Allows you to manage openid Client Authorization Resources.
Authorization resources represent the protected resources in your application. Each resource can have associated scopes, URIs, and attributes.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const test = new keycloak.openid.Client("test", {
clientId: "client_id",
realmId: realm.id,
accessType: "CONFIDENTIAL",
serviceAccountsEnabled: true,
authorization: {
policyEnforcementMode: "ENFORCING",
},
});
const readScope = new keycloak.openid.ClientAuthorizationScope("read_scope", {
resourceServerId: test.resourceServerId,
realmId: realm.id,
name: "read",
});
const writeScope = new keycloak.openid.ClientAuthorizationScope("write_scope", {
resourceServerId: test.resourceServerId,
realmId: realm.id,
name: "write",
});
const testClientAuthorizationResource = new keycloak.openid.ClientAuthorizationResource("test", {
resourceServerId: test.resourceServerId,
realmId: realm.id,
name: "my_resource",
displayName: "My Resource",
uris: [
"/api/resource/*",
"/api/resource/**",
],
scopes: [
readScope.name,
writeScope.name,
],
type: "http://example.com/resource-type",
attributes: {
key1: "value1,value2",
key2: "value3",
},
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
test = keycloak.openid.Client("test",
client_id="client_id",
realm_id=realm.id,
access_type="CONFIDENTIAL",
service_accounts_enabled=True,
authorization={
"policy_enforcement_mode": "ENFORCING",
})
read_scope = keycloak.openid.ClientAuthorizationScope("read_scope",
resource_server_id=test.resource_server_id,
realm_id=realm.id,
name="read")
write_scope = keycloak.openid.ClientAuthorizationScope("write_scope",
resource_server_id=test.resource_server_id,
realm_id=realm.id,
name="write")
test_client_authorization_resource = keycloak.openid.ClientAuthorizationResource("test",
resource_server_id=test.resource_server_id,
realm_id=realm.id,
name="my_resource",
display_name="My Resource",
uris=[
"/api/resource/*",
"/api/resource/**",
],
scopes=[
read_scope.name,
write_scope.name,
],
type="http://example.com/resource-type",
attributes={
"key1": "value1,value2",
"key2": "value3",
})
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
test, err := openid.NewClient(ctx, "test", &openid.ClientArgs{
ClientId: pulumi.String("client_id"),
RealmId: realm.ID(),
AccessType: pulumi.String("CONFIDENTIAL"),
ServiceAccountsEnabled: pulumi.Bool(true),
Authorization: &openid.ClientAuthorizationArgs{
PolicyEnforcementMode: pulumi.String("ENFORCING"),
},
})
if err != nil {
return err
}
readScope, err := openid.NewClientAuthorizationScope(ctx, "read_scope", &openid.ClientAuthorizationScopeArgs{
ResourceServerId: test.ResourceServerId,
RealmId: realm.ID(),
Name: pulumi.String("read"),
})
if err != nil {
return err
}
writeScope, err := openid.NewClientAuthorizationScope(ctx, "write_scope", &openid.ClientAuthorizationScopeArgs{
ResourceServerId: test.ResourceServerId,
RealmId: realm.ID(),
Name: pulumi.String("write"),
})
if err != nil {
return err
}
_, err = openid.NewClientAuthorizationResource(ctx, "test", &openid.ClientAuthorizationResourceArgs{
ResourceServerId: test.ResourceServerId,
RealmId: realm.ID(),
Name: pulumi.String("my_resource"),
DisplayName: pulumi.String("My Resource"),
Uris: pulumi.StringArray{
pulumi.String("/api/resource/*"),
pulumi.String("/api/resource/**"),
},
Scopes: pulumi.StringArray{
readScope.Name,
writeScope.Name,
},
Type: pulumi.String("http://example.com/resource-type"),
Attributes: pulumi.StringMap{
"key1": pulumi.String("value1,value2"),
"key2": pulumi.String("value3"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
Enabled = true,
});
var test = new Keycloak.OpenId.Client("test", new()
{
ClientId = "client_id",
RealmId = realm.Id,
AccessType = "CONFIDENTIAL",
ServiceAccountsEnabled = true,
Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs
{
PolicyEnforcementMode = "ENFORCING",
},
});
var readScope = new Keycloak.OpenId.ClientAuthorizationScope("read_scope", new()
