From 9e3fa1f2778208b8e06470ede99f70ca898eb564 Mon Sep 17 00:00:00 2001 From: Anton Tayanovskyy Date: Thu, 18 Apr 2024 13:38:01 -0400 Subject: [PATCH] Rollout improved example converter (#465) Rolls out improved TF example converter. --- .ci-mgmt.yaml | 5 + Makefile | 3 +- .../cmd/pulumi-resource-keycloak/schema.json | 502 +++++++++--------- ...AttributeImporterIdentityProviderMapper.cs | 7 +- sdk/dotnet/AttributeToRoleIdentityMapper.cs | 10 +- sdk/dotnet/Authentication/Bindings.cs | 6 +- sdk/dotnet/Authentication/Execution.cs | 4 +- sdk/dotnet/CustomIdentityProviderMapping.cs | 7 +- sdk/dotnet/CustomUserFederation.cs | 9 +- sdk/dotnet/DefaultGroups.cs | 5 +- sdk/dotnet/DefaultRoles.cs | 2 +- sdk/dotnet/GenericClientProtocolMapper.cs | 15 +- sdk/dotnet/GenericClientRoleMapper.cs | 37 +- sdk/dotnet/GenericProtocolMapper.cs | 5 +- sdk/dotnet/GenericRoleMapper.cs | 37 +- sdk/dotnet/GetClientDescriptionConverter.cs | 12 +- sdk/dotnet/GetRealm.cs | 8 +- sdk/dotnet/GetUser.cs | 2 + sdk/dotnet/GetUserRealmRoles.cs | 4 + sdk/dotnet/Group.cs | 17 +- sdk/dotnet/GroupMemberships.cs | 7 +- sdk/dotnet/GroupRoles.cs | 24 +- ...ardcodedAttributeIdentityProviderMapper.cs | 7 +- sdk/dotnet/HardcodedRoleIdentityMapper.cs | 10 +- ...ityProviderTokenExchangeScopePermission.cs | 9 +- sdk/dotnet/Ldap/CustomMapper.cs | 10 +- sdk/dotnet/Ldap/FullNameMapper.cs | 24 +- sdk/dotnet/Ldap/GroupMapper.cs | 28 +- sdk/dotnet/Ldap/HardcodedAttributeMapper.cs | 6 +- sdk/dotnet/Ldap/HardcodedGroupMapper.cs | 9 +- sdk/dotnet/Ldap/HardcodedRoleMapper.cs | 6 +- .../Ldap/MsadLdsUserAccountControlMapper.cs | 6 +- .../Ldap/MsadUserAccountControlMapper.cs | 22 +- sdk/dotnet/Ldap/RoleMapper.cs | 6 +- sdk/dotnet/Ldap/UserAttributeMapper.cs | 24 +- sdk/dotnet/Ldap/UserFederation.cs | 21 +- sdk/dotnet/Oidc/GoogleIdentityProvider.cs | 4 +- sdk/dotnet/Oidc/IdentityProvider.cs | 2 +- sdk/dotnet/OpenId/AudienceProtocolMapper.cs | 24 +- .../OpenId/AudienceResolveProtocolMapper.cs | 11 +- .../OpenId/AudienceResolveProtocolMappter.cs | 11 +- sdk/dotnet/OpenId/Client.cs | 9 +- sdk/dotnet/OpenId/ClientDefaultScopes.cs | 13 +- sdk/dotnet/OpenId/ClientOptionalScopes.cs | 13 +- sdk/dotnet/OpenId/ClientPolicy.cs | 8 +- sdk/dotnet/OpenId/ClientScope.cs | 7 +- .../OpenId/ClientServiceAccountRealmRole.cs | 6 +- sdk/dotnet/OpenId/ClientServiceAccountRole.cs | 7 +- sdk/dotnet/OpenId/FullNameProtocolMapper.cs | 24 +- sdk/dotnet/OpenId/GetClient.cs | 2 + .../OpenId/GetClientAuthorizationPolicy.cs | 10 +- sdk/dotnet/OpenId/GetClientScope.cs | 6 +- .../OpenId/GetClientServiceAccountUser.cs | 6 +- .../OpenId/GroupMembershipProtocolMapper.cs | 28 +- .../OpenId/HardcodedClaimProtocolMapper.cs | 28 +- .../OpenId/HardcodedRoleProtocolMapper.cs | 26 +- sdk/dotnet/OpenId/ScriptProtocolMapper.cs | 12 +- .../OpenId/UserAttributeProtocolMapper.cs | 28 +- .../OpenId/UserClientRoleProtocolMapper.cs | 12 +- .../OpenId/UserPropertyProtocolMapper.cs | 28 +- .../OpenId/UserRealmRoleProtocolMapper.cs | 28 +- .../OpenId/UserSessionNoteProtocolMapper.cs | 12 +- sdk/dotnet/RealmEvents.cs | 10 +- sdk/dotnet/RealmKeystoreAesGenerated.cs | 3 +- sdk/dotnet/RealmKeystoreEcdsaGenerated.cs | 3 +- sdk/dotnet/RealmKeystoreHmacGenerated.cs | 3 +- sdk/dotnet/RealmKeystoreJavaGenerated.cs | 3 +- sdk/dotnet/RealmKeystoreRsaGenerated.cs | 3 +- sdk/dotnet/RealmUserProfile.cs | 2 +- sdk/dotnet/RequiredAction.cs | 3 +- sdk/dotnet/Role.cs | 54 +- sdk/dotnet/Saml/Client.cs | 63 --- sdk/dotnet/Saml/ClientDefaultScope.cs | 53 -- sdk/dotnet/Saml/ClientScope.cs | 3 +- sdk/dotnet/Saml/GetClient.cs | 2 + .../Saml/GetClientInstallationProvider.cs | 96 ---- sdk/dotnet/Saml/IdentityProvider.cs | 14 +- sdk/dotnet/Saml/ScriptProtocolMapper.cs | 6 +- .../Saml/UserAttributeProtocolMapper.cs | 14 +- sdk/dotnet/Saml/UserPropertyProtocolMapper.cs | 14 +- sdk/dotnet/User.cs | 20 +- sdk/dotnet/UserGroups.cs | 67 +-- sdk/dotnet/UserRoles.cs | 11 +- ...rTemplateImporterIdentityProviderMapper.cs | 3 +- ...attributeImporterIdentityProviderMapper.go | 7 +- .../keycloak/attributeToRoleIdentityMapper.go | 10 +- sdk/go/keycloak/authentication/bindings.go | 6 +- sdk/go/keycloak/authentication/execution.go | 4 +- .../keycloak/customIdentityProviderMapping.go | 7 +- sdk/go/keycloak/customUserFederation.go | 9 +- sdk/go/keycloak/defaultGroups.go | 5 +- sdk/go/keycloak/defaultRoles.go | 2 +- .../keycloak/genericClientProtocolMapper.go | 17 +- sdk/go/keycloak/genericClientRoleMapper.go | 37 +- sdk/go/keycloak/genericProtocolMapper.go | 5 +- sdk/go/keycloak/genericRoleMapper.go | 37 +- .../keycloak/getClientDescriptionConverter.go | 8 +- sdk/go/keycloak/getRealm.go | 4 +- sdk/go/keycloak/getUser.go | 1 + sdk/go/keycloak/getUserRealmRoles.go | 2 + sdk/go/keycloak/group.go | 17 +- sdk/go/keycloak/groupMemberships.go | 7 +- sdk/go/keycloak/groupRoles.go | 24 +- ...ardcodedAttributeIdentityProviderMapper.go | 7 +- .../keycloak/hardcodedRoleIdentityMapper.go | 10 +- ...ityProviderTokenExchangeScopePermission.go | 9 +- sdk/go/keycloak/ldap/customMapper.go | 10 +- sdk/go/keycloak/ldap/fullNameMapper.go | 28 +- sdk/go/keycloak/ldap/groupMapper.go | 32 +- .../keycloak/ldap/hardcodedAttributeMapper.go | 6 +- sdk/go/keycloak/ldap/hardcodedGroupMapper.go | 9 +- sdk/go/keycloak/ldap/hardcodedRoleMapper.go | 6 +- .../ldap/msadLdsUserAccountControlMapper.go | 6 +- .../ldap/msadUserAccountControlMapper.go | 26 +- sdk/go/keycloak/ldap/roleMapper.go | 6 +- sdk/go/keycloak/ldap/userAttributeMapper.go | 28 +- sdk/go/keycloak/ldap/userFederation.go | 27 +- .../keycloak/oidc/googleIdentityProvider.go | 4 +- sdk/go/keycloak/oidc/identityProvider.go | 2 +- .../keycloak/openid/audienceProtocolMapper.go | 24 +- .../openid/audienceResolveProtocolMapper.go | 11 +- .../openid/audienceResolveProtocolMappter.go | 11 +- sdk/go/keycloak/openid/client.go | 9 +- sdk/go/keycloak/openid/clientDefaultScopes.go | 13 +- .../keycloak/openid/clientOptionalScopes.go | 13 +- sdk/go/keycloak/openid/clientPolicy.go | 8 +- sdk/go/keycloak/openid/clientScope.go | 