Keycloak

v4.11.0 published on Thursday, Aug 4, 2022 by Pulumi

HardcodedRoleMapper

Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.

The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.

Example Usage

Realm Role)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
    public MyStack()
    {
        var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
        {
            RealmName = "my-realm",
            Enabled = true,
        });
        var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new Keycloak.Ldap.UserFederationArgs
        {
            RealmId = realm.Id,
            UsernameLdapAttribute = "cn",
            RdnLdapAttribute = "cn",
            UuidLdapAttribute = "entryDN",
            UserObjectClasses = 
            {
                "simpleSecurityObject",
                "organizationalRole",
            },
            ConnectionUrl = "ldap://openldap",
            UsersDn = "dc=example,dc=org",
            BindDn = "cn=admin,dc=example,dc=org",
            BindCredential = "admin",
        });
        var realmAdminRole = new Keycloak.Role("realmAdminRole", new Keycloak.RoleArgs
        {
            RealmId = realm.Id,
            Description = "My Realm Role",
        });
        var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new Keycloak.Ldap.HardcodedRoleMapperArgs
        {
            RealmId = realm.Id,
            LdapUserFederationId = ldapUserFederation.Id,
            Role = realmAdminRole.Name,
        });
    }

}
package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		realmAdminRole, err := keycloak.NewRole(ctx, "realmAdminRole", &keycloak.RoleArgs{
			RealmId:     realm.ID(),
			Description: pulumi.String("My Realm Role"),
		})
		if err != nil {
			return err
		}
		_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Role:                 realmAdminRole.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.ldap.HardcodedRoleMapper;
import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .enabled(true)
            .build());

        var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()        
            .realmId(realm.id())
            .usernameLdapAttribute("cn")
            .rdnLdapAttribute("cn")
            .uuidLdapAttribute("entryDN")
            .userObjectClasses(            
                "simpleSecurityObject",
                "organizationalRole")
            .connectionUrl("ldap://openldap")
            .usersDn("dc=example,dc=org")
            .bindDn("cn=admin,dc=example,dc=org")
            .bindCredential("admin")
            .build());

        var realmAdminRole = new Role("realmAdminRole", RoleArgs.builder()        
            .realmId(realm.id())
            .description("My Realm Role")
            .build());

        var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder()        
            .realmId(realm.id())
            .ldapUserFederationId(ldapUserFederation.id())
            .role(realmAdminRole.name())
            .build());

    }
}
import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation",
    realm_id=realm.id,
    username_ldap_attribute="cn",
    rdn_ldap_attribute="cn",
    uuid_ldap_attribute="entryDN",
    user_object_classes=[
        "simpleSecurityObject",
        "organizationalRole",
    ],
    connection_url="ldap://openldap",
    users_dn="dc=example,dc=org",
    bind_dn="cn=admin,dc=example,dc=org",
    bind_credential="admin")
realm_admin_role = keycloak.Role("realmAdminRole",
    realm_id=realm.id,
    description="My Realm Role")
assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers",
    realm_id=realm.id,
    ldap_user_federation_id=ldap_user_federation.id,
    role=realm_admin_role.name)
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
    realmId: realm.id,
    usernameLdapAttribute: "cn",
    rdnLdapAttribute: "cn",
    uuidLdapAttribute: "entryDN",
    userObjectClasses: [
        "simpleSecurityObject",
        "organizationalRole",
    ],
    connectionUrl: "ldap://openldap",
    usersDn: "dc=example,dc=org",
    bindDn: "cn=admin,dc=example,dc=org",
    bindCredential: "admin",
});
const realmAdminRole = new keycloak.Role("realmAdminRole", {
    realmId: realm.id,
    description: "My Realm Role",
});
const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", {
    realmId: realm.id,
    ldapUserFederationId: ldapUserFederation.id,
    role: realmAdminRole.name,
});
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  ldapUserFederation:
    type: keycloak:ldap:UserFederation
    properties:
      realmId: ${realm.id}
      usernameLdapAttribute: cn
      rdnLdapAttribute: cn
      uuidLdapAttribute: entryDN
      userObjectClasses:
        - simpleSecurityObject
        - organizationalRole
      connectionUrl: ldap://openldap
      usersDn: dc=example,dc=org
      bindDn: cn=admin,dc=example,dc=org
      bindCredential: admin
  realmAdminRole:
    type: keycloak:Role
    properties:
      realmId: ${realm.id}
      description: My Realm Role
  assignAdminRoleToAllUsers:
    type: keycloak:ldap:HardcodedRoleMapper
    properties:
      realmId: ${realm.id}
      ldapUserFederationId: ${ldapUserFederation.id}
      role: ${realmAdminRole.name}

