1. Packages
  2. Keycloak Provider
  3. API Docs
  4. openid
  5. getClientServiceAccountUser
Keycloak v5.3.5 published on Wednesday, Oct 16, 2024 by Pulumi

keycloak.openid.getClientServiceAccountUser

Explore with Pulumi AI

keycloak logo
Keycloak v5.3.5 published on Wednesday, Oct 16, 2024 by Pulumi

    This data source can be used to fetch information about the service account user that is associated with an OpenID client that has service accounts enabled.

    Example Usage

    In this example, we’ll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user that represents the service account. We’ll use this data source to grab this user’s ID in order to assign some roles to this user, using the keycloak.UserRoles resource.

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        realm: "my-realm",
        enabled: true,
    });
    const client = new keycloak.openid.Client("client", {
        realmId: realm.id,
        clientId: "client",
        name: "client",
        accessType: "CONFIDENTIAL",
        serviceAccountsEnabled: true,
    });
    const serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({
        realmId: realm.id,
        clientId: client.id,
    });
    const offlineAccess = keycloak.getRoleOutput({
        realmId: realm.id,
        name: "offline_access",
    });
    const serviceAccountUserRoles = new keycloak.UserRoles("service_account_user_roles", {
        realmId: realm.id,
        userId: serviceAccountUser.apply(serviceAccountUser => serviceAccountUser.id),
        roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)],
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        realm="my-realm",
        enabled=True)
    client = keycloak.openid.Client("client",
        realm_id=realm.id,
        client_id="client",
        name="client",
        access_type="CONFIDENTIAL",
        service_accounts_enabled=True)
    service_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,
        client_id=client.id)
    offline_access = keycloak.get_role_output(realm_id=realm.id,
        name="offline_access")
    service_account_user_roles = keycloak.UserRoles("service_account_user_roles",
        realm_id=realm.id,
        user_id=service_account_user.id,
        role_ids=[offline_access.id])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Realm:   pulumi.String("my-realm"),
    			Enabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{
    			RealmId:                realm.ID(),
    			ClientId:               pulumi.String("client"),
    			Name:                   pulumi.String("client"),
    			AccessType:             pulumi.String("CONFIDENTIAL"),
    			ServiceAccountsEnabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		serviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{
    			RealmId:  realm.ID(),
    			ClientId: client.ID(),
    		}, nil)
    		offlineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{
    			RealmId: realm.ID(),
    			Name:    pulumi.String("offline_access"),
    		}, nil)
    		_, err = keycloak.NewUserRoles(ctx, "service_account_user_roles", &keycloak.UserRolesArgs{
    			RealmId: realm.ID(),
    			UserId: pulumi.String(serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {
    				return &serviceAccountUser.Id, nil
    			}).(pulumi.StringPtrOutput)),
    			RoleIds: pulumi.StringArray{
    				pulumi.String(offlineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {
    					return &offlineAccess.Id, nil
    				}).(pulumi.StringPtrOutput)),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            RealmName = "my-realm",
            Enabled = true,
        });
    
        var client = new Keycloak.OpenId.Client("client", new()
        {
            RealmId = realm.Id,
            ClientId = "client",
            Name = "client",
            AccessType = "CONFIDENTIAL",
            ServiceAccountsEnabled = true,
        });
    
        var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()
        {
            RealmId = realm.Id,
            ClientId = client.Id,
        });
    
        var offlineAccess = Keycloak.GetRole.Invoke(new()
        {
            RealmId = realm.Id,
            Name = "offline_access",
        });
    
        var serviceAccountUserRoles = new Keycloak.UserRoles("service_account_user_roles", new()
        {
            RealmId = realm.Id,
            UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult => getClientServiceAccountUserResult.Id),
            RoleIds = new[]
            {
                offlineAccess.Apply(getRoleResult => getRoleResult.Id),
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.openid.Client;
    import com.pulumi.keycloak.openid.ClientArgs;
    import com.pulumi.keycloak.openid.OpenidFunctions;
    import com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;
    import com.pulumi.keycloak.KeycloakFunctions;
    import com.pulumi.keycloak.inputs.GetRoleArgs;
    import com.pulumi.keycloak.UserRoles;
    import com.pulumi.keycloak.UserRolesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()
                .realm("my-realm")
                .enabled(true)
                .build());
    
            var client = new Client("client", ClientArgs.builder()
                .realmId(realm.id())
                .clientId("client")
                .name("client")
                .accessType("CONFIDENTIAL")
                .serviceAccountsEnabled(true)
                .build());
    
            final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()
                .realmId(realm.id())
                .clientId(client.id())
                .build());
    
            final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()
                .realmId(realm.id())
                .name("offline_access")
                .build());
    
            var serviceAccountUserRoles = new UserRoles("serviceAccountUserRoles", UserRolesArgs.builder()
                .realmId(realm.id())
                .userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -> getClientServiceAccountUserResult).applyValue(serviceAccountUser -> serviceAccountUser.applyValue(getClientServiceAccountUserResult -> getClientServiceAccountUserResult.id())))
                .roleIds(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id())))
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          realm: my-realm
          enabled: true
      client:
        type: keycloak:openid:Client
        properties:
          realmId: ${realm.id}
          clientId: client
          name: client
          accessType: CONFIDENTIAL
          serviceAccountsEnabled: true
      serviceAccountUserRoles:
        type: keycloak:UserRoles
        name: service_account_user_roles
        properties:
          realmId: ${realm.id}
          userId: ${serviceAccountUser.id}
          roleIds:
            - ${offlineAccess.id}
    variables:
      serviceAccountUser:
        fn::invoke:
          Function: keycloak:openid:getClientServiceAccountUser
          Arguments:
            realmId: ${realm.id}
            clientId: ${client.id}
      offlineAccess:
        fn::invoke:
          Function: keycloak:getRole
          Arguments:
            realmId: ${realm.id}
            name: offline_access
    

