycloak DB and synced by the configured
|
||||||
sync policies.
|
sync policies.
|
||||||
default: true
|
default: true
|
||||||
type: bool
|
type: bool
|
||||||
|
|
||||||
editMode:
|
editMode:
|
||||||
description:
|
description:
|
||||||
- C(READ_ONLY) is a read-only LDAP store. C(WRITABLE) means data will be synced back to LDAP
|
- V(READ_ONLY) is a read-only LDAP store. V(WRITABLE) means data will be synced back to LDAP
|
||||||
on demand. C(UNSYNCED) means user data will be imported, but not synced back to LDAP.
|
on demand. V(UNSYNCED) means user data will be imported, but not synced back to LDAP.
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
- READ_ONLY
|
- READ_ONLY
|
||||||
|
@ -136,13 +136,13 @@ options:
|
||||||
vendor:
|
vendor:
|
||||||
description:
|
description:
|
||||||
- LDAP vendor (provider).
|
- LDAP vendor (provider).
|
||||||
- Use short name. For instance, write C(rhds) for "Red Hat Directory Server".
|
- Use short name. For instance, write V(rhds) for "Red Hat Directory Server".
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
usernameLDAPAttribute:
|
usernameLDAPAttribute:
|
||||||
description:
|
description:
|
||||||
- Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server
|
- Name of LDAP attribute, which is mapped as Keycloak username. For many LDAP server
|
||||||
vendors it can be C(uid). For Active directory it can be C(sAMAccountName) or C(cn).
|
vendors it can be V(uid). For Active directory it can be V(sAMAccountName) or V(cn).
|
||||||
The attribute should be filled for all LDAP user records you want to import from
|
The attribute should be filled for all LDAP user records you want to import from
|
||||||
LDAP to Keycloak.
|
LDAP to Keycloak.
|
||||||
type: str
|
type: str
|
||||||
|
@ -151,15 +151,15 @@ options:
|
||||||
description:
|
description:
|
||||||
- Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN.
|
- Name of LDAP attribute, which is used as RDN (top attribute) of typical user DN.
|
||||||
Usually it's the same as Username LDAP attribute, however it is not required. For
|
Usually it's the same as Username LDAP attribute, however it is not required. For
|
||||||
example for Active directory, it is common to use C(cn) as RDN attribute when
|
example for Active directory, it is common to use V(cn) as RDN attribute when
|
||||||
username attribute might be C(sAMAccountName).
|
username attribute might be V(sAMAccountName).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
uuidLDAPAttribute:
|
uuidLDAPAttribute:
|
||||||
description:
|
description:
|
||||||
- Name of LDAP attribute, which is used as unique object identifier (UUID) for objects
|
- Name of LDAP attribute, which is used as unique object identifier (UUID) for objects
|
||||||
in LDAP. For many LDAP server vendors, it is C(entryUUID); however some are different.
|
in LDAP. For many LDAP server vendors, it is V(entryUUID); however some are different.
|
||||||
For example for Active directory it should be C(objectGUID). If your LDAP server does
|
For example for Active directory it should be V(objectGUID). If your LDAP server does
|
||||||
not support the notion of UUID, you can use any other attribute that is supposed to
|
not support the notion of UUID, you can use any other attribute that is supposed to
|
||||||
be unique among LDAP users in tree.
|
be unique among LDAP users in tree.
|
||||||
type: str
|
type: str
|
||||||
|
@ -167,7 +167,7 @@ options:
|
||||||
userObjectClasses:
|
userObjectClasses:
|
||||||
description:
|
description:
|
||||||
- All values of LDAP objectClass attribute for users in LDAP divided by comma.
|
- All values of LDAP objectClass attribute for users in LDAP divided by comma.
|
||||||
For example C(inetOrgPerson, organizationalPerson). Newly created Keycloak users
|
For example V(inetOrgPerson, organizationalPerson). Newly created Keycloak users
|
||||||
will be written to LDAP with all those object classes and existing LDAP user records
|
will be written to LDAP with all those object classes and existing LDAP user records
|
||||||
are found just if they contain all those object classes.
|
are found just if they contain all those object classes.
|
||||||
type: str
|
type: str
|
||||||
|
@ -251,8 +251,8 @@ options:
|
||||||
useTruststoreSpi:
|
useTruststoreSpi:
|
||||||
description:
|
description:
|
||||||
- Specifies whether LDAP connection will use the truststore SPI with the truststore
|
- Specifies whether LDAP connection will use the truststore SPI with the truststore
|
||||||
configured in standalone.xml/domain.xml. C(Always) means that it will always use it.
|
configured in standalone.xml/domain.xml. V(always) means that it will always use it.
|
||||||
C(Never) means that it will not use it. C(Only for ldaps) means that it will use if
|
V(never) means that it will not use it. V(ldapsOnly) means that it will use if
|
||||||
your connection URL use ldaps. Note even if standalone.xml/domain.xml is not
|
your connection URL use ldaps. Note even if standalone.xml/domain.xml is not
|
||||||
configured, the default Java cacerts or certificate specified by
|
configured, the default Java cacerts or certificate specified by
|
||||||
C(javax.net.ssl.trustStore) property will be used.
