Package @pulumi/keycloak

This provider is a derived work of the Terraform Provider distributed under MIT. If you encounter a bug or missing feature, first check the pulumi/pulumi-keycloak repo; however, if that doesn’t turn up anything, please consult the source mrparkers/terraform-provider-keycloak repo.

var keycloak = require("@pulumi/keycloak");
import * as keycloak from "@pulumi/keycloak";

Modules

Resources

Data Sources

Others

Resources

Resource AttributeImporterIdentityProviderMapper

class AttributeImporterIdentityProviderMapper extends CustomResource

# keycloak..AttributeImporterIdentityProviderMapper

Allows to create and manage identity provider mappers within Keycloak.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const testMapper = new keycloak.AttributeImporterIdentityProviderMapper("testMapper", {
    attributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname",
    identityProviderAlias: "idpAlias",
    realm: "my-realm",
    userAttribute: "lastName",
});
Argument Reference

The following arguments are supported:

  • realm - (Required) The name of the realm.
  • name - (Required) The name of the mapper.
  • identityProviderAlias - (Required) The alias of the associated identity provider.
  • userAttribute - (Required) The user attribute name to store SAML attribute.
  • attributeName - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.
  • attributeFriendlyName - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead.
  • claimName - (Optional) The claim name.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/attribute_importer_identity_provider_mapper.html.markdown.

constructor

new AttributeImporterIdentityProviderMapper(name: string, args: AttributeImporterIdentityProviderMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a AttributeImporterIdentityProviderMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AttributeImporterIdentityProviderMapperState, opts?: pulumi.CustomResourceOptions): AttributeImporterIdentityProviderMapper

Get an existing AttributeImporterIdentityProviderMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AttributeImporterIdentityProviderMapper

Returns true if the given object is an instance of AttributeImporterIdentityProviderMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributeFriendlyName

public attributeFriendlyName: pulumi.Output<string | undefined>;

Attribute Friendly Name

property attributeName

public attributeName: pulumi.Output<string | undefined>;

Attribute Name

property claimName

public claimName: pulumi.Output<string | undefined>;

Claim Name

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderAlias

public identityProviderAlias: pulumi.Output<string>;

IDP Alias

property name

public name: pulumi.Output<string>;

IDP Mapper Name

property realm

public realm: pulumi.Output<string>;

Realm Name

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userAttribute

public userAttribute: pulumi.Output<string>;

User Attribute

Resource AttributeToRoleIdentityMapper

class AttributeToRoleIdentityMapper extends CustomResource

constructor

new AttributeToRoleIdentityMapper(name: string, args: AttributeToRoleIdentityMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a AttributeToRoleIdentityMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AttributeToRoleIdentityMapperState, opts?: pulumi.CustomResourceOptions): AttributeToRoleIdentityMapper

Get an existing AttributeToRoleIdentityMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is AttributeToRoleIdentityMapper

Returns true if the given object is an instance of AttributeToRoleIdentityMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributeFriendlyName

public attributeFriendlyName: pulumi.Output<string | undefined>;

Attribute Friendly Name

property attributeName

public attributeName: pulumi.Output<string | undefined>;

Attribute Name

property attributeValue

public attributeValue: pulumi.Output<string | undefined>;

Attribute Value

property claimName

public claimName: pulumi.Output<string | undefined>;

OIDC Claim Name

property claimValue

public claimValue: pulumi.Output<string | undefined>;

OIDC Claim Value

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderAlias

public identityProviderAlias: pulumi.Output<string>;

IDP Alias

property name

public name: pulumi.Output<string>;

IDP Mapper Name

property realm

public realm: pulumi.Output<string>;

Realm Name

property role

public role: pulumi.Output<string>;

Role Name

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource CustomUserFederation

class CustomUserFederation extends CustomResource

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/custom_user_federation.html.markdown.

constructor

new CustomUserFederation(name: string, args: CustomUserFederationArgs, opts?: pulumi.CustomResourceOptions)

Create a CustomUserFederation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: CustomUserFederationState, opts?: pulumi.CustomResourceOptions): CustomUserFederation

Get an existing CustomUserFederation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is CustomUserFederation

Returns true if the given object is an instance of CustomUserFederation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property cachePolicy

public cachePolicy: pulumi.Output<string | undefined>;

property config

public config: pulumi.Output<{[key: string]: any} | undefined>;

property enabled

public enabled: pulumi.Output<boolean | undefined>;

When false, this provider will not be used when performing queries for users.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Display name of the provider when displayed in the console.

property priority

public priority: pulumi.Output<number | undefined>;

Priority of this provider when looking up users. Lower values are first.

property providerId

public providerId: pulumi.Output<string>;

The unique ID of the custom provider, specified in the getId implementation for the UserStorageProviderFactory interface

property realmId

public realmId: pulumi.Output<string>;

The realm this provider will provide user federation for.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource DefaultGroups

class DefaultGroups extends CustomResource

# keycloak..DefaultGroups

Allows for managing a realm’s default groups.

Note that you should not use keycloak..DefaultGroups with a group with memberships managed by keycloak..GroupMemberships.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const group = new keycloak.Group("group", {
    realmId: realm.id,
});
const defaultDefaultGroups = new keycloak.DefaultGroups("default", {
    groupIds: [group.id],
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this group exists in.
  • groupIds - (Required) A set of group ids that should be default groups on the realm referenced by realmId.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/default_groups.html.markdown.

constructor

new DefaultGroups(name: string, args: DefaultGroupsArgs, opts?: pulumi.CustomResourceOptions)

Create a DefaultGroups resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DefaultGroupsState, opts?: pulumi.CustomResourceOptions): DefaultGroups

Get an existing DefaultGroups resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is DefaultGroups

Returns true if the given object is an instance of DefaultGroups. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupIds

public groupIds: pulumi.Output<string[]>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GenericClientProtocolMapper

class GenericClientProtocolMapper extends CustomResource

# keycloak..GenericClientProtocolMapper

Allows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak.

There are two uses cases for using this resource: * If you implemented a custom protocol mapper, this resource can be used to configure it * If the provider doesn’t support a particular protocol mapper, this resource can be used instead.