Client Role)

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
    public MyStack()
    {
        var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
        {
            RealmName = "my-realm",
            Enabled = true,
        });
        var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new Keycloak.Ldap.UserFederationArgs
        {
            RealmId = realm.Id,
            UsernameLdapAttribute = "cn",
            RdnLdapAttribute = "cn",
            UuidLdapAttribute = "entryDN",
            UserObjectClasses = 
            {
                "simpleSecurityObject",
                "organizationalRole",
            },
            ConnectionUrl = "ldap://openldap",
            UsersDn = "dc=example,dc=org",
            BindDn = "cn=admin,dc=example,dc=org",
            BindCredential = "admin",
        });
        var realmManagement = Keycloak.OpenId.GetClient.Invoke(new Keycloak.OpenId.GetClientInvokeArgs
        {
            RealmId = realm.Id,
            ClientId = "realm-management",
        });
        var createClient = Output.Tuple(realm.Id, realmManagement).Apply(values =>
        {
            var id = values.Item1;
            var realmManagement = values.Item2;
            return Keycloak.GetRole.Invoke(new Keycloak.GetRoleInvokeArgs
            {
                RealmId = id,
                ClientId = realmManagement.Id,
                Name = "create-client",
            });
        });
        var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new Keycloak.Ldap.HardcodedRoleMapperArgs
        {
            RealmId = realm.Id,
            LdapUserFederationId = ldapUserFederation.Id,
            Role = Output.Tuple(realmManagement, createClient).Apply(values =>
            {
                var realmManagement = values.Item1;
                var createClient = values.Item2;
                return $"{realmManagement.ClientId}.{createClient.Name}";
            }),
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
			Realm:   pulumi.String("my-realm"),
			Enabled: pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
			RealmId:               realm.ID(),
			UsernameLdapAttribute: pulumi.String("cn"),
			RdnLdapAttribute:      pulumi.String("cn"),
			UuidLdapAttribute:     pulumi.String("entryDN"),
			UserObjectClasses: pulumi.StringArray{
				pulumi.String("simpleSecurityObject"),
				pulumi.String("organizationalRole"),
			},
			ConnectionUrl:  pulumi.String("ldap://openldap"),
			UsersDn:        pulumi.String("dc=example,dc=org"),
			BindDn:         pulumi.String("cn=admin,dc=example,dc=org"),
			BindCredential: pulumi.String("admin"),
		})
		if err != nil {
			return err
		}
		realmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{
			RealmId:  realm.ID(),
			ClientId: pulumi.String("realm-management"),
		}, nil)
		_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
			RealmId:              realm.ID(),
			LdapUserFederationId: ldapUserFederation.ID(),
			Role: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) {
				realmManagement := _args[0].(openid.GetClientResult)
				createClient := _args[1].(GetRoleResult)
				return fmt.Sprintf("%v.%v", realmManagement.ClientId, createClient.Name), nil
			}).(pulumi.StringOutput),
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.ldap.HardcodedRoleMapper;
import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var realm = new Realm("realm", RealmArgs.builder()        
            .realm("my-realm")
            .enabled(true)
            .build());

        var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()        
            .realmId(realm.id())
            .usernameLdapAttribute("cn")
            .rdnLdapAttribute("cn")
            .uuidLdapAttribute("entryDN")
            .userObjectClasses(            
                "simpleSecurityObject",
                "organizationalRole")
            .connectionUrl("ldap://openldap")
            .usersDn("dc=example,dc=org")
            .bindDn("cn=admin,dc=example,dc=org")
            .bindCredential("admin")
            .build());

        final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
            .realmId(realm.id())
            .clientId("realm-management")
            .build());

        final var createClient = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId(realm.id())
            .clientId(realmManagement.applyValue(getClientResult -> getClientResult).applyValue(realmManagement -> realmManagement.applyValue(getClientResult -> getClientResult.id())))
            .name("create-client")
            .build());

        var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder()        
            .realmId(realm.id())
            .ldapUserFederationId(ldapUserFederation.id())
            .role(Output.tuple(realmManagement.applyValue(getClientResult -> getClientResult), createClient.applyValue(getRoleResult -> getRoleResult)).applyValue(values -> {
                var realmManagement = values.t1;
                var createClient = values.t2;
                return String.format("%s.%s", realmManagement.applyValue(getClientResult -> getClientResult.clientId()),createClient.applyValue(getRoleResult -> getRoleResult.name()));
            }))
            .build());

