1. Packages
  2. Keycloak Provider
  3. API Docs
  4. UserRoles
Keycloak v5.4.0 published on Monday, Dec 9, 2024 by Pulumi

keycloak.UserRoles

Explore with Pulumi AI

keycloak logo
Keycloak v5.4.0 published on Monday, Dec 9, 2024 by Pulumi

    Allows you to manage roles assigned to a Keycloak user.

    If exhaustive is true, this resource attempts to be an authoritative source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the user will be added upon the next run of pulumi up. If exhaustive is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple keycloak.UserRoles for the same user_id.

    Note that when assigning composite roles to a user, you may see a non-empty plan following a pulumi up if you assign a role and a composite that includes that role to the same user.

    Example Usage

    Exhaustive Roles)

    import * as pulumi from "@pulumi/pulumi";
    import * as keycloak from "@pulumi/keycloak";
    
    const realm = new keycloak.Realm("realm", {
        realm: "my-realm",
        enabled: true,
    });
    const realmRole = new keycloak.Role("realm_role", {
        realmId: realm.id,
        name: "my-realm-role",
        description: "My Realm Role",
    });
    const client = new keycloak.openid.Client("client", {
        realmId: realm.id,
        clientId: "client",
        name: "client",
        enabled: true,
        accessType: "BEARER-ONLY",
    });
    const clientRole = new keycloak.Role("client_role", {
        realmId: realm.id,
        clientId: clientKeycloakClient.id,
        name: "my-client-role",
        description: "My Client Role",
    });
    const user = new keycloak.User("user", {
        realmId: realm.id,
        username: "bob",
        enabled: true,
        email: "bob@domain.com",
        firstName: "Bob",
        lastName: "Bobson",
    });
    const userRoles = new keycloak.UserRoles("user_roles", {
        realmId: realm.id,
        userId: user.id,
        roleIds: [
            realmRole.id,
            clientRole.id,
        ],
    });
    
    import pulumi
    import pulumi_keycloak as keycloak
    
    realm = keycloak.Realm("realm",
        realm="my-realm",
        enabled=True)
    realm_role = keycloak.Role("realm_role",
        realm_id=realm.id,
        name="my-realm-role",
        description="My Realm Role")
    client = keycloak.openid.Client("client",
        realm_id=realm.id,
        client_id="client",
        name="client",
        enabled=True,
        access_type="BEARER-ONLY")
    client_role = keycloak.Role("client_role",
        realm_id=realm.id,
        client_id=client_keycloak_client["id"],
        name="my-client-role",
        description="My Client Role")
    user = keycloak.User("user",
        realm_id=realm.id,
        username="bob",
        enabled=True,
        email="bob@domain.com",
        first_name="Bob",
        last_name="Bobson")
    user_roles = keycloak.UserRoles("user_roles",
        realm_id=realm.id,
        user_id=user.id,
        role_ids=[
            realm_role.id,
            client_role.id,
        ])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak"
    	"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
    			Realm:   pulumi.String("my-realm"),
    			Enabled: pulumi.Bool(true),
    		})
    		if err != nil {
    			return err
    		}
    		realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{
    			RealmId:     realm.ID(),
    			Name:        pulumi.String("my-realm-role"),
    			Description: pulumi.String("My Realm Role"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = openid.NewClient(ctx, "client", &openid.ClientArgs{
    			RealmId:    realm.ID(),
    			ClientId:   pulumi.String("client"),
    			Name:       pulumi.String("client"),
    			Enabled:    pulumi.Bool(true),
    			AccessType: pulumi.String("BEARER-ONLY"),
    		})
    		if err != nil {
    			return err
    		}
    		clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{
    			RealmId:     realm.ID(),
    			ClientId:    pulumi.Any(clientKeycloakClient.Id),
    			Name:        pulumi.String("my-client-role"),
    			Description: pulumi.String("My Client Role"),
    		})
    		if err != nil {
    			return err
    		}
    		user, err := keycloak.NewUser(ctx, "user", &keycloak.UserArgs{
    			RealmId:   realm.ID(),
    			Username:  pulumi.String("bob"),
    			Enabled:   pulumi.Bool(true),
    			Email:     pulumi.String("bob@domain.com"),
    			FirstName: pulumi.String("Bob"),
    			LastName:  pulumi.String("Bobson"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = keycloak.NewUserRoles(ctx, "user_roles", &keycloak.UserRolesArgs{
    			RealmId: realm.ID(),
    			UserId:  user.ID(),
    			RoleIds: pulumi.StringArray{
    				realmRole.ID(),
    				clientRole.ID(),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Keycloak = Pulumi.Keycloak;
    
    return await Deployment.RunAsync(() => 
    {
        var realm = new Keycloak.Realm("realm", new()
        {
            RealmName = "my-realm",
            Enabled = true,
        });
    