|
C(javax.net.ssl.trustStore) property will be used.
|
||||||
|
@ -297,7 +297,7 @@ options:
|
||||||
connectionPoolingDebug:
|
connectionPoolingDebug:
|
||||||
description:
|
description:
|
||||||
- A string that indicates the level of debug output to produce. Example valid values are
|
- A string that indicates the level of debug output to produce. Example valid values are
|
||||||
C(fine) (trace connection creation and removal) and C(all) (all debugging information).
|
V(fine) (trace connection creation and removal) and V(all) (all debugging information).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
connectionPoolingInitSize:
|
connectionPoolingInitSize:
|
||||||
|
@ -321,7 +321,7 @@ options:
|
||||||
connectionPoolingProtocol:
|
connectionPoolingProtocol:
|
||||||
description:
|
description:
|
||||||
- A list of space-separated protocol types of connections that may be pooled.
|
- A list of space-separated protocol types of connections that may be pooled.
|
||||||
Valid types are C(plain) and C(ssl).
|
Valid types are V(plain) and V(ssl).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
connectionPoolingTimeout:
|
connectionPoolingTimeout:
|
||||||
|
@ -345,14 +345,14 @@ options:
|
||||||
serverPrincipal:
|
serverPrincipal:
|
||||||
description:
|
description:
|
||||||
- Full name of server principal for HTTP service including server and domain name. For
|
- Full name of server principal for HTTP service including server and domain name. For
|
||||||
example C(HTTP/host.foo.org@FOO.ORG). Use C(*) to accept any service principal in the
|
example V(HTTP/host.foo.org@FOO.ORG). Use V(*) to accept any service principal in the
|
||||||
KeyTab file.
|
KeyTab file.
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
keyTab:
|
keyTab:
|
||||||
description:
|
description:
|
||||||
- Location of Kerberos KeyTab file containing the credentials of server principal. For
|
- Location of Kerberos KeyTab file containing the credentials of server principal. For
|
||||||
example C(/etc/krb5.keytab).
|
example V(/etc/krb5.keytab).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
debug:
|
debug:
|
||||||
|
@ -451,7 +451,7 @@ options:
|
||||||
|
|
||||||
providerId:
|
providerId:
|
||||||
description:
|
description:
|
||||||
- The mapper type for this mapper (for instance C(user-attribute-ldap-mapper)).
|
- The mapper type for this mapper (for instance V(user-attribute-ldap-mapper)).
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
providerType:
|
providerType:
|
||||||
|
@ -464,6 +464,7 @@ options:
|
||||||
description:
|
description:
|
||||||
- Dict specifying the configuration options for the mapper; the contents differ
|
- Dict specifying the configuration options for the mapper; the contents differ
|
||||||
depending on the value of I(identityProviderMapper).
|
depending on the value of I(identityProviderMapper).
|
||||||
|
# TODO: what is identityProviderMapper above???
|
||||||
type: dict
|
type: dict
|
||||||
|
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
|
|
|
@ -42,8 +42,8 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the user_rolemapping.
|
- State of the user_rolemapping.
|
||||||
- On C(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
|
- On V(present), the user_rolemapping will be created if it does not yet exist, or updated with the parameters you provide.
|
||||||
- On C(absent), the user_rolemapping will be removed if it exists.
|
- On V(absent), the user_rolemapping will be removed if it exists.
|
||||||
default: 'present'
|
default: 'present'
|
||||||
type: str
|
type: str
|
||||||
choices:
|
choices:
|
||||||
|
@ -79,8 +79,8 @@ options:
|
||||||
client_id:
|
client_id:
|
||||||
type: str
|
type: str
|
||||||
description:
|
description:
|
||||||
- Name of the client to be mapped (different than I(cid)).
|
- Name of the client to be mapped (different than O(cid)).
|
||||||
- This parameter is required if I(cid) is not provided (can be replaced by I(cid)
|
- This parameter is required if O(cid) is not provided (can be replaced by O(cid)
|
||||||
to reduce the number of API calls that must be made).
|
to reduce the number of API calls that must be made).
|
||||||
|
|
||||||
cid:
|
cid:
|
||||||
|
|
|
@ -32,27 +32,27 @@ options:
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- The overlay id to install, synchronize, or uninstall.
|
- The overlay id to install, synchronize, or uninstall.
|
||||||
Use 'ALL' to sync all of the installed overlays (can be used only when I(state=updated)).
|
Use 'ALL' to sync all of the installed overlays (can be used only when O(state=updated)).
|
||||||
required: true
|
required: true
|
||||||
type: str
|
type: str
|
||||||
list_url:
|
list_url:
|
||||||
description:
|
description:
|
||||||
- An URL of the alternative overlays list that defines the overlay to install.