Due to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. Therefore, if possible, a specific mapper should be used.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const samlClient = new keycloak.Saml.Client("samlClient", {
    clientId: "test-client",
    realmId: realm.id,
});
const samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", {
    clientId: samlClient.id,
    config: {
        "attribute.name": "name",
        "attribute.nameformat": "Basic",
        "attribute.value": "value",
        "friendly.name": "display name",
    },
    protocol: "saml",
    protocolMapper: "saml-hardcode-attribute-mapper",
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this protocol mapper exists within.
  • clientId - (Required) The client this protocol mapper is attached to.
  • name - (Required) The display name of this protocol mapper in the GUI.
  • protocol - (Required) The type of client (either openid-connect or saml). The type must match the type of the client.
  • protocolMapper - (Required) The name of the protocol mapper. The protocol mapper must be compatible with the specified client.
  • config - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/generic_client_protocol_mapper.html.markdown.

constructor

new GenericClientProtocolMapper(name: string, args: GenericClientProtocolMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a GenericClientProtocolMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GenericClientProtocolMapperState, opts?: pulumi.CustomResourceOptions): GenericClientProtocolMapper

Get an existing GenericClientProtocolMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GenericClientProtocolMapper

Returns true if the given object is an instance of GenericClientProtocolMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string>;

The mapper’s associated client.

property config

public config: pulumi.Output<{[key: string]: any}>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

A human-friendly name that will appear in the Keycloak console.

property protocol

public protocol: pulumi.Output<string>;

The protocol of the client (openid-connect / saml).

property protocolMapper

public protocolMapper: pulumi.Output<string>;

The type of the protocol mapper.

property realmId

public realmId: pulumi.Output<string>;

The realm id where the associated client exists.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Group

class Group extends CustomResource

# keycloak..Group

Allows for creating and managing Groups within Keycloak.

Groups provide a logical wrapping for users within Keycloak. Users within a group can share attributes and roles, and group membership can be mapped to a claim.

Attributes can also be defined on Groups.

Groups can also be federated from external data sources, such as LDAP or Active Directory. This resource should not be used to manage groups that were created this way.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const parentGroup = new keycloak.Group("parentGroup", {
    realmId: realm.id,
});
const childGroup = new keycloak.Group("childGroup", {
    parentId: parentGroup.id,
    realmId: realm.id,
});
const childGroupWithOptionalAttributes = new keycloak.Group("childGroupWithOptionalAttributes", {
    attributes: {
        key1: "value1",
        key2: "value2",
    },
    parentId: parentGroup.id,
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this group exists in.
  • parentId - (Optional) The ID of this group’s parent. If omitted, this group will be defined at the root level.
  • name - (Required) The name of the group.
  • attributes - (Optional) A dict of key/value pairs to set as custom attributes for the group.
Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • path - The complete path of the group. For example, the child group’s path in the example configuration would be /parent-group/child-group.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/group.html.markdown.

constructor

new Group(name: string, args: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Group

Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributes

public attributes: pulumi.Output<{[key: string]: any} | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property parentId

public parentId: pulumi.Output<string | undefined>;

property path

public path: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GroupMemberships

class GroupMemberships extends CustomResource

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/group_memberships.html.markdown.

constructor

new GroupMemberships(name: string, args: GroupMembershipsArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMemberships resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipsState, opts?: pulumi.CustomResourceOptions): GroupMemberships

Get an existing GroupMemberships resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GroupMemberships

Returns true if the given object is an instance of GroupMemberships. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupId

public groupId: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GroupRoles

class GroupRoles extends CustomResource

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/group_roles.html.markdown.

constructor

new GroupRoles(name: string, args: GroupRolesArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupRoles resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupRolesState, opts?: pulumi.CustomResourceOptions): GroupRoles

Get an existing GroupRoles resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GroupRoles

Returns true if the given object is an instance of GroupRoles. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property groupId

public groupId: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property realmId

public realmId: pulumi.Output<string>;

property roleIds

public roleIds: pulumi.Output<string[]>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource HardcodedAttributeIdentityProviderMapper

class HardcodedAttributeIdentityProviderMapper extends CustomResource

constructor

new HardcodedAttributeIdentityProviderMapper(name: string, args: HardcodedAttributeIdentityProviderMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a HardcodedAttributeIdentityProviderMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HardcodedAttributeIdentityProviderMapperState, opts?: pulumi.CustomResourceOptions): HardcodedAttributeIdentityProviderMapper

Get an existing HardcodedAttributeIdentityProviderMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is HardcodedAttributeIdentityProviderMapper

Returns true if the given object is an instance of HardcodedAttributeIdentityProviderMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributeName

public attributeName: pulumi.Output<string | undefined>;

OIDC Claim

property attributeValue

public attributeValue: pulumi.Output<string | undefined>;

User Attribute

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderAlias

public identityProviderAlias: pulumi.Output<string>;

IDP Alias

property name

public name: pulumi.Output<string>;

IDP Mapper Name

property realm

public realm: pulumi.Output<string>;

Realm Name

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property userSession

public userSession: pulumi.Output<boolean>;

Is Attribute Related To a User Session

Resource HardcodedRoleIdentityMapper

class HardcodedRoleIdentityMapper extends CustomResource

constructor

new HardcodedRoleIdentityMapper(name: string, args: HardcodedRoleIdentityMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a HardcodedRoleIdentityMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: HardcodedRoleIdentityMapperState, opts?: pulumi.CustomResourceOptions): HardcodedRoleIdentityMapper

Get an existing HardcodedRoleIdentityMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is HardcodedRoleIdentityMapper

Returns true if the given object is an instance of HardcodedRoleIdentityMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderAlias

public identityProviderAlias: pulumi.Output<string>;

IDP Alias

property name

public name: pulumi.Output<string>;

IDP Mapper Name

property realm

public realm: pulumi.Output<string>;

Realm Name

property role

public role: pulumi.Output<string | undefined>;

Role Name

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Provider

class Provider extends ProviderResource

The provider type for the keycloak package. By default, resources use package-wide configuration settings, however an explicit Provider instance may be created and passed during resource construction to achieve fine-grained programmatic control over provider settings. See the documentation for more information.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/index.html.markdown.

constructor

new Provider(name: string, args?: ProviderArgs, opts?: pulumi.ResourceOptions)

Create a Provider resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Provider

Returns true if the given object is an instance of Provider. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

method register

static register(provider: ProviderResource | undefined): Promise<string | undefined>

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Realm

class Realm extends CustomResource

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/realm.html.markdown.

constructor

new Realm(name: string, args: RealmArgs, opts?: pulumi.CustomResourceOptions)

Create a Realm resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RealmState, opts?: pulumi.CustomResourceOptions): Realm

Get an existing Realm resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Realm

