This data source can be used to retrieve Installation Provider of a SAML Client.
Example Usage
In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as keycloak from "@pulumi/keycloak";
import * as std from "@pulumi/std";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const samlClient = new keycloak.saml.Client("saml_client", {
realmId: realm.id,
clientId: "test-saml-client",
name: "test-saml-client",
signDocuments: false,
signAssertions: true,
includeAuthnStatement: true,
signingCertificate: std.index.file({
input: "saml-cert.pem",
}).result,
signingPrivateKey: std.index.file({
input: "saml-key.pem",
}).result,
});
const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({
realmId: realm.id,
clientId: samlClient.id,
providerId: "saml-idp-descriptor",
});
const _default = new aws.index.IamSamlProvider("default", {
name: "myprovider",
samlMetadataDocument: samlIdpDescriptor.value,
});
import pulumi
import pulumi_aws as aws
import pulumi_keycloak as keycloak
import pulumi_std as std
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
saml_client = keycloak.saml.Client("saml_client",
realm_id=realm.id,
client_id="test-saml-client",
name="test-saml-client",
sign_documents=False,
sign_assertions=True,
include_authn_statement=True,
signing_certificate=std.index.file(input="saml-cert.pem")["result"],
signing_private_key=std.index.file(input="saml-key.pem")["result"])
saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,
client_id=saml_client.id,
provider_id="saml-idp-descriptor")
default = aws.index.IamSamlProvider("default",
name=myprovider,
saml_metadata_document=saml_idp_descriptor.value)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/saml"
"github.com/pulumi/pulumi-std/sdk/go/std"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
invokeFile, err := std.File(ctx, map[string]interface{}{
"input": "saml-cert.pem",
}, nil)
if err != nil {
return err
}
invokeFile1, err := std.File(ctx, map[string]interface{}{
"input": "saml-key.pem",
}, nil)
if err != nil {
return err
}
samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("test-saml-client"),
Name: pulumi.String("test-saml-client"),
SignDocuments: pulumi.Bool(false),
SignAssertions: pulumi.Bool(true),
IncludeAuthnStatement: pulumi.Bool(true),
SigningCertificate: invokeFile.Result,
SigningPrivateKey: invokeFile1.Result,
})
if err != nil {
return err
}
samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{
RealmId: realm.ID(),
ClientId: samlClient.ID(),
ProviderId: pulumi.String("saml-idp-descriptor"),
}, nil)
_, err = aws.NewIamSamlProvider(ctx, "default", &aws.IamSamlProviderArgs{
Name: "myprovider",
SamlMetadataDocument: samlIdpDescriptor.Value,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
using Keycloak = Pulumi.Keycloak;
using Std = Pulumi.Std;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var samlClient = new Keycloak.Saml.Client("saml_client", new()
{
RealmId = realm.Id,
ClientId = "test-saml-client",
Name = "test-saml-client",
SignDocuments = false,
SignAssertions = true,
IncludeAuthnStatement = true,
SigningCertificate = Std.Index.File.Invoke(new()
{
Input = "saml-cert.pem",
}).Result,
SigningPrivateKey = Std.Index.File.Invoke(new()
{
Input = "saml-key.pem",
}).Result,
});
var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()
{
RealmId = realm.Id,
ClientId = samlClient.Id,
ProviderId = "saml-idp-descriptor",
});
var @default = new Aws.Index.IamSamlProvider("default", new()
{
Name = "myprovider",
SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.saml.Client;
import com.pulumi.keycloak.saml.ClientArgs;
import com.pulumi.std.StdFunctions;
import com.pulumi.keycloak.saml.SamlFunctions;
import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;
import com.pulumi.aws.IamSamlProvider;
import com.pulumi.aws.IamSamlProviderArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var samlClient = new Client("samlClient", ClientArgs.builder()
.realmId(realm.id())
.clientId("test-saml-client")
.name("test-saml-client")
.signDocuments(false)
.signAssertions(true)
.includeAuthnStatement(true)
.signingCertificate(StdFunctions.file(Map.of("input", "saml-cert.pem")).result())
.signingPrivateKey(StdFunctions.file(Map.of("input", "saml-key.pem")).result())
.build());
final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()
.realmId(realm.id())
.clientId(samlClient.id())
.providerId("saml-idp-descriptor")
.build());
var default_ = new IamSamlProvider("default", IamSamlProviderArgs.builder()
.name("myprovider")
.samlMetadataDocument(samlIdpDescriptor.value())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
samlClient:
type: keycloak:saml:Client
name: saml_client
properties:
realmId: ${realm.id}
clientId: test-saml-client
