Viewing docs for Keycloak v4.11.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Viewing docs for Keycloak v4.11.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
Allows for creating and managing hardcoded role mappers for Keycloak users federated via LDAP.
The LDAP hardcoded role mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.
Example Usage
Realm Role)
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
RealmName = "my-realm",
Enabled = true,
});
var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new Keycloak.Ldap.UserFederationArgs
{
RealmId = realm.Id,
UsernameLdapAttribute = "cn",
RdnLdapAttribute = "cn",
UuidLdapAttribute = "entryDN",
UserObjectClasses =
{
"simpleSecurityObject",
"organizationalRole",
},
ConnectionUrl = "ldap://openldap",
UsersDn = "dc=example,dc=org",
BindDn = "cn=admin,dc=example,dc=org",
BindCredential = "admin",
});
var realmAdminRole = new Keycloak.Role("realmAdminRole", new Keycloak.RoleArgs
{
RealmId = realm.Id,
Description = "My Realm Role",
});
var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new Keycloak.Ldap.HardcodedRoleMapperArgs
{
RealmId = realm.Id,
LdapUserFederationId = ldapUserFederation.Id,
Role = realmAdminRole.Name,
});
}
}
package main
import (
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
RealmId: realm.ID(),
UsernameLdapAttribute: pulumi.String("cn"),
RdnLdapAttribute: pulumi.String("cn"),
UuidLdapAttribute: pulumi.String("entryDN"),
UserObjectClasses: pulumi.StringArray{
pulumi.String("simpleSecurityObject"),
pulumi.String("organizationalRole"),
},
ConnectionUrl: pulumi.String("ldap://openldap"),
UsersDn: pulumi.String("dc=example,dc=org"),
BindDn: pulumi.String("cn=admin,dc=example,dc=org"),
BindCredential: pulumi.String("admin"),
})
if err != nil {
return err
}
realmAdminRole, err := keycloak.NewRole(ctx, "realmAdminRole", &keycloak.RoleArgs{
RealmId: realm.ID(),
Description: pulumi.String("My Realm Role"),
})
if err != nil {
return err
}
_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
RealmId: realm.ID(),
LdapUserFederationId: ldapUserFederation.ID(),
Role: realmAdminRole.Name,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.Role;
import com.pulumi.keycloak.RoleArgs;
import com.pulumi.keycloak.ldap.HardcodedRoleMapper;
import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()
.realmId(realm.id())
.usernameLdapAttribute("cn")
.rdnLdapAttribute("cn")
.uuidLdapAttribute("entryDN")
.userObjectClasses(
"simpleSecurityObject",
"organizationalRole")
.connectionUrl("ldap://openldap")
.usersDn("dc=example,dc=org")
.bindDn("cn=admin,dc=example,dc=org")
.bindCredential("admin")
.build());
var realmAdminRole = new Role("realmAdminRole", RoleArgs.builder()
.realmId(realm.id())
.description("My Realm Role")
.build());
var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder()
.realmId(realm.id())
.ldapUserFederationId(ldapUserFederation.id())
.role(realmAdminRole.name())
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
realmId: realm.id,
usernameLdapAttribute: "cn",
rdnLdapAttribute: "cn",
uuidLdapAttribute: "entryDN",
userObjectClasses: [
"simpleSecurityObject",
"organizationalRole",
],
connectionUrl: "ldap://openldap",
usersDn: "dc=example,dc=org",
bindDn: "cn=admin,dc=example,dc=org",
bindCredential: "admin",
});
const realmAdminRole = new keycloak.Role("realmAdminRole", {
realmId: realm.id,
description: "My Realm Role",
});
const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", {
realmId: realm.id,
ldapUserFederationId: ldapUserFederation.id,
role: realmAdminRole.name,
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation",
realm_id=realm.id,
username_ldap_attribute="cn",
rdn_ldap_attribute="cn",
uuid_ldap_attribute="entryDN",
user_object_classes=[
"simpleSecurityObject",
"organizationalRole",
],
connection_url="ldap://openldap",
users_dn="dc=example,dc=org",
bind_dn="cn=admin,dc=example,dc=org",