{
ResourceServerId = test.ResourceServerId,
RealmId = realm.Id,
Name = "read",
});
var writeScope = new Keycloak.OpenId.ClientAuthorizationScope("write_scope", new()
{
ResourceServerId = test.ResourceServerId,
RealmId = realm.Id,
Name = "write",
});
var testClientAuthorizationResource = new Keycloak.OpenId.ClientAuthorizationResource("test", new()
{
ResourceServerId = test.ResourceServerId,
RealmId = realm.Id,
Name = "my_resource",
DisplayName = "My Resource",
Uris = new[]
{
"/api/resource/*",
"/api/resource/**",
},
Scopes = new[]
{
readScope.Name,
writeScope.Name,
},
Type = "http://example.com/resource-type",
Attributes =
{
{ "key1", "value1,value2" },
{ "key2", "value3" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.openid.Client;
import com.pulumi.keycloak.openid.ClientArgs;
import com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;
import com.pulumi.keycloak.openid.ClientAuthorizationScope;
import com.pulumi.keycloak.openid.ClientAuthorizationScopeArgs;
import com.pulumi.keycloak.openid.ClientAuthorizationResource;
import com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var test = new Client("test", ClientArgs.builder()
.clientId("client_id")
.realmId(realm.id())
.accessType("CONFIDENTIAL")
.serviceAccountsEnabled(true)
.authorization(ClientAuthorizationArgs.builder()
.policyEnforcementMode("ENFORCING")
.build())
.build());
var readScope = new ClientAuthorizationScope("readScope", ClientAuthorizationScopeArgs.builder()
.resourceServerId(test.resourceServerId())
.realmId(realm.id())
.name("read")
.build());
var writeScope = new ClientAuthorizationScope("writeScope", ClientAuthorizationScopeArgs.builder()
.resourceServerId(test.resourceServerId())
.realmId(realm.id())
.name("write")
.build());
var testClientAuthorizationResource = new ClientAuthorizationResource("testClientAuthorizationResource", ClientAuthorizationResourceArgs.builder()
.resourceServerId(test.resourceServerId())
.realmId(realm.id())
.name("my_resource")
.displayName("My Resource")
.uris(
"/api/resource/*",
"/api/resource/**")
.scopes(
readScope.name(),
writeScope.name())
.type("http://example.com/resource-type")
.attributes(Map.ofEntries(
Map.entry("key1", "value1,value2"),
Map.entry("key2", "value3")
))
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
test:
type: keycloak:openid:Client
properties:
clientId: client_id
realmId: ${realm.id}
accessType: CONFIDENTIAL
serviceAccountsEnabled: true
authorization:
policyEnforcementMode: ENFORCING
readScope:
type: keycloak:openid:ClientAuthorizationScope
name: read_scope
properties:
resourceServerId: ${test.resourceServerId}
realmId: ${realm.id}
name: read
writeScope:
type: keycloak:openid:ClientAuthorizationScope
name: write_scope
properties:
resourceServerId: ${test.resourceServerId}
realmId: ${realm.id}
name: write
testClientAuthorizationResource:
type: keycloak:openid:ClientAuthorizationResource
name: test
properties:
resourceServerId: ${test.resourceServerId}
realmId: ${realm.id}
name: my_resource
displayName: My Resource
uris:
- /api/resource/*
- /api/resource/**
scopes:
- ${readScope.name}
- ${writeScope.name}
type: http://example.com/resource-type
attributes:
key1: value1,value2
key2: value3
Argument Reference
The following arguments are supported:
realm_id- (Required) The realm this resource exists in.resource_server_id- (Required) The ID of the resource server.name- (Required) The name of the resource.display_name- (Optional) The display name of the resource.uris- (Optional) A set of URIs that this resource represents.icon_uri- (Optional) An icon URI for the resource.owner_managed_access- (Optional) Whentrue, this resource supports user-managed access. Defaults tofalse.scopes- (Optional) A set of scope names that this resource uses.type- (Optional) The type of this resource (e.g.,urn:myapp:resources:default).attributes- (Optional) A map of attributes for the resource. Values can be comma-separated lists.