|
- An URL of the alternative overlays list that defines the overlay to install.
|
||||||
This list will be fetched and saved under C(${overlay_defs})/${name}.xml), where
|
This list will be fetched and saved under C(${overlay_defs}/${name}.xml), where
|
||||||
C(overlay_defs) is readed from the Layman's configuration.
|
C(overlay_defs) is readed from the Layman's configuration.
|
||||||
aliases: [url]
|
aliases: [url]
|
||||||
type: str
|
type: str
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether to install (C(present)), sync (C(updated)), or uninstall (C(absent)) the overlay.
|
- Whether to install (V(present)), sync (V(updated)), or uninstall (V(absent)) the overlay.
|
||||||
default: present
|
default: present
|
||||||
choices: [present, absent, updated]
|
choices: [present, absent, updated]
|
||||||
type: str
|
type: str
|
||||||
validate_certs:
|
validate_certs:
|
||||||
description:
|
description:
|
||||||
- If C(false), SSL certificates will not be validated. This should only be
|
- If V(false), SSL certificates will not be validated. This should only be
|
||||||
set to C(false) when no other option exists. Prior to 1.9.3 the code
|
set to V(false) when no other option exists. Prior to 1.9.3 the code
|
||||||
defaulted to C(false).
|
defaulted to V(false).
|
||||||
type: bool
|
type: bool
|
||||||
default: true
|
default: true
|
||||||
'''
|
'''
|
||||||
|
|
|
@ -25,10 +25,10 @@ notes:
|
||||||
bind over a UNIX domain socket. This works well with the default Ubuntu
|
bind over a UNIX domain socket. This works well with the default Ubuntu
|
||||||
install for example, which includes a cn=peercred,cn=external,cn=auth ACL
|
install for example, which includes a cn=peercred,cn=external,cn=auth ACL
|
||||||
rule allowing root to modify the server configuration. If you need to use
|
rule allowing root to modify the server configuration. If you need to use
|
||||||
a simple bind to access your server, pass the credentials in I(bind_dn)
|
a simple bind to access your server, pass the credentials in O(bind_dn)
|
||||||
and I(bind_pw).
|
and O(bind_pw).
|
||||||
- For I(state=present) and I(state=absent), all value comparisons are
|
- For O(state=present) and O(state=absent), all value comparisons are
|
||||||
performed on the server for maximum accuracy. For I(state=exact), values
|
performed on the server for maximum accuracy. For O(state=exact), values
|
||||||
have to be compared in Python, which obviously ignores LDAP matching
|
have to be compared in Python, which obviously ignores LDAP matching
|
||||||
rules. This should work out in most cases, but it is theoretically
|
rules. This should work out in most cases, but it is theoretically
|
||||||
possible to see spurious changes when target and actual values are
|
possible to see spurious changes when target and actual values are
|
||||||
|
@ -52,11 +52,11 @@ options:
|
||||||
choices: [present, absent, exact]
|
choices: [present, absent, exact]
|
||||||
default: present
|
default: present
|
||||||
description:
|
description:
|
||||||
- The state of the attribute values. If C(present), all given attribute
|
- The state of the attribute values. If V(present), all given attribute
|
||||||
values will be added if they're missing. If C(absent), all given
|
values will be added if they're missing. If V(absent), all given
|
||||||
attribute values will be removed if present. If C(exact), the set of
|
attribute values will be removed if present. If V(exact), the set of
|
||||||
attribute values will be forced to exactly those provided and no others.
|
attribute values will be forced to exactly those provided and no others.
|
||||||
If I(state=exact) and the attribute I(value) is empty, all values for
|
If O(state=exact) and the attribute value is empty, all values for
|
||||||
this attribute will be removed.
|
this attribute will be removed.
|
||||||
attributes:
|
attributes:
|
||||||
required: true
|
required: true
|
||||||
|
@ -69,16 +69,16 @@ options:
|
||||||
readability for long string values by using YAML block modifiers as seen in the
|
readability for long string values by using YAML block modifiers as seen in the
|
||||||
examples for this module.
|
examples for this module.
|
||||||
- Note that when using values that YAML/ansible-core interprets as other types,
|
- Note that when using values that YAML/ansible-core interprets as other types,
|
||||||
like C(yes), C(no) (booleans), or C(2.10) (float), make sure to quote them if
|
like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if
|
||||||
these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
|
these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
|
||||||
ordered:
|
ordered:
|
||||||
required: false
|
required: false
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
description:
|
description:
|
||||||
- If C(true), prepend list values with X-ORDERED index numbers in all
|
- If V(true), prepend list values with X-ORDERED index numbers in all
|
||||||
attributes specified in the current task. This is useful mostly with
|
attributes specified in the current task. This is useful mostly with
|
||||||
I(olcAccess) attribute to easily manage LDAP Access Control Lists.
|
C(olcAccess) attribute to easily manage LDAP Access Control Lists.