    }
}
import pulumi
import pulumi_keycloak as keycloak

realm = keycloak.Realm("realm",
    realm="my-realm",
    enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation",
    realm_id=realm.id,
    username_ldap_attribute="cn",
    rdn_ldap_attribute="cn",
    uuid_ldap_attribute="entryDN",
    user_object_classes=[
        "simpleSecurityObject",
        "organizationalRole",
    ],
    connection_url="ldap://openldap",
    users_dn="dc=example,dc=org",
    bind_dn="cn=admin,dc=example,dc=org",
    bind_credential="admin")
realm_management = keycloak.openid.get_client_output(realm_id=realm.id,
    client_id="realm-management")
create_client = pulumi.Output.all(realm.id, realm_management).apply(lambda id, realm_management: keycloak.get_role_output(realm_id=id,
    client_id=realm_management.id,
    name="create-client"))
assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers",
    realm_id=realm.id,
    ldap_user_federation_id=ldap_user_federation.id,
    role=pulumi.Output.all(realm_management, create_client).apply(lambda realm_management, create_client: f"{realm_management.client_id}.{create_client.name}"))
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realm = new keycloak.Realm("realm", {
    realm: "my-realm",
    enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
    realmId: realm.id,
    usernameLdapAttribute: "cn",
    rdnLdapAttribute: "cn",
    uuidLdapAttribute: "entryDN",
    userObjectClasses: [
        "simpleSecurityObject",
        "organizationalRole",
    ],
    connectionUrl: "ldap://openldap",
    usersDn: "dc=example,dc=org",
    bindDn: "cn=admin,dc=example,dc=org",
    bindCredential: "admin",
});
const realmManagement = keycloak.openid.getClientOutput({
    realmId: realm.id,
    clientId: "realm-management",
});
const createClient = pulumi.all([realm.id, realmManagement]).apply(([id, realmManagement]) => keycloak.getRoleOutput({
    realmId: id,
    clientId: realmManagement.id,
    name: "create-client",
}));
const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", {
    realmId: realm.id,
    ldapUserFederationId: ldapUserFederation.id,
    role: pulumi.all([realmManagement, createClient]).apply(([realmManagement, createClient]) => `${realmManagement.clientId}.${createClient.name}`),
});
resources:
  realm:
    type: keycloak:Realm
    properties:
      realm: my-realm
      enabled: true
  ldapUserFederation:
    type: keycloak:ldap:UserFederation
    properties:
      realmId: ${realm.id}
      usernameLdapAttribute: cn
      rdnLdapAttribute: cn
      uuidLdapAttribute: entryDN
      userObjectClasses:
        - simpleSecurityObject
        - organizationalRole
      connectionUrl: ldap://openldap
      usersDn: dc=example,dc=org
      bindDn: cn=admin,dc=example,dc=org
      bindCredential: admin
  assignAdminRoleToAllUsers:
    type: keycloak:ldap:HardcodedRoleMapper
    properties:
      realmId: ${realm.id}
      ldapUserFederationId: ${ldapUserFederation.id}
      role: ${realmManagement.clientId}.${createClient.name}
variables:
  realmManagement:
    Fn::Invoke:
      Function: keycloak:openid:getClient
      Arguments:
        realmId: ${realm.id}
        clientId: realm-management
  createClient:
    Fn::Invoke:
      Function: keycloak:getRole
      Arguments:
        realmId: ${realm.id}
        clientId: ${realmManagement.id}
        name: create-client