        var realmRole = new Keycloak.Role("realm_role", new()
        {
            RealmId = realm.Id,
            Name = "my-realm-role",
            Description = "My Realm Role",
        });
    
        var client = new Keycloak.OpenId.Client("client", new()
        {
            RealmId = realm.Id,
            ClientId = "client",
            Name = "client",
            Enabled = true,
            AccessType = "BEARER-ONLY",
        });
    
        var clientRole = new Keycloak.Role("client_role", new()
        {
            RealmId = realm.Id,
            ClientId = clientKeycloakClient.Id,
            Name = "my-client-role",
            Description = "My Client Role",
        });
    
        var user = new Keycloak.User("user", new()
        {
            RealmId = realm.Id,
            Username = "bob",
            Enabled = true,
            Email = "bob@domain.com",
            FirstName = "Bob",
            LastName = "Bobson",
        });
    
        var userRoles = new Keycloak.UserRoles("user_roles", new()
        {
            RealmId = realm.Id,
            UserId = user.Id,
            RoleIds = new[]
            {
                realmRole.Id,
                clientRole.Id,
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.keycloak.Realm;
    import com.pulumi.keycloak.RealmArgs;
    import com.pulumi.keycloak.Role;
    import com.pulumi.keycloak.RoleArgs;
    import com.pulumi.keycloak.openid.Client;
    import com.pulumi.keycloak.openid.ClientArgs;
    import com.pulumi.keycloak.User;
    import com.pulumi.keycloak.UserArgs;
    import com.pulumi.keycloak.UserRoles;
    import com.pulumi.keycloak.UserRolesArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var realm = new Realm("realm", RealmArgs.builder()
                .realm("my-realm")
                .enabled(true)
                .build());
    
            var realmRole = new Role("realmRole", RoleArgs.builder()
                .realmId(realm.id())
                .name("my-realm-role")
                .description("My Realm Role")
                .build());
    
            var client = new Client("client", ClientArgs.builder()
                .realmId(realm.id())
                .clientId("client")
                .name("client")
                .enabled(true)
                .accessType("BEARER-ONLY")
                .build());
    
            var clientRole = new Role("clientRole", RoleArgs.builder()
                .realmId(realm.id())
                .clientId(clientKeycloakClient.id())
                .name("my-client-role")
                .description("My Client Role")
                .build());
    
            var user = new User("user", UserArgs.builder()
                .realmId(realm.id())
                .username("bob")
                .enabled(true)
                .email("bob@domain.com")
                .firstName("Bob")
                .lastName("Bobson")
                .build());
    
            var userRoles = new UserRoles("userRoles", UserRolesArgs.builder()
                .realmId(realm.id())
                .userId(user.id())
                .roleIds(            
                    realmRole.id(),
                    clientRole.id())
                .build());
    
        }
    }
    
    resources:
      realm:
        type: keycloak:Realm
        properties:
          realm: my-realm
          enabled: true
      realmRole:
        type: keycloak:Role
        name: realm_role
        properties:
          realmId: ${realm.id}
          name: my-realm-role
          description: My Realm Role
      client:
        type: keycloak:openid:Client
        properties:
          realmId: ${realm.id}
          clientId: client
          name: client
          enabled: true
          accessType: BEARER-ONLY
      clientRole:
        type: keycloak:Role
        name: client_role
        properties:
          realmId: ${realm.id}
          clientId: ${clientKeycloakClient.id}
          name: my-client-role
          description: My Client Role
      user:
        type: keycloak:User
        properties:
          realmId: ${realm.id}
          username: bob
          enabled: true
          email: bob@domain.com
          firstName: Bob
          lastName: Bobson
      userRoles:
        type: keycloak:UserRoles
        name: user_roles
        properties:
          realmId: ${realm.id}
          userId: ${user.id}
          roleIds:
            - ${realmRole.id}
            - ${clientRole.id}
    

    Create UserRoles Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new UserRoles(name: string, args: UserRolesArgs, opts?: CustomResourceOptions);
    @overload
    def UserRoles(resource_name: str,
                  args: UserRolesArgs,
                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def UserRoles(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  realm_id: Optional[str] = None,
                  role_ids: Optional[Sequence[str]] = None,
                  user_id: Optional[str] = None,
                  exhaustive: Optional[bool] = None)
    func NewUserRoles(ctx *Context, name string, args UserRolesArgs, opts ...ResourceOption) (*UserRoles, error)
    public UserRoles(string name, UserRolesArgs args, CustomResourceOptions? opts = null)
    public UserRoles(String name, UserRolesArgs args)
    public UserRoles(String name, UserRolesArgs args, CustomResourceOptions options)
    