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- community.general.ldap.documentation
|
- community.general.ldap.documentation
|
||||||
- community.general.attributes
|
- community.general.attributes
|
||||||
|
|
|
@ -24,8 +24,8 @@ notes:
|
||||||
bind over a UNIX domain socket. This works well with the default Ubuntu
|
bind over a UNIX domain socket. This works well with the default Ubuntu
|
||||||
install for example, which includes a cn=peercred,cn=external,cn=auth ACL
|
install for example, which includes a cn=peercred,cn=external,cn=auth ACL
|
||||||
rule allowing root to modify the server configuration. If you need to use
|
rule allowing root to modify the server configuration. If you need to use
|
||||||
a simple bind to access your server, pass the credentials in I(bind_dn)
|
a simple bind to access your server, pass the credentials in O(bind_dn)
|
||||||
and I(bind_pw).
|
and O(bind_pw).
|
||||||
author:
|
author:
|
||||||
- Jiri Tyr (@jtyr)
|
- Jiri Tyr (@jtyr)
|
||||||
requirements:
|
requirements:
|
||||||
|
@ -38,7 +38,7 @@ attributes:
|
||||||
options:
|
options:
|
||||||
attributes:
|
attributes:
|
||||||
description:
|
description:
|
||||||
- If I(state=present), attributes necessary to create an entry. Existing
|
- If O(state=present), attributes necessary to create an entry. Existing
|
||||||
entries are never modified. To assert specific attribute values on an
|
entries are never modified. To assert specific attribute values on an
|
||||||
existing entry, use M(community.general.ldap_attrs) module instead.
|
existing entry, use M(community.general.ldap_attrs) module instead.
|
||||||
- Each attribute value can be a string for single-valued attributes or
|
- Each attribute value can be a string for single-valued attributes or
|
||||||
|
@ -47,13 +47,13 @@ options:
|
||||||
readability for long string values by using YAML block modifiers as seen in the
|
readability for long string values by using YAML block modifiers as seen in the
|
||||||
examples for this module.
|
examples for this module.
|
||||||
- Note that when using values that YAML/ansible-core interprets as other types,
|
- Note that when using values that YAML/ansible-core interprets as other types,
|
||||||
like C(yes), C(no) (booleans), or C(2.10) (float), make sure to quote them if
|
like V(yes), V(no) (booleans), or V(2.10) (float), make sure to quote them if
|
||||||
these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
|
these are meant to be strings. Otherwise the wrong values may be sent to LDAP.
|
||||||
type: dict
|
type: dict
|
||||||
default: {}
|
default: {}
|
||||||
objectClass:
|
objectClass:
|
||||||
description:
|
description:
|
||||||
- If I(state=present), value or list of values to use when creating
|
- If O(state=present), value or list of values to use when creating
|
||||||
the entry. It can either be a string or an actual list of
|
the entry. It can either be a string or an actual list of
|
||||||
strings.
|
strings.
|
||||||
type: list
|
type: list
|
||||||
|
@ -66,7 +66,7 @@ options:
|
||||||
type: str
|
type: str
|
||||||
recursive:
|
recursive:
|
||||||
description:
|
description:
|
||||||
- If I(state=delete), a flag indicating whether a single entry or the
|
- If O(state=delete), a flag indicating whether a single entry or the
|
||||||
whole branch must be deleted.
|
whole branch must be deleted.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
|
|
|
@ -20,10 +20,10 @@ description:
|
||||||
notes:
|
notes:
|
||||||
- The default authentication settings will attempt to use a SASL EXTERNAL
|
- The default authentication settings will attempt to use a SASL EXTERNAL
|
||||||
bind over a UNIX domain socket. This works well with the default Ubuntu
|
bind over a UNIX domain socket. This works well with the default Ubuntu
|
||||||
install for example, which includes a cn=peercred,cn=external,cn=auth ACL
|
install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL
|
||||||
rule allowing root to modify the server configuration. If you need to use
|
rule allowing root to modify the server configuration. If you need to use
|
||||||
a simple bind to access your server, pass the credentials in I(bind_dn)
|
a simple bind to access your server, pass the credentials in O(bind_dn)
|
||||||
and I(bind_pw).
|
and O(bind_pw).
|
||||||
author:
|
author:
|
||||||
- Keller Fuchs (@KellerFuchs)
|
- Keller Fuchs (@KellerFuchs)
|
||||||
requirements:
|
requirements:
|
||||||
|
@ -36,7 +36,7 @@ attributes:
|
||||||
options:
|
options:
|
||||||
passwd:
|
passwd:
|
||||||
description:
|
description:
|
||||||
- The (plaintext) password to be set for I(dn).
|
- The (plaintext) password to be set for O(dn).