Attributes Reference
In addition to the arguments listed above, the following computed attributes are exported:
id- Resource ID representing the authorization resource.
Create ClientAuthorizationResource Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ClientAuthorizationResource(name: string, args: ClientAuthorizationResourceArgs, opts?: CustomResourceOptions);@overload
def ClientAuthorizationResource(resource_name: str,
args: ClientAuthorizationResourceArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ClientAuthorizationResource(resource_name: str,
opts: Optional[ResourceOptions] = None,
realm_id: Optional[str] = None,
resource_server_id: Optional[str] = None,
attributes: Optional[Mapping[str, str]] = None,
display_name: Optional[str] = None,
icon_uri: Optional[str] = None,
name: Optional[str] = None,
owner_managed_access: Optional[bool] = None,
scopes: Optional[Sequence[str]] = None,
type: Optional[str] = None,
uris: Optional[Sequence[str]] = None)func NewClientAuthorizationResource(ctx *Context, name string, args ClientAuthorizationResourceArgs, opts ...ResourceOption) (*ClientAuthorizationResource, error)public ClientAuthorizationResource(string name, ClientAuthorizationResourceArgs args, CustomResourceOptions? opts = null)
public ClientAuthorizationResource(String name, ClientAuthorizationResourceArgs args)
public ClientAuthorizationResource(String name, ClientAuthorizationResourceArgs args, CustomResourceOptions options)
type: keycloak:openid:ClientAuthorizationResource
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClientAuthorizationResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClientAuthorizationResourceArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClientAuthorizationResourceArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClientAuthorizationResourceArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClientAuthorizationResourceArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var clientAuthorizationResourceResource = new Keycloak.OpenId.ClientAuthorizationResource("clientAuthorizationResourceResource", new()
{
RealmId = "string",
ResourceServerId = "string",
Attributes =
{
{ "string", "string" },
},
DisplayName = "string",
IconUri = "string",
Name = "string",
OwnerManagedAccess = false,
Scopes = new[]
{
"string",
},
Type = "string",
Uris = new[]
{
"string",
},
});
example, err := openid.NewClientAuthorizationResource(ctx, "clientAuthorizationResourceResource", &openid.ClientAuthorizationResourceArgs{
RealmId: pulumi.String("string"),
ResourceServerId: pulumi.String("string"),
Attributes: pulumi.StringMap{
"string": pulumi.String("string"),
},
DisplayName: pulumi.String("string"),
IconUri: pulumi.String("string"),
Name: pulumi.String("string"),
OwnerManagedAccess: pulumi.Bool(false),
Scopes: pulumi.StringArray{
pulumi.String("string"),
},
Type: pulumi.String("string"),
Uris: pulumi.StringArray{
pulumi.String("string"),
},
})
var clientAuthorizationResourceResource = new ClientAuthorizationResource("clientAuthorizationResourceResource", ClientAuthorizationResourceArgs.builder()
.realmId("string")
.resourceServerId("string")
.attributes(Map.of("string", "string"))
.displayName("string")
.iconUri("string")
.name("string")
.ownerManagedAccess(false)
.scopes("string")
.type("string")
.uris("string")
.build());
client_authorization_resource_resource = keycloak.openid.ClientAuthorizationResource("clientAuthorizationResourceResource",
realm_id="string",
resource_server_id="string",
attributes={
"string": "string",
},
display_name="string",
icon_uri="string",
name="string",
owner_managed_access=False,
scopes=["string"],
type="string",
uris=["string"])
const clientAuthorizationResourceResource = new keycloak.openid.ClientAuthorizationResource("clientAuthorizationResourceResource", {
realmId: "string",
resourceServerId: "string",
attributes: {
string: "string",
},
displayName: "string",
iconUri: "string",
name: "string",
ownerManagedAccess: false,
scopes: ["string"],
type: "string",
uris: ["string"],
});
type: keycloak:openid:ClientAuthorizationResource
properties:
attributes:
string: string
displayName: string
iconUri: string
name: string
ownerManagedAccess: false
realmId: string
resourceServerId: string
scopes:
- string
type: string
uris:
- string
ClientAuthorizationResource Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ClientAuthorizationResource resource accepts the following input properties:
