Class Role

# keycloak..Role

Allows for creating and managing roles within Keycloak.

Roles allow you define privileges within Keycloak and map them to users and groups.

Example Usage (Realm role)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var realmRole = new Keycloak.Role("realmRole", new Keycloak.RoleArgs
    {
        Description = "My Realm Role",
        RealmId = realm.Id,
    });
}

}

Example Usage (Client role)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var client = new Keycloak.OpenId.Client("client", new Keycloak.OpenId.ClientArgs
    {
        AccessType = "BEARER-ONLY",
        ClientId = "client",
        Enabled = true,
        RealmId = realm.Id,
    });
    var clientRole = new Keycloak.Role("clientRole", new Keycloak.RoleArgs
    {
        ClientId = keycloak_client.Client.Id,
        Description = "My Client Role",
        RealmId = realm.Id,
    });
}

}

Example Usage (Composite role)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
public MyStack()
{
    var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
    {
        Enabled = true,
        Realm = "my-realm",
    });
    var createRole = new Keycloak.Role("createRole", new Keycloak.RoleArgs
    {
        RealmId = realm.Id,
    });
    var readRole = new Keycloak.Role("readRole", new Keycloak.RoleArgs
    {
        RealmId = realm.Id,
    });
    var updateRole = new Keycloak.Role("updateRole", new Keycloak.RoleArgs
    {
        RealmId = realm.Id,
    });
    var deleteRole = new Keycloak.Role("deleteRole", new Keycloak.RoleArgs
    {
        RealmId = realm.Id,
    });
    var client = new Keycloak.OpenId.Client("client", new Keycloak.OpenId.ClientArgs
    {
        AccessType = "BEARER-ONLY",
        ClientId = "client",
        Enabled = true,
        RealmId = realm.Id,
    });
    var clientRole = new Keycloak.Role("clientRole", new Keycloak.RoleArgs
    {
        ClientId = keycloak_client.Client.Id,
        Description = "My Client Role",
        RealmId = realm.Id,
    });
    var adminRole = new Keycloak.Role("adminRole", new Keycloak.RoleArgs
    {
        CompositeRoles = 
        {
            "{keycloak_role.create_role.id}",
            "{keycloak_role.read_role.id}",
            "{keycloak_role.update_role.id}",
            "{keycloak_role.delete_role.id}",
            "{keycloak_role.client_role.id}",
        },
        RealmId = realm.Id,
    });
}

}

Argument Reference

The following arguments are supported:

  • realm_id - (Required) The realm this role exists within.
  • client_id - (Optional) When specified, this role will be created as a client role attached to the client with the provided ID
  • name - (Required) The name of the role
  • description - (Optional) The description of the role
  • composite_roles - (Optional) When specified, this role will be a composite role, composed of all roles that have an ID present within this list.
Inheritance
System.Object
Resource
CustomResource
Role
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Keycloak
Assembly: Pulumi.Keycloak.dll
Syntax
public class Role : CustomResource

Constructors

View Source

Role(String, RoleArgs, CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

Declaration
public Role(string name, RoleArgs args, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
RoleArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

ClientId

Declaration
public Output<string> ClientId { get; }
Property Value
Type Description
Output<System.String>
View Source

CompositeRoles

Declaration
public Output<ImmutableArray<string>> CompositeRoles { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableArray<System.String>>
View Source

Description

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

Name

Declaration
public Output<string> Name { get; }
Property Value
Type Description
Output<System.String>
View Source

RealmId

Declaration
public Output<string> RealmId { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, RoleState, CustomResourceOptions)

Get an existing Role resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static Role Get(string name, Input<string> id, RoleState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
RoleState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
Role