1. Packages
  2. Keycloak
  3. API Docs
  4. Role
Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi

keycloak.Role

Explore with Pulumi AI

keycloak logo
Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi

    # keycloak.Role

    Allows for creating and managing roles within Keycloak.

    Roles allow you define privileges within Keycloak and map them to users and groups.

    Example Usage (Realm role)

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        enabled: true,
        realm: "my-realm",
    });
    const realmRole = new keycloak.Role("realmRole", {
        description: "My Realm Role",
        realmId: realm.id,
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        enabled=True,
        realm="my-realm")
    realm_role = keycloak.Role("realmRole",
        description="My Realm Role",
        realm_id=realm.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Enabled: pulumi.Bool(true),
    			Realm:   pulumi.String("my-realm"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{
    			Description: pulumi.String("My Realm Role"),
    			RealmId:     realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            Enabled = true,
            RealmName = "my-realm",
        });
    
        var realmRole = new Keycloak.Role("realmRole", new()
        {
            Description = "My Realm Role",
            RealmId = realm.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.Role;
    import com.pulumi.keycloak.RoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()        
                .enabled(true)
                .realm("my-realm")
                .build());
    
            var realmRole = new Role("realmRole", RoleArgs.builder()        
                .description("My Realm Role")
                .realmId(realm.id())
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          enabled: true
          realm: my-realm
      realmRole:
        type: keycloak:Role
        properties:
          description: My Realm Role
          realmId: ${realm.id}
    

    Example Usage (Client role)

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        enabled: true,
        realm: "my-realm",
    });
    const client = new keycloak.openid.Client("client", {
        accessType: "BEARER-ONLY",
        clientId: "client",
        enabled: true,
        realmId: realm.id,
    });
    const clientRole = new keycloak.Role("clientRole", {
        clientId: keycloak_client.client.id,
        description: "My Client Role",
        realmId: realm.id,
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        enabled=True,
        realm="my-realm")
    client = keycloak.openid.Client("client",
        access_type="BEARER-ONLY",
        client_id="client",
        enabled=True,
        realm_id=realm.id)
    client_role = keycloak.Role("clientRole",
        client_id=keycloak_client["client"]["id"],
        description="My Client Role",
        realm_id=realm.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Enabled: pulumi.Bool(true),
    			Realm:   pulumi.String("my-realm"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = openid.NewClient(ctx, "client", &openid.ClientArgs{
    			AccessType: pulumi.String("BEARER-ONLY"),
    			ClientId:   pulumi.String("client"),
    			Enabled:    pulumi.Bool(true),
    			RealmId:    realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{
    			ClientId:    pulumi.Any(keycloak_client.Client.Id),
    			Description: pulumi.String("My Client Role"),
    			RealmId:     realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            Enabled = true,
            RealmName = "my-realm",
        });
    
        var client = new Keycloak.OpenId.Client("client", new()
        {
            AccessType = "BEARER-ONLY",
            ClientId = "client",
            Enabled = true,
            RealmId = realm.Id,
        });
    
        var clientRole = new Keycloak.Role("clientRole", new()
        {
            ClientId = keycloak_client.Client.Id,
            Description = "My Client Role",
            RealmId = realm.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.openid.Client;
    import com.pulumi.keycloak.openid.ClientArgs;
    import com.pulumi.keycloak.Role;
    import com.pulumi.keycloak.RoleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()        
                .enabled(true)
                .realm("my-realm")
                .build());
    
            var client = new Client("client", ClientArgs.builder()        
                .accessType("BEARER-ONLY")
                .clientId("client")
                .enabled(true)
                .realmId(realm.id())
                .build());
    
            var clientRole = new Role("clientRole", RoleArgs.builder()        
                .clientId(keycloak_client.client().id())
                .description("My Client Role")
                .realmId(realm.id())
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          enabled: true
          realm: my-realm
      client:
        type: keycloak:openid:Client
        properties:
          accessType: BEARER-ONLY
          clientId: client
          enabled: true
          realmId: ${realm.id}
      clientRole:
        type: keycloak:Role
        properties:
          clientId: ${keycloak_client.client.id}
          description: My Client Role
          realmId: ${realm.id}
    

    Example Usage (Composite role)