7 +- .../openid/clientServiceAccountRealmRole.go | 6 +- .../openid/clientServiceAccountRole.go | 7 +- .../keycloak/openid/fullNameProtocolMapper.go | 24 +- sdk/go/keycloak/openid/getClient.go | 1 + .../openid/getClientAuthorizationPolicy.go | 5 +- sdk/go/keycloak/openid/getClientScope.go | 3 +- .../openid/getClientServiceAccountUser.go | 3 +- .../openid/groupMembershipProtocolMapper.go | 28 +- .../openid/hardcodedClaimProtocolMapper.go | 28 +- .../openid/hardcodedRoleProtocolMapper.go | 26 +- .../keycloak/openid/scriptProtocolMapper.go | 12 +- .../openid/userAttributeProtocolMapper.go | 28 +- .../openid/userClientRoleProtocolMapper.go | 12 +- .../openid/userPropertyProtocolMapper.go | 28 +- .../openid/userRealmRoleProtocolMapper.go | 28 +- .../openid/userSessionNoteProtocolMapper.go | 12 +- sdk/go/keycloak/realmEvents.go | 10 +- sdk/go/keycloak/realmKeystoreAesGenerated.go | 3 +- .../keycloak/realmKeystoreEcdsaGenerated.go | 3 +- sdk/go/keycloak/realmKeystoreHmacGenerated.go | 3 +- sdk/go/keycloak/realmKeystoreJavaGenerated.go | 3 +- sdk/go/keycloak/realmKeystoreRsaGenerated.go | 3 +- sdk/go/keycloak/realmUserProfile.go | 2 +- sdk/go/keycloak/requiredAction.go | 3 +- sdk/go/keycloak/role.go | 54 +- sdk/go/keycloak/saml/client.go | 82 --- sdk/go/keycloak/saml/clientDefaultScope.go | 73 --- sdk/go/keycloak/saml/clientScope.go | 3 +- sdk/go/keycloak/saml/getClient.go | 1 + .../saml/getClientInstallationProvider.go | 68 --- sdk/go/keycloak/saml/identityProvider.go | 14 +- sdk/go/keycloak/saml/scriptProtocolMapper.go | 6 +- .../saml/userAttributeProtocolMapper.go | 14 +- .../saml/userPropertyProtocolMapper.go | 14 +- sdk/go/keycloak/user.go | 20 +- sdk/go/keycloak/userGroups.go | 78 +-- sdk/go/keycloak/userRoles.go | 11 +- ...rTemplateImporterIdentityProviderMapper.go | 3 +- ...tributeImporterIdentityProviderMapper.java | 5 +- .../AttributeToRoleIdentityMapper.java | 6 +- .../CustomIdentityProviderMapping.java | 5 +- .../pulumi/keycloak/CustomUserFederation.java | 7 +- .../com/pulumi/keycloak/DefaultGroups.java | 5 +- .../keycloak/GenericClientProtocolMapper.java | 11 +- .../keycloak/GenericClientRoleMapper.java | 11 + .../keycloak/GenericProtocolMapper.java | 1 + .../pulumi/keycloak/GenericRoleMapper.java | 11 + .../main/java/com/pulumi/keycloak/Group.java | 11 +- .../com/pulumi/keycloak/GroupMemberships.java | 5 +- .../java/com/pulumi/keycloak/GroupRoles.java | 18 +- ...dcodedAttributeIdentityProviderMapper.java | 5 +- .../keycloak/HardcodedRoleIdentityMapper.java | 6 +- ...yProviderTokenExchangeScopePermission.java | 1 + .../pulumi/keycloak/KeycloakFunctions.java | 108 ++-- .../java/com/pulumi/keycloak/RealmEvents.java | 8 +- .../keycloak/RealmKeystoreAesGenerated.java | 1 + .../keycloak/RealmKeystoreEcdsaGenerated.java | 1 + .../keycloak/RealmKeystoreHmacGenerated.java | 1 + .../keycloak/RealmKeystoreJavaGenerated.java | 1 + .../com/pulumi/keycloak/RealmKeystoreRsa.java | 1 + .../keycloak/RealmKeystoreRsaGenerated.java | 1 + .../com/pulumi/keycloak/RealmUserProfile.java | 2 +- .../com/pulumi/keycloak/RequiredAction.java | 1 + .../main/java/com/pulumi/keycloak/Role.java | 38 +- .../main/java/com/pulumi/keycloak/User.java | 18 +- .../java/com/pulumi/keycloak/UserGroups.java | 73 +-- .../java/com/pulumi/keycloak/UserRoles.java | 5 +- ...emplateImporterIdentityProviderMapper.java | 1 + .../com/pulumi/keycloak/UsersPermissions.java | 5 +- .../pulumi/keycloak/ldap/CustomMapper.java | 6 +- .../pulumi/keycloak/ldap/FullNameMapper.java | 20 +- .../com/pulumi/keycloak/ldap/GroupMapper.java | 24 +- .../ldap/HardcodedAttributeMapper.java | 2 + .../keycloak/ldap/HardcodedGroupMapper.java | 3 + .../keycloak/ldap/HardcodedRoleMapper.java | 2 + .../ldap/MsadLdsUserAccountControlMapper.java | 2 + .../ldap/MsadUserAccountControlMapper.java | 18 +- .../com/pulumi/keycloak/ldap/RoleMapper.java | 2 + .../keycloak/ldap/UserAttributeMapper.java | 20 +- .../pulumi/keycloak/ldap/UserFederation.java | 19 +- .../keycloak/oidc/GoogleIdentityProvider.java | 4 +- .../openid/AudienceProtocolMapper.java | 16 +- .../openid/AudienceResolveProtocolMapper.java | 3 + .../AudienceResolveProtocolMappter.java | 3 + .../com/pulumi/keycloak/openid/Client.java | 7 +- .../keycloak/openid/ClientDefaultScopes.java | 9 +- .../keycloak/openid/ClientOptionalScopes.java | 9 +- .../pulumi/keycloak/openid/ClientPolicy.java | 2 + .../pulumi/keycloak/openid/ClientScope.java | 5 +- .../openid/ClientServiceAccountRealmRole.java | 2 + .../openid/ClientServiceAccountRole.java | 3 + .../openid/FullNameProtocolMapper.java | 16 +- .../openid/GroupMembershipProtocolMapper.java | 20 +- .../openid/HardcodedClaimProtocolMapper.java | 20 +- .../openid/HardcodedRoleProtocolMapper.java | 18 +- .../keycloak/openid/OpenidFunctions.java | 24 + .../keycloak/openid/ScriptProtocolMapper.java | 4 + .../openid/UserAttributeProtocolMapper.java | 20 +- .../openid/UserClientRoleProtocolMapper.java | 4 + .../openid/UserPropertyProtocolMapper.java | 20 +- .../openid/UserRealmRoleProtocolMapper.java | 20 +- .../openid/UserSessionNoteProtocolMapper.java | 4 + .../java/com/pulumi/keycloak/saml/Client.java | 76 --- .../keycloak/saml/ClientDefaultScope.java | 66 --- .../com/pulumi/keycloak/saml/ClientScope.java | 1 + .../keycloak/saml/IdentityProvider.java | 12 +- .../pulumi/keycloak/saml/SamlFunctions.java | 252 +-------- .../keycloak/saml/ScriptProtocolMapper.java | 2 + .../saml/UserAttributeProtocolMapper.java | 10 +- .../saml/UserPropertyProtocolMapper.java | 10 +- ...attributeImporterIdentityProviderMapper.ts | 7 +- sdk/nodejs/attributeToRoleIdentityMapper.ts | 10 +- sdk/nodejs/authentication/bindings.ts | 6 +- sdk/nodejs/authentication/execution.ts | 4 +- sdk/nodejs/customIdentityProviderMapping.ts | 7 +- sdk/nodejs/customUserFederation.ts | 9 +- sdk/nodejs/defaultGroups.ts | 9 +- sdk/nodejs/defaultRoles.ts | 2 +- sdk/nodejs/genericClientProtocolMapper.ts | 15 +- sdk/nodejs/genericClientRoleMapper.ts | 41 +- sdk/nodejs/genericProtocolMapper.ts | 5 +- sdk/nodejs/genericRoleMapper.ts | 41 +- sdk/nodejs/getClientDescriptionConverter.ts | 12 +- sdk/nodejs/getRealm.ts | 12 +- sdk/nodejs/getUser.ts | 2 + sdk/nodejs/getUserRealmRoles.ts | 4 + sdk/nodejs/group.ts | 19 +- sdk/nodejs/groupMemberships.ts | 11 +- sdk/nodejs/groupRoles.ts | 26 +- ...ardcodedAttributeIdentityProviderMapper.ts | 7 +- sdk/nodejs/hardcodedRoleIdentityMapper.ts | 10 +- ...ityProviderTokenExchangeScopePermission.ts | 9 +- sdk/nodejs/ldap/customMapper.ts | 10 +- sdk/nodejs/ldap/fullNameMapper.ts | 24 +- sdk/nodejs/ldap/groupMapper.ts | 28 +- sdk/nodejs/ldap/hardcodedAttributeMapper.ts | 6 +- sdk/nodejs/ldap/hardcodedGroupMapper.ts | 11 +- sdk/nodejs/ldap/hardcodedRoleMapper.ts | 6 +- .../ldap/msadLdsUserAccountControlMapper.ts | 6 +- .../ldap/msadUserAccountControlMapper.ts | 22 +- sdk/nodejs/ldap/roleMapper.ts | 6 +- sdk/nodejs/ldap/userAttributeMapper.ts | 24 +- sdk/nodejs/ldap/userFederation.ts | 21 +- sdk/nodejs/oidc/googleIdentityProvider.ts | 4 +- sdk/nodejs/oidc/identityProvider.ts | 2 +- sdk/nodejs/openid/audienceProtocolMapper.ts | 26 +- .../openid/audienceResolveProtocolMapper.ts | 13 +- .../openid/audienceResolveProtocolMappter.ts | 13 +- sdk/nodejs/openid/client.ts | 9 +- sdk/nodejs/openid/clientDefaultScopes.ts | 13 +- sdk/nodejs/openid/clientOptionalScopes.ts | 13 +- sdk/nodejs/openid/clientPolicy.ts | 8 +- sdk/nodejs/openid/clientScope.ts | 7 +- .../openid/clientServiceAccountRealmRole.ts | 8 +- sdk/nodejs/openid/clientServiceAccountRole.ts | 11 +- sdk/nodejs/openid/fullNameProtocolMapper.ts | 26 +- sdk/nodejs/openid/getClient.ts | 2 + .../openid/getClientAuthorizationPolicy.ts | 10 +- sdk/nodejs/openid/getClientScope.ts | 6 +- .../openid/getClientServiceAccountUser.ts | 6 +- .../openid/groupMembershipProtocolMapper.ts | 30 +- .../openid/hardcodedClaimProtocolMapper.ts | 30 +- .../openid/hardcodedRoleProtocolMapper.ts | 36 +- sdk/nodejs/openid/scriptProtocolMapper.ts | 14 +- .../openid/userAttributeProtocolMapper.ts | 30 +- .../openid/userClientRoleProtocolMapper.ts | 14 +- .../openid/userPropertyProtocolMapper.ts | 30 +- .../openid/userRealmRoleProtocolMapper.ts | 30 +- .../openid/userSessionNoteProtocolMapper.ts | 14 +- sdk/nodejs/realmEvents.ts | 10 +- sdk/nodejs/realmKeystoreAesGenerated.ts | 3 +- sdk/nodejs/realmKeystoreEcdsaGenerated.ts | 3 +- sdk/nodejs/realmKeystoreHmacGenerated.ts | 3 +- sdk/nodejs/realmKeystoreJavaGenerated.ts | 3 +- sdk/nodejs/realmKeystoreRsaGenerated.ts | 3 +- sdk/nodejs/realmUserProfile.ts | 2 +- sdk/nodejs/requiredAction.ts | 3 +- sdk/nodejs/role.ts | 62 ++- sdk/nodejs/saml/client.ts | 54 -- sdk/nodejs/saml/clientDefaultScope.ts | 37 -- sdk/nodejs/saml/clientScope.ts | 3 +- sdk/nodejs/saml/getClient.ts | 2 + .../saml/getClientInstallationProvider.ts | 66 --- sdk/nodejs/saml/identityProvider.ts | 14 +- sdk/nodejs/saml/scriptProtocolMapper.ts | 6 +- .../saml/userAttributeProtocolMapper.ts | 14 +- sdk/nodejs/saml/userPropertyProtocolMapper.ts | 14 +- sdk/nodejs/user.ts | 20 +- sdk/nodejs/userGroups.ts | 42 +- sdk/nodejs/userRoles.ts | 11 +- ...rTemplateImporterIdentityProviderMapper.ts | 3 +- ...ibute_importer_identity_provider_mapper.py | 14 +- .../attribute_to_role_identity_mapper.py | 20 +- .../authentication/bindings.py | 12 +- .../authentication/execution.py | 8 +- .../custom_identity_provider_mapping.py | 14 +- .../pulumi_keycloak/custom_user_federation.py | 22 +- sdk/python/pulumi_keycloak/default_groups.py | 24 +- sdk/python/pulumi_keycloak/default_roles.py | 4 +- .../generic_client_protocol_mapper.py | 42 +- .../generic_client_role_mapper.py | 78 ++- .../generic_protocol_mapper.py | 10 +- .../pulumi_keycloak/generic_role_mapper.py | 78 ++- .../get_client_description_converter.py | 12 +- sdk/python/pulumi_keycloak/get_realm.py | 10 +- sdk/python/pulumi_keycloak/get_user.py | 2 + .../pulumi_keycloak/get_user_realm_roles.py | 4 + sdk/python/pulumi_keycloak/group.py | 44 +- .../pulumi_keycloak/group_memberships.py | 28 +- sdk/python/pulumi_keycloak/group_roles.py | 66 ++- ...oded_attribute_identity_provider_mapper.py | 14 +- .../hardcoded_role_identity_mapper.py | 20 +- ...rovider_token_exchange_scope_permission.py | 18 +- .../pulumi_keycloak/ldap/custom_mapper.py | 20 +- .../pulumi_keycloak/ldap/full_name_mapper.py | 52 +- .../pulumi_keycloak/ldap/group_mapper.py | 60 ++- .../ldap/hardcoded_attribute_mapper.py | 12 +- .../ldap/hardcoded_group_mapper.py | 20 +- .../ldap/hardcoded_role_mapper.py | 12 +- .../msad_lds_user_account_control_mapper.py | 16 +- .../ldap/msad_user_account_control_mapper.py | 48 +- .../pulumi_keycloak/ldap/role_mapper.py | 12 +- .../ldap/user_attribute_mapper.py | 56 +- .../pulumi_keycloak/ldap/user_federation.py | 46 +- .../oidc/google_identity_provider.py | 8 +- .../pulumi_keycloak/oidc/identity_provider.py | 4 +- .../openid/audience_protocol_mapper.py | 66 ++- .../audience_resolve_protocol_mapper.py | 28 +- .../audience_resolve_protocol_mappter.py | 28 +- sdk/python/pulumi_keycloak/openid/client.py | 22 +- .../openid/client_default_scopes.py | 36 +- .../openid/client_optional_scopes.py | 36 +- .../pulumi_keycloak/openid/client_policy.py | 16 +- .../pulumi_keycloak/openid/client_scope.py | 22 +- .../client_service_account_realm_role.py | 14 +- .../openid/client_service_account_role.py | 20 +- .../openid/full_name_protocol_mapper.py | 58 +- .../pulumi_keycloak/openid/get_client.py | 2 + .../openid/get_client_authorization_policy.py | 10 +- .../openid/get_client_scope.py | 6 +- .../openid/get_client_service_account_user.py | 6 +- .../group_membership_protocol_mapper.py | 66 ++- .../openid/hardcoded_claim_protocol_mapper.py | 74 +-- .../openid/hardcoded_role_protocol_mapper.py | 74 ++- .../openid/script_protocol_mapper.py | 26 +- .../openid/user_attribute_protocol_mapper.py | 74 +-- .../user_client_role_protocol_mapper.py | 26 +- .../openid/user_property_protocol_mapper.py | 74 +-- .../openid/user_realm_role_protocol_mapper.py | 66 ++- .../user_session_note_protocol_mapper.py | 26 +- sdk/python/pulumi_keycloak/realm_events.py | 24 +- .../realm_keystore_aes_generated.py | 6 +- .../realm_keystore_ecdsa_generated.py | 6 +- .../realm_keystore_hmac_generated.py | 6 +- .../realm_keystore_java_generated.py | 6 +- .../realm_keystore_rsa_generated.py | 6 +- .../pulumi_keycloak/realm_user_profile.py | 4 +- sdk/python/pulumi_keycloak/required_action.py | 10 +- sdk/python/pulumi_keycloak/role.py | 144 +++-- sdk/python/pulumi_keycloak/saml/client.py | 102 ---- .../saml/client_default_scope.py | 66 --- .../pulumi_keycloak/saml/client_scope.py | 6 +- sdk/python/pulumi_keycloak/saml/get_client.py | 2 + .../saml/get_client_installation_provider.py | 56 -- .../pulumi_keycloak/saml/identity_provider.py | 32 +- .../saml/script_protocol_mapper.py | 16 +- .../saml/user_attribute_protocol_mapper.py | 36 +- .../saml/user_property_protocol_mapper.py | 36 +- sdk/python/pulumi_keycloak/user.py | 48 +- sdk/python/pulumi_keycloak/user_groups.py | 78 +-- sdk/python/pulumi_keycloak/user_roles.py | 22 +- ...plate_importer_identity_provider_mapper.py | 6 +- 399 files changed, 3777 insertions(+), 4069 deletions(-) diff --git a/.ci-mgmt.yaml b/.ci-mgmt.yaml index 0bd91343..c7b5b3cf 100644 --- a/.ci-mgmt.yaml +++ b/.ci-mgmt.yaml @@ -8,6 +8,10 @@ env: # these are in plaintext in the setup script KEYCLOAK_USER: "keycloak" makeTemplate: bridged plugins: + - name: terraform + version: "1.0.16" + kind: converter + - name: aws version: "4.2.0" actions: @@ -16,3 +20,4 @@ actions: run: make upstream - name: Setup local Keycloak run: make -C upstream local +pulumiConvert: 1 diff --git a/Makefile b/Makefile index e5d5e5cf..904dd46b 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,7 @@ VERSION := $(shell pulumictl get version) JAVA_GEN := pulumi-java-gen TESTPARALLELISM := 10 WORKING_DIR := $(shell pwd) -PULUMI_CONVERT := 0 +PULUMI_CONVERT := 1 development: install_plugins provider build_sdks install_sdks @@ -111,6 +111,7 @@ install_nodejs_sdk: install_plugins: export PULUMI_HOME := $(WORKING_DIR)/.pulumi install_plugins: export PATH := $(WORKING_DIR)/.pulumi/bin:$(PATH) install_plugins: .pulumi/bin/pulumi + .pulumi/bin/pulumi plugin install converter terraform 1.0.16 .pulumi/bin/pulumi plugin install resource aws 4.2.0 lint_provider: provider diff --git a/provider/cmd/pulumi-resource-keycloak/schema.json b/provider/cmd/pulumi-resource-keycloak/schema.json index 4dcd8246..6619d63c 100644 --- a/provider/cmd/pulumi-resource-keycloak/schema.json +++ b/provider/cmd/pulumi-resource-keycloak/schema.json @@ -1646,7 +1646,7 @@ }, "resources": { "keycloak:authentication/bindings:Bindings": { - "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browserAuthenticationBinding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browserAuthenticationBinding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne, \n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browserAuthenticationBinding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browserAuthenticationBinding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Allows for creating and managing realm authentication flow bindings within Keycloak.\n\n[Authentication flows](https://www.keycloak.org/docs/latest/server_admin/index.html#_authentication-flows) describe a sequence\nof actions that a user or service must perform in order to be authenticated to Keycloak. The authentication flow itself\nis a container for these actions, which are otherwise known as executions.\n\nRealms assign authentication flows to supported user flows such as `registration` and `browser`. This resource allows the\nupdating of realm authentication flow bindings to custom authentication flows created by `keycloak.authentication.Flow`.\n\nNote that you can also use the `keycloak.Realm` resource to assign authentication flow bindings at the realm level. This\nresource is useful if you would like to create a realm and an authentication flow, and assign this flow to the realm within\na single run of `pulumi up`. In any case, do not attempt to use both the arguments within the `keycloak.Realm` resource\nand this resource to manage authentication flow bindings, you should choose one or the other.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\nconst browserAuthenticationBinding = new keycloak.authentication.Bindings(\"browser_authentication_binding\", {\n realmId: realm.id,\n browserFlow: flow.alias,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\nbrowser_authentication_binding = keycloak.authentication.Bindings(\"browser_authentication_binding\",\n realm_id=realm.id,\n browser_flow=flow.alias)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne, \n },\n });\n\n var browserAuthenticationBinding = new Keycloak.Authentication.Bindings(\"browser_authentication_binding\", new()\n {\n RealmId = realm.Id,\n BrowserFlow = flow.Alias,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = authentication.NewBindings(ctx, \"browser_authentication_binding\", \u0026authentication.BindingsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBrowserFlow: flow.Alias,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.keycloak.authentication.Bindings;\nimport com.pulumi.keycloak.authentication.BindingsArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n var browserAuthenticationBinding = new Bindings(\"browserAuthenticationBinding\", BindingsArgs.builder() \n .realmId(realm.id())\n .browserFlow(flow.alias())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n browserAuthenticationBinding:\n type: keycloak:authentication:Bindings\n name: browser_authentication_binding\n properties:\n realmId: ${realm.id}\n browserFlow: ${flow.alias}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "browserFlow": { "type": "string", @@ -1757,7 +1757,7 @@ } }, "keycloak:authentication/execution:Execution": { - "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"executionOne\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"executionTwo\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"executionOne\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"executionTwo\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"executionOne\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"executionTwo\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne, \n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"executionOne\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"executionTwo\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", + "description": "Allows for creating and managing an authentication execution within Keycloak.