Welcome to Pulumi Registry, your window into the cloud. Read the announcement.

Keycloak

v4.7.0 published on Thursday, Nov 18, 2021 by Pulumi

getClientDescriptionConverter

This data source uses the ClientDescriptionConverter API to convert a generic client description into a Keycloak client. This data can then be used to manage the client within Keycloak.

Example Usage

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
    public MyStack()
    {
        var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
        {
            Realm = "my-realm",
            Enabled = true,
        });
        var samlClientClientDescriptionConverter = realm.Id.Apply(id => Keycloak.GetClientDescriptionConverter.InvokeAsync(new Keycloak.GetClientDescriptionConverterArgs
        {
            RealmId = id,
            Body = @"	<md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" validUntil=""2021-04-17T12:41:46Z"" cacheDuration=""PT604800S"" entityID=""FakeEntityId"">
    <md:SPSSODescriptor AuthnRequestsSigned=""false"" WantAssertionsSigned=""false"" protocolSupportEnumeration=""urn:oasis:names:tc:SAML:2.0:protocol"">
        <md:KeyDescriptor use=""signing"">
			<ds:KeyInfo xmlns:ds=""http://www.w3.org/2000/09/xmldsig#"">
				<ds:X509Data>
					<ds:X509Certificate>MIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx
					CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv
					YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW
					EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz
					NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm
					b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi
					LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG
					9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe
					qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj
					53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv
					GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud
					IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI
					hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5
					n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj
					K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding=""urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"" Location=""https://localhost/acs/saml/"" index=""1""/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>
",
        }));
        var samlClientClient = new Keycloak.Saml.Client("samlClientClient", new Keycloak.Saml.ClientArgs
        {
            RealmId = realm.Id,
            ClientId = samlClientClientDescriptionConverter.Apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.ClientId),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/saml"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = saml.NewClient(ctx, "samlClientClient", &saml.ClientArgs{
			RealmId: realm.ID(),
			ClientId: samlClientClientDescriptionConverter.ApplyT(func(samlClientClientDescriptionConverter GetClientDescriptionConverterResult) (string, error) {
				return samlClientClientDescriptionConverter.ClientId, nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
saml_client_client_description_converter = realm.id.apply(lambda id: keycloak.get_client_description_converter(realm_id=id,
    body="""	<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId">
    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>MIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx
					CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv
					YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW
					EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz
					NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm
					b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi
					LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG
					9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe
					qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj
					53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv
					GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud
					IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI
					hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5
					n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj
					K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/acs/saml/" index="1"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>
"""))
saml_client_client = keycloak.saml.Client("samlClientClient",
    realm_id=realm.id,
    client_id=saml_client_client_description_converter.client_id)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const samlClientClientDescriptionConverter = realm.id.apply(id => keycloak.getClientDescriptionConverter({
    realmId: id,
    body: `	<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId">
    <md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:KeyDescriptor use="signing">
			<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
				<ds:X509Data>
					<ds:X509Certificate>MIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx
					CzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv
					YWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW
					EW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz
					NlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm
					b3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi
					LmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG
					9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe
					qIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj
					53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv
					GX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud
					IwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI
					hvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5
					n01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj
					K3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=</ds:X509Certificate>
				</ds:X509Data>
			</ds:KeyInfo>
		</md:KeyDescriptor>
		<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://localhost/acs/saml/" index="1"/>
    </md:SPSSODescriptor>
</md:EntityDescriptor>
`,
}));
const samlClientClient = new keycloak.saml.Client("samlClientClient", {
    realmId: realm.id,
    clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.clientId),
});

Using getClientDescriptionConverter

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getClientDescriptionConverter(args: GetClientDescriptionConverterArgs, opts?: InvokeOptions): Promise<GetClientDescriptionConverterResult>
function getClientDescriptionConverterOutput(args: GetClientDescriptionConverterOutputArgs, opts?: InvokeOptions): Output<GetClientDescriptionConverterResult>
def get_client_description_converter(body: Optional[str] = None,
                                     realm_id: Optional[str] = None,
                                     opts: Optional[InvokeOptions] = None) -> GetClientDescriptionConverterResult
def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = None,
                                     realm_id: Optional[pulumi.Input[str]] = None,
                                     opts: Optional[InvokeOptions] = None) -> Output[GetClientDescriptionConverterResult]
func GetClientDescriptionConverter(ctx *Context, args *GetClientDescriptionConverterArgs, opts ...InvokeOption) (*GetClientDescriptionConverterResult, error)
func GetClientDescriptionConverterOutput(ctx *Context, args *GetClientDescriptionConverterOutputArgs, opts ...InvokeOption) GetClientDescriptionConverterResultOutput

> Note: This function is named GetClientDescriptionConverter in the Go SDK.

public static class GetClientDescriptionConverter 
{
    public static Task<GetClientDescriptionConverterResult> InvokeAsync(GetClientDescriptionConverterArgs args, InvokeOptions? opts = null)
    public static Output<GetClientDescriptionConverterResult> Invoke(GetClientDescriptionConverterInvokeArgs args, InvokeOptions? opts = null)
}

The following arguments are supported:

