Docs Home
Keycloak v6.7.0 published on Tuesday, Jul 29, 2025 by Pulumi
keycloak.RealmClientPolicyProfilePolicy
Explore with Pulumi AI
Allows for managing Realm Client Policy Profile Policies.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {realm: "my-realm"});
const profile = new keycloak.RealmClientPolicyProfile("profile", {
name: "my-profile",
realmId: realm.id,
description: "Some desc",
executors: [
{
name: "intent-client-bind-checker",
configuration: {
"auto-configure": "true",
},
},
{
name: "secret-rotation",
configuration: {
"expiration-period": "2505600",
"rotated-expiration-period": "172800",
"remaining-rotation-period": "864000",
},
},
],
});
const policy = new keycloak.RealmClientPolicyProfilePolicy("policy", {
name: "my-profile",
realmId: realm.id,
description: "Some desc",
profiles: [profile.name],
conditions: [
{
name: "client-type",
configuration: {
protocol: "openid-connect",
},
},
{
name: "client-attributes",
configuration: {
"is-negative-logic": "false",
attributes: JSON.stringify([{
key: "test-key",
value: "test-value",
}]),
},
},
],
});
import pulumi
import json
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm", realm="my-realm")
profile = keycloak.RealmClientPolicyProfile("profile",
name="my-profile",
realm_id=realm.id,
description="Some desc",
executors=[
{
"name": "intent-client-bind-checker",
"configuration": {
"auto-configure": "true",
},
},
{
"name": "secret-rotation",
"configuration": {
"expiration-period": "2505600",
"rotated-expiration-period": "172800",
"remaining-rotation-period": "864000",
},
},
])
policy = keycloak.RealmClientPolicyProfilePolicy("policy",
name="my-profile",
realm_id=realm.id,
description="Some desc",
profiles=[profile.name],
conditions=[
{
"name": "client-type",
"configuration": {
"protocol": "openid-connect",
},
},
{
"name": "client-attributes",
"configuration": {
"is-negative-logic": "false",
"attributes": json.dumps([{
"key": "test-key",
"value": "test-value",
}]),
},
},
])
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-keycloak/sdk/v6/go/keycloak"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
})
if err != nil {
return err
}
profile, err := keycloak.NewRealmClientPolicyProfile(ctx, "profile", &keycloak.RealmClientPolicyProfileArgs{
Name: pulumi.String("my-profile"),
RealmId: realm.ID(),
Description: pulumi.String("Some desc"),
Executors: keycloak.RealmClientPolicyProfileExecutorArray{
&keycloak.RealmClientPolicyProfileExecutorArgs{
Name: pulumi.String("intent-client-bind-checker"),
Configuration: pulumi.StringMap{
"auto-configure": pulumi.String("true"),
},
},
&keycloak.RealmClientPolicyProfileExecutorArgs{
Name: pulumi.String("secret-rotation"),
Configuration: pulumi.StringMap{
"expiration-period": pulumi.String("2505600"),
"rotated-expiration-period": pulumi.String("172800"),
"remaining-rotation-period": pulumi.String("864000"),
},
},
},
})
if err != nil {
return err
}
tmpJSON0, err := json.Marshal([]map[string]interface{}{
map[string]interface{}{
"key": "test-key",
"value": "test-value",
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = keycloak.NewRealmClientPolicyProfilePolicy(ctx, "policy", &keycloak.RealmClientPolicyProfilePolicyArgs{
Name: pulumi.String("my-profile"),
RealmId: realm.ID(),
Description: pulumi.String("Some desc"),
Profiles: pulumi.StringArray{
profile.Name,
},
Conditions: keycloak.RealmClientPolicyProfilePolicyConditionArray{
&keycloak.RealmClientPolicyProfilePolicyConditionArgs{
Name: pulumi.String("client-type"),
Configuration: pulumi.StringMap{
"protocol": pulumi.String("openid-connect"),
},
},
&keycloak.RealmClientPolicyProfilePolicyConditionArgs{
Name: pulumi.String("client-attributes"),
Configuration: pulumi.StringMap{
"is-negative-logic": pulumi.String("false"),
"attributes": pulumi.String(json0),
},
},
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Keycloak = Pulumi.Keycloak;
return await Deployment.RunAsync(() =>
{