\n\nAn authentication execution is an action that the user or service may or may not take when authenticating through an authentication\nflow.\n\n\u003e Due to limitations in the Keycloak API, the ordering of authentication executions within a flow must be specified using `depends_on`. Authentication executions that are created first will appear first within the flow.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst flow = new keycloak.authentication.Flow(\"flow\", {\n realmId: realm.id,\n alias: \"my-flow-alias\",\n});\n// first execution\nconst executionOne = new keycloak.authentication.Execution(\"execution_one\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"auth-cookie\",\n requirement: \"ALTERNATIVE\",\n});\n// second execution\nconst executionTwo = new keycloak.authentication.Execution(\"execution_two\", {\n realmId: realm.id,\n parentFlowAlias: flow.alias,\n authenticator: \"identity-provider-redirector\",\n requirement: \"ALTERNATIVE\",\n}, {\n dependsOn: [executionOne],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nflow = keycloak.authentication.Flow(\"flow\",\n realm_id=realm.id,\n alias=\"my-flow-alias\")\n# first execution\nexecution_one = keycloak.authentication.Execution(\"execution_one\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"auth-cookie\",\n requirement=\"ALTERNATIVE\")\n# second execution\nexecution_two = keycloak.authentication.Execution(\"execution_two\",\n realm_id=realm.id,\n parent_flow_alias=flow.alias,\n authenticator=\"identity-provider-redirector\",\n requirement=\"ALTERNATIVE\",\n opts=pulumi.ResourceOptions(depends_on=[execution_one]))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var flow = new Keycloak.Authentication.Flow(\"flow\", new()\n {\n RealmId = realm.Id,\n Alias = \"my-flow-alias\",\n });\n\n // first execution\n var executionOne = new Keycloak.Authentication.Execution(\"execution_one\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"auth-cookie\",\n Requirement = \"ALTERNATIVE\",\n });\n\n // second execution\n var executionTwo = new Keycloak.Authentication.Execution(\"execution_two\", new()\n {\n RealmId = realm.Id,\n ParentFlowAlias = flow.Alias,\n Authenticator = \"identity-provider-redirector\",\n Requirement = \"ALTERNATIVE\",\n }, new CustomResourceOptions\n {\n DependsOn =\n {\n executionOne, \n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/authentication\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tflow, err := authentication.NewFlow(ctx, \"flow\", \u0026authentication.FlowArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-flow-alias\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// first execution\n\t\texecutionOne, err := authentication.NewExecution(ctx, \"execution_one\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"auth-cookie\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// second execution\n\t\t_, err = authentication.NewExecution(ctx, \"execution_two\", \u0026authentication.ExecutionArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentFlowAlias: flow.Alias,\n\t\t\tAuthenticator: pulumi.String(\"identity-provider-redirector\"),\n\t\t\tRequirement: pulumi.String(\"ALTERNATIVE\"),\n\t\t}, pulumi.DependsOn([]pulumi.Resource{\n\t\t\texecutionOne,\n\t\t}))\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.authentication.Flow;\nimport com.pulumi.keycloak.authentication.FlowArgs;\nimport com.pulumi.keycloak.authentication.Execution;\nimport com.pulumi.keycloak.authentication.ExecutionArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var flow = new Flow(\"flow\", FlowArgs.builder() \n .realmId(realm.id())\n .alias(\"my-flow-alias\")\n .build());\n\n // first execution\n var executionOne = new Execution(\"executionOne\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"auth-cookie\")\n .requirement(\"ALTERNATIVE\")\n .build());\n\n // second execution\n var executionTwo = new Execution(\"executionTwo\", ExecutionArgs.builder() \n .realmId(realm.id())\n .parentFlowAlias(flow.alias())\n .authenticator(\"identity-provider-redirector\")\n .requirement(\"ALTERNATIVE\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(executionOne)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n flow:\n type: keycloak:authentication:Flow\n properties:\n realmId: ${realm.id}\n alias: my-flow-alias\n # first execution\n executionOne:\n type: keycloak:authentication:Execution\n name: execution_one\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: auth-cookie\n requirement: ALTERNATIVE\n # second execution\n executionTwo:\n type: keycloak:authentication:Execution\n name: execution_two\n properties:\n realmId: ${realm.id}\n parentFlowAlias: ${flow.alias}\n authenticator: identity-provider-redirector\n requirement: ALTERNATIVE\n options:\n dependson:\n - ${executionOne}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realmId}}/{{parentFlowAlias}}/{{authenticationExecutionId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:authentication/execution:Execution execution_one my-realm/my-flow-alias/30559fcf-6fb8-45ea-8c46-2b86f46ebc17\n```\n\n", "properties": { "authenticator": { "type": "string", @@ -2106,7 +2106,7 @@ } }, "keycloak:index/attributeImporterIdentityProviderMapper:AttributeImporterIdentityProviderMapper": { - "description": "## # keycloak.AttributeImporterIdentityProviderMapper\n\nAllows to create and manage identity provider mappers within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst testMapper = new keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\", {\n attributeName: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n identityProviderAlias: \"idp_alias\",\n realm: \"my-realm\",\n userAttribute: \"lastName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntest_mapper = keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\",\n attribute_name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n identity_provider_alias=\"idp_alias\",\n realm=\"my-realm\",\n user_attribute=\"lastName\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper(\"testMapper\", new()\n {\n AttributeName = \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n IdentityProviderAlias = \"idp_alias\",\n Realm = \"my-realm\",\n UserAttribute = \"lastName\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, \"testMapper\", \u0026keycloak.AttributeImporterIdentityProviderMapperArgs{\n\t\t\tAttributeName: pulumi.String(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\"),\n\t\t\tIdentityProviderAlias: pulumi.String(\"idp_alias\"),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tUserAttribute: pulumi.String(\"lastName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testMapper = new AttributeImporterIdentityProviderMapper(\"testMapper\", AttributeImporterIdentityProviderMapperArgs.builder() \n .attributeName(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\")\n .identityProviderAlias(\"idp_alias\")\n .realm(\"my-realm\")\n .userAttribute(\"lastName\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testMapper:\n type: keycloak:AttributeImporterIdentityProviderMapper\n properties:\n attributeName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\n identityProviderAlias: idp_alias\n realm: my-realm\n userAttribute: lastName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm.\n- `name` - (Required) The name of the mapper.\n- `identity_provider_alias` - (Required) The alias of the associated identity provider.\n- `user_attribute` - (Required) The user attribute name to store SAML attribute.\n- `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.\n- `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead.\n- `claim_name` - (Optional) The claim name.\n\n### Import\n\nIdentity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_attribute_importer_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n", + "description": "## # keycloak.AttributeImporterIdentityProviderMapper\n\nAllows to create and manage identity provider mappers within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst testMapper = new keycloak.AttributeImporterIdentityProviderMapper(\"test_mapper\", {\n realm: \"my-realm\",\n name: \"my-mapper\",\n identityProviderAlias: \"idp_alias\",\n attributeName: \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n userAttribute: \"lastName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntest_mapper = keycloak.AttributeImporterIdentityProviderMapper(\"test_mapper\",\n realm=\"my-realm\",\n name=\"my-mapper\",\n identity_provider_alias=\"idp_alias\",\n attribute_name=\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n user_attribute=\"lastName\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper(\"test_mapper\", new()\n {\n Realm = \"my-realm\",\n Name = \"my-mapper\",\n IdentityProviderAlias = \"idp_alias\",\n AttributeName = \"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\",\n UserAttribute = \"lastName\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, \"test_mapper\", \u0026keycloak.AttributeImporterIdentityProviderMapperArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tName: pulumi.String(\"my-mapper\"),\n\t\t\tIdentityProviderAlias: pulumi.String(\"idp_alias\"),\n\t\t\tAttributeName: pulumi.String(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\"),\n\t\t\tUserAttribute: pulumi.String(\"lastName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.AttributeImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testMapper = new AttributeImporterIdentityProviderMapper(\"testMapper\", AttributeImporterIdentityProviderMapperArgs.builder() \n .realm(\"my-realm\")\n .name(\"my-mapper\")\n .identityProviderAlias(\"idp_alias\")\n .attributeName(\"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\")\n .userAttribute(\"lastName\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testMapper:\n type: keycloak:AttributeImporterIdentityProviderMapper\n name: test_mapper\n properties:\n realm: my-realm\n name: my-mapper\n identityProviderAlias: idp_alias\n attributeName: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname\n userAttribute: lastName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm.\n- `name` - (Required) The name of the mapper.\n- `identity_provider_alias` - (Required) The alias of the associated identity provider.\n- `user_attribute` - (Required) The user attribute name to store SAML attribute.\n- `attribute_name` - (Optional) The Name of attribute to search for in assertion. You can leave this blank and specify a friendly name instead.\n- `attribute_friendly_name` - (Optional) The friendly name of attribute to search for in assertion. You can leave this blank and specify an attribute name instead.\n- `claim_name` - (Optional) The claim name.\n\n### Import\n\nIdentity provider mapper can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_attribute_importer_identity_provider_mapper.test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n", "properties": { "attributeFriendlyName": { "type": "string", @@ -2238,7 +2238,7 @@ } }, "keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper": { - "description": "Allows for creating and managing an attribute to role identity provider mapper within Keycloak.