This data source can be used to fetch the details of an authentication subflow within Keycloak.
An authentication subflow is a nested flow within a parent authentication flow that groups related authentication steps together.
Example Usage
Lookup by Alias (Human-readable)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const myFlow = new keycloak.authentication.Flow("my_flow", {
realmId: realm.id,
alias: "my-custom-flow",
});
const mySubflow = new keycloak.authentication.Subflow("my_subflow", {
realmId: realm.id,
parentFlowAlias: myFlow.alias,
alias: "my-subflow",
providerId: "basic-flow",
});
const subflow = keycloak.authentication.getSubflowOutput({
realmId: realm.id,
parentFlowAlias: myFlow.alias,
alias: "my-subflow",
});
export const subflowId = subflow.apply(subflow => subflow.id);
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
my_flow = keycloak.authentication.Flow("my_flow",
realm_id=realm.id,
alias="my-custom-flow")
my_subflow = keycloak.authentication.Subflow("my_subflow",
realm_id=realm.id,
parent_flow_alias=my_flow.alias,
alias="my-subflow",
provider_id="basic-flow")
subflow = keycloak.authentication.get_subflow_output(realm_id=realm.id,
parent_flow_alias=my_flow.alias,
alias="my-subflow")
pulumi.export("subflowId", subflow.id)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
myFlow, err := authentication.NewFlow(ctx, "my_flow", &authentication.FlowArgs{
RealmId: realm.ID(),
Alias: pulumi.String("my-custom-flow"),
})
if err != nil {
return err
}
_, err = authentication.NewSubflow(ctx, "my_subflow", &authentication.SubflowArgs{
RealmId: realm.ID(),
ParentFlowAlias: myFlow.Alias,
Alias: pulumi.String("my-subflow"),
ProviderId: pulumi.String("basic-flow"),
})
if err != nil {
return err
}
subflow := authentication.LookupSubflowOutput(ctx, authentication.GetSubflowOutputArgs{
RealmId: realm.ID(),
ParentFlowAlias: myFlow.Alias,
Alias: pulumi.String("my-subflow"),
}, nil)
ctx.Export("subflowId", subflow.ApplyT(func(subflow authentication.GetSubflowResult) (*string, error) {
return &subflow.Id, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var myFlow = new Keycloak.Authentication.Flow("my_flow", new()
{
RealmId = realm.Id,
Alias = "my-custom-flow",
});
var mySubflow = new Keycloak.Authentication.Subflow("my_subflow", new()
{
RealmId = realm.Id,
ParentFlowAlias = myFlow.Alias,
Alias = "my-subflow",
ProviderId = "basic-flow",
});
var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()
{
RealmId = realm.Id,
ParentFlowAlias = myFlow.Alias,
Alias = "my-subflow",
});
return new Dictionary<string, object?>
{
["subflowId"] = subflow.Apply(getSubflowResult => getSubflowResult.Id),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.authentication.Flow;
import com.pulumi.keycloak.authentication.FlowArgs;
import com.pulumi.keycloak.authentication.Subflow;
import com.pulumi.keycloak.authentication.SubflowArgs;
import com.pulumi.keycloak.authentication.AuthenticationFunctions;
import com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var myFlow = new Flow("myFlow", FlowArgs.builder()
.realmId(realm.id())
.alias("my-custom-flow")
.build());
var mySubflow = new Subflow("mySubflow", SubflowArgs.builder()
.realmId(realm.id())
.parentFlowAlias(myFlow.alias())
.alias("my-subflow")
.providerId("basic-flow")
.build());
final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()
.realmId(realm.id())
.parentFlowAlias(myFlow.alias())
.alias("my-subflow")
.build());
ctx.export("subflowId", subflow.applyValue(_subflow -> _subflow.id()));
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
myFlow:
type: keycloak:authentication:Flow
name: my_flow
properties:
realmId: ${realm.id}
alias: my-custom-flow
mySubflow:
type: keycloak:authentication:Subflow
name: my_subflow
properties:
realmId: ${realm.id}
parentFlowAlias: ${myFlow.alias}
alias: my-subflow
providerId: basic-flow
variables:
subflow:
fn::invoke:
function: keycloak:authentication:getSubflow
arguments:
realmId: ${realm.id}
parentFlowAlias: ${myFlow.alias}
alias: my-subflow
outputs:
subflowId: ${subflow.id}
Lookup by ID (Direct)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const subflow = keycloak.authentication.getSubflow({
realmId: "my-realm-id",
parentFlowAlias: "browser",
id: "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
});
export const subflowAlias = subflow.then(subflow => subflow.alias);
import pulumi
import pulumi_keycloak as keycloak
subflow = keycloak.authentication.get_subflow(realm_id="my-realm-id",
parent_flow_alias="browser",
id="a1b2c3d4-e5f6-7890-abcd-ef1234567890")
pulumi.export("subflowAlias", subflow.alias)
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/authentication"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
subflow, err := authentication.LookupSubflow(ctx, &authentication.LookupSubflowArgs{
RealmId: "my-realm-id",
ParentFlowAlias: "browser",
Id: pulumi.StringRef("a1b2c3d4-e5f6-7890-abcd-ef1234567890"),
}, nil)
if err != nil {
return err
}
ctx.Export("subflowAlias", subflow.Alias)
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var subflow = Keycloak.Authentication.GetSubflow.Invoke(new()
{
RealmId = "my-realm-id",
ParentFlowAlias = "browser",
Id = "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
});
return new Dictionary<string, object?>
{
["subflowAlias"] = subflow.Apply(getSubflowResult => getSubflowResult.Alias),
};
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.authentication.AuthenticationFunctions;
import com.pulumi.keycloak.authentication.inputs.GetSubflowArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var subflow = AuthenticationFunctions.getSubflow(GetSubflowArgs.builder()
.realmId("my-realm-id")
.parentFlowAlias("browser")
.id("a1b2c3d4-e5f6-7890-abcd-ef1234567890")
.build());
ctx.export("subflowAlias", subflow.alias());
}
}
variables:
subflow:
fn::invoke:
function: keycloak:authentication:getSubflow
arguments:
realmId: my-realm-id
parentFlowAlias: browser
id: a1b2c3d4-e5f6-7890-abcd-ef1234567890