Returns true if the given object is an instance of Realm. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property accessCodeLifespan

public accessCodeLifespan: pulumi.Output<string>;

property accessCodeLifespanLogin

public accessCodeLifespanLogin: pulumi.Output<string>;

property accessCodeLifespanUserAction

public accessCodeLifespanUserAction: pulumi.Output<string>;

property accessTokenLifespan

public accessTokenLifespan: pulumi.Output<string>;

property accessTokenLifespanForImplicitFlow

public accessTokenLifespanForImplicitFlow: pulumi.Output<string>;

property accountTheme

public accountTheme: pulumi.Output<string | undefined>;

property actionTokenGeneratedByAdminLifespan

public actionTokenGeneratedByAdminLifespan: pulumi.Output<string>;

property actionTokenGeneratedByUserLifespan

public actionTokenGeneratedByUserLifespan: pulumi.Output<string>;

property adminTheme

public adminTheme: pulumi.Output<string | undefined>;

property attributes

public attributes: pulumi.Output<{[key: string]: any} | undefined>;

property browserFlow

public browserFlow: pulumi.Output<string | undefined>;

Which flow should be used for BrowserFlow

property clientAuthenticationFlow

public clientAuthenticationFlow: pulumi.Output<string | undefined>;

Which flow should be used for ClientAuthenticationFlow

property directGrantFlow

public directGrantFlow: pulumi.Output<string | undefined>;

Which flow should be used for DirectGrantFlow

property displayName

public displayName: pulumi.Output<string | undefined>;

property dockerAuthenticationFlow

public dockerAuthenticationFlow: pulumi.Output<string | undefined>;

Which flow should be used for DockerAuthenticationFlow

property duplicateEmailsAllowed

public duplicateEmailsAllowed: pulumi.Output<boolean>;

property editUsernameAllowed

public editUsernameAllowed: pulumi.Output<boolean>;

property emailTheme

public emailTheme: pulumi.Output<string | undefined>;

property enabled

public enabled: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property internationalization

public internationalization: pulumi.Output<RealmInternationalization | undefined>;

property loginTheme

public loginTheme: pulumi.Output<string | undefined>;

property loginWithEmailAllowed

public loginWithEmailAllowed: pulumi.Output<boolean>;

property offlineSessionIdleTimeout

public offlineSessionIdleTimeout: pulumi.Output<string>;

property offlineSessionMaxLifespan

public offlineSessionMaxLifespan: pulumi.Output<string>;

property passwordPolicy

public passwordPolicy: pulumi.Output<string | undefined>;

String that represents the passwordPolicies that are in place. Each policy is separated with “ and “. Supported policies can be found in the server-info providers page. example: “upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)”

property realm

public realm: pulumi.Output<string>;

property refreshTokenMaxReuse

public refreshTokenMaxReuse: pulumi.Output<number | undefined>;

property registrationAllowed

public registrationAllowed: pulumi.Output<boolean>;

property registrationEmailAsUsername

public registrationEmailAsUsername: pulumi.Output<boolean>;

property registrationFlow

public registrationFlow: pulumi.Output<string | undefined>;

Which flow should be used for RegistrationFlow

property rememberMe

public rememberMe: pulumi.Output<boolean>;

property resetCredentialsFlow

public resetCredentialsFlow: pulumi.Output<string | undefined>;

Which flow should be used for ResetCredentialsFlow

property resetPasswordAllowed

public resetPasswordAllowed: pulumi.Output<boolean>;

property revokeRefreshToken

public revokeRefreshToken: pulumi.Output<boolean | undefined>;

property securityDefenses

public securityDefenses: pulumi.Output<RealmSecurityDefenses | undefined>;

property smtpServer

public smtpServer: pulumi.Output<RealmSmtpServer | undefined>;

property sslRequired

public sslRequired: pulumi.Output<string | undefined>;

SSL Required: Values can be ‘none’, ‘external’ or ‘all’.

property ssoSessionIdleTimeout

public ssoSessionIdleTimeout: pulumi.Output<string>;

property ssoSessionMaxLifespan

public ssoSessionMaxLifespan: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property verifyEmail

public verifyEmail: pulumi.Output<boolean>;

Resource RequiredAction

class RequiredAction extends CustomResource

constructor

new RequiredAction(name: string, args: RequiredActionArgs, opts?: pulumi.CustomResourceOptions)

Create a RequiredAction resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RequiredActionState, opts?: pulumi.CustomResourceOptions): RequiredAction

Get an existing RequiredAction resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is RequiredAction

Returns true if the given object is an instance of RequiredAction. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property alias

public alias: pulumi.Output<string>;

property defaultAction

public defaultAction: pulumi.Output<boolean | undefined>;

property enabled

public enabled: pulumi.Output<boolean | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property priority

public priority: pulumi.Output<number>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Role

class Role extends CustomResource

# keycloak..Role

Allows for creating and managing roles within Keycloak.

Roles allow you define privileges within Keycloak and map them to users and groups.

Example Usage (Realm role)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const realmRole = new keycloak.Role("realmRole", {
    description: "My Realm Role",
    realmId: realm.id,
});
Example Usage (Client role)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const client = new keycloak.OpenId.Client("client", {
    accessType: "BEARER-ONLY",
    clientId: "client",
    enabled: true,
    realmId: realm.id,
});
const clientRole = new keycloak.Role("clientRole", {
    clientId: keycloak_client_client.id,
    description: "My Client Role",
    realmId: realm.id,
});
Example Usage (Composite role)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const createRole = new keycloak.Role("createRole", {
    realmId: realm.id,
});
const readRole = new keycloak.Role("readRole", {
    realmId: realm.id,
});
const updateRole = new keycloak.Role("updateRole", {
    realmId: realm.id,
});
const deleteRole = new keycloak.Role("deleteRole", {
    realmId: realm.id,
});
const client = new keycloak.OpenId.Client("client", {
    accessType: "BEARER-ONLY",
    clientId: "client",
    enabled: true,
    realmId: realm.id,
});
const clientRole = new keycloak.Role("clientRole", {
    clientId: keycloak_client_client.id,
    description: "My Client Role",
    realmId: realm.id,
});
const adminRole = new keycloak.Role("adminRole", {
    compositeRoles: [
        "{keycloak_role.create_role.id}",
        "{keycloak_role.read_role.id}",
        "{keycloak_role.update_role.id}",
        "{keycloak_role.delete_role.id}",
        "{keycloak_role.client_role.id}",
    ],
    realmId: realm.id,
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this role exists within.
  • clientId - (Optional) When specified, this role will be created as a client role attached to the client with the provided ID
  • name - (Required) The name of the role
  • description - (Optional) The description of the role
  • compositeRoles - (Optional) When specified, this role will be a composite role, composed of all roles that have an ID present within this list.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/role.html.markdown.

constructor

new Role(name: string, args: RoleArgs, opts?: pulumi.CustomResourceOptions)

Create a Role resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: RoleState, opts?: pulumi.CustomResourceOptions): Role

Get an existing Role resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Role

Returns true if the given object is an instance of Role. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property clientId

public clientId: pulumi.Output<string | undefined>;

property compositeRoles

public compositeRoles: pulumi.Output<string[] | undefined>;

property description

public description: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource User

class User extends CustomResource

# keycloak..User

Allows for creating and managing Users within Keycloak.