var realm = new Keycloak.Realm("realm", new()
{
RealmName = "my-realm",
});
var profile = new Keycloak.RealmClientPolicyProfile("profile", new()
{
Name = "my-profile",
RealmId = realm.Id,
Description = "Some desc",
Executors = new[]
{
new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs
{
Name = "intent-client-bind-checker",
Configuration =
{
{ "auto-configure", "true" },
},
},
new Keycloak.Inputs.RealmClientPolicyProfileExecutorArgs
{
Name = "secret-rotation",
Configuration =
{
{ "expiration-period", "2505600" },
{ "rotated-expiration-period", "172800" },
{ "remaining-rotation-period", "864000" },
},
},
},
});
var policy = new Keycloak.RealmClientPolicyProfilePolicy("policy", new()
{
Name = "my-profile",
RealmId = realm.Id,
Description = "Some desc",
Profiles = new[]
{
profile.Name,
},
Conditions = new[]
{
new Keycloak.Inputs.RealmClientPolicyProfilePolicyConditionArgs
{
Name = "client-type",
Configuration =
{
{ "protocol", "openid-connect" },
},
},
new Keycloak.Inputs.RealmClientPolicyProfilePolicyConditionArgs
{
Name = "client-attributes",
Configuration =
{
{ "is-negative-logic", "false" },
{ "attributes", JsonSerializer.Serialize(new[]
{
new Dictionary<string, object?>
{
["key"] = "test-key",
["value"] = "test-value",
},
}) },
},
},
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.RealmClientPolicyProfile;
import com.pulumi.keycloak.RealmClientPolicyProfileArgs;
import com.pulumi.keycloak.inputs.RealmClientPolicyProfileExecutorArgs;
import com.pulumi.keycloak.RealmClientPolicyProfilePolicy;
import com.pulumi.keycloak.RealmClientPolicyProfilePolicyArgs;
import com.pulumi.keycloak.inputs.RealmClientPolicyProfilePolicyConditionArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.build());
var profile = new RealmClientPolicyProfile("profile", RealmClientPolicyProfileArgs.builder()
.name("my-profile")
.realmId(realm.id())
.description("Some desc")
.executors(
RealmClientPolicyProfileExecutorArgs.builder()
.name("intent-client-bind-checker")
.configuration(Map.of("auto-configure", "true"))
.build(),
RealmClientPolicyProfileExecutorArgs.builder()
.name("secret-rotation")
.configuration(Map.ofEntries(
Map.entry("expiration-period", "2505600"),
Map.entry("rotated-expiration-period", "172800"),
Map.entry("remaining-rotation-period", "864000")
))
.build())
.build());
var policy = new RealmClientPolicyProfilePolicy("policy", RealmClientPolicyProfilePolicyArgs.builder()
.name("my-profile")
.realmId(realm.id())
.description("Some desc")
.profiles(profile.name())
.conditions(
RealmClientPolicyProfilePolicyConditionArgs.builder()
.name("client-type")
.configuration(Map.of("protocol", "openid-connect"))
.build(),
RealmClientPolicyProfilePolicyConditionArgs.builder()
.name("client-attributes")
.configuration(Map.ofEntries(
Map.entry("is-negative-logic", "false"),
Map.entry("attributes", serializeJson(
jsonArray(jsonObject(
jsonProperty("key", "test-key"),
jsonProperty("value", "test-value")
))))
))
.build())
.build());
}
}
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
profile:
type: keycloak:RealmClientPolicyProfile
properties:
name: my-profile
realmId: ${realm.id}
description: Some desc
executors:
- name: intent-client-bind-checker
configuration:
auto-configure: 'true'
- name: secret-rotation
configuration:
expiration-period: 2.5056e+06
rotated-expiration-period: 172800
remaining-rotation-period: 864000
policy:
type: keycloak:RealmClientPolicyProfilePolicy
properties:
name: my-profile
realmId: ${realm.id}
description: Some desc
profiles:
- ${profile.name}
conditions:
- name: client-type
configuration:
protocol: openid-connect
- name: client-attributes
configuration:
is-negative-logic: false
attributes:
fn::toJSON:
- key: test-key
value: test-value
Attribute Arguments
name- (Required) The name of the attribute.realm_id- (Required) The realm id.condition- (Optional) An ordered list of condition
Condition Arguments
