Docs
PackagesKeycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi
keycloak.GroupRoles
Explore with Pulumi AI
# keycloak.GroupRoles
Allows you to manage roles assigned to a Keycloak group.
Note that this resource attempts to be an authoritative source over
group roles. When this resource takes control over a group’s roles,
roles that are manually added to the group will be removed, and roles
that are manually removed from the group will be added upon the next run
of pulumi up.
Note that when assigning composite roles to a group, you may see a
non-empty plan following a pulumi up if you assign a role and a
composite that includes that role to the same group.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
enabled: true,
realm: "my-realm",
});
const realmRole = new keycloak.Role("realmRole", {
description: "My Realm Role",
realmId: realm.id,
});
const client = new keycloak.openid.Client("client", {
accessType: "BEARER-ONLY",
clientId: "client",
enabled: true,
realmId: realm.id,
});
const clientRole = new keycloak.Role("clientRole", {
clientId: keycloak_client.client.id,
description: "My Client Role",
realmId: realm.id,
});
const group = new keycloak.Group("group", {realmId: realm.id});
const groupRoles = new keycloak.GroupRoles("groupRoles", {
groupId: group.id,
realmId: realm.id,
roleIds: [
realmRole.id,
clientRole.id,
],
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
enabled=True,
realm="my-realm")
realm_role = keycloak.Role("realmRole",
description="My Realm Role",
realm_id=realm.id)
client = keycloak.openid.Client("client",
access_type="BEARER-ONLY",
client_id="client",
enabled=True,
realm_id=realm.id)
client_role = keycloak.Role("clientRole",
client_id=keycloak_client["client"]["id"],
description="My Client Role",
realm_id=realm.id)
group = keycloak.Group("group", realm_id=realm.id)
group_roles = keycloak.GroupRoles("groupRoles",
group_id=group.id,
realm_id=realm.id,
role_ids=[
realm_role.id,
client_role.id,
])
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Enabled: pulumi.Bool(true),
Realm: pulumi.String("my-realm"),
})
if err != nil {
return err
}
realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{
Description: pulumi.String("My Realm Role"),
RealmId: realm.ID(),
})
if err != nil {
return err
}
_, err = openid.NewClient(ctx, "client", &openid.ClientArgs{
AccessType: pulumi.String("BEARER-ONLY"),
ClientId: pulumi.String("client"),
Enabled: pulumi.Bool(true),
RealmId: realm.ID(),
})
if err != nil {
return err
}
clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{
ClientId: pulumi.Any(keycloak_client.Client.Id),
Description: pulumi.String("My Client Role"),
RealmId: realm.ID(),
})
if err != nil {
return err
}
group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{
RealmId: realm.ID(),
})
if err != nil {
return err
}
_, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{
GroupId: group.ID(),
RealmId: realm.ID(),
RoleIds: pulumi.StringArray{
realmRole.ID(),
clientRole.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
Enabled = true,
RealmName = "my-realm",
});
var realmRole = new Keycloak.Role("realmRole", new()
{
Description = "My Realm Role",
RealmId = realm.Id,
});
var client = new Keycloak.OpenId.Client("client", new()
{
AccessType = "BEARER-ONLY",
ClientId = "client",
Enabled = true,
RealmId = realm.Id,
});
var clientRole = new Keycloak.Role("clientRole", new()
{
ClientId = keycloak_client.Client.Id,
Description = "My Client Role",
RealmId = realm.Id,
});
var @group = new Keycloak.Group("group", new()
{
RealmId = realm.Id,
});
var groupRoles = new Keycloak.GroupRoles("groupRoles", new()
{
GroupId = @group.Id,
RealmId = realm.Id,
RoleIds = new[]
{
realmRole.Id,
clientRole.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.Group;
import com.pulumi.keycloak.GroupArgs;
import com.pulumi.keycloak.GroupRoles;
import com.pulumi.keycloak.GroupRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.enabled(true)
.realm("my-realm")
.build());
var realmRole = new Role("realmRole", RoleArgs.builder()
.description("My Realm Role")
.realmId(realm.id())
.build());
var client = new Client("client", ClientArgs.builder()
.accessType("BEARER-ONLY")
.clientId("client")
.enabled(true)
.realmId(realm.id())
.build());
var clientRole = new Role("clientRole", RoleArgs.builder()
.clientId(keycloak_client.client().id())
.description("My Client Role")
.realmId(realm.id())
.build());
var group = new Group("group", GroupArgs.builder()
.realmId(realm.id())
.build());
var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder()
.groupId(group.id())
.realmId(realm.id())
.roleIds(
realmRole.id(),
clientRole.id())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
enabled: true
realm: my-realm
realmRole:
type: keycloak:Role
properties:
description: My Realm Role
realmId: ${realm.id}
client:
type: keycloak:openid:Client
properties:
accessType: BEARER-ONLY
clientId: client
enabled: true
realmId: ${realm.id}
clientRole:
type: keycloak:Role
properties:
clientId: ${keycloak_client.client.id}
description: My Client Role
realmId: ${realm.id}
group:
type: keycloak:Group
properties:
realmId: ${realm.id}
groupRoles:
type: keycloak:GroupRoles
properties:
groupId: ${group.id}
realmId: ${realm.id}
roleIds:
- ${realmRole.id}
- ${clientRole.id}
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this group exists in.group_id- (Required) The ID of the group this resource should manage roles for.role_ids- (Required) A list of role IDs to map to the group
Import
This resource can be imported using the format
{{realm_id}}/{{group_id}}, where group_id is the unique ID that
Keycloak assigns to the group upon creation. This value can be found in
the URI when editing this group in the GUI, and is typically a GUID.