bind_credential="admin")
realm_admin_role = keycloak.Role("realmAdminRole",
realm_id=realm.id,
description="My Realm Role")
assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers",
realm_id=realm.id,
ldap_user_federation_id=ldap_user_federation.id,
role=realm_admin_role.name)
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
ldapUserFederation:
type: keycloak:ldap:UserFederation
properties:
realmId: ${realm.id}
usernameLdapAttribute: cn
rdnLdapAttribute: cn
uuidLdapAttribute: entryDN
userObjectClasses:
- simpleSecurityObject
- organizationalRole
connectionUrl: ldap://openldap
usersDn: dc=example,dc=org
bindDn: cn=admin,dc=example,dc=org
bindCredential: admin
realmAdminRole:
type: keycloak:Role
properties:
realmId: ${realm.id}
description: My Realm Role
assignAdminRoleToAllUsers:
type: keycloak:ldap:HardcodedRoleMapper
properties:
realmId: ${realm.id}
ldapUserFederationId: ${ldapUserFederation.id}
role: ${realmAdminRole.name}
Client Role)
using Pulumi;
using Keycloak = Pulumi.Keycloak;
class MyStack : Stack
{
public MyStack()
{
var realm = new Keycloak.Realm("realm", new Keycloak.RealmArgs
{
RealmName = "my-realm",
Enabled = true,
});
var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new Keycloak.Ldap.UserFederationArgs
{
RealmId = realm.Id,
UsernameLdapAttribute = "cn",
RdnLdapAttribute = "cn",
UuidLdapAttribute = "entryDN",
UserObjectClasses =
{
"simpleSecurityObject",
"organizationalRole",
},
ConnectionUrl = "ldap://openldap",
UsersDn = "dc=example,dc=org",
BindDn = "cn=admin,dc=example,dc=org",
BindCredential = "admin",
});
var realmManagement = Keycloak.OpenId.GetClient.Invoke(new Keycloak.OpenId.GetClientInvokeArgs
{
RealmId = realm.Id,
ClientId = "realm-management",
});
var createClient = Output.Tuple(realm.Id, realmManagement).Apply(values =>
{
var id = values.Item1;
var realmManagement = values.Item2;
return Keycloak.GetRole.Invoke(new Keycloak.GetRoleInvokeArgs
{
RealmId = id,
ClientId = realmManagement.Id,
Name = "create-client",
});
});
var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new Keycloak.Ldap.HardcodedRoleMapperArgs
{
RealmId = realm.Id,
LdapUserFederationId = ldapUserFederation.Id,
Role = Output.Tuple(realmManagement, createClient).Apply(values =>
{
var realmManagement = values.Item1;
var createClient = values.Item2;
return $"{realmManagement.ClientId}.{createClient.Name}";
}),
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/ldap"
"github.com/pulumi/pulumi-keycloak/sdk/v4/go/keycloak/openid"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{
Realm: pulumi.String("my-realm"),
Enabled: pulumi.Bool(true),
})
if err != nil {
return err
}
ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{
RealmId: realm.ID(),
UsernameLdapAttribute: pulumi.String("cn"),
RdnLdapAttribute: pulumi.String("cn"),
UuidLdapAttribute: pulumi.String("entryDN"),
UserObjectClasses: pulumi.StringArray{
pulumi.String("simpleSecurityObject"),
pulumi.String("organizationalRole"),
},
ConnectionUrl: pulumi.String("ldap://openldap"),
UsersDn: pulumi.String("dc=example,dc=org"),
BindDn: pulumi.String("cn=admin,dc=example,dc=org"),
BindCredential: pulumi.String("admin"),
})
if err != nil {
return err
}
realmManagement := openid.LookupClientOutput(ctx, openid.GetClientOutputArgs{
RealmId: realm.ID(),
ClientId: pulumi.String("realm-management"),
}, nil)
_, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{
RealmId: realm.ID(),
LdapUserFederationId: ldapUserFederation.ID(),
Role: pulumi.All(realmManagement, createClient).ApplyT(func(_args []interface{}) (string, error) {
realmManagement := _args[0].(openid.GetClientResult)
createClient := _args[1].(GetRoleResult)
return fmt.Sprintf("%v.%v", realmManagement.ClientId, createClient.Name), nil
}).(pulumi.StringOutput),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.keycloak.Realm;
import com.pulumi.keycloak.RealmArgs;