name- (Required) The name of the executor. NOTE! The executor needs to existconfiguration- (Optional) - A map of configuration values
Create RealmClientPolicyProfilePolicy Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new RealmClientPolicyProfilePolicy(name: string, args: RealmClientPolicyProfilePolicyArgs, opts?: CustomResourceOptions);@overload
def RealmClientPolicyProfilePolicy(resource_name: str,
args: RealmClientPolicyProfilePolicyArgs,
opts: Optional[ResourceOptions] = None)
@overload
def RealmClientPolicyProfilePolicy(resource_name: str,
opts: Optional[ResourceOptions] = None,
profiles: Optional[Sequence[str]] = None,
realm_id: Optional[str] = None,
conditions: Optional[Sequence[RealmClientPolicyProfilePolicyConditionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None)func NewRealmClientPolicyProfilePolicy(ctx *Context, name string, args RealmClientPolicyProfilePolicyArgs, opts ...ResourceOption) (*RealmClientPolicyProfilePolicy, error)public RealmClientPolicyProfilePolicy(string name, RealmClientPolicyProfilePolicyArgs args, CustomResourceOptions? opts = null)
public RealmClientPolicyProfilePolicy(String name, RealmClientPolicyProfilePolicyArgs args)
public RealmClientPolicyProfilePolicy(String name, RealmClientPolicyProfilePolicyArgs args, CustomResourceOptions options)
type: keycloak:RealmClientPolicyProfilePolicy
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args RealmClientPolicyProfilePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args RealmClientPolicyProfilePolicyArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args RealmClientPolicyProfilePolicyArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args RealmClientPolicyProfilePolicyArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args RealmClientPolicyProfilePolicyArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var realmClientPolicyProfilePolicyResource = new Keycloak.RealmClientPolicyProfilePolicy("realmClientPolicyProfilePolicyResource", new()
{
Profiles = new[]
{
"string",
},
RealmId = "string",
Conditions = new[]
{
new Keycloak.Inputs.RealmClientPolicyProfilePolicyConditionArgs
{
Name = "string",
Configuration =
{
{ "string", "string" },
},
},
},
Description = "string",
Enabled = false,
Name = "string",
});
example, err := keycloak.NewRealmClientPolicyProfilePolicy(ctx, "realmClientPolicyProfilePolicyResource", &keycloak.RealmClientPolicyProfilePolicyArgs{
Profiles: pulumi.StringArray{
pulumi.String("string"),
},
RealmId: pulumi.String("string"),
Conditions: keycloak.RealmClientPolicyProfilePolicyConditionArray{
&keycloak.RealmClientPolicyProfilePolicyConditionArgs{
Name: pulumi.String("string"),
Configuration: pulumi.StringMap{
"string": pulumi.String("string"),
},
},
},
Description: pulumi.String("string"),
Enabled: pulumi.Bool(false),
Name: pulumi.String("string"),
})
var realmClientPolicyProfilePolicyResource = new RealmClientPolicyProfilePolicy("realmClientPolicyProfilePolicyResource", RealmClientPolicyProfilePolicyArgs.builder()
.profiles("string")
.realmId("string")
.conditions(RealmClientPolicyProfilePolicyConditionArgs.builder()
.name("string")
.configuration(Map.of("string", "string"))
.build())
.description("string")
.enabled(false)
.name("string")
.build());
realm_client_policy_profile_policy_resource = keycloak.RealmClientPolicyProfilePolicy("realmClientPolicyProfilePolicyResource",
profiles=["string"],
realm_id="string",
conditions=[{
"name": "string",
"configuration": {
"string": "string",
},
}],
description="string",
enabled=False,
name="string")
const realmClientPolicyProfilePolicyResource = new keycloak.RealmClientPolicyProfilePolicy("realmClientPolicyProfilePolicyResource", {
profiles: ["string"],
realmId: "string",
conditions: [{
name: "string",
configuration: {
string: "string",
},
}],
description: "string",
enabled: false,
name: "string",
});
type: keycloak:RealmClientPolicyProfilePolicy
properties:
conditions:
- configuration:
string: string
name: string
description: string