    type: keycloak:UserRoles
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args UserRolesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args UserRolesArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args UserRolesArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args UserRolesArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args UserRolesArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var userRolesResource = new Keycloak.UserRoles("userRolesResource", new()
    {
        RealmId = "string",
        RoleIds = new[]
        {
            "string",
        },
        UserId = "string",
        Exhaustive = false,
    });
    
    example, err := keycloak.NewUserRoles(ctx, "userRolesResource", &keycloak.UserRolesArgs{
    	RealmId: pulumi.String("string"),
    	RoleIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	UserId:     pulumi.String("string"),
    	Exhaustive: pulumi.Bool(false),
    })
    
    var userRolesResource = new UserRoles("userRolesResource", UserRolesArgs.builder()
        .realmId("string")
        .roleIds("string")
        .userId("string")
        .exhaustive(false)
        .build());
    
    user_roles_resource = keycloak.UserRoles("userRolesResource",
        realm_id="string",
        role_ids=["string"],
        user_id="string",
        exhaustive=False)
    
    const userRolesResource = new keycloak.UserRoles("userRolesResource", {
        realmId: "string",
        roleIds: ["string"],
        userId: "string",
        exhaustive: false,
    });
    
    type: keycloak:UserRoles
    properties:
        exhaustive: false
        realmId: string
        roleIds:
            - string
        userId: string
    

    UserRoles Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The UserRoles resource accepts the following input properties:

    RealmId string
    The realm this user exists in.
    RoleIds List<string>
    A list of role IDs to map to the user
    UserId string
    The ID of the user this resource should manage roles for.
    Exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    RealmId string
    The realm this user exists in.
    RoleIds []string
    A list of role IDs to map to the user
    UserId string
    The ID of the user this resource should manage roles for.
    Exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId String
    The realm this user exists in.
    roleIds List<String>
    A list of role IDs to map to the user
    userId String
    The ID of the user this resource should manage roles for.
    exhaustive Boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId string
    The realm this user exists in.
    roleIds string[]
    A list of role IDs to map to the user
    userId string
    The ID of the user this resource should manage roles for.
    exhaustive boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realm_id str
    The realm this user exists in.
    role_ids Sequence[str]
    A list of role IDs to map to the user
    user_id str
    The ID of the user this resource should manage roles for.
    exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId String
    The realm this user exists in.
    roleIds List<String>
    A list of role IDs to map to the user
    userId String
    The ID of the user this resource should manage roles for.
    exhaustive Boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the UserRoles resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing UserRoles Resource

    Get an existing UserRoles resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: UserRolesState, opts?: CustomResourceOptions): UserRoles
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            exhaustive: Optional[bool] = None,
            realm_id: Optional[str] = None,
            role_ids: Optional[Sequence[str]] = None,
            user_id: Optional[str] = None) -> UserRoles
    func GetUserRoles(ctx *Context, name string, id IDInput, state *UserRolesState, opts ...ResourceOption) (*UserRoles, error)
    public static UserRoles Get(string name, Input<string> id, UserRolesState? state, CustomResourceOptions? opts = null)
    public static UserRoles get(String name, Output<String> id, UserRolesState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    RealmId string
    The realm this user exists in.
    RoleIds List<string>
    A list of role IDs to map to the user
    UserId string
    The ID of the user this resource should manage roles for.
    Exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    RealmId string
    The realm this user exists in.
    RoleIds []string
    A list of role IDs to map to the user
    UserId string
    The ID of the user this resource should manage roles for.
    exhaustive Boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId String
    The realm this user exists in.
    roleIds List<String>
    A list of role IDs to map to the user
    userId String
    The ID of the user this resource should manage roles for.
    exhaustive boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId string
    The realm this user exists in.
    roleIds string[]
    A list of role IDs to map to the user
    userId string
    The ID of the user this resource should manage roles for.
    exhaustive bool
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realm_id str
    The realm this user exists in.
    role_ids Sequence[str]
    A list of role IDs to map to the user
    user_id str
    The ID of the user this resource should manage roles for.
    exhaustive Boolean
    Indicates if the list of roles is exhaustive. In this case, roles that are manually added to the user will be removed. Defaults to true.
    realmId String
    The realm this user exists in.
    roleIds List<String>
    A list of role IDs to map to the user
    userId String
    The ID of the user this resource should manage roles for.

    Import

    This resource can be imported using the format {{realm_id}}/{{user_id}}, where user_id is the unique ID that Keycloak

    assigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.

    Example:

    bash

    $ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Keycloak pulumi/pulumi-keycloak
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the keycloak Terraform Provider.
    keycloak logo
    Keycloak v5.4.0 published on Monday, Dec 9, 2024 by Pulumi