Create HardcodedRoleMapper Resource

new HardcodedRoleMapper(name: string, args: HardcodedRoleMapperArgs, opts?: CustomResourceOptions);
@overload
def HardcodedRoleMapper(resource_name: str,
                        opts: Optional[ResourceOptions] = None,
                        ldap_user_federation_id: Optional[str] = None,
                        name: Optional[str] = None,
                        realm_id: Optional[str] = None,
                        role: Optional[str] = None)
@overload
def HardcodedRoleMapper(resource_name: str,
                        args: HardcodedRoleMapperArgs,
                        opts: Optional[ResourceOptions] = None)
func NewHardcodedRoleMapper(ctx *Context, name string, args HardcodedRoleMapperArgs, opts ...ResourceOption) (*HardcodedRoleMapper, error)
public HardcodedRoleMapper(string name, HardcodedRoleMapperArgs args, CustomResourceOptions? opts = null)
public HardcodedRoleMapper(String name, HardcodedRoleMapperArgs args)
public HardcodedRoleMapper(String name, HardcodedRoleMapperArgs args, CustomResourceOptions options)
type: keycloak:ldap:HardcodedRoleMapper
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args HardcodedRoleMapperArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args HardcodedRoleMapperArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args HardcodedRoleMapperArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args HardcodedRoleMapperArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args HardcodedRoleMapperArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

HardcodedRoleMapper Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The HardcodedRoleMapper resource accepts the following input properties:

LdapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

RealmId string

The realm that this LDAP mapper will exist in.

Role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

Name string

Display name of this mapper when displayed in the console.

LdapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

RealmId string

The realm that this LDAP mapper will exist in.

Role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

Name string

Display name of this mapper when displayed in the console.

ldapUserFederationId String

The ID of the LDAP user federation provider to attach this mapper to.

realmId String

The realm that this LDAP mapper will exist in.

role String

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

name String

Display name of this mapper when displayed in the console.

ldapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

realmId string

The realm that this LDAP mapper will exist in.

role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

name string

Display name of this mapper when displayed in the console.

ldap_user_federation_id str

The ID of the LDAP user federation provider to attach this mapper to.

realm_id str

The realm that this LDAP mapper will exist in.

role str

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

name str

Display name of this mapper when displayed in the console.

ldapUserFederationId String

The ID of the LDAP user federation provider to attach this mapper to.

realmId String

The realm that this LDAP mapper will exist in.

role String

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

name String

Display name of this mapper when displayed in the console.

Outputs

All input properties are implicitly available as output properties. Additionally, the HardcodedRoleMapper resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing HardcodedRoleMapper Resource

Get an existing HardcodedRoleMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: HardcodedRoleMapperState, opts?: CustomResourceOptions): HardcodedRoleMapper
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        ldap_user_federation_id: Optional[str] = None,
        name: Optional[str] = None,
        realm_id: Optional[str] = None,
        role: Optional[str] = None) -> HardcodedRoleMapper
func GetHardcodedRoleMapper(ctx *Context, name string, id IDInput, state *HardcodedRoleMapperState, opts ...ResourceOption) (*HardcodedRoleMapper, error)
public static HardcodedRoleMapper Get(string name, Input<string> id, HardcodedRoleMapperState? state, CustomResourceOptions? opts = null)
public static HardcodedRoleMapper get(String name, Output<String> id, HardcodedRoleMapperState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
LdapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

Name string

Display name of this mapper when displayed in the console.

RealmId string

The realm that this LDAP mapper will exist in.

Role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

LdapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

Name string

Display name of this mapper when displayed in the console.

RealmId string

The realm that this LDAP mapper will exist in.

Role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

ldapUserFederationId String

The ID of the LDAP user federation provider to attach this mapper to.

name String

Display name of this mapper when displayed in the console.

realmId String

The realm that this LDAP mapper will exist in.

role String

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

ldapUserFederationId string

The ID of the LDAP user federation provider to attach this mapper to.

name string

Display name of this mapper when displayed in the console.

realmId string

The realm that this LDAP mapper will exist in.

role string

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

ldap_user_federation_id str

The ID of the LDAP user federation provider to attach this mapper to.

name str

Display name of this mapper when displayed in the console.

realm_id str

The realm that this LDAP mapper will exist in.

role str

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

ldapUserFederationId String

The ID of the LDAP user federation provider to attach this mapper to.

name String

Display name of this mapper when displayed in the console.

realmId String

The realm that this LDAP mapper will exist in.

role String

The name of the role which should be assigned to the users. Client roles should use the format {{client_id}}.{{client_role_name}}.

Import

LDAP mappers can be imported using the format {{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash

 $ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67

Package Details

Repository
https://github.com/pulumi/pulumi-keycloak
License
Apache-2.0
Notes

This Pulumi package is based on the keycloak Terraform Provider.