name: test-saml-client
signDocuments: false
signAssertions: true
includeAuthnStatement: true
signingCertificate:
fn::invoke:
function: std:file
arguments:
input: saml-cert.pem
return: result
signingPrivateKey:
fn::invoke:
function: std:file
arguments:
input: saml-key.pem
return: result
default:
type: aws:IamSamlProvider
properties:
name: myprovider
samlMetadataDocument: ${samlIdpDescriptor.value}
variables:
samlIdpDescriptor:
fn::invoke:
function: keycloak:saml:getClientInstallationProvider
arguments:
realmId: ${realm.id}
clientId: ${samlClient.id}
providerId: saml-idp-descriptor
Using getClientInstallationProvider
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: InvokeOptions): Promise<GetClientInstallationProviderResult>
function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: InvokeOptions): Output<GetClientInstallationProviderResult>def get_client_installation_provider(client_id: Optional[str] = None,
provider_id: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetClientInstallationProviderResult
def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str]] = None,
provider_id: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetClientInstallationProviderResult]func GetClientInstallationProvider(ctx *Context, args *GetClientInstallationProviderArgs, opts ...InvokeOption) (*GetClientInstallationProviderResult, error)
func GetClientInstallationProviderOutput(ctx *Context, args *GetClientInstallationProviderOutputArgs, opts ...InvokeOption) GetClientInstallationProviderResultOutput> Note: This function is named GetClientInstallationProvider in the Go SDK.
public static class GetClientInstallationProvider
{
public static Task<GetClientInstallationProviderResult> InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? opts = null)
public static Output<GetClientInstallationProviderResult> Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
public static Output<GetClientInstallationProviderResult> getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:saml/getClientInstallationProvider:getClientInstallationProvider
arguments:
# arguments dictionaryThe following arguments are supported:
- Client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - Provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - Realm
Id string - The realm that the SAML client exists within.
- Client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - Provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - Realm
Id string - The realm that the SAML client exists within.
- client
Id String - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id String - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id String - The realm that the SAML client exists within.
- client
Id string - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id string - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id string - The realm that the SAML client exists within.
- client_
id str - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider_
id str - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm_
id str - The realm that the SAML client exists within.
- client
Id String - The ID of the SAML client. The
idattribute of akeycloak_clientresource should be used here. - provider
Id String - The ID of the SAML installation provider. Could be one of
saml-idp-descriptor,keycloak-saml,saml-sp-descriptor,keycloak-saml-subsystem,mod-auth-mellon, etc. - realm
Id String - The realm that the SAML client exists within.
getClientInstallationProvider Result
The following output properties are available:
- Client
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
- (Computed) The returned document needed for SAML installation.
- Client
Id string - Id string
- The provider-assigned unique ID for this managed resource.
- Provider
Id string - Realm
Id string - Value string
- (Computed) The returned document needed for SAML installation.
- client
Id String - id String
- The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
- (Computed) The returned document needed for SAML installation.
- client
Id string - id string
- The provider-assigned unique ID for this managed resource.
- provider
Id string - realm
Id string - value string
- (Computed) The returned document needed for SAML installation.
- client_
id str - id str
- The provider-assigned unique ID for this managed resource.
- provider_
id str - realm_
id str - value str
- (Computed) The returned document needed for SAML installation.
- client
Id String - id String
- The provider-assigned unique ID for this managed resource.
- provider
Id String - realm
Id String - value String
- (Computed) The returned document needed for SAML installation.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