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        enabled: true,
        realm: "my-realm",
    });
    const createRole = new keycloak.Role("createRole", {realmId: realm.id});
    const readRole = new keycloak.Role("readRole", {realmId: realm.id});
    const updateRole = new keycloak.Role("updateRole", {realmId: realm.id});
    const deleteRole = new keycloak.Role("deleteRole", {realmId: realm.id});
    const client = new keycloak.openid.Client("client", {
        accessType: "BEARER-ONLY",
        clientId: "client",
        enabled: true,
        realmId: realm.id,
    });
    const clientRole = new keycloak.Role("clientRole", {
        clientId: keycloak_client.client.id,
        description: "My Client Role",
        realmId: realm.id,
    });
    const adminRole = new keycloak.Role("adminRole", {
        compositeRoles: [
            "{keycloak_role.create_role.id}",
            "{keycloak_role.read_role.id}",
            "{keycloak_role.update_role.id}",
            "{keycloak_role.delete_role.id}",
            "{keycloak_role.client_role.id}",
        ],
        realmId: realm.id,
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        enabled=True,
        realm="my-realm")
    create_role = keycloak.Role("createRole", realm_id=realm.id)
    read_role = keycloak.Role("readRole", realm_id=realm.id)
    update_role = keycloak.Role("updateRole", realm_id=realm.id)
    delete_role = keycloak.Role("deleteRole", realm_id=realm.id)
    client = keycloak.openid.Client("client",
        access_type="BEARER-ONLY",
        client_id="client",
        enabled=True,
        realm_id=realm.id)
    client_role = keycloak.Role("clientRole",
        client_id=keycloak_client["client"]["id"],
        description="My Client Role",
        realm_id=realm.id)
    admin_role = keycloak.Role("adminRole",
        composite_roles=[
            "{keycloak_role.create_role.id}",
            "{keycloak_role.read_role.id}",
            "{keycloak_role.update_role.id}",
            "{keycloak_role.delete_role.id}",
            "{keycloak_role.client_role.id}",
        ],
        realm_id=realm.id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Enabled: pulumi.Bool(true),
    			Realm:   pulumi.String("my-realm"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "createRole", &keycloak.RoleArgs{
    			RealmId: realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "readRole", &keycloak.RoleArgs{
    			RealmId: realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "updateRole", &keycloak.RoleArgs{
    			RealmId: realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "deleteRole", &keycloak.RoleArgs{
    			RealmId: realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = openid.NewClient(ctx, "client", &openid.ClientArgs{
    			AccessType: pulumi.String("BEARER-ONLY"),
    			ClientId:   pulumi.String("client"),
    			Enabled:    pulumi.Bool(true),
    			RealmId:    realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{
    			ClientId:    pulumi.Any(keycloak_client.Client.Id),
    			Description: pulumi.String("My Client Role"),
    			RealmId:     realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewRole(ctx, "adminRole", &keycloak.RoleArgs{
    			CompositeRoles: pulumi.StringArray{
    				pulumi.String("{keycloak_role.create_role.id}"),
    				pulumi.String("{keycloak_role.read_role.id}"),
    				pulumi.String("{keycloak_role.update_role.id}"),
    				pulumi.String("{keycloak_role.delete_role.id}"),
    				pulumi.String("{keycloak_role.client_role.id}"),
    			},
    			RealmId: realm.ID(),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            Enabled = true,
            RealmName = "my-realm",
        });
    
        var createRole = new Keycloak.Role("createRole", new()
        {
            RealmId = realm.Id,
        });
    
        var readRole = new Keycloak.Role("readRole", new()
        {
            RealmId = realm.Id,
        });
    
        var updateRole = new Keycloak.Role("updateRole", new()
        {
            RealmId = realm.Id,
        });
    
        var deleteRole = new Keycloak.Role("deleteRole", new()
        {
            RealmId = realm.Id,
        });
    
        var client = new Keycloak.OpenId.Client("client", new()
        {
            AccessType = "BEARER-ONLY",
            ClientId = "client",
            Enabled = true,
            RealmId = realm.Id,
        });
    
        var clientRole = new Keycloak.Role("clientRole", new()
        {
            ClientId = keycloak_client.Client.Id,
            Description = "My Client Role",
            RealmId = realm.Id,
        });
    
        var adminRole = new Keycloak.Role("adminRole", new()
        {
            CompositeRoles = new[]
            {
                "{keycloak_role.create_role.id}",
                "{keycloak_role.read_role.id}",
                "{keycloak_role.update_role.id}",
                "{keycloak_role.delete_role.id}",
                "{keycloak_role.client_role.id}",
            },
            RealmId = realm.Id,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.Role;
    import com.pulumi.keycloak.RoleArgs;
    import com.pulumi.keycloak.openid.Client;
    import com.pulumi.keycloak.openid.ClientArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()        
                .enabled(true)
                .realm("my-realm")
                .build());
    
            var createRole = new Role("createRole", RoleArgs.builder()        
                .realmId(realm.id())
                .build());
    
            var readRole = new Role("readRole", RoleArgs.builder()        
                .realmId(realm.id())
                .build());
    
            var updateRole = new Role("updateRole", RoleArgs.builder()        
                .realmId(realm.id())
                .build());
    
            var deleteRole = new Role("deleteRole", RoleArgs.builder()        
                .realmId(realm.id())
                .build());
    
            var client = new Client("client", ClientArgs.builder()        
                .accessType("BEARER-ONLY")
                .clientId("client")
                .enabled(true)
                .realmId(realm.id())
                .build());
    
            var clientRole = new Role("clientRole", RoleArgs.builder()        
                .clientId(keycloak_client.client().id())
                .description("My Client Role")
                .realmId(realm.id())
                .build());
    
