keycloak_clientscope: Map client scope to role

aristotelos commented 1 year ago

Summary

In Keycloak, it is possible to map a client scope to one or more client roles or realm roles. However, it seems that the community.general.keycloak_clientscope module does not have this option.

See Keycloak documentation:

When a client scope does not have any role scope mappings defined, each user is permitted to use this client scope. However, when a client scope has role scope mappings defined, the user must be a member of at least one of the roles.

So it would be handy to have a roles option in the community.general.keycloak_clientscope task that allows a list of client or realm roles that are then mapped to that client scope.

Issue Type

Feature Idea

Component Name

keycloak_clientscope

Additional Information

Note that the following KeyCloak REST APIs (see documentation) support the scope mapping feature:

POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/realm
POST /admin/realms/{realm}/client-scopes/{id}/scope-mappings/clients/{client}

Code of Conduct

[X] I agree to follow the Ansible Code of Conduct

ansibullbot commented 1 year ago

Files identified in the description:

plugins/modules/keycloak_clientscope.py

If these files are incorrect, please update the component name section of the description or use the !component bot command.

click here for bot help

ansibullbot commented 1 year ago

cc @Gaetan2907 @eikef @mattock @ndclt click here for bot help

ansibullbot commented 3 months ago

cc @thomasbach-dev click here for bot help

ansible-collections / community.general