- Realm
Id string - Resource
Server stringId - Attributes Dictionary<string, string>
- Display
Name string - Icon
Uri string - Name string
- Owner
Managed boolAccess - Scopes List<string>
- Type string
- Uris List<string>
- Realm
Id string - Resource
Server stringId - Attributes map[string]string
- Display
Name string - Icon
Uri string - Name string
- Owner
Managed boolAccess - Scopes []string
- Type string
- Uris []string
- realm
Id String - resource
Server StringId - attributes Map<String,String>
- display
Name String - icon
Uri String - name String
- owner
Managed BooleanAccess - scopes List<String>
- type String
- uris List<String>
- realm
Id string - resource
Server stringId - attributes {[key: string]: string}
- display
Name string - icon
Uri string - name string
- owner
Managed booleanAccess - scopes string[]
- type string
- uris string[]
- realm_
id str - resource_
server_ strid - attributes Mapping[str, str]
- display_
name str - icon_
uri str - name str
- owner_
managed_ boolaccess - scopes Sequence[str]
- type str
- uris Sequence[str]
- realm
Id String - resource
Server StringId - attributes Map<String>
- display
Name String - icon
Uri String - name String
- owner
Managed BooleanAccess - scopes List<String>
- type String
- uris List<String>
Outputs
All input properties are implicitly available as output properties. Additionally, the ClientAuthorizationResource resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing ClientAuthorizationResource Resource
Get an existing ClientAuthorizationResource resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClientAuthorizationResourceState, opts?: CustomResourceOptions): ClientAuthorizationResource@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
attributes: Optional[Mapping[str, str]] = None,
display_name: Optional[str] = None,
icon_uri: Optional[str] = None,
name: Optional[str] = None,
owner_managed_access: Optional[bool] = None,
realm_id: Optional[str] = None,
resource_server_id: Optional[str] = None,
scopes: Optional[Sequence[str]] = None,
type: Optional[str] = None,
uris: Optional[Sequence[str]] = None) -> ClientAuthorizationResourcefunc GetClientAuthorizationResource(ctx *Context, name string, id IDInput, state *ClientAuthorizationResourceState, opts ...ResourceOption) (*ClientAuthorizationResource, error)public static ClientAuthorizationResource Get(string name, Input<string> id, ClientAuthorizationResourceState? state, CustomResourceOptions? opts = null)public static ClientAuthorizationResource get(String name, Output<String> id, ClientAuthorizationResourceState state, CustomResourceOptions options)resources: _: type: keycloak:openid:ClientAuthorizationResource get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Attributes Dictionary<string, string>
- Display
Name string - Icon
Uri string - Name string
- Owner
Managed boolAccess - Realm
Id string - Resource
Server stringId - Scopes List<string>
- Type string
- Uris List<string>
- Attributes map[string]string
- Display
Name string - Icon
Uri string - Name string
- Owner
Managed boolAccess - Realm
Id string - Resource
Server stringId - Scopes []string
- Type string
- Uris []string
- attributes Map<String,String>
- display
Name String - icon
Uri String - name String
- owner
Managed BooleanAccess - realm
Id String - resource
Server StringId - scopes List<String>
- type String
- uris List<String>
- attributes {[key: string]: string}
- display
Name string - icon
Uri string - name string
- owner
Managed booleanAccess - realm
Id string - resource
Server stringId - scopes string[]
- type string
- uris string[]
- attributes Mapping[str, str]
- display_
name str - icon_
uri str - name str
- owner_
managed_ boolaccess - realm_
id str - resource_
server_ strid - scopes Sequence[str]
- type str
- uris Sequence[str]
- attributes Map<String>
- display
Name String - icon
Uri String - name String
- owner
Managed BooleanAccess - realm
Id String - resource
Server StringId - scopes List<String>
- type String
- uris List<String>
Import
Client authorization resources can be imported using the format: {{realmId}}/{{resourceServerId}}/{{authorizationResourceId}}.
Example:
bash
$ pulumi import keycloak:openid/clientAuthorizationResource:ClientAuthorizationResource test my-realm/3bd4a686-1062-4b59-97b8-e4e3f10b99da/63b3cde8-987d-4cd9-9306-1955579281d9
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