|
||||||
type: str
|
type: str
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- community.general.ldap.documentation
|
- community.general.ldap.documentation
|
||||||
|
|
|
@ -21,8 +21,8 @@ notes:
|
||||||
bind over a UNIX domain socket. This works well with the default Ubuntu
|
bind over a UNIX domain socket. This works well with the default Ubuntu
|
||||||
install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL
|
install for example, which includes a C(cn=peercred,cn=external,cn=auth) ACL
|
||||||
rule allowing root to modify the server configuration. If you need to use
|
rule allowing root to modify the server configuration. If you need to use
|
||||||
a simple bind to access your server, pass the credentials in I(bind_dn)
|
a simple bind to access your server, pass the credentials in O(bind_dn)
|
||||||
and I(bind_pw).
|
and O(bind_pw).
|
||||||
author:
|
author:
|
||||||
- Sebastian Pfahl (@eryx12o45)
|
- Sebastian Pfahl (@eryx12o45)
|
||||||
requirements:
|
requirements:
|
||||||
|
@ -59,8 +59,8 @@ options:
|
||||||
default: false
|
default: false
|
||||||
type: bool
|
type: bool
|
||||||
description:
|
description:
|
||||||
- Set to C(true) to return the full attribute schema of entries, not
|
- Set to V(true) to return the full attribute schema of entries, not
|
||||||
their attribute values. Overrides I(attrs) when provided.
|
their attribute values. Overrides O(attrs) when provided.
|
||||||
page_size:
|
page_size:
|
||||||
default: 0
|
default: 0
|
||||||
type: int
|
type: int
|
||||||
|
@ -73,7 +73,7 @@ options:
|
||||||
description:
|
description:
|
||||||
- If provided, all attribute values returned that are listed in this option
|
- If provided, all attribute values returned that are listed in this option
|
||||||
will be Base64 encoded.
|
will be Base64 encoded.
|
||||||
- If the special value C(*) appears in this list, all attributes will be
|
- If the special value V(*) appears in this list, all attributes will be
|
||||||
Base64 encoded.
|
Base64 encoded.
|
||||||
- All other attribute values will be converted to UTF-8 strings. If they
|
- All other attribute values will be converted to UTF-8 strings. If they
|
||||||
contain binary data, please note that invalid UTF-8 bytes will be omitted.
|
contain binary data, please note that invalid UTF-8 bytes will be omitted.
|
||||||
|
@ -110,7 +110,7 @@ results:
|
||||||
value is a list.
|
value is a list.
|
||||||
- Note that all values (for single-element lists) and list elements (for multi-valued
|
- Note that all values (for single-element lists) and list elements (for multi-valued
|
||||||
lists) will be UTF-8 strings. Some might contain Base64-encoded binary data; which
|
lists) will be UTF-8 strings. Some might contain Base64-encoded binary data; which
|
||||||
ones is determined by the I(base64_attributes) option.
|
ones is determined by the O(base64_attributes) option.
|
||||||
type: list
|
type: list
|
||||||
elements: dict
|
elements: dict
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -40,7 +40,8 @@ options:
|
||||||
include_non_listening:
|
include_non_listening:
|
||||||
description:
|
description:
|
||||||
- Show both listening and non-listening sockets (for TCP this means established connections).
|
- Show both listening and non-listening sockets (for TCP this means established connections).
|
||||||
- Adds the return values C(state) and C(foreign_address) to the returned facts.
|
- Adds the return values RV(ansible_facts.tcp_listen[].state), RV(ansible_facts.udp_listen[].state),
|
||||||
|
RV(ansible_facts.tcp_listen[].foreign_address), and RV(ansible_facts.udp_listen[].foreign_address) to the returned facts.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
version_added: 5.4.0
|
version_added: 5.4.0
|
||||||
|
@ -96,13 +97,13 @@ ansible_facts:
|
||||||
sample: "0.0.0.0"
|
sample: "0.0.0.0"
|
||||||
foreign_address:
|
foreign_address:
|
||||||
description: The address of the remote end of the socket.
|
description: The address of the remote end of the socket.
|
||||||
returned: if I(include_non_listening=true)
|
returned: if O(include_non_listening=true)
|
||||||
type: str
|
type: str
|
||||||
sample: "10.80.0.1"
|
sample: "10.80.0.1"
|
||||||
version_added: 5.4.0
|
version_added: 5.4.0
|
||||||
state:
|
state:
|
||||||
description: The state of the socket.
|
description: The state of the socket.
|
||||||
returned: if I(include_non_listening=true)
|
returned: if O(include_non_listening=true)
|
||||||
type: str
|
type: str
|
||||||
sample: "ESTABLISHED"
|
sample: "ESTABLISHED"
|
||||||
version_added: 5.4.0
|
version_added: 5.4.0
|
||||||
|
@ -148,13 +149,13 @@ ansible_facts:
|
||||||
sample: "0.0.0.0"
|
sample: "0.0.0.0"
|
||||||
foreign_address:
|
foreign_address:
|
||||||
description: The address of the remote end of the socket.
|
description: The address of the remote end of the socket.
