Namespace Pulumi.Keycloak
Classes
AttributeImporterIdentityProviderMapper
# keycloak..AttributeImporterIdentityProviderMapper
Allows to create and manage identity provider mappers within Keycloak.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper("testMapper", new Keycloak.AttributeImporterIdentityProviderMapperArgs
{
AttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
IdentityProviderAlias = "idp_alias",
Realm = "my-realm",
UserAttribute = "lastName",
});
}
}
Argument Reference
The following arguments are supported:
realm- (Required) The name of the realm.name- (Required) The name of the mapper.identity_provider_alias- (Required) The alias of the associated identity provider.user_attribute- (Required) The user attribute name to store SAML attribute.attribute_name- (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.attribute_friendly_name- (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead.claim_name- (Optional) The claim name.
AttributeImporterIdentityProviderMapperArgs
AttributeImporterIdentityProviderMapperState
AttributeToRoleIdentityMapper
AttributeToRoleIdentityMapperArgs
AttributeToRoleIdentityMapperState
Config
CustomUserFederation
CustomUserFederationArgs
CustomUserFederationState
DefaultGroups
# keycloak..DefaultGroups
Allows for managing a realm's default groups.
Note that you should not use keycloak..DefaultGroups with a group with memberships managed
by keycloak..GroupMemberships.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var @group = new Keycloak.Group("group", new Keycloak.GroupArgs
{
RealmId = realm.Id,
});
var @default = new Keycloak.DefaultGroups("default", new Keycloak.DefaultGroupsArgs
{
GroupIds =
{
@group.Id,
},
RealmId = realm.Id,
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this group exists in.group_ids- (Required) A set of group ids that should be default groups on the realm referenced byrealm_id.
DefaultGroupsArgs
DefaultGroupsState
GenericClientProtocolMapper
# keycloak..GenericClientProtocolMapper
Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak.
There are two uses cases for using this resource:
- If you implemented a custom protocol mapper, this resource can be used to configure it
- If the provider doesn't support a particular protocol mapper, this resource can be used instead.
Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. Therefore, if possible, a specific mapper should be used.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var samlClient = new Keycloak.Saml.Client("samlClient", new Keycloak.Saml.ClientArgs
{
ClientId = "test-client",
RealmId = realm.Id,
});
var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", new Keycloak.GenericClientProtocolMapperArgs
{
ClientId = samlClient.Id,
Config =
{
{ "attribute.name", "name" },
{ "attribute.nameformat", "Basic" },
{ "attribute.value", "value" },
{ "friendly.name", "display name" },
},
Protocol = "saml",
ProtocolMapper = "saml-hardcode-attribute-mapper",
RealmId = realm.Id,
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this protocol mapper exists within.client_id- (Required) The client this protocol mapper is attached to.name- (Required) The display name of this protocol mapper in the GUI.protocol- (Required) The type of client (eitheropenid-connectorsaml). The type must match the type of the client.protocol_mapper- (Required) The name of the protocol mapper. The protocol mapper must be compatible with the specified client.config- (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.
GenericClientProtocolMapperArgs
GenericClientProtocolMapperState
GenericClientRoleMapper
GenericClientRoleMapperArgs
GenericClientRoleMapperState
GetGroup
GetGroupArgs
GetGroupResult
GetRealm
GetRealmArgs
GetRealmKeys
GetRealmKeysArgs
GetRealmKeysResult
GetRealmResult
GetRole
GetRoleArgs
GetRoleResult
Group
# keycloak..Group
Allows for creating and managing Groups within Keycloak.
Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and group membership can be mapped to a claim.
Attributes can also be defined on Groups.
Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource should not be used to manage groups that were created this way.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var parentGroup = new Keycloak.Group("parentGroup", new Keycloak.GroupArgs
{
RealmId = realm.Id,
});
var childGroup = new Keycloak.Group("childGroup", new Keycloak.GroupArgs
{
ParentId = parentGroup.Id,
RealmId = realm.Id,
});
var childGroupWithOptionalAttributes = new Keycloak.Group("childGroupWithOptionalAttributes", new Keycloak.GroupArgs
{
Attributes =
{
{ "key1", "value1" },
{ "key2", "value2" },
},
ParentId = parentGroup.Id,
RealmId = realm.Id,
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this group exists in.parent_id- (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level.name- (Required) The name of the group.attributes- (Optional) A dict of key/value pairs to set as custom attributes for the group.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
path- The complete path of the group. For example, the child group's path in the example configuration would be/parent-group/child-group.
GroupArgs
GroupMemberships
GroupMembershipsArgs
GroupMembershipsState
GroupRoles
GroupRolesArgs
GroupRolesState
GroupState
HardcodedAttributeIdentityProviderMapper
HardcodedAttributeIdentityProviderMapperArgs
HardcodedAttributeIdentityProviderMapperState
HardcodedRoleIdentityMapper
HardcodedRoleIdentityMapperArgs
HardcodedRoleIdentityMapperState
Provider
The provider type for the keycloak package. By default, resources use package-wide configuration
settings, however an explicit Provider instance may be created and passed during resource
construction to achieve fine-grained programmatic control over provider settings. See the
documentation for more information.
