Ready to level-up your engineering skills? Join a Pulumi Workshop. Register Now

User

Allows for creating and managing Users within Keycloak.

This resource was created primarily to enable the acceptance tests for the keycloak.Group resource. Creating users within Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers or identity providers.

Example Usage

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
    public MyStack()
    {
        var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
        {
            Realm = "my-realm",
            Enabled = true,
        });
        var user = new Keycloak.User("user", new Keycloak.UserArgs
        {
            RealmId = realm.Id,
            Username = "bob",
            Enabled = true,
            Email = "bob@domain.com",
            FirstName = "Bob",
            LastName = "Bobson",
        });
        var userWithInitialPassword = new Keycloak.User("userWithInitialPassword", new Keycloak.UserArgs
        {
            RealmId = realm.Id,
            Username = "alice",
            Enabled = true,
            Email = "alice@domain.com",
            FirstName = "Alice",
            LastName = "Aliceberg",
            Attributes = 
            {
                { "foo", "bar" },
            },
            InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs
            {
                Value = "some password",
                Temporary = true,
            },
        });
    }

}
package main

import (
    "github.com/pulumi/pulumi-keycloak/sdk/v3/go/keycloak"
    "github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
    pulumi.Run(func(ctx *pulumi.Context) error {
        realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
            Realm:   pulumi.String("my-realm"),
            Enabled: pulumi.Bool(true),
        })
        if err != nil {
            return err
        }
        _, err = keycloak.NewUser(ctx, "user", &keycloak.UserArgs{
            RealmId:   realm.ID(),
            Username:  pulumi.String("bob"),
            Enabled:   pulumi.Bool(true),
            Email:     pulumi.String("bob@domain.com"),
            FirstName: pulumi.String("Bob"),
            LastName:  pulumi.String("Bobson"),
        })
        if err != nil {
            return err
        }
        _, err = keycloak.NewUser(ctx, "userWithInitialPassword", &keycloak.UserArgs{
            RealmId:   realm.ID(),
            Username:  pulumi.String("alice"),
            Enabled:   pulumi.Bool(true),
            Email:     pulumi.String("alice@domain.com"),
            FirstName: pulumi.String("Alice"),
            LastName:  pulumi.String("Aliceberg"),
            Attributes: pulumi.StringMap{
                "foo": pulumi.String("bar"),
            },
            InitialPassword: &keycloak.UserInitialPasswordArgs{
                Value:     pulumi.String("some password"),
                Temporary: pulumi.Bool(true),
            },
        })
        if err != nil {
            return err
        }
        return nil
    })
}
import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
user = keycloak.User("user",
    realm_id=realm.id,
    username="bob",
    enabled=True,
    email="bob@domain.com",
    first_name="Bob",
    last_name="Bobson")
user_with_initial_password = keycloak.User("userWithInitialPassword",
    realm_id=realm.id,
    username="alice",
    enabled=True,
    email="alice@domain.com",
    first_name="Alice",
    last_name="Aliceberg",
    attributes={
        "foo": "bar",
    },
    initial_password=keycloak.UserInitialPasswordArgs(
        value="some password",
        temporary=True,
    ))
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const user = new keycloak.User("user", {
    realmId: realm.id,
    username: "bob",
    enabled: true,
    email: "bob@domain.com",
    firstName: "Bob",
    lastName: "Bobson",
});
const userWithInitialPassword = new keycloak.User("userWithInitialPassword", {
    realmId: realm.id,
    username: "alice",
    enabled: true,
    email: "alice@domain.com",
    firstName: "Alice",
    lastName: "Aliceberg",
    attributes: {
        foo: "bar",
    },
    initialPassword: {
        value: "some password",
        temporary: true,
    },
});

Create a User Resource

new User(name: string, args: UserArgs, opts?: CustomResourceOptions);
def User(resource_name: str, opts: Optional[ResourceOptions] = None, attributes: Optional[Mapping[str, Any]] = None, email: Optional[str] = None, email_verified: Optional[bool] = None, enabled: Optional[bool] = None, federated_identities: Optional[Sequence[UserFederatedIdentityArgs]] = None, first_name: Optional[str] = None, initial_password: Optional[UserInitialPasswordArgs] = None, last_name: Optional[str] = None, realm_id: Optional[str] = None, username: Optional[str] = None)
func NewUser(ctx *Context, name string, args UserArgs, opts ...ResourceOption) (*User, error)
public User(string name, UserArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args UserArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

User Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The User resource accepts the following input properties:

RealmId string

The realm this user belongs to.

Username string

The unique username of this user.

Attributes Dictionary<string, object>

A map representing attributes for the user

Email string

The user’s email.

EmailVerified bool

Whether the email address was validated or not. Default to false.

Enabled bool

When false, this user cannot log in. Defaults to true.

FederatedIdentities List<UserFederatedIdentityArgs>
FirstName string

The user’s first name.

InitialPassword UserInitialPasswordArgs

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

LastName string

The user’s last name.

RealmId string

The realm this user belongs to.

Username string

The unique username of this user.

Attributes map[string]interface{}

A map representing attributes for the user

Email string

The user’s email.

EmailVerified bool

Whether the email address was validated or not. Default to false.

Enabled bool

When false, this user cannot log in. Defaults to true.

FederatedIdentities []UserFederatedIdentity
FirstName string

The user’s first name.