Example:
$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94
Create GroupRoles Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new GroupRoles(name: string, args: GroupRolesArgs, opts?: CustomResourceOptions);@overload
def GroupRoles(resource_name: str,
args: GroupRolesArgs,
opts: Optional[ResourceOptions] = None)
@overload
def GroupRoles(resource_name: str,
opts: Optional[ResourceOptions] = None,
group_id: Optional[str] = None,
realm_id: Optional[str] = None,
role_ids: Optional[Sequence[str]] = None,
exhaustive: Optional[bool] = None)func NewGroupRoles(ctx *Context, name string, args GroupRolesArgs, opts ...ResourceOption) (*GroupRoles, error)public GroupRoles(string name, GroupRolesArgs args, CustomResourceOptions? opts = null)
public GroupRoles(String name, GroupRolesArgs args)
public GroupRoles(String name, GroupRolesArgs args, CustomResourceOptions options)
type: keycloak:GroupRoles
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args GroupRolesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args GroupRolesArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args GroupRolesArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args GroupRolesArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args GroupRolesArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var groupRolesResource = new Keycloak.GroupRoles("groupRolesResource", new()
{
GroupId = "string",
RealmId = "string",
RoleIds = new[]
{
"string",
},
Exhaustive = false,
});
example, err := keycloak.NewGroupRoles(ctx, "groupRolesResource", &keycloak.GroupRolesArgs{
GroupId: pulumi.String("string"),
RealmId: pulumi.String("string"),
RoleIds: pulumi.StringArray{
pulumi.String("string"),
},
Exhaustive: pulumi.Bool(false),
})
var groupRolesResource = new GroupRoles("groupRolesResource", GroupRolesArgs.builder()
.groupId("string")
.realmId("string")
.roleIds("string")
.exhaustive(false)
.build());
group_roles_resource = keycloak.GroupRoles("groupRolesResource",
group_id="string",
realm_id="string",
role_ids=["string"],
exhaustive=False)
const groupRolesResource = new keycloak.GroupRoles("groupRolesResource", {
groupId: "string",
realmId: "string",
roleIds: ["string"],
exhaustive: false,
});
type: keycloak:GroupRoles
properties:
exhaustive: false
groupId: string
realmId: string
roleIds:
- string
GroupRoles Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The GroupRoles resource accepts the following input properties:
- Group
Id string - Realm
Id string - Role
Ids List<string> - Exhaustive bool
- Group
Id string - Realm
Id string - Role
Ids []string - Exhaustive bool
- group
Id String - realm
Id String - role
Ids List<String> - exhaustive Boolean
- group
Id string - realm
Id string - role
Ids string[] - exhaustive boolean
- group_
id str - realm_
id str - role_
ids Sequence[str] - exhaustive bool
- group
Id String - realm
Id String - role
Ids List<String> - exhaustive Boolean
Outputs
All input properties are implicitly available as output properties. Additionally, the GroupRoles resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing GroupRoles Resource
Get an existing GroupRoles resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: GroupRolesState, opts?: CustomResourceOptions): GroupRoles@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
exhaustive: Optional[bool] = None,
group_id: Optional[str] = None,
realm_id: Optional[str] = None,
role_ids: Optional[Sequence[str]] = None) -> GroupRolesfunc GetGroupRoles(ctx *Context, name string, id IDInput, state *GroupRolesState, opts ...ResourceOption) (*GroupRoles, error)public static GroupRoles Get(string name, Input<string> id, GroupRolesState? state, CustomResourceOptions? opts = null)public static GroupRoles get(String name, Output<String> id, GroupRolesState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Exhaustive bool
- Group
Id string - Realm
Id string - Role
Ids List<string>
- Exhaustive bool
- Group
Id string - Realm
Id string - Role
Ids []string
- exhaustive Boolean
- group
Id String - realm
Id String - role
Ids List<String>
- exhaustive boolean
- group
Id string - realm
Id string - role
Ids string[]
- exhaustive bool
- group_
id str - realm_
id str - role_
ids Sequence[str]
- exhaustive Boolean
- group
Id String - realm
Id String - role
Ids List<String>
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.