outputs:
subflowAlias: ${subflow.alias}
Using getSubflow
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getSubflow(args: GetSubflowArgs, opts?: InvokeOptions): Promise<GetSubflowResult>
function getSubflowOutput(args: GetSubflowOutputArgs, opts?: InvokeOptions): Output<GetSubflowResult>def get_subflow(alias: Optional[str] = None,
id: Optional[str] = None,
parent_flow_alias: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetSubflowResult
def get_subflow_output(alias: Optional[pulumi.Input[str]] = None,
id: Optional[pulumi.Input[str]] = None,
parent_flow_alias: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetSubflowResult]func LookupSubflow(ctx *Context, args *LookupSubflowArgs, opts ...InvokeOption) (*LookupSubflowResult, error)
func LookupSubflowOutput(ctx *Context, args *LookupSubflowOutputArgs, opts ...InvokeOption) LookupSubflowResultOutput> Note: This function is named LookupSubflow in the Go SDK.
public static class GetSubflow
{
public static Task<GetSubflowResult> InvokeAsync(GetSubflowArgs args, InvokeOptions? opts = null)
public static Output<GetSubflowResult> Invoke(GetSubflowInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetSubflowResult> getSubflow(GetSubflowArgs args, InvokeOptions options)
public static Output<GetSubflowResult> getSubflow(GetSubflowArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:authentication/getSubflow:getSubflow
arguments:
# arguments dictionaryThe following arguments are supported:
- Parent
Flow stringAlias - The alias of the parent authentication flow.
- Realm
Id string - The realm the authentication subflow exists in.
- Alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- Id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- Parent
Flow stringAlias - The alias of the parent authentication flow.
- Realm
Id string - The realm the authentication subflow exists in.
- Alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- Id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow StringAlias - The alias of the parent authentication flow.
- realm
Id String - The realm the authentication subflow exists in.
- alias String
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id String
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow stringAlias - The alias of the parent authentication flow.
- realm
Id string - The realm the authentication subflow exists in.
- alias string
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id string
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent_
flow_ stralias - The alias of the parent authentication flow.
- realm_
id str - The realm the authentication subflow exists in.
- alias str
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id str
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
- parent
Flow StringAlias - The alias of the parent authentication flow.
- realm
Id String - The realm the authentication subflow exists in.
- alias String
The alias of the authentication subflow. Either
idoraliasmust be specified.Note: You must specify either
idoralias, but not both. Useidfor direct lookup by GUID, oraliasfor human-readable lookup by name.- id String
- The unique ID of the authentication subflow. Either
idoraliasmust be specified.
getSubflow Result
The following output properties are available:
- Authenticator string
- Description string
- The description of the subflow.
- Id string
- The unique ID of the authentication subflow.
- Parent
Flow stringAlias - Priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- Provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - Realm
Id string - Requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - Alias string
- The alias of the subflow.
- Authenticator string
- Description string
- The description of the subflow.
- Id string
- The unique ID of the authentication subflow.
- Parent
Flow stringAlias - Priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- Provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - Realm
Id string - Requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - Alias string
- The alias of the subflow.
- authenticator String
- description String
- The description of the subflow.
- id String
- The unique ID of the authentication subflow.
- parent
Flow StringAlias - priority Integer
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id String - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id String - requirement String
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias String
- The alias of the subflow.
- authenticator string
- description string
- The description of the subflow.
- id string
- The unique ID of the authentication subflow.
- parent
Flow stringAlias - priority number
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id string - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id string - requirement string
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias string
- The alias of the subflow.
- authenticator str
- description str
- The description of the subflow.
- id str
- The unique ID of the authentication subflow.
- parent_
flow_ stralias - priority int
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider_
id str - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm_
id str - requirement str
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias str
- The alias of the subflow.
- authenticator String
- description String
- The description of the subflow.
- id String
- The unique ID of the authentication subflow.
- parent
Flow StringAlias - priority Number
- (Keycloak 25+) The priority of the subflow within its parent flow.
- provider
Id String - The provider ID for the subflow (e.g.,
basic-flow,form-flow, orclient-flow). - realm
Id String - requirement String
- The requirement setting for the subflow. Can be one of
REQUIRED,ALTERNATIVE,OPTIONAL,CONDITIONAL, orDISABLED. - alias String
- The alias of the subflow.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