ProviderArgs
Realm
RealmArgs
RealmEvents
# keycloak..RealmEvents
Allows for managing Realm Events settings within Keycloak.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Realm = "test",
});
var realmEvents = new Keycloak.RealmEvents("realmEvents", new Keycloak.RealmEventsArgs
{
AdminEventsDetailsEnabled = true,
AdminEventsEnabled = true,
EnabledEventTypes =
{
"LOGIN",
"LOGOUT",
},
EventsEnabled = true,
EventsExpiration = 3600,
EventsListeners =
{
"jboss-logging",
},
RealmId = realm.Id,
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The name of the realm the event settings apply to.admin_events_enabled- (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults tofalse.admin_events_details_enabled- (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults tofalse.events_enabled- (Optional) When true, events fromenabled_event_typesare saved to the database, making them available through the admin console. Defaults tofalse.events_expiration- (Optional) The amount of time in seconds events will be saved in the database. Defaults to0or never.enabled_event_types- (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to[]or all event types.events_listeners- (Optional) The event listeners that events should be sent to. Defaults to[]or none. Note that new realms enable thejboss-logginglistener by default, and this resource will remove that unless it is specified.
RealmEventsArgs
RealmEventsState
RealmState
RequiredAction
RequiredActionArgs
RequiredActionState
Role
# keycloak..Role
Allows for creating and managing roles within Keycloak.
Roles allow you define privileges within Keycloak and map them to users and groups.
Example Usage (Realm role)
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var realmRole = new Keycloak.Role("realmRole", new Keycloak.RoleArgs
{
Description = "My Realm Role",
RealmId = realm.Id,
});
}
}
Example Usage (Client role)
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var client = new Keycloak.OpenId.Client("client", new Keycloak.OpenId.ClientArgs
{
AccessType = "BEARER-ONLY",
ClientId = "client",
Enabled = true,
RealmId = realm.Id,
});
var clientRole = new Keycloak.Role("clientRole", new Keycloak.RoleArgs
{
ClientId = keycloak_client.Client.Id,
Description = "My Client Role",
RealmId = realm.Id,
});
}
}
Example Usage (Composite role)
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var createRole = new Keycloak.Role("createRole", new Keycloak.RoleArgs
{
RealmId = realm.Id,
});
var readRole = new Keycloak.Role("readRole", new Keycloak.RoleArgs
{
RealmId = realm.Id,
});
var updateRole = new Keycloak.Role("updateRole", new Keycloak.RoleArgs
{
RealmId = realm.Id,
});
var deleteRole = new Keycloak.Role("deleteRole", new Keycloak.RoleArgs
{
RealmId = realm.Id,
});
var client = new Keycloak.OpenId.Client("client", new Keycloak.OpenId.ClientArgs
{
AccessType = "BEARER-ONLY",
ClientId = "client",
Enabled = true,
RealmId = realm.Id,
});
var clientRole = new Keycloak.Role("clientRole", new Keycloak.RoleArgs
{
ClientId = keycloak_client.Client.Id,
Description = "My Client Role",
RealmId = realm.Id,
});
var adminRole = new Keycloak.Role("adminRole", new Keycloak.RoleArgs
{
CompositeRoles =
{
"{keycloak_role.create_role.id}",
"{keycloak_role.read_role.id}",
"{keycloak_role.update_role.id}",
"{keycloak_role.delete_role.id}",
"{keycloak_role.client_role.id}",
},
RealmId = realm.Id,
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this role exists within.client_id- (Optional) When specified, this role will be created as a client role attached to the client with the provided IDname- (Required) The name of the roledescription- (Optional) The description of the rolecomposite_roles- (Optional) When specified, this role will be a composite role, composed of all roles that have an ID present within this list.
RoleArgs
RoleState
User
# keycloak..User
Allows for creating and managing Users within Keycloak.
This resource was created primarily to enable the acceptance tests for the keycloak..Group resource.
Creating users within Keycloak is not recommended. Instead, users should be federated from external sources
by configuring user federation providers or identity providers.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Enabled = true,
Realm = "my-realm",
});
var user = new Keycloak.User("user", new Keycloak.UserArgs
{
Email = "bob@domain.com",
Enabled = true,
FirstName = "Bob",
LastName = "Bobson",
RealmId = realm.Id,
Username = "bob",
});
var userWithInitialPassword = new Keycloak.User("userWithInitialPassword", new Keycloak.UserArgs
{
Email = "alice@domain.com",
Enabled = true,
FirstName = "Alice",
InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs
{
Temporary = true,
Value = "some password",
},
LastName = "Aliceberg",
RealmId = realm.Id,
Username = "alice",
});
}
}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this user belongs to.username- (Required) The unique username of this user.initial_password(Optional) When given, the user's initial password will be set. This attribute is only respected during initial user creation.value(Required) The initial password.temporary(Optional) If set totrue, the initial password is set up for renewal on first use. Default tofalse.enabled- (Optional) When false, this user cannot log in. Defaults totrue.email- (Optional) The user's email.first_name- (Optional) The user's first name.last_name- (Optional) The user's last name.