import com.pulumi.keycloak.ldap.UserFederation;
import com.pulumi.keycloak.ldap.UserFederationArgs;
import com.pulumi.keycloak.openid.OpenidFunctions;
import com.pulumi.keycloak.openid.inputs.GetClientArgs;
import com.pulumi.keycloak.KeycloakFunctions;
import com.pulumi.keycloak.inputs.GetRoleArgs;
import com.pulumi.keycloak.ldap.HardcodedRoleMapper;
import com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var realm = new Realm("realm", RealmArgs.builder()
.realm("my-realm")
.enabled(true)
.build());
var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder()
.realmId(realm.id())
.usernameLdapAttribute("cn")
.rdnLdapAttribute("cn")
.uuidLdapAttribute("entryDN")
.userObjectClasses(
"simpleSecurityObject",
"organizationalRole")
.connectionUrl("ldap://openldap")
.usersDn("dc=example,dc=org")
.bindDn("cn=admin,dc=example,dc=org")
.bindCredential("admin")
.build());
final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()
.realmId(realm.id())
.clientId("realm-management")
.build());
final var createClient = KeycloakFunctions.getRole(GetRoleArgs.builder()
.realmId(realm.id())
.clientId(realmManagement.applyValue(getClientResult -> getClientResult).applyValue(realmManagement -> realmManagement.applyValue(getClientResult -> getClientResult.id())))
.name("create-client")
.build());
var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder()
.realmId(realm.id())
.ldapUserFederationId(ldapUserFederation.id())
.role(Output.tuple(realmManagement.applyValue(getClientResult -> getClientResult), createClient.applyValue(getRoleResult -> getRoleResult)).applyValue(values -> {
var realmManagement = values.t1;
var createClient = values.t2;
return String.format("%s.%s", realmManagement.applyValue(getClientResult -> getClientResult.clientId()),createClient.applyValue(getRoleResult -> getRoleResult.name()));
}))
.build());
}
}
import * as pulumi from "@pulumi/pulumi";
import * as keycloak from "@pulumi/keycloak";
const realm = new keycloak.Realm("realm", {
realm: "my-realm",
enabled: true,
});
const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", {
realmId: realm.id,
usernameLdapAttribute: "cn",
rdnLdapAttribute: "cn",
uuidLdapAttribute: "entryDN",
userObjectClasses: [
"simpleSecurityObject",
"organizationalRole",
],
connectionUrl: "ldap://openldap",
usersDn: "dc=example,dc=org",
bindDn: "cn=admin,dc=example,dc=org",
bindCredential: "admin",
});
const realmManagement = keycloak.openid.getClientOutput({
realmId: realm.id,
clientId: "realm-management",
});
const createClient = pulumi.all([realm.id, realmManagement]).apply(([id, realmManagement]) => keycloak.getRoleOutput({
realmId: id,
clientId: realmManagement.id,
name: "create-client",
}));
const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", {
realmId: realm.id,
ldapUserFederationId: ldapUserFederation.id,
role: pulumi.all([realmManagement, createClient]).apply(([realmManagement, createClient]) => `${realmManagement.clientId}.${createClient.name}`),
});
import pulumi
import pulumi_keycloak as keycloak
realm = keycloak.Realm("realm",
realm="my-realm",
enabled=True)
ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation",
realm_id=realm.id,
username_ldap_attribute="cn",
rdn_ldap_attribute="cn",
uuid_ldap_attribute="entryDN",
user_object_classes=[
"simpleSecurityObject",
"organizationalRole",
],
connection_url="ldap://openldap",
users_dn="dc=example,dc=org",
bind_dn="cn=admin,dc=example,dc=org",
bind_credential="admin")
realm_management = keycloak.openid.get_client_output(realm_id=realm.id,
client_id="realm-management")
create_client = pulumi.Output.all(realm.id, realm_management).apply(lambda id, realm_management: keycloak.get_role_output(realm_id=id,
client_id=realm_management.id,
name="create-client"))
assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers",
realm_id=realm.id,
ldap_user_federation_id=ldap_user_federation.id,