Body string
The body of the request to convert.
RealmId string
The realm to use for the client description converter API call.
Body string
The body of the request to convert.
RealmId string
The realm to use for the client description converter API call.
body string
The body of the request to convert.
realmId string
The realm to use for the client description converter API call.
body str
The body of the request to convert.
realm_id str
The realm to use for the client description converter API call.

getClientDescriptionConverter Result

The following output properties are available:

Access Dictionary<string, object>
AdminUrl string
Attributes Dictionary<string, object>
AuthenticationFlowBindingOverrides Dictionary<string, object>
AuthorizationServicesEnabled bool
AuthorizationSettings Dictionary<string, object>
BaseUrl string
BearerOnly bool
Body string
ClientAuthenticatorType string
ClientId string
ConsentRequired string
DefaultClientScopes List<string>
DefaultRoles List<string>
Description string
DirectAccessGrantsEnabled bool
Enabled bool
FrontchannelLogout bool
FullScopeAllowed bool
Id string
The provider-assigned unique ID for this managed resource.
ImplicitFlowEnabled bool
Name string
NotBefore int
OptionalClientScopes List<string>
Origin string
Protocol string
ProtocolMappers List<GetClientDescriptionConverterProtocolMapper>
PublicClient bool
RealmId string
RedirectUris List<string>
RegisteredNodes Dictionary<string, object>
RegistrationAccessToken string
RootUrl string
Secret string
ServiceAccountsEnabled bool
StandardFlowEnabled bool
SurrogateAuthRequired bool
WebOrigins List<string>
Access map[string]interface{}
AdminUrl string
Attributes map[string]interface{}
AuthenticationFlowBindingOverrides map[string]interface{}
AuthorizationServicesEnabled bool
AuthorizationSettings map[string]interface{}
BaseUrl string
BearerOnly bool
Body string
ClientAuthenticatorType string
ClientId string
ConsentRequired string
DefaultClientScopes []string
DefaultRoles []string
Description string
DirectAccessGrantsEnabled bool
Enabled bool
FrontchannelLogout bool
FullScopeAllowed bool
Id string
The provider-assigned unique ID for this managed resource.
ImplicitFlowEnabled bool
Name string
NotBefore int
OptionalClientScopes []string
Origin string
Protocol string
ProtocolMappers []GetClientDescriptionConverterProtocolMapper
PublicClient bool
RealmId string
RedirectUris []string
RegisteredNodes map[string]interface{}
RegistrationAccessToken string
RootUrl string
Secret string
ServiceAccountsEnabled bool
StandardFlowEnabled bool
SurrogateAuthRequired bool
WebOrigins []string
access {[key: string]: any}
adminUrl string
attributes {[key: string]: any}
authenticationFlowBindingOverrides {[key: string]: any}
authorizationServicesEnabled boolean
authorizationSettings {[key: string]: any}
baseUrl string
bearerOnly boolean
body string
clientAuthenticatorType string
clientId string
consentRequired string
defaultClientScopes string[]
defaultRoles string[]
description string
directAccessGrantsEnabled boolean
enabled boolean
frontchannelLogout boolean
fullScopeAllowed boolean
id string
The provider-assigned unique ID for this managed resource.
implicitFlowEnabled boolean
name string
notBefore number
optionalClientScopes string[]
origin string
protocol string
protocolMappers GetClientDescriptionConverterProtocolMapper[]
publicClient boolean
realmId string
redirectUris string[]
registeredNodes {[key: string]: any}
registrationAccessToken string
rootUrl string
secret string
serviceAccountsEnabled boolean
standardFlowEnabled boolean
surrogateAuthRequired boolean
webOrigins string[]
access Mapping[str, Any]
admin_url str
attributes Mapping[str, Any]
authentication_flow_binding_overrides Mapping[str, Any]
authorization_services_enabled bool
authorization_settings Mapping[str, Any]
base_url str
bearer_only bool
body str
client_authenticator_type str
client_id str
consent_required str
default_client_scopes Sequence[str]
default_roles Sequence[str]
description str
direct_access_grants_enabled bool
enabled bool
frontchannel_logout bool
full_scope_allowed bool
id str
The provider-assigned unique ID for this managed resource.
implicit_flow_enabled bool
name str
not_before int
optional_client_scopes Sequence[str]
origin str
protocol str
protocol_mappers Sequence[GetClientDescriptionConverterProtocolMapper]
public_client bool
realm_id str
redirect_uris Sequence[str]
registered_nodes Mapping[str, Any]
registration_access_token str
root_url str
secret str
service_accounts_enabled bool
standard_flow_enabled bool
surrogate_auth_required bool
web_origins Sequence[str]

Supporting Types

GetClientDescriptionConverterProtocolMapper

Config Dictionary<string, object>
Id string
Name string
Protocol string
ProtocolMapper string
Config map[string]interface{}
Id string
Name string
Protocol string
ProtocolMapper string
config {[key: string]: any}
id string
name string
protocol string
protocolMapper string
config Mapping[str, Any]
id str
name str
protocol str
protocol_mapper str

Package Details

Repository
https://github.com/pulumi/pulumi-keycloak
License
Apache-2.0
Notes
This Pulumi package is based on the keycloak Terraform Provider.