|
||||||
returned: if I(include_non_listening=true)
|
returned: if O(include_non_listening=true)
|
||||||
type: str
|
type: str
|
||||||
sample: "10.80.0.1"
|
sample: "10.80.0.1"
|
||||||
version_added: 5.4.0
|
version_added: 5.4.0
|
||||||
state:
|
state:
|
||||||
description: The state of the socket. UDP is a connectionless protocol. Shows UCONN or ESTAB.
|
description: The state of the socket. UDP is a connectionless protocol. Shows UCONN or ESTAB.
|
||||||
returned: if I(include_non_listening=true)
|
returned: if O(include_non_listening=true)
|
||||||
type: str
|
type: str
|
||||||
sample: "UCONN"
|
sample: "UCONN"
|
||||||
version_added: 5.4.0
|
version_added: 5.4.0
|
||||||
|
|
|
@ -39,7 +39,7 @@ options:
|
||||||
elements: str
|
elements: str
|
||||||
pesize:
|
pesize:
|
||||||
description:
|
description:
|
||||||
- "The size of the physical extent. I(pesize) must be a power of 2 of at least 1 sector
|
- "The size of the physical extent. O(pesize) must be a power of 2 of at least 1 sector
|
||||||
(where the sector size is the largest sector size of the PVs currently used in the VG),
|
(where the sector size is the largest sector size of the PVs currently used in the VG),
|
||||||
or at least 128KiB."
|
or at least 128KiB."
|
||||||
- Since Ansible 2.6, pesize can be optionally suffixed by a UNIT (k/K/m/M/g/G), default unit is megabyte.
|
- Since Ansible 2.6, pesize can be optionally suffixed by a UNIT (k/K/m/M/g/G), default unit is megabyte.
|
||||||
|
@ -52,7 +52,7 @@ options:
|
||||||
default: ''
|
default: ''
|
||||||
pvresize:
|
pvresize:
|
||||||
description:
|
description:
|
||||||
- If C(true), resize the physical volume to the maximum available size.
|
- If V(true), resize the physical volume to the maximum available size.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
version_added: '0.2.0'
|
version_added: '0.2.0'
|
||||||
|
@ -69,7 +69,7 @@ options:
|
||||||
default: present
|
default: present
|
||||||
force:
|
force:
|
||||||
description:
|
description:
|
||||||
- If C(true), allows to remove volume group with logical volumes.
|
- If V(true), allows to remove volume group with logical volumes.
|
||||||
type: bool
|
type: bool
|
||||||
default: false
|
default: false
|
||||||
seealso:
|
seealso:
|
||||||
|
|
|
@ -111,7 +111,7 @@ options:
|
||||||
- debug
|
- debug
|
||||||
- DEBUG
|
- DEBUG
|
||||||
description:
|
description:
|
||||||
- Set the log level for a container where I(container_log) was set.
|
- Set the log level for a container where O(container_log) was set.
|
||||||
type: str
|
type: str
|
||||||
required: false
|
required: false
|
||||||
default: INFO
|
default: INFO
|
||||||
|
@ -158,7 +158,7 @@ options:
|
||||||
- clone
|
- clone
|
||||||
description:
|
description:
|
||||||
- Define the state of a container.
|
- Define the state of a container.
|
||||||
- If you clone a container using I(clone_name) the newly cloned
|
- If you clone a container using O(clone_name) the newly cloned
|
||||||
container created in a stopped state.
|
container created in a stopped state.
|
||||||
- The running container will be stopped while the clone operation is
|
- The running container will be stopped while the clone operation is
|
||||||
happening and upon completion of the clone the original container
|
happening and upon completion of the clone the original container
|
||||||
|
@ -178,17 +178,17 @@ notes:
|
||||||
- Containers must have a unique name. If you attempt to create a container
|
- Containers must have a unique name. If you attempt to create a container
|
||||||
with a name that already exists in the users namespace the module will
|
with a name that already exists in the users namespace the module will
|
||||||
simply return as "unchanged".
|
simply return as "unchanged".
|
||||||
- The I(container_command) can be used with any state except C(absent). If
|
- The O(container_command) can be used with any state except V(absent). If
|
||||||
used with state C(stopped) the container will be C(started), the command
|
used with state V(stopped) the container will be V(started), the command
|
||||||
executed, and then the container C(stopped) again. Likewise if I(state=stopped)
|
executed, and then the container V(stopped) again. Likewise if O(state=stopped)
|
||||||
and the container does not exist it will be first created,
|
and the container does not exist it will be first created,
|
||||||
C(started), the command executed, and then C(stopped). If you use a "|"
|
V(started), the command executed, and then V(stopped). If you use a "|"
|
||||||
in the variable you can use common script formatting within the variable
|
in the variable you can use common script formatting within the variable
|
||||||
itself. The I(container_command) option will always execute as BASH.
|
itself. The O(container_command) option will always execute as BASH.
|
||||||
When using I(container_command), a log file is created in the C(/tmp/) directory
|
When using O(container_command), a log file is created in the C(/tmp/) directory
|
||||||
which contains both C(stdout) and C(stderr) of any command executed.