This resource was created primarily to enable the acceptance tests for the keycloak..Group resource. Creating users within Keycloak is not recommended. Instead, users should be federated from external sources by configuring user federation providers or identity providers.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const user = new keycloak.User("user", {
    email: "bob@domain.com",
    enabled: true,
    firstName: "Bob",
    lastName: "Bobson",
    realmId: realm.id,
    username: "bob",
});
const userWithInitialPassword = new keycloak.User("userWithInitialPassword", {
    email: "alice@domain.com",
    enabled: true,
    firstName: "Alice",
    initialPassword: {
        temporary: true,
        value: "some password",
    },
    lastName: "Aliceberg",
    realmId: realm.id,
    username: "alice",
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this user belongs to.
  • username - (Required) The unique username of this user.
  • initialPassword (Optional) When given, the user’s initial password will be set. This attribute is only respected during initial user creation.
    • value (Required) The initial password.
    • temporary (Optional) If set to true, the initial password is set up for renewal on first use. Default to false.
  • enabled - (Optional) When false, this user cannot log in. Defaults to true.
  • email - (Optional) The user’s email.
  • firstName - (Optional) The user’s first name.
  • lastName - (Optional) The user’s last name.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/r/user.html.markdown.

constructor

new User(name: string, args: UserArgs, opts?: pulumi.CustomResourceOptions)

Create a User resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserState, opts?: pulumi.CustomResourceOptions): User

Get an existing User resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is User

Returns true if the given object is an instance of User. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property attributes

public attributes: pulumi.Output<{[key: string]: any} | undefined>;

property email

public email: pulumi.Output<string | undefined>;

property enabled

public enabled: pulumi.Output<boolean | undefined>;

property federatedIdentities

public federatedIdentities: pulumi.Output<UserFederatedIdentity[] | undefined>;

property firstName

public firstName: pulumi.Output<string | undefined>;

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property initialPassword

public initialPassword: pulumi.Output<UserInitialPassword | undefined>;

property lastName

public lastName: pulumi.Output<string | undefined>;

property realmId

public realmId: pulumi.Output<string>;

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property username

public username: pulumi.Output<string>;

Resource UserTemplateImporterIdentityProviderMapper

class UserTemplateImporterIdentityProviderMapper extends CustomResource

constructor

new UserTemplateImporterIdentityProviderMapper(name: string, args: UserTemplateImporterIdentityProviderMapperArgs, opts?: pulumi.CustomResourceOptions)

Create a UserTemplateImporterIdentityProviderMapper resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: UserTemplateImporterIdentityProviderMapperState, opts?: pulumi.CustomResourceOptions): UserTemplateImporterIdentityProviderMapper

Get an existing UserTemplateImporterIdentityProviderMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is UserTemplateImporterIdentityProviderMapper

Returns true if the given object is an instance of UserTemplateImporterIdentityProviderMapper. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property identityProviderAlias

public identityProviderAlias: pulumi.Output<string>;

IDP Alias

property name

public name: pulumi.Output<string>;

IDP Mapper Name

property realm

public realm: pulumi.Output<string>;

Realm Name

property template

public template: pulumi.Output<string | undefined>;

Username For Template Import

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Data Sources

Data Source getGroup

getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult> & GetGroupResult

# keycloak..Group data source

This data source can be used to fetch properties of a Keycloak group for usage with other resources, such as keycloak..GroupRoles.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const offlineAccess = realm.id.apply(id => keycloak.getRole({
    name: "offlineAccess",
    realmId: id,
}));
const group = realm.id.apply(id => keycloak.getGroup({
    name: "group",
    realmId: id,
}));
const groupRoles = new keycloak.GroupRoles("groupRoles", {
    groupId: group.id,
    realmId: realm.id,
    roles: [offlineAccess.id],
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this group exists within.
  • name - (Required) The name of the group
Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - The unique ID of the group, which can be used as an argument to other resources supported by this provider.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/d/group.html.markdown.

Data Source getRealm

getRealm(args: GetRealmArgs, opts?: pulumi.InvokeOptions): Promise<GetRealmResult> & GetRealmResult

# keycloak..Realm data source

This data source can be used to fetch properties of a Keycloak realm for usage with other resources.

Argument Reference

The following arguments are supported:

  • realm - (Required) The realm name.
Attributes Reference

See the docs for the keycloak..Realm resource for details on the exported attributes.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/d/realm.html.markdown.

Data Source getRealmKeys

getRealmKeys(args: GetRealmKeysArgs, opts?: pulumi.InvokeOptions): Promise<GetRealmKeysResult> & GetRealmKeysResult

# keycloak..getRealmKeys data source

Use this data source to get the keys of a realm. Keys can be filtered by algorithm and status.

Remarks:

  • A key must meet all filter criteria
  • This datasource may return more than one value.
  • If no key matches the filter criteria, then an error is returned.
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm of which the keys are retrieved.
  • algorithms - (Optional) When specified, keys are filtered by algorithm (values for algorithm: HS256, RS256,AES, …)
  • status - (Optional) When specified, keys are filtered by status (values for status: ACTIVE, DISABLED and PASSIVE)

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/d/realm_keys.html.markdown.

Data Source getRole

getRole(args: GetRoleArgs, opts?: pulumi.InvokeOptions): Promise<GetRoleResult> & GetRoleResult

# keycloak..Role data source

This data source can be used to fetch properties of a Keycloak role for usage with other resources, such as keycloak..GroupRoles.

Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    enabled: true,
    realm: "my-realm",
});
const offlineAccess = realm.id.apply(id => keycloak.getRole({
    name: "offlineAccess",
    realmId: id,
}));
const group = new keycloak.Group("group", {
    realmId: realm.id,
});
const groupRoles = new keycloak.GroupRoles("groupRoles", {
    groupId: group.id,
    realmId: realm.id,
    roles: [offlineAccess.id],
});
Argument Reference

The following arguments are supported:

  • realmId - (Required) The realm this role exists within.
  • clientId - (Optional) When specified, this role is assumed to be a client role belonging to the client with the provided ID
  • name - (Required) The name of the role
Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

  • id - The unique ID of the role, which can be used as an argument to other resources supported by this provider.
  • description - The description of the role.

This content is derived from https://github.com/mrparkers/terraform-provider-keycloak/blob/master/website/docs/d/role.html.markdown.

Others

interface AttributeImporterIdentityProviderMapperArgs

interface AttributeImporterIdentityProviderMapperArgs

The set of arguments for constructing a AttributeImporterIdentityProviderMapper resource.

property attributeFriendlyName

attributeFriendlyName?: pulumi.Input<string>;

Attribute Friendly Name

property attributeName

attributeName?: pulumi.Input<string>;

Attribute Name

property claimName

claimName?: pulumi.Input<string>;

Claim Name

property identityProviderAlias

identityProviderAlias: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm: pulumi.Input<string>;

Realm Name

property userAttribute

userAttribute: pulumi.Input<string>;

User Attribute

interface AttributeImporterIdentityProviderMapperState

interface AttributeImporterIdentityProviderMapperState

Input properties used for looking up and filtering AttributeImporterIdentityProviderMapper resources.

property attributeFriendlyName

attributeFriendlyName?: pulumi.Input<string>;

Attribute Friendly Name

property attributeName

attributeName?: pulumi.Input<string>;

Attribute Name

property claimName

claimName?: pulumi.Input<string>;

Claim Name

property identityProviderAlias

identityProviderAlias?: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm?: pulumi.Input<string>;

Realm Name

property userAttribute

userAttribute?: pulumi.Input<string>;

User Attribute

interface AttributeToRoleIdentityMapperArgs

interface AttributeToRoleIdentityMapperArgs

The set of arguments for constructing a AttributeToRoleIdentityMapper resource.

property attributeFriendlyName

attributeFriendlyName?: pulumi.Input<string>;

Attribute Friendly Name

property attributeName

attributeName?: pulumi.Input<string>;

Attribute Name

property attributeValue

attributeValue?: pulumi.Input<string>;

Attribute Value

property claimName

claimName?: pulumi.Input<string>;

OIDC Claim Name

property claimValue

claimValue?: pulumi.Input<string>;

OIDC Claim Value

property identityProviderAlias

identityProviderAlias: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm: pulumi.Input<string>;

Realm Name

property role

role: pulumi.Input<string>;

Role Name

interface AttributeToRoleIdentityMapperState

interface AttributeToRoleIdentityMapperState

Input properties used for looking up and filtering AttributeToRoleIdentityMapper resources.

property attributeFriendlyName

attributeFriendlyName?: pulumi.Input<string>;

Attribute Friendly Name

property attributeName

attributeName?: pulumi.Input<string>;

Attribute Name

property attributeValue

attributeValue?: pulumi.Input<string>;

Attribute Value

property claimName

claimName?: pulumi.Input<string>;

OIDC Claim Name

property claimValue

claimValue?: pulumi.Input<string>;

OIDC Claim Value

property identityProviderAlias

identityProviderAlias?: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm?: pulumi.Input<string>;

Realm Name

property role

role?: pulumi.Input<string>;

Role Name

interface CustomUserFederationArgs

interface CustomUserFederationArgs

The set of arguments for constructing a CustomUserFederation resource.

property cachePolicy

cachePolicy?: pulumi.Input<string>;

property config

config?: pulumi.Input<{[key: string]: any}>;

property enabled

enabled?: pulumi.Input<boolean>;

When false, this provider will not be used when performing queries for users.

property name

name?: pulumi.Input<string>;

Display name of the provider when displayed in the console.

property priority

priority?: pulumi.Input<number>;

Priority of this provider when looking up users. Lower values are first.

property providerId

providerId: pulumi.Input<string>;

The unique ID of the custom provider, specified in the getId implementation for the UserStorageProviderFactory interface

property realmId

realmId: pulumi.Input<string>;

The realm this provider will provide user federation for.

interface CustomUserFederationState

interface CustomUserFederationState

Input properties used for looking up and filtering CustomUserFederation resources.

property cachePolicy

cachePolicy?: pulumi.Input<string>;

property config

config?: pulumi.Input<{[key: string]: any}>;

property enabled

enabled?: pulumi.Input<boolean>;

When false, this provider will not be used when performing queries for users.

property name

name?: pulumi.Input<string>;

Display name of the provider when displayed in the console.

property priority

priority?: pulumi.Input<number>;

Priority of this provider when looking up users. Lower values are first.

property providerId

providerId?: pulumi.Input<string>;

The unique ID of the custom provider, specified in the getId implementation for the UserStorageProviderFactory interface

property realmId

realmId?: pulumi.Input<string>;

The realm this provider will provide user federation for.

interface DefaultGroupsArgs

interface DefaultGroupsArgs

The set of arguments for constructing a DefaultGroups resource.

property groupIds

groupIds: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

interface DefaultGroupsState

interface DefaultGroupsState

Input properties used for looking up and filtering DefaultGroups resources.

property groupIds

groupIds?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

interface GenericClientProtocolMapperArgs

interface GenericClientProtocolMapperArgs

The set of arguments for constructing a GenericClientProtocolMapper resource.

property clientId

clientId: pulumi.Input<string>;

The mapper’s associated client.

property config

config: pulumi.Input<{[key: string]: any}>;

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property protocol

protocol: pulumi.Input<string>;

The protocol of the client (openid-connect / saml).

property protocolMapper

protocolMapper: pulumi.Input<string>;

The type of the protocol mapper.

property realmId

realmId: pulumi.Input<string>;

The realm id where the associated client exists.

interface GenericClientProtocolMapperState

interface GenericClientProtocolMapperState

Input properties used for looking up and filtering GenericClientProtocolMapper resources.

property clientId

clientId?: pulumi.Input<string>;

The mapper’s associated client.

property config

config?: pulumi.Input<{[key: string]: any}>;

property name

name?: pulumi.Input<string>;

A human-friendly name that will appear in the Keycloak console.

property protocol

protocol?: pulumi.Input<string>;

The protocol of the client (openid-connect / saml).

property protocolMapper

protocolMapper?: pulumi.Input<string>;

The type of the protocol mapper.

property realmId

realmId?: pulumi.Input<string>;

The realm id where the associated client exists.

function getEnv

getEnv(vars: string[]): string | undefined

function getEnvBoolean

getEnvBoolean(vars: string[]): boolean | undefined

function getEnvNumber

getEnvNumber(vars: string[]): number | undefined

interface GetGroupArgs

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property name

name: string;

property realmId

realmId: string;

interface GetGroupResult

interface GetGroupResult

A collection of values returned by getGroup.