    Using getClientServiceAccountUser

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getClientServiceAccountUser(args: GetClientServiceAccountUserArgs, opts?: InvokeOptions): Promise<GetClientServiceAccountUserResult>
    function getClientServiceAccountUserOutput(args: GetClientServiceAccountUserOutputArgs, opts?: InvokeOptions): Output<GetClientServiceAccountUserResult>
    def get_client_service_account_user(client_id: Optional[str] = None,
                                        realm_id: Optional[str] = None,
                                        opts: Optional[InvokeOptions] = None) -> GetClientServiceAccountUserResult
    def get_client_service_account_user_output(client_id: Optional[pulumi.Input[str]] = None,
                                        realm_id: Optional[pulumi.Input[str]] = None,
                                        opts: Optional[InvokeOptions] = None) -> Output[GetClientServiceAccountUserResult]
    func GetClientServiceAccountUser(ctx *Context, args *GetClientServiceAccountUserArgs, opts ...InvokeOption) (*GetClientServiceAccountUserResult, error)
    func GetClientServiceAccountUserOutput(ctx *Context, args *GetClientServiceAccountUserOutputArgs, opts ...InvokeOption) GetClientServiceAccountUserResultOutput

    > Note: This function is named GetClientServiceAccountUser in the Go SDK.

    public static class GetClientServiceAccountUser 
    {
        public static Task<GetClientServiceAccountUserResult> InvokeAsync(GetClientServiceAccountUserArgs args, InvokeOptions? opts = null)
        public static Output<GetClientServiceAccountUserResult> Invoke(GetClientServiceAccountUserInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetClientServiceAccountUserResult> getClientServiceAccountUser(GetClientServiceAccountUserArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser
      arguments:
        # arguments dictionary

    The following arguments are supported:

    ClientId string
    The ID of the OpenID client with service accounts enabled.
    RealmId string
    The realm that the OpenID client exists within.
    ClientId string
    The ID of the OpenID client with service accounts enabled.
    RealmId string
    The realm that the OpenID client exists within.
    clientId String
    The ID of the OpenID client with service accounts enabled.
    realmId String
    The realm that the OpenID client exists within.
    clientId string
    The ID of the OpenID client with service accounts enabled.
    realmId string
    The realm that the OpenID client exists within.
    client_id str
    The ID of the OpenID client with service accounts enabled.
    realm_id str
    The realm that the OpenID client exists within.
    clientId String
    The ID of the OpenID client with service accounts enabled.
    realmId String
    The realm that the OpenID client exists within.

    getClientServiceAccountUser Result

    The following output properties are available:

    Attributes Dictionary<string, string>
    ClientId string
    Email string
    EmailVerified bool
    Enabled bool
    FederatedIdentities List<GetClientServiceAccountUserFederatedIdentity>
    FirstName string
    Id string
    The provider-assigned unique ID for this managed resource.
    LastName string
    RealmId string
    RequiredActions List<string>
    Username string
    Attributes map[string]string
    ClientId string
    Email string
    EmailVerified bool
    Enabled bool
    FederatedIdentities []GetClientServiceAccountUserFederatedIdentity
    FirstName string
    Id string
    The provider-assigned unique ID for this managed resource.
    LastName string
    RealmId string
    RequiredActions []string
    Username string
    attributes Map<String,String>
    clientId String
    email String
    emailVerified Boolean
    enabled Boolean
    federatedIdentities List<GetClientServiceAccountUserFederatedIdentity>
    firstName String
    id String
    The provider-assigned unique ID for this managed resource.
    lastName String
    realmId String
    requiredActions List<String>
    username String
    attributes {[key: string]: string}
    clientId string
    email string
    emailVerified boolean
    enabled boolean
    federatedIdentities GetClientServiceAccountUserFederatedIdentity[]
    firstName string
    id string
    The provider-assigned unique ID for this managed resource.
    lastName string
    realmId string
    requiredActions string[]
    username string
    attributes Mapping[str, str]
    client_id str
    email str
    email_verified bool
    enabled bool
    federated_identities Sequence[GetClientServiceAccountUserFederatedIdentity]
    first_name str
    id str
    The provider-assigned unique ID for this managed resource.
    last_name str
    realm_id str
    required_actions Sequence[str]
    username str
    attributes Map<String>
    clientId String
    email String
    emailVerified Boolean
    enabled Boolean
    federatedIdentities List<Property Map>
    firstName String
    id String
    The provider-assigned unique ID for this managed resource.
    lastName String
    realmId String
    requiredActions List<String>
    username String

    Supporting Types

    GetClientServiceAccountUserFederatedIdentity

    IdentityProvider string
    UserId string
    UserName string
    IdentityProvider string
    UserId string
    UserName string
    identityProvider String
    userId String
    userName String
    identityProvider string
    userId string
    userName string
    identityProvider String
    userId String
    userName String

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v5.3.5 published on Wednesday, Oct 16, 2024 by Pulumi