|
which contains both C(stdout) and C(stderr) of any command executed.
|
||||||
- If I(archive=true) the system will attempt to create a compressed
|
- If O(archive=true) the system will attempt to create a compressed
|
||||||
tarball of the running container. The I(archive) option supports LVM backed
|
tarball of the running container. The O(archive) option supports LVM backed
|
||||||
containers and will create a snapshot of the running container when
|
containers and will create a snapshot of the running container when
|
||||||
creating the archive.
|
creating the archive.
|
||||||
- If your distro does not have a package for C(python3-lxc), which is a
|
- If your distro does not have a package for C(python3-lxc), which is a
|
||||||
|
|
|
@ -40,26 +40,26 @@ options:
|
||||||
version_added: 4.8.0
|
version_added: 4.8.0
|
||||||
architecture:
|
architecture:
|
||||||
description:
|
description:
|
||||||
- 'The architecture for the instance (for example C(x86_64) or C(i686)).
|
- 'The architecture for the instance (for example V(x86_64) or V(i686)).
|
||||||
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
||||||
type: str
|
type: str
|
||||||
required: false
|
required: false
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- 'The config for the instance (for example C({"limits.cpu": "2"})).
|
- 'The config for the instance (for example V({"limits.cpu": "2"})).
|
||||||
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
||||||
- If the instance already exists and its "config" values in metadata
|
- If the instance already exists and its "config" values in metadata
|
||||||
obtained from the LXD API U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#instances-containers-and-virtual-machines)
|
obtained from the LXD API U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#instances-containers-and-virtual-machines)
|
||||||
are different, this module tries to apply the configurations.
|
are different, this module tries to apply the configurations.
|
||||||
- The keys starting with C(volatile.) are ignored for this comparison when I(ignore_volatile_options=true).
|
- The keys starting with C(volatile.) are ignored for this comparison when O(ignore_volatile_options=true).
|
||||||
type: dict
|
type: dict
|
||||||
required: false
|
required: false
|
||||||
ignore_volatile_options:
|
ignore_volatile_options:
|
||||||
description:
|
description:
|
||||||
- If set to C(true), options starting with C(volatile.) are ignored. As a result,
|
- If set to V(true), options starting with C(volatile.) are ignored. As a result,
|
||||||
they are reapplied for each execution.
|
they are reapplied for each execution.
|
||||||
- This default behavior can be changed by setting this option to C(false).
|
- This default behavior can be changed by setting this option to V(false).
|
||||||
- The default value changed from C(true) to C(false) in community.general 6.0.0.
|
- The default value changed from V(true) to V(false) in community.general 6.0.0.
|
||||||
type: bool
|
type: bool
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
|
@ -72,26 +72,23 @@ options:
|
||||||
devices:
|
devices:
|
||||||
description:
|
description:
|
||||||
- 'The devices for the instance
|
- 'The devices for the instance
|
||||||
(for example C({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})).
|
(for example V({ "rootfs": { "path": "/dev/kvm", "type": "unix-char" }})).
|
||||||
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).'
|
||||||
type: dict
|
type: dict
|
||||||
required: false
|
required: false
|
||||||
ephemeral:
|
ephemeral:
|
||||||
description:
|
description:
|
||||||
- Whether or not the instance is ephemeral (for example C(true) or C(false)).
|
- Whether or not the instance is ephemeral (for example V(true) or V(false)).
|
||||||
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).
|
See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1).
|
||||||
required: false
|
required: false
|
||||||
type: bool
|
type: bool
|
||||||
source:
|
source:
|
||||||
description:
|
description:
|
||||||
- 'The source for the instance
|
- 'The source for the instance
|
||||||
(e.g. { "type": "image",
|
(for example V({ "type": "image", "mode": "pull", "server": "https://images.linuxcontainers.org",
|
||||||
"mode": "pull",
|
"protocol": "lxd", "alias": "ubuntu/xenial/amd64" })).'
|
||||||
"server": "https://images.linuxcontainers.org",
|
|
||||||
"protocol": "lxd",
|
|
||||||
"alias": "ubuntu/xenial/amd64" }).'
|
|
||||||
- 'See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1) for complete API documentation.'
|
- 'See U(https://github.com/lxc/lxd/blob/master/doc/rest-api.md#post-1) for complete API documentation.'
|
||||||
- 'Note that C(protocol) accepts two choices: C(lxd) or C(simplestreams).'
|
- 'Note that C(protocol) accepts two choices: V(lxd) or V(simplestreams).'
|
||||||
required: false
|
required: false
|
||||||
type: dict
|
type: dict
|
||||||
state:
|
state:
|
||||||
|
@ -125,7 +122,7 @@ options:
|
||||||
type: int
|
type: int
|
||||||
type:
|
type:
|
||||||
description:
|
description:
|
||||||
- Instance type can be either C(virtual-machine) or C(container).