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

property realmId

realmId: string;

interface GetRealmArgs

interface GetRealmArgs

A collection of arguments for invoking getRealm.

property internationalizations

internationalizations?: GetRealmInternationalization[];

property realm

realm: string;

property securityDefenses

securityDefenses?: GetRealmSecurityDefense[];

property smtpServers

smtpServers?: GetRealmSmtpServer[];

interface GetRealmKeysArgs

interface GetRealmKeysArgs

A collection of arguments for invoking getRealmKeys.

property algorithms

algorithms?: string[];

property realmId

realmId: string;

property statuses

statuses?: string[];

interface GetRealmKeysResult

interface GetRealmKeysResult

A collection of values returned by getRealmKeys.

property algorithms

algorithms?: string[];

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property keys

keys: GetRealmKeysKey[];

property realmId

realmId: string;

property statuses

statuses?: string[];

interface GetRealmResult

interface GetRealmResult

A collection of values returned by getRealm.

property accessCodeLifespan

accessCodeLifespan: string;

property accessCodeLifespanLogin

accessCodeLifespanLogin: string;

property accessCodeLifespanUserAction

accessCodeLifespanUserAction: string;

property accessTokenLifespan

accessTokenLifespan: string;

property accessTokenLifespanForImplicitFlow

accessTokenLifespanForImplicitFlow: string;

property accountTheme

accountTheme: string;

property actionTokenGeneratedByAdminLifespan

actionTokenGeneratedByAdminLifespan: string;

property actionTokenGeneratedByUserLifespan

actionTokenGeneratedByUserLifespan: string;

property adminTheme

adminTheme: string;

property browserFlow

browserFlow: string;

property clientAuthenticationFlow

clientAuthenticationFlow: string;

property directGrantFlow

directGrantFlow: string;

property displayName

displayName: string;

property dockerAuthenticationFlow

dockerAuthenticationFlow: string;

property duplicateEmailsAllowed

duplicateEmailsAllowed: boolean;

property editUsernameAllowed

editUsernameAllowed: boolean;

property emailTheme

emailTheme: string;

property enabled

enabled: boolean;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property internationalizations

internationalizations: GetRealmInternationalization[];

property loginTheme

loginTheme: string;

property loginWithEmailAllowed

loginWithEmailAllowed: boolean;

property offlineSessionIdleTimeout

offlineSessionIdleTimeout: string;

property offlineSessionMaxLifespan

offlineSessionMaxLifespan: string;

property passwordPolicy

passwordPolicy: string;

property realm

realm: string;

property refreshTokenMaxReuse

refreshTokenMaxReuse: number;

property registrationAllowed

registrationAllowed: boolean;

property registrationEmailAsUsername

registrationEmailAsUsername: boolean;

property registrationFlow

registrationFlow: string;

property rememberMe

rememberMe: boolean;

property resetCredentialsFlow

resetCredentialsFlow: string;

property resetPasswordAllowed

resetPasswordAllowed: boolean;

property securityDefenses

securityDefenses: GetRealmSecurityDefense[];

property smtpServers

smtpServers: GetRealmSmtpServer[];

property ssoSessionIdleTimeout

ssoSessionIdleTimeout: string;

property ssoSessionMaxLifespan

ssoSessionMaxLifespan: string;

property verifyEmail

verifyEmail: boolean;

interface GetRoleArgs

interface GetRoleArgs

A collection of arguments for invoking getRole.

property clientId

clientId?: undefined | string;

property name

name: string;

property realmId

realmId: string;

interface GetRoleResult

interface GetRoleResult

A collection of values returned by getRole.

property clientId

clientId?: undefined | string;

property description

description: string;

property id

id: string;

id is the provider-assigned unique ID for this managed resource.

property name

name: string;

property realmId

realmId: string;

function getVersion

getVersion(): string

interface GroupArgs

interface GroupArgs

The set of arguments for constructing a Group resource.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property name

name?: pulumi.Input<string>;

property parentId

parentId?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

interface GroupMembershipsArgs

interface GroupMembershipsArgs

The set of arguments for constructing a GroupMemberships resource.

property groupId

groupId?: pulumi.Input<string>;

property members

members: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId: pulumi.Input<string>;

interface GroupMembershipsState

interface GroupMembershipsState

Input properties used for looking up and filtering GroupMemberships resources.

property groupId

groupId?: pulumi.Input<string>;

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

property realmId

realmId?: pulumi.Input<string>;

interface GroupRolesArgs

interface GroupRolesArgs

The set of arguments for constructing a GroupRoles resource.

property groupId

groupId?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property roleIds

roleIds: pulumi.Input<pulumi.Input<string>[]>;

interface GroupRolesState

interface GroupRolesState

Input properties used for looking up and filtering GroupRoles resources.

property groupId

groupId?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property roleIds

roleIds?: pulumi.Input<pulumi.Input<string>[]>;

interface GroupState

interface GroupState

Input properties used for looking up and filtering Group resources.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property name

name?: pulumi.Input<string>;

property parentId

parentId?: pulumi.Input<string>;

property path

path?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

interface HardcodedAttributeIdentityProviderMapperArgs

interface HardcodedAttributeIdentityProviderMapperArgs

The set of arguments for constructing a HardcodedAttributeIdentityProviderMapper resource.

property attributeName

attributeName?: pulumi.Input<string>;

OIDC Claim

property attributeValue

attributeValue?: pulumi.Input<string>;

User Attribute

property identityProviderAlias

identityProviderAlias: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm: pulumi.Input<string>;

Realm Name

property userSession

userSession: pulumi.Input<boolean>;

Is Attribute Related To a User Session

interface HardcodedAttributeIdentityProviderMapperState

interface HardcodedAttributeIdentityProviderMapperState

Input properties used for looking up and filtering HardcodedAttributeIdentityProviderMapper resources.

property attributeName

attributeName?: pulumi.Input<string>;

