keycloak logo
Keycloak v5.1.0, Mar 14 23

keycloak.getRole

This data source can be used to fetch properties of a Keycloak role for usage with other resources, such as keycloak.GroupRoles.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Keycloak = Pulumi.Keycloak;

return await Deployment.RunAsync(() => 
{
    var realm = new Keycloak.Realm("realm", new()
    {
        RealmName = "my-realm",
        Enabled = true,
    });

    var offlineAccess = Keycloak.GetRole.Invoke(new()
    {
        RealmId = realm.Id,
        Name = "offline_access",
    });

    var @group = new Keycloak.Group("group", new()
    {
        RealmId = realm.Id,
    });

    var groupRoles = new Keycloak.GroupRoles("groupRoles", new()
    {
        RealmId = realm.Id,
        GroupId = @group.Id,
        RoleIds = new[]
        {
            offlineAccess.Apply(getRoleResult => getRoleResult.Id),
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{
			RealmId: realm.ID(),
			Name:    pulumi.String("offline_access"),
		}, nil)
		group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{
			RealmId: realm.ID(),
		})
		if err != nil {
			return err
		}
		_, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{
			RealmId: realm.ID(),
			GroupId: group.ID(),
			RoleIds: pulumi.StringArray{
				offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {
					return &offlineAccess.Id, nil
				}).(pulumi.StringPtrOutput),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.Group;
import com.pulumi.keycloak.GroupArgs;
import com.pulumi.keycloak.GroupRoles;
import com.pulumi.keycloak.GroupRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .enabled(true)
            .build());

        final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId(realm.id())
            .name("offline_access")
            .build());

        var group = new Group("group", GroupArgs.builder()        
            .realmId(realm.id())
            .build());

        var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder()        
            .realmId(realm.id())
            .groupId(group.id())
            .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id())))
            .build());

    }
}
import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
offline_access = keycloak.get_role_output(realm_id=realm.id,
    name="offline_access")
group = keycloak.Group("group", realm_id=realm.id)
group_roles = keycloak.GroupRoles("groupRoles",
    realm_id=realm.id,
    group_id=group.id,
    role_ids=[offline_access.id])
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const offlineAccess = keycloak.getRoleOutput({
    realmId: realm.id,
    name: "offline_access",
});
const group = new keycloak.Group("group", {realmId: realm.id});
const groupRoles = new keycloak.GroupRoles("groupRoles", {
    realmId: realm.id,
    groupId: group.id,
    roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)],
});
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  group:
    type: keycloak:Group
    properties:
      realmId: ${realm.id}
  groupRoles:
    type: keycloak:GroupRoles
    properties:
      realmId: ${realm.id}
      groupId: ${group.id}
      roleIds:
        - ${offlineAccess.id}
variables:
  offlineAccess: # use the data source
    fn::invoke:
      Function: keycloak:getRole
      Arguments:
        realmId: ${realm.id}
        name: offline_access

Using getRole

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getRole(args: GetRoleArgs, opts?: InvokeOptions): Promise<GetRoleResult>
function getRoleOutput(args: GetRoleOutputArgs, opts?: InvokeOptions): Output<GetRoleResult>
def get_role(client_id: Optional[str] = None,
             name: Optional[str] = None,
             realm_id: Optional[str] = None,
             opts: Optional[InvokeOptions] = None) -> GetRoleResult
def get_role_output(client_id: Optional[pulumi.Input[str]] = None,
             name: Optional[pulumi.Input[str]] = None,
             realm_id: Optional[pulumi.Input[str]] = None,
             opts: Optional[InvokeOptions] = None) -> Output[GetRoleResult]
func LookupRole(ctx *Context, args *LookupRoleArgs, opts ...InvokeOption) (*LookupRoleResult, error)
func LookupRoleOutput(ctx *Context, args *LookupRoleOutputArgs, opts ...InvokeOption) LookupRoleResultOutput

> Note: This function is named LookupRole in the Go SDK.

public static class GetRole 
{
    public static Task<GetRoleResult> InvokeAsync(GetRoleArgs args, InvokeOptions? opts = null)
    public static Output<GetRoleResult> Invoke(GetRoleInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetRoleResult> getRole(GetRoleArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: keycloak:index/getRole:getRole
  arguments:
    # arguments dictionary

The following arguments are supported:

Name string

The name of the role.

RealmId string

The realm this role exists within.

ClientId string

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

Name string

The name of the role.

RealmId string

The realm this role exists within.

ClientId string

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

name String

The name of the role.

realmId String

The realm this role exists within.

clientId String

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

name string

The name of the role.

realmId string

The realm this role exists within.

clientId string

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

name str

The name of the role.

realm_id str

The realm this role exists within.

client_id str

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

name String

The name of the role.

realmId String

The realm this role exists within.

clientId String

When specified, this role is assumed to be a client role belonging to the client with the provided ID. The id attribute of a keycloak_client resource should be used here.

getRole Result

The following output properties are available:

Attributes Dictionary<string, object>
CompositeRoles List<string>
Description string

(Computed) The description of the role.

Id string

The provider-assigned unique ID for this managed resource.

Name string
RealmId string
ClientId string
Attributes map[string]interface{}
CompositeRoles []string
Description string

(Computed) The description of the role.

Id string

The provider-assigned unique ID for this managed resource.

Name string
RealmId string
ClientId string
attributes Map<String,Object>
compositeRoles List<String>
description String

(Computed) The description of the role.

id String

The provider-assigned unique ID for this managed resource.

name String
realmId String
clientId String
attributes {[key: string]: any}
compositeRoles string[]
description string

(Computed) The description of the role.

id string

The provider-assigned unique ID for this managed resource.

name string
realmId string
clientId string
attributes Mapping[str, Any]
composite_roles Sequence[str]
description str

(Computed) The description of the role.

id str

The provider-assigned unique ID for this managed resource.

name str
realm_id str
client_id str
attributes Map<Any>
compositeRoles List<String>
description String

(Computed) The description of the role.

id String

The provider-assigned unique ID for this managed resource.

name String
realmId String
clientId String

Package Details

Repository
Keycloak pulumi/pulumi-keycloak
License
Apache-2.0
Notes

This Pulumi package is based on the keycloak Terraform Provider.