Docs Home
Keycloak v6.5.0 published on Tuesday, May 13, 2025 by Pulumi
keycloak.getRole
Explore with Pulumi AI
This data source can be used to fetch properties of a Keycloak role for
usage with other resources, such as keycloak.GroupRoles.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const offlineAccess = keycloak.getRoleOutput({
realmId: realm.id,
name: "offline_access",
});
// use the data source
const group = new keycloak.Group("group", {
realmId: realm.id,
name: "group",
});
const groupRoles = new keycloak.GroupRoles("group_roles", {
realmId: realm.id,
groupId: group.id,
roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)],
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
offline_access = keycloak.get_role_output(realm_id=realm.id,
name="offline_access")
# use the data source
group = keycloak.Group("group",
realm_id=realm.id,
name="group")
group_roles = keycloak.GroupRoles("group_roles",
realm_id=realm.id,
group_id=group.id,
role_ids=[offline_access.id])
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{
RealmId: realm.ID(),
Name: pulumi.String("offline_access"),
}, nil)
// use the data source
group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{
RealmId: realm.ID(),
Name: pulumi.String("group"),
})
if err != nil {
return err
}
_, err = keycloak.NewGroupRoles(ctx, "group_roles", &keycloak.GroupRolesArgs{
RealmId: realm.ID(),
GroupId: group.ID(),
RoleIds: pulumi.StringArray{
pulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {
return &offlineAccess.Id, nil
}).(pulumi.StringPtrOutput)),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var offlineAccess = Keycloak.GetRole.Invoke(new()
{
RealmId = realm.Id,
Name = "offline_access",
});
// use the data source
var @group = new Keycloak.Group("group", new()
{
RealmId = realm.Id,
Name = "group",
});
var groupRoles = new Keycloak.GroupRoles("group_roles", new()
{
RealmId = realm.Id,
GroupId = @group.Id,
RoleIds = new[]
{
offlineAccess.Apply(getRoleResult => getRoleResult.Id),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.Group;
import com.pulumi.keycloak.GroupArgs;
import com.pulumi.keycloak.GroupRoles;
import com.pulumi.keycloak.GroupRolesArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId(realm.id())
.name("offline_access")
.build());
// use the data source
var group = new Group("group", GroupArgs.builder()
.realmId(realm.id())
.name("group")
.build());
var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder()
.realmId(realm.id())
.groupId(group.id())
.roleIds(offlineAccess.applyValue(_offlineAccess -> _offlineAccess.id()))
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
# use the data source
group:
type: keycloak:Group
properties:
realmId: ${realm.id}
name: group
groupRoles:
type: keycloak:GroupRoles
name: group_roles
properties:
realmId: ${realm.id}
groupId: ${group.id}
roleIds:
- ${offlineAccess.id}
variables:
offlineAccess:
fn::invoke:
function: keycloak:getRole
arguments:
realmId: ${realm.id}
name: offline_access
Using getRole
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getRole(args: GetRoleArgs, opts?: InvokeOptions): Promise<GetRoleResult>
function getRoleOutput(args: GetRoleOutputArgs, opts?: InvokeOptions): Output<GetRoleResult>def get_role(client_id: Optional[str] = None,
name: Optional[str] = None,
realm_id: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetRoleResult
def get_role_output(client_id: Optional[pulumi.Input[str]] = None,
name: Optional[pulumi.Input[str]] = None,
realm_id: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetRoleResult]func LookupRole(ctx *Context, args *LookupRoleArgs, opts ...InvokeOption) (*LookupRoleResult, error)
func LookupRoleOutput(ctx *Context, args *LookupRoleOutputArgs, opts ...InvokeOption) LookupRoleResultOutput> Note: This function is named LookupRole in the Go SDK.
public static class GetRole
{
public static Task<GetRoleResult> InvokeAsync(GetRoleArgs args, InvokeOptions? opts = null)
public static Output<GetRoleResult> Invoke(GetRoleInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetRoleResult> getRole(GetRoleArgs args, InvokeOptions options)
public static Output<GetRoleResult> getRole(GetRoleArgs args, InvokeOptions options)
fn::invoke:
function: keycloak:index/getRole:getRole
arguments:
# arguments dictionaryThe following arguments are supported:
getRole Result
The following output properties are available:
- Attributes Dictionary<string, string>
- Composite
Roles List<string> - Description string
- (Computed) The description of the role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Realm
Id string - Client
Id string
- Attributes map[string]string
- Composite
Roles []string - Description string
- (Computed) The description of the role.
- Id string
- The provider-assigned unique ID for this managed resource.
- Name string
- Realm
Id string - Client
Id string
- attributes Map<String,String>
- composite
Roles List<String> - description String
- (Computed) The description of the role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- realm
Id String - client
Id String
- attributes {[key: string]: string}
- composite
Roles string[] - description string
- (Computed) The description of the role.
- id string
- The provider-assigned unique ID for this managed resource.
- name string
- realm
Id string - client
Id string
- attributes Mapping[str, str]
- composite_
roles Sequence[str] - description str
- (Computed) The description of the role.
- id str
- The provider-assigned unique ID for this managed resource.
- name str
- realm_
id str - client_
id str
- attributes Map<String>
- composite
Roles List<String> - description String
- (Computed) The description of the role.
- id String
- The provider-assigned unique ID for this managed resource.
- name String
- realm
Id String - client
Id String
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.