OIDC Claim

property attributeValue

attributeValue?: pulumi.Input<string>;

User Attribute

property identityProviderAlias

identityProviderAlias?: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm?: pulumi.Input<string>;

Realm Name

property userSession

userSession?: pulumi.Input<boolean>;

Is Attribute Related To a User Session

interface HardcodedRoleIdentityMapperArgs

interface HardcodedRoleIdentityMapperArgs

The set of arguments for constructing a HardcodedRoleIdentityMapper resource.

property identityProviderAlias

identityProviderAlias: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm: pulumi.Input<string>;

Realm Name

property role

role?: pulumi.Input<string>;

Role Name

interface HardcodedRoleIdentityMapperState

interface HardcodedRoleIdentityMapperState

Input properties used for looking up and filtering HardcodedRoleIdentityMapper resources.

property identityProviderAlias

identityProviderAlias?: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm?: pulumi.Input<string>;

Realm Name

property role

role?: pulumi.Input<string>;

Role Name

interface ProviderArgs

interface ProviderArgs

The set of arguments for constructing a Provider resource.

property clientId

clientId?: pulumi.Input<string>;

property clientSecret

clientSecret?: pulumi.Input<string>;

property clientTimeout

clientTimeout?: pulumi.Input<number>;

Timeout (in seconds) of the Keycloak client

property initialLogin

initialLogin?: pulumi.Input<boolean>;

Whether or not to login to Keycloak instance on provider initialization

property password

password?: pulumi.Input<string>;

property realm

realm?: pulumi.Input<string>;

property url

url?: pulumi.Input<string>;

The base URL of the Keycloak instance, before /auth

property username

username?: pulumi.Input<string>;

interface RealmArgs

interface RealmArgs

The set of arguments for constructing a Realm resource.

property accessCodeLifespan

accessCodeLifespan?: pulumi.Input<string>;

property accessCodeLifespanLogin

accessCodeLifespanLogin?: pulumi.Input<string>;

property accessCodeLifespanUserAction

accessCodeLifespanUserAction?: pulumi.Input<string>;

property accessTokenLifespan

accessTokenLifespan?: pulumi.Input<string>;

property accessTokenLifespanForImplicitFlow

accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;

property accountTheme

accountTheme?: pulumi.Input<string>;

property actionTokenGeneratedByAdminLifespan

actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;

property actionTokenGeneratedByUserLifespan

actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;

property adminTheme

adminTheme?: pulumi.Input<string>;

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property browserFlow

browserFlow?: pulumi.Input<string>;

Which flow should be used for BrowserFlow

property clientAuthenticationFlow

clientAuthenticationFlow?: pulumi.Input<string>;

Which flow should be used for ClientAuthenticationFlow

property directGrantFlow

directGrantFlow?: pulumi.Input<string>;

Which flow should be used for DirectGrantFlow

property displayName

displayName?: pulumi.Input<string>;

property dockerAuthenticationFlow

dockerAuthenticationFlow?: pulumi.Input<string>;

Which flow should be used for DockerAuthenticationFlow

property duplicateEmailsAllowed

duplicateEmailsAllowed?: pulumi.Input<boolean>;

property editUsernameAllowed

editUsernameAllowed?: pulumi.Input<boolean>;

property emailTheme

emailTheme?: pulumi.Input<string>;

property enabled

enabled?: pulumi.Input<boolean>;

property internationalization

internationalization?: pulumi.Input<RealmInternationalization>;

property loginTheme

loginTheme?: pulumi.Input<string>;

property loginWithEmailAllowed

loginWithEmailAllowed?: pulumi.Input<boolean>;

property offlineSessionIdleTimeout

offlineSessionIdleTimeout?: pulumi.Input<string>;

property offlineSessionMaxLifespan

offlineSessionMaxLifespan?: pulumi.Input<string>;

property passwordPolicy

passwordPolicy?: pulumi.Input<string>;

String that represents the passwordPolicies that are in place. Each policy is separated with “ and “. Supported policies can be found in the server-info providers page. example: “upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)”

property realm

realm: pulumi.Input<string>;

property refreshTokenMaxReuse

refreshTokenMaxReuse?: pulumi.Input<number>;

property registrationAllowed

registrationAllowed?: pulumi.Input<boolean>;

property registrationEmailAsUsername

registrationEmailAsUsername?: pulumi.Input<boolean>;

property registrationFlow

registrationFlow?: pulumi.Input<string>;

Which flow should be used for RegistrationFlow

property rememberMe

rememberMe?: pulumi.Input<boolean>;

property resetCredentialsFlow

resetCredentialsFlow?: pulumi.Input<string>;

Which flow should be used for ResetCredentialsFlow

property resetPasswordAllowed

resetPasswordAllowed?: pulumi.Input<boolean>;

property revokeRefreshToken

revokeRefreshToken?: pulumi.Input<boolean>;

property securityDefenses

securityDefenses?: pulumi.Input<RealmSecurityDefenses>;

property smtpServer

smtpServer?: pulumi.Input<RealmSmtpServer>;

property sslRequired

sslRequired?: pulumi.Input<string>;

SSL Required: Values can be ‘none’, ‘external’ or ‘all’.

property ssoSessionIdleTimeout

ssoSessionIdleTimeout?: pulumi.Input<string>;

property ssoSessionMaxLifespan

ssoSessionMaxLifespan?: pulumi.Input<string>;

property verifyEmail

verifyEmail?: pulumi.Input<boolean>;

interface RealmState

interface RealmState

Input properties used for looking up and filtering Realm resources.

property accessCodeLifespan

accessCodeLifespan?: pulumi.Input<string>;

property accessCodeLifespanLogin

accessCodeLifespanLogin?: pulumi.Input<string>;

property accessCodeLifespanUserAction

accessCodeLifespanUserAction?: pulumi.Input<string>;

property accessTokenLifespan

accessTokenLifespan?: pulumi.Input<string>;

property accessTokenLifespanForImplicitFlow

accessTokenLifespanForImplicitFlow?: pulumi.Input<string>;

property accountTheme

accountTheme?: pulumi.Input<string>;

property actionTokenGeneratedByAdminLifespan

actionTokenGeneratedByAdminLifespan?: pulumi.Input<string>;

property actionTokenGeneratedByUserLifespan

actionTokenGeneratedByUserLifespan?: pulumi.Input<string>;

property adminTheme

adminTheme?: pulumi.Input<string>;

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property browserFlow

browserFlow?: pulumi.Input<string>;