role=pulumi.Output.all(realm_management, create_client).apply(lambda realm_management, create_client: f"{realm_management.client_id}.{create_client.name}"))
resources:
realm:
type: keycloak:Realm
properties:
realm: my-realm
enabled: true
ldapUserFederation:
type: keycloak:ldap:UserFederation
properties:
realmId: ${realm.id}
usernameLdapAttribute: cn
rdnLdapAttribute: cn
uuidLdapAttribute: entryDN
userObjectClasses:
- simpleSecurityObject
- organizationalRole
connectionUrl: ldap://openldap
usersDn: dc=example,dc=org
bindDn: cn=admin,dc=example,dc=org
bindCredential: admin
assignAdminRoleToAllUsers:
type: keycloak:ldap:HardcodedRoleMapper
properties:
realmId: ${realm.id}
ldapUserFederationId: ${ldapUserFederation.id}
role: ${realmManagement.clientId}.${createClient.name}
variables:
realmManagement:
Fn::Invoke:
Function: keycloak:openid:getClient
Arguments:
realmId: ${realm.id}
clientId: realm-management
createClient:
Fn::Invoke:
Function: keycloak:getRole
Arguments:
realmId: ${realm.id}
clientId: ${realmManagement.id}
name: create-client
Create HardcodedRoleMapper Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new HardcodedRoleMapper(name: string, args: HardcodedRoleMapperArgs, opts?: CustomResourceOptions);@overload
def HardcodedRoleMapper(resource_name: str,
args: HardcodedRoleMapperArgs,
opts: Optional[ResourceOptions] = None)
@overload
def HardcodedRoleMapper(resource_name: str,
opts: Optional[ResourceOptions] = None,
ldap_user_federation_id: Optional[str] = None,
realm_id: Optional[str] = None,
role: Optional[str] = None,
name: Optional[str] = None)func NewHardcodedRoleMapper(ctx *Context, name string, args HardcodedRoleMapperArgs, opts ...ResourceOption) (*HardcodedRoleMapper, error)public HardcodedRoleMapper(string name, HardcodedRoleMapperArgs args, CustomResourceOptions? opts = null)
public HardcodedRoleMapper(String name, HardcodedRoleMapperArgs args)
public HardcodedRoleMapper(String name, HardcodedRoleMapperArgs args, CustomResourceOptions options)
type: keycloak:ldap:HardcodedRoleMapper
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args HardcodedRoleMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args HardcodedRoleMapperArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args HardcodedRoleMapperArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args HardcodedRoleMapperArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args HardcodedRoleMapperArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var hardcodedRoleMapperResource = new Keycloak.Ldap.HardcodedRoleMapper("hardcodedRoleMapperResource", new()
{
LdapUserFederationId = "string",
RealmId = "string",
Role = "string",
Name = "string",
});
example, err := ldap.NewHardcodedRoleMapper(ctx, "hardcodedRoleMapperResource", &ldap.HardcodedRoleMapperArgs{
LdapUserFederationId: pulumi.String("string"),
RealmId: pulumi.String("string"),
Role: pulumi.String("string"),
Name: pulumi.String("string"),
})
var hardcodedRoleMapperResource = new HardcodedRoleMapper("hardcodedRoleMapperResource", HardcodedRoleMapperArgs.builder()
.ldapUserFederationId("string")
.realmId("string")
.role("string")
.name("string")
.build());
hardcoded_role_mapper_resource = keycloak.ldap.HardcodedRoleMapper("hardcodedRoleMapperResource",
ldap_user_federation_id="string",
realm_id="string",
role="string",
name="string")
const hardcodedRoleMapperResource = new keycloak.ldap.HardcodedRoleMapper("hardcodedRoleMapperResource", {
ldapUserFederationId: "string",
realmId: "string",
role: "string",
name: "string",
});
type: keycloak:ldap:HardcodedRoleMapper
properties:
ldapUserFederationId: string
name: string
realmId: string
role: string
HardcodedRoleMapper Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The HardcodedRoleMapper resource accepts the following input properties:
- Ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- Realm
Id string - The realm that this LDAP mapper will exist in.