enabled: false
name: string
profiles:
- string
realmId: string
RealmClientPolicyProfilePolicy Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The RealmClientPolicyProfilePolicy resource accepts the following input properties:
- Profiles List<string>
- Realm
Id string - Conditions
List<Realm
Client Policy Profile Policy Condition> - Description string
- Enabled bool
- Name string
- Profiles []string
- Realm
Id string - Conditions
[]Realm
Client Policy Profile Policy Condition Args - Description string
- Enabled bool
- Name string
- profiles List<String>
- realm
Id String - conditions
List<Realm
Client Policy Profile Policy Condition> - description String
- enabled Boolean
- name String
- profiles string[]
- realm
Id string - conditions
Realm
Client Policy Profile Policy Condition[] - description string
- enabled boolean
- name string
- profiles Sequence[str]
- realm_
id str - conditions
Sequence[Realm
Client Policy Profile Policy Condition Args] - description str
- enabled bool
- name str
- profiles List<String>
- realm
Id String - conditions List<Property Map>
- description String
- enabled Boolean
- name String
Outputs
All input properties are implicitly available as output properties. Additionally, the RealmClientPolicyProfilePolicy resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing RealmClientPolicyProfilePolicy Resource
Get an existing RealmClientPolicyProfilePolicy resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: RealmClientPolicyProfilePolicyState, opts?: CustomResourceOptions): RealmClientPolicyProfilePolicy@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
conditions: Optional[Sequence[RealmClientPolicyProfilePolicyConditionArgs]] = None,
description: Optional[str] = None,
enabled: Optional[bool] = None,
name: Optional[str] = None,
profiles: Optional[Sequence[str]] = None,
realm_id: Optional[str] = None) -> RealmClientPolicyProfilePolicyfunc GetRealmClientPolicyProfilePolicy(ctx *Context, name string, id IDInput, state *RealmClientPolicyProfilePolicyState, opts ...ResourceOption) (*RealmClientPolicyProfilePolicy, error)public static RealmClientPolicyProfilePolicy Get(string name, Input<string> id, RealmClientPolicyProfilePolicyState? state, CustomResourceOptions? opts = null)public static RealmClientPolicyProfilePolicy get(String name, Output<String> id, RealmClientPolicyProfilePolicyState state, CustomResourceOptions options)resources: _: type: keycloak:RealmClientPolicyProfilePolicy get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Conditions
List<Realm
Client Policy Profile Policy Condition> - Description string
- Enabled bool
- Name string
- Profiles List<string>
- Realm
Id string
- Conditions
[]Realm
Client Policy Profile Policy Condition Args - Description string
- Enabled bool
- Name string
- Profiles []string
- Realm
Id string
- conditions
List<Realm
Client Policy Profile Policy Condition> - description String
- enabled Boolean
- name String
- profiles List<String>
- realm
Id String
- conditions
Realm
Client Policy Profile Policy Condition[] - description string
- enabled boolean
- name string
- profiles string[]
- realm
Id string
- conditions
Sequence[Realm
Client Policy Profile Policy Condition Args] - description str
- enabled bool
- name str
- profiles Sequence[str]
- realm_
id str
- conditions List<Property Map>
- description String
- enabled Boolean
- name String
- profiles List<String>
- realm
Id String
Supporting Types
RealmClientPolicyProfilePolicyCondition, RealmClientPolicyProfilePolicyConditionArgs
- Name string
- Configuration Dictionary<string, string>
- Name string
- Configuration map[string]string
- name String
- configuration Map<String,String>
- name string
- configuration {[key: string]: string}
- name str
- configuration Mapping[str, str]
- name String
- configuration Map<String>
Import
This resource currently does not support importing.
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.