User
Allows for creating and managing Users within Keycloak.
This resource was created primarily to enable the acceptance tests for the keycloak.Group resource. Creating users within
Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers
or identity providers.
Example Usage
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
Realm = "my-realm",
Enabled = true,
});
var user = new Keycloak.User("user", new Keycloak.UserArgs
{
RealmId = realm.Id,
Username = "bob",
Enabled = true,
Email = "bob@domain.com",
FirstName = "Bob",
LastName = "Bobson",
});
var userWithInitialPassword = new Keycloak.User("userWithInitialPassword", new Keycloak.UserArgs
{
RealmId = realm.Id,
Username = "alice",
Enabled = true,
Email = "alice@domain.com",
FirstName = "Alice",
LastName = "Aliceberg",
Attributes =
{
{ "foo", "bar" },
},
InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs
{
Value = "some password",
Temporary = true,
},
});
}
}
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
_, err = keycloak.NewUser(ctx, "user", &keycloak.UserArgs{
RealmId: realm.ID(),
Username: pulumi.String("bob"),
Enabled: pulumi.Bool(true),
Email: pulumi.String("bob@domain.com"),
FirstName: pulumi.String("Bob"),
LastName: pulumi.String("Bobson"),
})
if err != nil {
return err
}
_, err = keycloak.NewUser(ctx, "userWithInitialPassword", &keycloak.UserArgs{
RealmId: realm.ID(),
Username: pulumi.String("alice"),
Enabled: pulumi.Bool(true),
Email: pulumi.String("alice@domain.com"),
FirstName: pulumi.String("Alice"),
LastName: pulumi.String("Aliceberg"),
Attributes: pulumi.StringMap{
"foo": pulumi.String("bar"),
},
InitialPassword: &keycloak.UserInitialPasswordArgs{
Value: pulumi.String("some password"),
Temporary: pulumi.Bool(true),
},
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
user = keycloak.User("user",
realm_id=realm.id,
username="bob",
enabled=True,
email="bob@domain.com",
first_name="Bob",
last_name="Bobson")
user_with_initial_password = keycloak.User("userWithInitialPassword",
realm_id=realm.id,
username="alice",
enabled=True,
email="alice@domain.com",
first_name="Alice",
last_name="Aliceberg",
attributes={
"foo": "bar",
},
initial_password=keycloak.UserInitialPasswordArgs(
value="some password",
temporary=True,
))import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const user = new keycloak.User("user", {
realmId: realm.id,
username: "bob",
enabled: true,
email: "bob@domain.com",
firstName: "Bob",
lastName: "Bobson",
});
const userWithInitialPassword = new keycloak.User("userWithInitialPassword", {
realmId: realm.id,
username: "alice",
enabled: true,
email: "alice@domain.com",
firstName: "Alice",
lastName: "Aliceberg",
attributes: {
foo: "bar",
},
initialPassword: {
value: "some password",
temporary: true,
},
});Create a User Resource
new User(name: string, args: UserArgs, opts?: CustomResourceOptions);def User(resource_name: str, opts: Optional[ResourceOptions] = None, attributes: Optional[Mapping[str, Any]] = None, email: Optional[str] = None, email_verified: Optional[bool] = None, enabled: Optional[bool] = None, federated_identities: Optional[Sequence[UserFederatedIdentityArgs]] = None, first_name: Optional[str] = None, initial_password: Optional[UserInitialPasswordArgs] = None, last_name: Optional[str] = None, realm_id: Optional[str] = None, username: Optional[str] = None)func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)public User(string name, UserArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args UserArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
User Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The User resource accepts the following input properties:
- Realm
Id string The realm this user belongs to.
- Username string
The unique username of this user.
- Attributes Dictionary<string, object>
A map representing attributes for the user
- Email string
The user’s email.
- Email
Verified bool Whether the email address was validated or not. Default to
false.- Enabled bool
When false, this user cannot log in. Defaults to
true.- Federated
Identities List<UserFederated Identity Args> - First
Name string The user’s first name.
- Initial
Password UserInitial Password Args When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- Last
Name string The user’s last name.
- Realm
Id string The realm this user belongs to.
- Username string
The unique username of this user.
- Attributes map[string]interface{}
A map representing attributes for the user
- Email string
The user’s email.
- Email
Verified bool Whether the email address was validated or not. Default to
false.- Enabled bool
When false, this user cannot log in. Defaults to
true.- Federated
Identities []UserFederated Identity - First
Name string The user’s first name.