- Role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - Name string
- Display name of this mapper when displayed in the console.
- Ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- Realm
Id string - The realm that this LDAP mapper will exist in.
- Role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - Name string
- Display name of this mapper when displayed in the console.
- ldap
User StringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- realm
Id String - The realm that this LDAP mapper will exist in.
- role String
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - name String
- Display name of this mapper when displayed in the console.
- ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- realm
Id string - The realm that this LDAP mapper will exist in.
- role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - name string
- Display name of this mapper when displayed in the console.
- ldap_
user_ strfederation_ id - The ID of the LDAP user federation provider to attach this mapper to.
- realm_
id str - The realm that this LDAP mapper will exist in.
- role str
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - name str
- Display name of this mapper when displayed in the console.
- ldap
User StringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- realm
Id String - The realm that this LDAP mapper will exist in.
- role String
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}. - name String
- Display name of this mapper when displayed in the console.
Outputs
All input properties are implicitly available as output properties. Additionally, the HardcodedRoleMapper resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing HardcodedRoleMapper Resource
Get an existing HardcodedRoleMapper resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: HardcodedRoleMapperState, opts?: CustomResourceOptions): HardcodedRoleMapper@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
ldap_user_federation_id: Optional[str] = None,
name: Optional[str] = None,
realm_id: Optional[str] = None,
role: Optional[str] = None) -> HardcodedRoleMapperfunc GetHardcodedRoleMapper(ctx *Context, name string, id IDInput, state *HardcodedRoleMapperState, opts ...ResourceOption) (*HardcodedRoleMapper, error)public static HardcodedRoleMapper Get(string name, Input<string> id, HardcodedRoleMapperState? state, CustomResourceOptions? opts = null)public static HardcodedRoleMapper get(String name, Output<String> id, HardcodedRoleMapperState state, CustomResourceOptions options)resources: _: type: keycloak:ldap:HardcodedRoleMapper get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- Name string
- Display name of this mapper when displayed in the console.
- Realm
Id string - The realm that this LDAP mapper will exist in.
- Role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
- Ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- Name string
- Display name of this mapper when displayed in the console.
- Realm
Id string - The realm that this LDAP mapper will exist in.
- Role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
- ldap
User StringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- name String
- Display name of this mapper when displayed in the console.
- realm
Id String - The realm that this LDAP mapper will exist in.
- role String
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
- ldap
User stringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- name string
- Display name of this mapper when displayed in the console.
- realm
Id string - The realm that this LDAP mapper will exist in.
- role string
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
- ldap_
user_ strfederation_ id - The ID of the LDAP user federation provider to attach this mapper to.
- name str
- Display name of this mapper when displayed in the console.
- realm_
id str - The realm that this LDAP mapper will exist in.
- role str
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
- ldap
User StringFederation Id - The ID of the LDAP user federation provider to attach this mapper to.
- name String
- Display name of this mapper when displayed in the console.
- realm
Id String - The realm that this LDAP mapper will exist in.
- role String
- The name of the role which should be assigned to the users. Client roles should use the format
{{client_id}}.{{client_role_name}}.
Import
LDAP mappers can be imported using the format {{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}. The ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs. Examplebash
$ pulumi import keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper assign_admin_role_to_all_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Keycloak pulumi/pulumi-keycloak
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
keycloakTerraform Provider.
Viewing docs for Keycloak v4.11.0 (Older version)
published on Monday, Mar 9, 2026 by Pulumi
published on Monday, Mar 9, 2026 by Pulumi