|
- Instance type can be either V(virtual-machine) or V(container).
|
||||||
required: false
|
required: false
|
||||||
default: container
|
default: container
|
||||||
choices:
|
choices:
|
||||||
|
@ -135,7 +132,7 @@ options:
|
||||||
version_added: 4.1.0
|
version_added: 4.1.0
|
||||||
wait_for_ipv4_addresses:
|
wait_for_ipv4_addresses:
|
||||||
description:
|
description:
|
||||||
- If this is true, the C(lxd_container) waits until IPv4 addresses
|
- If this is V(true), the C(lxd_container) waits until IPv4 addresses
|
||||||
are set to the all network interfaces in the instance after
|
are set to the all network interfaces in the instance after
|
||||||
starting or restarting.
|
starting or restarting.
|
||||||
required: false
|
required: false
|
||||||
|
@ -143,14 +140,14 @@ options:
|
||||||
type: bool
|
type: bool
|
||||||
wait_for_container:
|
wait_for_container:
|
||||||
description:
|
description:
|
||||||
- If set to C(true), the tasks will wait till the task reports a
|
- If set to V(true), the tasks will wait till the task reports a
|
||||||
success status when performing container operations.
|
success status when performing container operations.
|
||||||
default: false
|
default: false
|
||||||
type: bool
|
type: bool
|
||||||
version_added: 4.4.0
|
version_added: 4.4.0
|
||||||
force_stop:
|
force_stop:
|
||||||
description:
|
description:
|
||||||
- If this is true, the C(lxd_container) forces to stop the instance
|
- If this is V(true), the C(lxd_container) forces to stop the instance
|
||||||
when it stops or restarts the instance.
|
when it stops or restarts the instance.
|
||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
|
@ -201,7 +198,8 @@ notes:
|
||||||
2.1, the later requires python to be installed in the instance which can
|
2.1, the later requires python to be installed in the instance which can
|
||||||
be done with the command module.
|
be done with the command module.
|
||||||
- You can copy a file from the host to the instance
|
- You can copy a file from the host to the instance
|
||||||
with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module and the C(community.general.lxd) connection plugin.
|
with the Ansible M(ansible.builtin.copy) and M(ansible.builtin.template) module
|
||||||
|
and the P(community.general.lxd#connection) connection plugin.
|
||||||
See the example below.
|
See the example below.
|
||||||
- You can copy a file in the created instance to the localhost
|
- You can copy a file in the created instance to the localhost
|
||||||
with C(command=lxc file pull instance_name/dir/filename filename).
|
with C(command=lxc file pull instance_name/dir/filename filename).
|
||||||
|
|
|
@ -34,7 +34,7 @@ options:
|
||||||
type: str
|
type: str
|
||||||
config:
|
config:
|
||||||
description:
|
description:
|
||||||
- 'The config for the project (for example C({"features.profiles": "true"})).
|
- 'The config for the project (for example V({"features.profiles": "true"})).
|
||||||
See U(https://linuxcontainers.org/lxd/docs/master/projects/).'
|
See U(https://linuxcontainers.org/lxd/docs/master/projects/).'
|
||||||
- If the project already exists and its "config" value in metadata
|
- If the project already exists and its "config" value in metadata
|
||||||
obtained from
|
obtained from
|
||||||
|
@ -98,7 +98,7 @@ options:
|
||||||
running this module using the following command:
|
running this module using the following command:
|
||||||
C(lxc config set core.trust_password <some random password>)
|
C(lxc config set core.trust_password <some random password>)
|
||||||
See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).'
|
See U(https://www.stgraber.org/2016/04/18/lxd-api-direct-interaction/).'
|
||||||
- If I(trust_password) is set, this module send a request for
|
- If O(trust_password) is set, this module send a request for
|
||||||
authentication before sending any requests.
|
authentication before sending any requests.
|
||||||
required: false
|
required: false
|
||||||
type: str
|
type: str
|
||||||
|
@ -146,7 +146,7 @@ logs:
|
||||||
elements: dict
|
elements: dict
|
||||||
contains:
|
contains:
|
||||||
type:
|
type:
|
||||||
description: Type of actions performed, currently only C(sent request).
|
description: Type of actions performed, currently only V(sent request).
|
||||||
type: str
|
type: str
|
||||||
sample: "sent request"
|
sample: "sent request"
|
||||||
request:
|
request:
|
||||||
|
@ -166,7 +166,7 @@ logs:
|
||||||
type: str
|
type: str
|
||||||
sample: "(too long to be placed here)"
|
sample: "(too long to be placed here)"
|
||||||
timeout:
|
timeout:
|
||||||
description: Timeout of HTTP request, C(null) if unset.
|
description: Timeout of HTTP request, V(null) if unset.
|
||||||
type: int
|
type: int
|
||||||
sample: null
|
sample: null
|
||||||
response:
|
response:
|
||||||
|
|
Loading…
Reference in a new issue