- Initial
Password UserInitial Password When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- Last
Name string The user’s last name.
- realm
Id string The realm this user belongs to.
- username string
The unique username of this user.
- attributes {[key: string]: any}
A map representing attributes for the user
- email string
The user’s email.
- email
Verified boolean Whether the email address was validated or not. Default to
false.- enabled boolean
When false, this user cannot log in. Defaults to
true.- federated
Identities UserFederated Identity[] - first
Name string The user’s first name.
- initial
Password UserInitial Password When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- last
Name string The user’s last name.
- realm_
id str The realm this user belongs to.
- username str
The unique username of this user.
- attributes Mapping[str, Any]
A map representing attributes for the user
- email str
The user’s email.
- email_
verified bool Whether the email address was validated or not. Default to
false.- enabled bool
When false, this user cannot log in. Defaults to
true.- federated_
identities Sequence[UserFederated Identity Args] - first_
name str The user’s first name.
- initial_
password UserInitial Password Args When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- last_
name str The user’s last name.
Outputs
All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
Look up an Existing User Resource
Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, attributes: Optional[Mapping[str, Any]] = None, email: Optional[str] = None, email_verified: Optional[bool] = None, enabled: Optional[bool] = None, federated_identities: Optional[Sequence[UserFederatedIdentityArgs]] = None, first_name: Optional[str] = None, initial_password: Optional[UserInitialPasswordArgs] = None, last_name: Optional[str] = None, realm_id: Optional[str] = None, username: Optional[str] = None) -> Userfunc GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Attributes Dictionary<string, object>
A map representing attributes for the user
- Email string
The user’s email.
- Email
Verified bool Whether the email address was validated or not. Default to
false.- Enabled bool
When false, this user cannot log in. Defaults to
true.- Federated
Identities List<UserFederated Identity Args> - First
Name string The user’s first name.
- Initial
Password UserInitial Password Args When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- Last
Name string The user’s last name.
- Realm
Id string The realm this user belongs to.
- Username string
The unique username of this user.
- Attributes map[string]interface{}
A map representing attributes for the user
- Email string
The user’s email.
- Email
Verified bool Whether the email address was validated or not. Default to
false.- Enabled bool
When false, this user cannot log in. Defaults to
true.- Federated
Identities []UserFederated Identity - First
Name string The user’s first name.
- Initial
Password UserInitial Password When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- Last
Name string The user’s last name.
- Realm
Id string The realm this user belongs to.
- Username string
The unique username of this user.
- attributes {[key: string]: any}
A map representing attributes for the user
- email string
The user’s email.
- email
Verified boolean Whether the email address was validated or not. Default to
false.- enabled boolean
When false, this user cannot log in. Defaults to
true.- federated
Identities UserFederated Identity[] - first
Name string The user’s first name.
- initial
Password UserInitial Password When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- last
Name string The user’s last name.
- realm
Id string The realm this user belongs to.
- username string
The unique username of this user.
- attributes Mapping[str, Any]
A map representing attributes for the user
- email str
The user’s email.
- email_
verified bool Whether the email address was validated or not. Default to
false.- enabled bool
When false, this user cannot log in. Defaults to
true.- federated_
identities Sequence[UserFederated Identity Args] - first_
name str The user’s first name.
- initial_
password UserInitial Password Args When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
- last_
name str The user’s last name.
- realm_
id str The realm this user belongs to.
- username str
The unique username of this user.
Supporting Types
UserFederatedIdentity
- Identity
Provider string The name of the identity provider
- User
Id string The ID of the user defined in the identity provider
- User
Name string The user name of the user defined in the identity provider
- Identity
Provider string The name of the identity provider
- User
Id string The ID of the user defined in the identity provider
- User
Name string The user name of the user defined in the identity provider
- identity
Provider string The name of the identity provider
- user
Id string The ID of the user defined in the identity provider
- user
Name string The user name of the user defined in the identity provider
- identity_
provider str The name of the identity provider
- user_
id str The ID of the user defined in the identity provider
- user_
name str The user name of the user defined in the identity provider
UserInitialPassword
Import
Users can be imported using the format {{realm_id}}/{{user_id}}, where user_id is the unique ID that Keycloak assigns to the user upon creation. This value can be found in the GUI when editing the user. Examplebash
$ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4Package Details
- Repository
- https://github.com/pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.