InitialPassword UserInitialPassword

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

LastName string

The user’s last name.

realmId string

The realm this user belongs to.

username string

The unique username of this user.

attributes {[key: string]: any}

A map representing attributes for the user

email string

The user’s email.

emailVerified boolean

Whether the email address was validated or not. Default to false.

enabled boolean

When false, this user cannot log in. Defaults to true.

federatedIdentities UserFederatedIdentity[]
firstName string

The user’s first name.

initialPassword UserInitialPassword

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

lastName string

The user’s last name.

realm_id str

The realm this user belongs to.

username str

The unique username of this user.

attributes Mapping[str, Any]

A map representing attributes for the user

email str

The user’s email.

email_verified bool

Whether the email address was validated or not. Default to false.

enabled bool

When false, this user cannot log in. Defaults to true.

federated_identities Sequence[UserFederatedIdentityArgs]
first_name str

The user’s first name.

initial_password UserInitialPasswordArgs

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

last_name str

The user’s last name.

Outputs

All input properties are implicitly available as output properties. Additionally, the User resource produces the following output properties:

Id string
The provider-assigned unique ID for this managed resource.
Id string
The provider-assigned unique ID for this managed resource.
id string
The provider-assigned unique ID for this managed resource.
id str
The provider-assigned unique ID for this managed resource.

Look up an Existing User Resource

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: UserState, opts?: CustomResourceOptions): User
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, attributes: Optional[Mapping[str, Any]] = None, email: Optional[str] = None, email_verified: Optional[bool] = None, enabled: Optional[bool] = None, federated_identities: Optional[Sequence[UserFederatedIdentityArgs]] = None, first_name: Optional[str] = None, initial_password: Optional[UserInitialPasswordArgs] = None, last_name: Optional[str] = None, realm_id: Optional[str] = None, username: Optional[str] = None) -> User
func GetUser(ctx *Context, name string, id IDInput, state *UserState, opts ...ResourceOption) (*User, error)
public static User Get(string name, Input<string> id, UserState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Attributes Dictionary<string, object>

A map representing attributes for the user

Email string

The user’s email.

EmailVerified bool

Whether the email address was validated or not. Default to false.

Enabled bool

When false, this user cannot log in. Defaults to true.

FederatedIdentities List<UserFederatedIdentityArgs>
FirstName string

The user’s first name.

InitialPassword UserInitialPasswordArgs

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

LastName string

The user’s last name.

RealmId string

The realm this user belongs to.

Username string

The unique username of this user.

Attributes map[string]interface{}

A map representing attributes for the user

Email string

The user’s email.

EmailVerified bool

Whether the email address was validated or not. Default to false.

Enabled bool

When false, this user cannot log in. Defaults to true.

FederatedIdentities []UserFederatedIdentity
FirstName string

The user’s first name.

InitialPassword UserInitialPassword

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

LastName string

The user’s last name.

RealmId string

The realm this user belongs to.

Username string

The unique username of this user.

attributes {[key: string]: any}

A map representing attributes for the user

email string

The user’s email.

emailVerified boolean

Whether the email address was validated or not. Default to false.

enabled boolean

When false, this user cannot log in. Defaults to true.

federatedIdentities UserFederatedIdentity[]
firstName string

The user’s first name.

initialPassword UserInitialPassword

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

lastName string

The user’s last name.

realmId string

The realm this user belongs to.

username string

The unique username of this user.

attributes Mapping[str, Any]

A map representing attributes for the user

email str

The user’s email.

email_verified bool

Whether the email address was validated or not. Default to false.

enabled bool

When false, this user cannot log in. Defaults to true.

federated_identities Sequence[UserFederatedIdentityArgs]
first_name str

The user’s first name.

initial_password UserInitialPasswordArgs

When given, the user’s initial password will be set. This attribute is only respected during initial user creation.

last_name str

The user’s last name.

realm_id str

The realm this user belongs to.

username str

The unique username of this user.

Supporting Types

UserFederatedIdentity

IdentityProvider string

The name of the identity provider

UserId string

The ID of the user defined in the identity provider

UserName string

The user name of the user defined in the identity provider

IdentityProvider string

The name of the identity provider

UserId string

The ID of the user defined in the identity provider

UserName string

The user name of the user defined in the identity provider

identityProvider string

The name of the identity provider

userId string

The ID of the user defined in the identity provider

userName string

The user name of the user defined in the identity provider

identity_provider str

The name of the identity provider

user_id str

The ID of the user defined in the identity provider

user_name str

The user name of the user defined in the identity provider

UserInitialPassword

Value string

The initial password.

Temporary bool

If set to true, the initial password is set up for renewal on first use. Default to false.

Value string

The initial password.

Temporary bool

If set to true, the initial password is set up for renewal on first use. Default to false.

value string

The initial password.

temporary boolean

If set to true, the initial password is set up for renewal on first use. Default to false.

value str

The initial password.

temporary bool

If set to true, the initial password is set up for renewal on first use. Default to false.

Import

Users can be imported using the format {{realm_id}}/{{user_id}}, where user_id is the unique ID that Keycloak assigns to the user upon creation. This value can be found in the GUI when editing the user. Examplebash

 $ pulumi import keycloak:index/user:User user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4

Package Details

Repository
https://github.com/pulumi/pulumi-keycloak
License
Apache-2.0
Notes
This Pulumi package is based on the keycloak Terraform Provider.