From 06e096ac500c733a2f328c6de4bad085296002e4 Mon Sep 17 00:00:00 2001
From: pamenon <pamenon@redhat.com>
Date: Thu, 23 Apr 2026 12:54:22 +0100
Subject: [PATCH] Add module documentation to collection and role READMEs

Document all six modules (including the two new ones) in the main
collection README under a new 'Included modules' section. Add the
three new example playbooks to the Config Playbooks section. Update
the keycloak_realm role README with a 'Related Modules' table and
inline examples for keycloak_client_scope and
keycloak_authentication_flow usage.

Made-with: Cursor
---
 README.md                      | 16 ++++++++--
 roles/keycloak_realm/README.md | 55 ++++++++++++++++++++++++++++++++++
 2 files changed, 69 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 11c55f9..5afa582 100644
--- a/README.md
+++ b/README.md
@@ -55,6 +55,15 @@ A requirement file is provided to install:
 
 <!--end roles_paths -->
 
+### Included modules
+
+* `keycloak_realm`: module for managing Keycloak realms (create/update/delete).
+* `keycloak_client`: module for managing Keycloak clients (create/update/delete).
+* `keycloak_role`: module for managing Keycloak roles — realm roles and client roles (create/update/delete).
+* `keycloak_user_federation`: module for managing user federations such as LDAP/AD (create/update/delete).
+* `keycloak_client_scope`: module for managing client scopes and protocol mappers (create/update/delete).
+* `keycloak_authentication_flow`: module for managing authentication flows and execution steps (create/delete, copy existing flows).
+
 ## Usage
 
 
@@ -109,10 +118,13 @@ Note: when deploying clustered configurations, all hosts belonging to the cluste
 ## Configuration
 
 
-### Config Playbook
+### Config Playbooks
 <!--start rhbk_realm_playbook -->
-[`playbooks/keycloak_realm.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
+* [`playbooks/keycloak_realm.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_realm.yml) creates or updates provided realm, user federation(s), client(s), client role(s) and client user(s).
 <!--end rhbk_realm_playbook -->
+* [`playbooks/keycloak_realm_client.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_realm_client.yml) creates a realm with clients, roles and users using the `keycloak_realm` role.
+* [`playbooks/keycloak_client_scope.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_client_scope.yml) creates a client scope with protocol mappers using the `keycloak_client_scope` module.
+* [`playbooks/keycloak_authentication_flow.yml`](https://github.com/ansible-middleware/keycloak/blob/main/playbooks/keycloak_authentication_flow.yml) creates a custom authentication flow with execution steps using the `keycloak_authentication_flow` module.
 
 ### Example configuration command
 
diff --git a/roles/keycloak_realm/README.md b/roles/keycloak_realm/README.md
index e01c72f..d217285 100644
--- a/roles/keycloak_realm/README.md
+++ b/roles/keycloak_realm/README.md
@@ -107,6 +107,20 @@ Refer to [docs](https://docs.ansible.com/ansible/latest/collections/community/ge
 For a comprehensive example, refer to the [playbook](../../playbooks/keycloak_realm.yml).
 
 
+Related Modules
+---------------
+
+For features not covered by this role, the collection provides dedicated modules:
+
+| Module | What It Manages |
+|:-------|:----------------|
+| `keycloak_client_scope` | Client scopes and protocol mappers — see [example playbook](../../playbooks/keycloak_client_scope.yml) |
+| `keycloak_authentication_flow` | Authentication flows and execution steps — see [example playbook](../../playbooks/keycloak_authentication_flow.yml) |
+| `keycloak_client` | Clients (also used internally by this role) |
+| `keycloak_role` | Realm and client roles |
+| `keycloak_user_federation` | User federations such as LDAP (also used internally by this role) |
+
+
 Example Playbook
 ----------------
 
@@ -127,6 +141,47 @@ The following is an example playbook that makes use of the role to create a real
             keycloak_clients: [...]
 ```
 
+The following example uses the `keycloak_client_scope` module to create a client scope with protocol mappers:
+
+```yaml
+- name: Create client scope
+  middleware_automation.keycloak.keycloak_client_scope:
+    auth_keycloak_url: http://localhost:8080
+    auth_realm: master
+    auth_username: admin
+    auth_password: changeme
+    realm: TestRealm
+    name: my-scope
+    protocol_mappers:
+      - name: email
+        protocolMapper: oidc-usermodel-attribute-mapper
+        config:
+          user.attribute: email
+          claim.name: email
+          id.token.claim: "true"
+          access.token.claim: "true"
+    state: present
+```
+
+The following example uses the `keycloak_authentication_flow` module to create a custom authentication flow:
+
+```yaml
+- name: Create authentication flow
+  middleware_automation.keycloak.keycloak_authentication_flow:
+    auth_keycloak_url: http://localhost:8080
+    auth_realm: master
+    auth_username: admin
+    auth_password: changeme
+    realm: TestRealm
+    alias: my-browser-flow
+    executions:
+      - provider_id: auth-cookie
+        requirement: ALTERNATIVE
+      - provider_id: auth-password
+        requirement: REQUIRED
+    state: present
+```
+
 
 License
 -------