Which flow should be used for BrowserFlow

property clientAuthenticationFlow

clientAuthenticationFlow?: pulumi.Input<string>;

Which flow should be used for ClientAuthenticationFlow

property directGrantFlow

directGrantFlow?: pulumi.Input<string>;

Which flow should be used for DirectGrantFlow

property displayName

displayName?: pulumi.Input<string>;

property dockerAuthenticationFlow

dockerAuthenticationFlow?: pulumi.Input<string>;

Which flow should be used for DockerAuthenticationFlow

property duplicateEmailsAllowed

duplicateEmailsAllowed?: pulumi.Input<boolean>;

property editUsernameAllowed

editUsernameAllowed?: pulumi.Input<boolean>;

property emailTheme

emailTheme?: pulumi.Input<string>;

property enabled

enabled?: pulumi.Input<boolean>;

property internationalization

internationalization?: pulumi.Input<RealmInternationalization>;

property loginTheme

loginTheme?: pulumi.Input<string>;

property loginWithEmailAllowed

loginWithEmailAllowed?: pulumi.Input<boolean>;

property offlineSessionIdleTimeout

offlineSessionIdleTimeout?: pulumi.Input<string>;

property offlineSessionMaxLifespan

offlineSessionMaxLifespan?: pulumi.Input<string>;

property passwordPolicy

passwordPolicy?: pulumi.Input<string>;

String that represents the passwordPolicies that are in place. Each policy is separated with “ and “. Supported policies can be found in the server-info providers page. example: “upperCase(1) and length(8) and forceExpiredPasswordChange(365) and notUsername(undefined)”

property realm

realm?: pulumi.Input<string>;

property refreshTokenMaxReuse

refreshTokenMaxReuse?: pulumi.Input<number>;

property registrationAllowed

registrationAllowed?: pulumi.Input<boolean>;

property registrationEmailAsUsername

registrationEmailAsUsername?: pulumi.Input<boolean>;

property registrationFlow

registrationFlow?: pulumi.Input<string>;

Which flow should be used for RegistrationFlow

property rememberMe

rememberMe?: pulumi.Input<boolean>;

property resetCredentialsFlow

resetCredentialsFlow?: pulumi.Input<string>;

Which flow should be used for ResetCredentialsFlow

property resetPasswordAllowed

resetPasswordAllowed?: pulumi.Input<boolean>;

property revokeRefreshToken

revokeRefreshToken?: pulumi.Input<boolean>;

property securityDefenses

securityDefenses?: pulumi.Input<RealmSecurityDefenses>;

property smtpServer

smtpServer?: pulumi.Input<RealmSmtpServer>;

property sslRequired

sslRequired?: pulumi.Input<string>;

SSL Required: Values can be ‘none’, ‘external’ or ‘all’.

property ssoSessionIdleTimeout

ssoSessionIdleTimeout?: pulumi.Input<string>;

property ssoSessionMaxLifespan

ssoSessionMaxLifespan?: pulumi.Input<string>;

property verifyEmail

verifyEmail?: pulumi.Input<boolean>;

interface RequiredActionArgs

interface RequiredActionArgs

The set of arguments for constructing a RequiredAction resource.

property alias

alias: pulumi.Input<string>;

property defaultAction

defaultAction?: pulumi.Input<boolean>;

property enabled

enabled?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

property priority

priority?: pulumi.Input<number>;

property realmId

realmId: pulumi.Input<string>;

interface RequiredActionState

interface RequiredActionState

Input properties used for looking up and filtering RequiredAction resources.

property alias

alias?: pulumi.Input<string>;

property defaultAction

defaultAction?: pulumi.Input<boolean>;

property enabled

enabled?: pulumi.Input<boolean>;

property name

name?: pulumi.Input<string>;

property priority

priority?: pulumi.Input<number>;

property realmId

realmId?: pulumi.Input<string>;

interface RoleArgs

interface RoleArgs

The set of arguments for constructing a Role resource.

property clientId

clientId?: pulumi.Input<string>;

property compositeRoles

compositeRoles?: pulumi.Input<pulumi.Input<string>[]>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

interface RoleState

interface RoleState

Input properties used for looking up and filtering Role resources.

property clientId

clientId?: pulumi.Input<string>;

property compositeRoles

compositeRoles?: pulumi.Input<pulumi.Input<string>[]>;

property description

description?: pulumi.Input<string>;

property name

name?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

interface UserArgs

interface UserArgs

The set of arguments for constructing a User resource.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property email

email?: pulumi.Input<string>;

property enabled

enabled?: pulumi.Input<boolean>;

property federatedIdentities

federatedIdentities?: pulumi.Input<pulumi.Input<UserFederatedIdentity>[]>;

property firstName

firstName?: pulumi.Input<string>;

property initialPassword

initialPassword?: pulumi.Input<UserInitialPassword>;

property lastName

lastName?: pulumi.Input<string>;

property realmId

realmId: pulumi.Input<string>;

property username

username: pulumi.Input<string>;

interface UserState

interface UserState

Input properties used for looking up and filtering User resources.

property attributes

attributes?: pulumi.Input<{[key: string]: any}>;

property email

email?: pulumi.Input<string>;

property enabled

enabled?: pulumi.Input<boolean>;

property federatedIdentities

federatedIdentities?: pulumi.Input<pulumi.Input<UserFederatedIdentity>[]>;

property firstName

firstName?: pulumi.Input<string>;

property initialPassword

initialPassword?: pulumi.Input<UserInitialPassword>;

property lastName

lastName?: pulumi.Input<string>;

property realmId

realmId?: pulumi.Input<string>;

property username

username?: pulumi.Input<string>;

interface UserTemplateImporterIdentityProviderMapperArgs

interface UserTemplateImporterIdentityProviderMapperArgs

The set of arguments for constructing a UserTemplateImporterIdentityProviderMapper resource.

property identityProviderAlias

identityProviderAlias: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm: pulumi.Input<string>;

Realm Name

property template

template?: pulumi.Input<string>;

Username For Template Import

interface UserTemplateImporterIdentityProviderMapperState

interface UserTemplateImporterIdentityProviderMapperState

Input properties used for looking up and filtering UserTemplateImporterIdentityProviderMapper resources.

property identityProviderAlias

identityProviderAlias?: pulumi.Input<string>;

IDP Alias

property name

name?: pulumi.Input<string>;

IDP Mapper Name

property realm

realm?: pulumi.Input<string>;

Realm Name

property template

template?: pulumi.Input<string>;

Username For Template Import