Keycloak

v4.11.0 published on Thursday, Aug 4, 2022 by Pulumi

getClient

This data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.

Example Usage

using Pulumi;
using Keycloak = Pulumi.Keycloak;

class MyStack : Stack
{
    public MyStack()
    {
        var realmManagement = Output.Create(Keycloak.OpenId.GetClient.InvokeAsync(new Keycloak.OpenId.GetClientArgs
        {
            RealmId = "my-realm",
            ClientId = "realm-management",
        }));
        var admin = realmManagement.Apply(realmManagement => Output.Create(Keycloak.GetRole.InvokeAsync(new Keycloak.GetRoleArgs
        {
            RealmId = "my-realm",
            ClientId = realmManagement.Id,
            Name = "realm-admin",
        })));
    }

}
package main

import (
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
	"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/openid"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		realmManagement, err := openid.LookupClient(ctx, &openid.LookupClientArgs{
			RealmId:  "my-realm",
			ClientId: "realm-management",
		}, nil)
		if err != nil {
			return err
		}
		_, err = keycloak.LookupRole(ctx, &GetRoleArgs{
			RealmId:  "my-realm",
			ClientId: pulumi.StringRef(realmManagement.Id),
			Name:     "realm-admin",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
            .realmId("my-realm")
            .clientId("realm-management")
            .build());

        final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()
            .realmId("my-realm")
            .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id()))
            .name("realm-admin")
            .build());

    }
}
import pulumi
import pulumi_keycloak as keycloak

realm_management = keycloak.openid.get_client(realm_id="my-realm",
    client_id="realm-management")
admin = keycloak.get_role(realm_id="my-realm",
    client_id=realm_management.id,
    name="realm-admin")
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";

const realmManagement = keycloak.openid.getClient({
    realmId: "my-realm",
    clientId: "realm-management",
});
const admin = realmManagement.then(realmManagement => keycloak.getRole({
    realmId: "my-realm",
    clientId: realmManagement.id,
    name: "realm-admin",
}));
variables:
  realmManagement:
    Fn::Invoke:
      Function: keycloak:openid:getClient
      Arguments:
        realmId: my-realm
        clientId: realm-management
  admin:
    Fn::Invoke:
      Function: keycloak:getRole
      Arguments:
        realmId: my-realm
        clientId: ${realmManagement.id}
        name: realm-admin

Using getClient

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getClient(args: GetClientArgs, opts?: InvokeOptions): Promise<GetClientResult>
function getClientOutput(args: GetClientOutputArgs, opts?: InvokeOptions): Output<GetClientResult>
def get_client(client_id: Optional[str] = None,
               consent_screen_text: Optional[str] = None,
               display_on_consent_screen: Optional[bool] = None,
               extra_config: Optional[Mapping[str, Any]] = None,
               oauth2_device_authorization_grant_enabled: Optional[bool] = None,
               oauth2_device_code_lifespan: Optional[str] = None,
               oauth2_device_polling_interval: Optional[str] = None,
               realm_id: Optional[str] = None,
               opts: Optional[InvokeOptions] = None) -> GetClientResult
def get_client_output(client_id: Optional[pulumi.Input[str]] = None,
               consent_screen_text: Optional[pulumi.Input[str]] = None,
               display_on_consent_screen: Optional[pulumi.Input[bool]] = None,
               extra_config: Optional[pulumi.Input[Mapping[str, Any]]] = None,
               oauth2_device_authorization_grant_enabled: Optional[pulumi.Input[bool]] = None,
               oauth2_device_code_lifespan: Optional[pulumi.Input[str]] = None,
               oauth2_device_polling_interval: Optional[pulumi.Input[str]] = None,
               realm_id: Optional[pulumi.Input[str]] = None,
               opts: Optional[InvokeOptions] = None) -> Output[GetClientResult]
func LookupClient(ctx *Context, args *LookupClientArgs, opts ...InvokeOption) (*LookupClientResult, error)
func LookupClientOutput(ctx *Context, args *LookupClientOutputArgs, opts ...InvokeOption) LookupClientResultOutput

> Note: This function is named LookupClient in the Go SDK.

public static class GetClient 
{
    public static Task<GetClientResult> InvokeAsync(GetClientArgs args, InvokeOptions? opts = null)
    public static Output<GetClientResult> Invoke(GetClientInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetClientResult> getClient(GetClientArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
Fn::Invoke:
  Function: keycloak:openid/getClient:getClient
  Arguments:
    # Arguments dictionary

The following arguments are supported:

ClientId string

The client id (not its unique ID).

RealmId string

The realm id.

ConsentScreenText string
DisplayOnConsentScreen bool
ExtraConfig Dictionary<string, object>
Oauth2DeviceAuthorizationGrantEnabled bool
Oauth2DeviceCodeLifespan string
Oauth2DevicePollingInterval string
ClientId string

The client id (not its unique ID).

RealmId string

The realm id.

