From 6cf8ce06ca6657b3c11334c01151be68095fd6a9 Mon Sep 17 00:00:00 2001
From: "patchback[bot]" <45432694+patchback[bot]@users.noreply.github.com>
Date: Thu, 23 Oct 2025 21:37:47 +0200
Subject: [PATCH] [PR #10953/258e65f5 backport][stable-11]
 keycloak_user_rolemapping: docs fixes and examples about mapping realm roles
 in keycloak_user_rolemapping (#10963)

keycloak_user_rolemapping: docs fixes and examples about mapping realm roles in keycloak_user_rolemapping (#10953)

* Fix docs and add examples about mapping realm roles for keycloak_user_rolemapping.py module (#7149)

* fix sanity tests

(cherry picked from commit 258e65f5fc9da267d5d4ca12e5be39f9340ea318)

Co-authored-by: Stanislav Shamilov <shamilovstas@protonmail.com>
---
 plugins/modules/keycloak_user_rolemapping.py | 23 ++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/plugins/modules/keycloak_user_rolemapping.py b/plugins/modules/keycloak_user_rolemapping.py
index 49d71e2ca9..f4f28814ca 100644
--- a/plugins/modules/keycloak_user_rolemapping.py
+++ b/plugins/modules/keycloak_user_rolemapping.py
@@ -72,15 +72,17 @@ options:
   client_id:
     type: str
     description:
-      - Name of the client to be mapped (different than O(cid)).
+      - Name of the client (different than O(cid)) whose role is to be mapped.
       - This parameter is required if O(cid) is not provided (can be replaced by O(cid) to reduce the number of API calls
         that must be made).
+      - If neither O(cid) nor O(client_id) is specified, a B(realm) role is mapped instead.
   cid:
     type: str
     description:
-      - ID of the client to be mapped.
+      - ID of the client whose role is to be mapped.
       - This parameter is not required for updating or deleting the rolemapping but providing it reduces the number of API
         calls required.
+      - If neither O(cid) nor O(client_id) is specified, a B(realm) role is mapped instead.
   roles:
     description:
       - Roles to be mapped to the user.
@@ -108,6 +110,23 @@ author:
 """
 
 EXAMPLES = r"""
+- name: Map a realm role to a user, authentication with credentials
+  community.general.keycloak_user_rolemapping:
+    realm: MyCustomRealm
+    auth_client_id: admin-cli
+    auth_keycloak_url: https://auth.example.com/auth
+    auth_realm: master
+    auth_username: USERNAME
+    auth_password: PASSWORD
+    state: present
+    user_id: user1Id
+    roles:
+      - name: role_name1
+        id: role_id1
+      - name: role_name2
+        id: role_id2
+  delegate_to: localhost
+
 - name: Map a client role to a user, authentication with credentials
   community.general.keycloak_user_rolemapping:
     realm: MyCustomRealm