            var adminRole = new Role("adminRole", RoleArgs.builder()        
                .compositeRoles(            
                    "{keycloak_role.create_role.id}",
                    "{keycloak_role.read_role.id}",
                    "{keycloak_role.update_role.id}",
                    "{keycloak_role.delete_role.id}",
                    "{keycloak_role.client_role.id}")
                .realmId(realm.id())
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          enabled: true
          realm: my-realm
      createRole:
        type: keycloak:Role
        properties:
          realmId: ${realm.id}
      readRole:
        type: keycloak:Role
        properties:
          realmId: ${realm.id}
      updateRole:
        type: keycloak:Role
        properties:
          realmId: ${realm.id}
      deleteRole:
        type: keycloak:Role
        properties:
          realmId: ${realm.id}
      client:
        type: keycloak:openid:Client
        properties:
          accessType: BEARER-ONLY
          clientId: client
          enabled: true
          realmId: ${realm.id}
      clientRole:
        type: keycloak:Role
        properties:
          clientId: ${keycloak_client.client.id}
          description: My Client Role
          realmId: ${realm.id}
      adminRole:
        type: keycloak:Role
        properties:
          compositeRoles:
            - '{keycloak_role.create_role.id}'
            - '{keycloak_role.read_role.id}'
            - '{keycloak_role.update_role.id}'
            - '{keycloak_role.delete_role.id}'
            - '{keycloak_role.client_role.id}'
          realmId: ${realm.id}
    

    Argument Reference

    The following arguments are supported:

    • realm_id - (Required) The realm this role exists within.
    • client_id - (Optional) When specified, this role will be created as a client role attached to the client with the provided ID
    • name - (Required) The name of the role
    • description - (Optional) The description of the role
    • composite_roles - (Optional) When specified, this role will be a composite role, composed of all roles that have an ID present within this list.

    Import

    Roles can be imported using the format {{realm_id}}/{{role_id}}, where role_id is the unique ID that Keycloak assigns to the role. The ID is not easy to find in the GUI, but it appears in the URL when editing the role.

    Example:

    $ terraform import keycloak_role.role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad
    

    Create Role Resource

    new Role(name: string, args: RoleArgs, opts?: CustomResourceOptions);
    @overload
    def Role(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             attributes: Optional[Mapping[str, Any]] = None,
             client_id: Optional[str] = None,
             composite_roles: Optional[Sequence[str]] = None,
             description: Optional[str] = None,
             name: Optional[str] = None,
             realm_id: Optional[str] = None)
    @overload
    def Role(resource_name: str,
             args: RoleArgs,
             opts: Optional[ResourceOptions] = None)
    func NewRole(ctx *Context, name string, args RoleArgs, opts ...ResourceOption) (*Role, error)
    public Role(string name, RoleArgs args, CustomResourceOptions? opts = null)
    public Role(String name, RoleArgs args)
    public Role(String name, RoleArgs args, CustomResourceOptions options)
    
    type: keycloak:Role
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args RoleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Role Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Role resource accepts the following input properties:

    RealmId string
    Attributes Dictionary<string, object>
    ClientId string
    CompositeRoles List<string>
    Description string
    Name string
    RealmId string
    Attributes map[string]interface{}
    ClientId string
    CompositeRoles []string
    Description string
    Name string
    realmId String
    attributes Map<String,Object>
    clientId String
    compositeRoles List<String>
    description String
    name String
    realmId string
    attributes {[key: string]: any}
    clientId string
    compositeRoles string[]
    description string
    name string
    realm_id str
    attributes Mapping[str, Any]
    client_id str
    composite_roles Sequence[str]
    description str
    name str
    realmId String
    attributes Map<Any>
    clientId String
    compositeRoles List<String>
    description String
    name String

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Role resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing Role Resource

    Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: RoleState, opts?: CustomResourceOptions): Role
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            attributes: Optional[Mapping[str, Any]] = None,
            client_id: Optional[str] = None,
            composite_roles: Optional[Sequence[str]] = None,
            description: Optional[str] = None,
            name: Optional[str] = None,
            realm_id: Optional[str] = None) -> Role
    func GetRole(ctx *Context, name string, id IDInput, state *RoleState, opts ...ResourceOption) (*Role, error)
    public static Role Get(string name, Input<string> id, RoleState? state, CustomResourceOptions? opts = null)
    public static Role get(String name, Output<String> id, RoleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Attributes Dictionary<string, object>
    ClientId string
    CompositeRoles List<string>
    Description string
    Name string
    RealmId string
    Attributes map[string]interface{}
    ClientId string
    CompositeRoles []string
    Description string
    Name string
    RealmId string
    attributes Map<String,Object>
    clientId String
    compositeRoles List<String>
    description String
    name String
    realmId String
    attributes {[key: string]: any}
    clientId string
    compositeRoles string[]
    description string
    name string
    realmId string
    attributes Mapping[str, Any]
    client_id str
    composite_roles Sequence[str]
    description str
    name str
    realm_id str
    attributes Map<Any>
    clientId String
    compositeRoles List<String>
    description String
    name String
    realmId String

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v5.3.1 published on Monday, Mar 11, 2024 by Pulumi