ConsentScreenText string
DisplayOnConsentScreen bool
ExtraConfig map[string]interface{}
Oauth2DeviceAuthorizationGrantEnabled bool
Oauth2DeviceCodeLifespan string
Oauth2DevicePollingInterval string
clientId String

The client id (not its unique ID).

realmId String

The realm id.

consentScreenText String
displayOnConsentScreen Boolean
extraConfig Map<String,Object>
oauth2DeviceAuthorizationGrantEnabled Boolean
oauth2DeviceCodeLifespan String
oauth2DevicePollingInterval String
clientId string

The client id (not its unique ID).

realmId string

The realm id.

consentScreenText string
displayOnConsentScreen boolean
extraConfig {[key: string]: any}
oauth2DeviceAuthorizationGrantEnabled boolean
oauth2DeviceCodeLifespan string
oauth2DevicePollingInterval string
clientId String

The client id (not its unique ID).

realmId String

The realm id.

consentScreenText String
displayOnConsentScreen Boolean
extraConfig Map<Any>
oauth2DeviceAuthorizationGrantEnabled Boolean
oauth2DeviceCodeLifespan String
oauth2DevicePollingInterval String

getClient Result

The following output properties are available:

AccessTokenLifespan string
AccessType string
AdminUrl string
AuthenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
Authorizations List<GetClientAuthorization>
BackchannelLogoutRevokeOfflineSessions bool
BackchannelLogoutSessionRequired bool
BackchannelLogoutUrl string
BaseUrl string
ClientAuthenticatorType string
ClientId string
ClientOfflineSessionIdleTimeout string
ClientOfflineSessionMaxLifespan string
ClientSecret string
ClientSessionIdleTimeout string
ClientSessionMaxLifespan string
ConsentRequired bool
Description string
DirectAccessGrantsEnabled bool
Enabled bool
ExcludeSessionStateFromAuthResponse bool
ExtraConfig Dictionary<string, object>
FrontchannelLogoutEnabled bool
FrontchannelLogoutUrl string
FullScopeAllowed bool
Id string

The provider-assigned unique ID for this managed resource.

ImplicitFlowEnabled bool
LoginTheme string
Name string
PkceCodeChallengeMethod string
RealmId string
ResourceServerId string
RootUrl string
ServiceAccountUserId string
ServiceAccountsEnabled bool
StandardFlowEnabled bool
UseRefreshTokens bool
UseRefreshTokensClientCredentials bool
ValidRedirectUris List<string>
WebOrigins List<string>
ConsentScreenText string
DisplayOnConsentScreen bool
Oauth2DeviceAuthorizationGrantEnabled bool
Oauth2DeviceCodeLifespan string
Oauth2DevicePollingInterval string
AccessTokenLifespan string
AccessType string
AdminUrl string
AuthenticationFlowBindingOverrides []GetClientAuthenticationFlowBindingOverride
Authorizations []GetClientAuthorization
BackchannelLogoutRevokeOfflineSessions bool
BackchannelLogoutSessionRequired bool
BackchannelLogoutUrl string
BaseUrl string
ClientAuthenticatorType string
ClientId string
ClientOfflineSessionIdleTimeout string
ClientOfflineSessionMaxLifespan string
ClientSecret string
ClientSessionIdleTimeout string
ClientSessionMaxLifespan string
ConsentRequired bool
Description string
DirectAccessGrantsEnabled bool
Enabled bool
ExcludeSessionStateFromAuthResponse bool
ExtraConfig map[string]interface{}
FrontchannelLogoutEnabled bool
FrontchannelLogoutUrl string
FullScopeAllowed bool
Id string

The provider-assigned unique ID for this managed resource.

ImplicitFlowEnabled bool
LoginTheme string
Name string
PkceCodeChallengeMethod string
RealmId string
ResourceServerId string
RootUrl string
ServiceAccountUserId string
ServiceAccountsEnabled bool
StandardFlowEnabled bool
UseRefreshTokens bool
UseRefreshTokensClientCredentials bool
ValidRedirectUris []string
WebOrigins []string
ConsentScreenText string
DisplayOnConsentScreen bool
Oauth2DeviceAuthorizationGrantEnabled bool
Oauth2DeviceCodeLifespan string
Oauth2DevicePollingInterval string
accessTokenLifespan String
accessType String
adminUrl String
authenticationFlowBindingOverrides List<GetClientAuthenticationFlowBindingOverride>
authorizations List<GetClientAuthorization>
backchannelLogoutRevokeOfflineSessions Boolean
backchannelLogoutSessionRequired Boolean
backchannelLogoutUrl String
baseUrl String
clientAuthenticatorType String
clientId String
clientOfflineSessionIdleTimeout String
clientOfflineSessionMaxLifespan String
clientSecret String
clientSessionIdleTimeout String
clientSessionMaxLifespan String
consentRequired Boolean
description String
directAccessGrantsEnabled Boolean
enabled Boolean
excludeSessionStateFromAuthResponse Boolean
extraConfig Map<String,Object>
frontchannelLogoutEnabled Boolean
frontchannelLogoutUrl String
fullScopeAllowed Boolean
id String

The provider-assigned unique ID for this managed resource.

implicitFlowEnabled Boolean
loginTheme String
name String
pkceCodeChallengeMethod String
realmId String
resourceServerId String
rootUrl String
serviceAccountUserId String
serviceAccountsEnabled Boolean
standardFlowEnabled Boolean
useRefreshTokens Boolean
useRefreshTokensClientCredentials Boolean
validRedirectUris List<String>
webOrigins List<String>
consentScreenText String
displayOnConsentScreen Boolean
oauth2DeviceAuthorizationGrantEnabled Boolean
oauth2DeviceCodeLifespan String
oauth2DevicePollingInterval String
accessTokenLifespan string
accessType string
adminUrl string
authenticationFlowBindingOverrides GetClientAuthenticationFlowBindingOverride[]
authorizations GetClientAuthorization[]
backchannelLogoutRevokeOfflineSessions boolean
backchannelLogoutSessionRequired boolean
backchannelLogoutUrl string
baseUrl string
clientAuthenticatorType string
clientId string
clientOfflineSessionIdleTimeout string
clientOfflineSessionMaxLifespan string
clientSecret string
clientSessionIdleTimeout string
clientSessionMaxLifespan string
consentRequired boolean
description string
directAccessGrantsEnabled boolean
enabled boolean
excludeSessionStateFromAuthResponse boolean
extraConfig {[key: string]: any}
frontchannelLogoutEnabled boolean
frontchannelLogoutUrl string
fullScopeAllowed boolean
id string

The provider-assigned unique ID for this managed resource.

implicitFlowEnabled boolean
loginTheme string
name string
pkceCodeChallengeMethod string
realmId string
resourceServerId string
rootUrl string
serviceAccountUserId string
serviceAccountsEnabled boolean
standardFlowEnabled boolean
useRefreshTokens boolean
useRefreshTokensClientCredentials boolean
validRedirectUris string[]
webOrigins string[]
consentScreenText string
displayOnConsentScreen boolean
oauth2DeviceAuthorizationGrantEnabled boolean
oauth2DeviceCodeLifespan string
oauth2DevicePollingInterval string
access_token_lifespan str
access_type str
admin_url str
authentication_flow_binding_overrides Sequence[GetClientAuthenticationFlowBindingOverride]
authorizations Sequence[GetClientAuthorization]
backchannel_logout_revoke_offline_sessions bool
backchannel_logout_session_required bool
backchannel_logout_url str
base_url str
client_authenticator_type str
client_id str
client_offline_session_idle_timeout str
client_offline_session_max_lifespan str
client_secret str
client_session_idle_timeout str
client_session_max_lifespan str
consent_required bool
description str
direct_access_grants_enabled bool
enabled bool
exclude_session_state_from_auth_response bool
extra_config Mapping[str, Any]
frontchannel_logout_enabled bool
frontchannel_logout_url str
full_scope_allowed bool
id str

The provider-assigned unique ID for this managed resource.

implicit_flow_enabled bool
login_theme str
name str
pkce_code_challenge_method str
realm_id str
resource_server_id str
root_url str
service_account_user_id str
service_accounts_enabled bool
standard_flow_enabled bool
use_refresh_tokens bool
use_refresh_tokens_client_credentials bool
valid_redirect_uris Sequence[str]
web_origins Sequence[str]
consent_screen_text str
display_on_consent_screen bool
oauth2_device_authorization_grant_enabled bool
oauth2_device_code_lifespan str
oauth2_device_polling_interval str
accessTokenLifespan String
accessType String
adminUrl String
authenticationFlowBindingOverrides List<Property Map>
authorizations List<Property Map>
backchannelLogoutRevokeOfflineSessions Boolean
backchannelLogoutSessionRequired Boolean
backchannelLogoutUrl String
baseUrl String
clientAuthenticatorType String
clientId String
clientOfflineSessionIdleTimeout String
clientOfflineSessionMaxLifespan String
clientSecret String
clientSessionIdleTimeout String
clientSessionMaxLifespan String
consentRequired Boolean
description String
directAccessGrantsEnabled Boolean
enabled Boolean
excludeSessionStateFromAuthResponse Boolean
extraConfig Map<Any>
frontchannelLogoutEnabled Boolean
frontchannelLogoutUrl String
fullScopeAllowed Boolean
id String

The provider-assigned unique ID for this managed resource.

implicitFlowEnabled Boolean
loginTheme String
name String
pkceCodeChallengeMethod String
realmId String
resourceServerId String
rootUrl String
serviceAccountUserId String
serviceAccountsEnabled Boolean
standardFlowEnabled Boolean
useRefreshTokens Boolean
useRefreshTokensClientCredentials Boolean
validRedirectUris List<String>
webOrigins List<String>
consentScreenText String
displayOnConsentScreen Boolean
oauth2DeviceAuthorizationGrantEnabled Boolean
oauth2DeviceCodeLifespan String
oauth2DevicePollingInterval String

Supporting Types

GetClientAuthenticationFlowBindingOverride

GetClientAuthorization

Package Details

Repository
https://github.com/pulumi/pulumi-keycloak
License
Apache-2.0
Notes

This Pulumi package is based on the keycloak Terraform Provider.