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n claimName: \"my-claim\",\n claimValue: \"my-value\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n claim_name=\"my-claim\",\n claim_value=\"my-value\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ClaimName = \"my-claim\",\n ClaimValue = \"my-value\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, \"oidcAttributeToRoleIdentityMapper\", \u0026keycloak.AttributeToRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tClaimName: pulumi.String(\"my-claim\"),\n\t\t\tClaimValue: pulumi.String(\"my-value\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapper;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", AttributeToRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .claimName(\"my-claim\")\n .claimValue(\"my-value\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcAttributeToRoleIdentityMapper:\n type: keycloak:AttributeToRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n claimName: my-claim\n claimValue: my-value\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", + "description": "Allows for creating and managing an attribute to role identity provider mapper within Keycloak.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper(\"oidc\", {\n realm: realm.id,\n name: \"role-attribute\",\n identityProviderAlias: oidc.alias,\n role: \"my-realm-role\",\n claimName: \"my-claim\",\n claimValue: \"my-value\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\noidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper(\"oidc\",\n realm=realm.id,\n name=\"role-attribute\",\n identity_provider_alias=oidc.alias,\n role=\"my-realm-role\",\n claim_name=\"my-claim\",\n claim_value=\"my-value\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"role-attribute\",\n IdentityProviderAlias = oidc.Alias,\n Role = \"my-realm-role\",\n ClaimName = \"my-claim\",\n ClaimValue = \"my-value\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, \"oidc\", \u0026keycloak.AttributeToRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"role-attribute\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tClaimName: pulumi.String(\"my-claim\"),\n\t\t\tClaimValue: pulumi.String(\"my-value\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapper;\nimport com.pulumi.keycloak.AttributeToRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper(\"oidcAttributeToRoleIdentityMapper\", AttributeToRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .name(\"role-attribute\")\n .identityProviderAlias(oidc.alias())\n .role(\"my-realm-role\")\n .claimName(\"my-claim\")\n .claimValue(\"my-value\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n oidcAttributeToRoleIdentityMapper:\n type: keycloak:AttributeToRoleIdentityMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: role-attribute\n identityProviderAlias: ${oidc.alias}\n role: my-realm-role\n claimName: my-claim\n claimValue: my-value\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/attributeToRoleIdentityMapper:AttributeToRoleIdentityMapper test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "attributeFriendlyName": { "type": "string", @@ -2397,7 +2397,7 @@ } }, "keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n identityProviderMapper: \"%s-user-attribute-idp-mapper\",\n extraConfig: {\n syncMode: \"INHERIT\",\n Claim: \"my-email-claim\",\n UserAttribute: \"email\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n identity_provider_mapper=\"%s-user-attribute-idp-mapper\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n \"Claim\": \"my-email-claim\",\n \"UserAttribute\": \"email\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n IdentityProviderMapper = \"%s-user-attribute-idp-mapper\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n { \"Claim\", \"my-email-claim\" },\n { \"UserAttribute\", \"email\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomIdentityProviderMapping(ctx, \"oidcCustomIdentityProviderMapping\", \u0026keycloak.CustomIdentityProviderMappingArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tIdentityProviderMapper: pulumi.String(\"%s-user-attribute-idp-mapper\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t\t\"Claim\": pulumi.Any(\"my-email-claim\"),\n\t\t\t\t\"UserAttribute\": pulumi.Any(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.CustomIdentityProviderMapping;\nimport com.pulumi.keycloak.CustomIdentityProviderMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", CustomIdentityProviderMappingArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .identityProviderMapper(\"%s-user-attribute-idp-mapper\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"syncMode\", \"INHERIT\"),\n Map.entry(\"Claim\", \"my-email-claim\"),\n Map.entry(\"UserAttribute\", \"email\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcCustomIdentityProviderMapping:\n type: keycloak:CustomIdentityProviderMapping\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n identityProviderMapper: '%s-user-attribute-idp-mapper'\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n Claim: my-email-claim\n UserAttribute: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping(\"oidc\", {\n realm: realm.id,\n name: \"email-attribute-importer\",\n identityProviderAlias: oidc.alias,\n identityProviderMapper: \"%s-user-attribute-idp-mapper\",\n extraConfig: {\n syncMode: \"INHERIT\",\n Claim: \"my-email-claim\",\n UserAttribute: \"email\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\noidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping(\"oidc\",\n realm=realm.id,\n name=\"email-attribute-importer\",\n identity_provider_alias=oidc.alias,\n identity_provider_mapper=\"%s-user-attribute-idp-mapper\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n \"Claim\": \"my-email-claim\",\n \"UserAttribute\": \"email\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"email-attribute-importer\",\n IdentityProviderAlias = oidc.Alias,\n IdentityProviderMapper = \"%s-user-attribute-idp-mapper\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n { \"Claim\", \"my-email-claim\" },\n { \"UserAttribute\", \"email\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomIdentityProviderMapping(ctx, \"oidc\", \u0026keycloak.CustomIdentityProviderMappingArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"email-attribute-importer\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tIdentityProviderMapper: pulumi.String(\"%s-user-attribute-idp-mapper\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t\t\"Claim\": pulumi.Any(\"my-email-claim\"),\n\t\t\t\t\"UserAttribute\": pulumi.Any(\"email\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.CustomIdentityProviderMapping;\nimport com.pulumi.keycloak.CustomIdentityProviderMappingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping(\"oidcCustomIdentityProviderMapping\", CustomIdentityProviderMappingArgs.builder() \n .realm(realm.id())\n .name(\"email-attribute-importer\")\n .identityProviderAlias(oidc.alias())\n .identityProviderMapper(\"%s-user-attribute-idp-mapper\")\n .extraConfig(Map.ofEntries(\n Map.entry(\"syncMode\", \"INHERIT\"),\n Map.entry(\"Claim\", \"my-email-claim\"),\n Map.entry(\"UserAttribute\", \"email\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n oidcCustomIdentityProviderMapping:\n type: keycloak:CustomIdentityProviderMapping\n name: oidc\n properties:\n realm: ${realm.id}\n name: email-attribute-importer\n identityProviderAlias: ${oidc.alias}\n identityProviderMapper: '%s-user-attribute-idp-mapper'\n extraConfig:\n syncMode: INHERIT\n Claim: my-email-claim\n UserAttribute: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/customIdentityProviderMapping:CustomIdentityProviderMapping test_mapper my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "extraConfig": { "type": "object", @@ -2496,7 +2496,7 @@ } }, "keycloak:index/customUserFederation:CustomUserFederation": { - "description": "## # keycloak.CustomUserFederation\n\nAllows for creating and managing custom user federation providers within Keycloak.\n\nA custom user federation provider is an implementation of Keycloak's\n[User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).\nAn example of this implementation can be found here.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst customUserFederation = new keycloak.CustomUserFederation(\"customUserFederation\", {\n enabled: true,\n providerId: \"custom\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\ncustom_user_federation = keycloak.CustomUserFederation(\"customUserFederation\",\n enabled=True,\n provider_id=\"custom\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var customUserFederation = new Keycloak.CustomUserFederation(\"customUserFederation\", new()\n {\n Enabled = true,\n ProviderId = \"custom\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomUserFederation(ctx, \"customUserFederation\", \u0026keycloak.CustomUserFederationArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tProviderId: pulumi.String(\"custom\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.CustomUserFederation;\nimport com.pulumi.keycloak.CustomUserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var customUserFederation = new CustomUserFederation(\"customUserFederation\", CustomUserFederationArgs.builder() \n .enabled(true)\n .providerId(\"custom\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n customUserFederation:\n type: keycloak:CustomUserFederation\n properties:\n enabled: true\n providerId: custom\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nCustom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`.\nThe ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_custom_user_federation.custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", + "description": "## # keycloak.CustomUserFederation\n\nAllows for creating and managing custom user federation providers within Keycloak.\n\nA custom user federation provider is an implementation of Keycloak's\n[User Storage SPI](https://www.keycloak.org/docs/4.2/server_development/index.html#_user-storage-spi).\nAn example of this implementation can be found here.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst customUserFederation = new keycloak.CustomUserFederation(\"custom_user_federation\", {\n name: \"custom\",\n realmId: realm.id,\n providerId: \"custom\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\ncustom_user_federation = keycloak.CustomUserFederation(\"custom_user_federation\",\n name=\"custom\",\n realm_id=realm.id,\n provider_id=\"custom\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var customUserFederation = new Keycloak.CustomUserFederation(\"custom_user_federation\", new()\n {\n Name = \"custom\",\n RealmId = realm.Id,\n ProviderId = \"custom\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewCustomUserFederation(ctx, \"custom_user_federation\", \u0026keycloak.CustomUserFederationArgs{\n\t\t\tName: pulumi.String(\"custom\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tProviderId: pulumi.String(\"custom\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.CustomUserFederation;\nimport com.pulumi.keycloak.CustomUserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var customUserFederation = new CustomUserFederation(\"customUserFederation\", CustomUserFederationArgs.builder() \n .name(\"custom\")\n .realmId(realm.id())\n .providerId(\"custom\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n customUserFederation:\n type: keycloak:CustomUserFederation\n name: custom_user_federation\n properties:\n name: custom\n realmId: ${realm.id}\n providerId: custom\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `provider_id` - (Required) The unique ID of the custom provider, specified in the `getId` implementation for the `UserStorageProviderFactory` interface.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nCustom user federation providers can be imported using the format `{{realm_id}}/{{custom_user_federation_id}}`.\nThe ID of the custom user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_custom_user_federation.custom_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", "properties": { "cachePolicy": { "type": "string" @@ -2648,7 +2648,7 @@ } }, "keycloak:index/defaultGroups:DefaultGroups": { - "description": "## # keycloak.DefaultGroups\n\nAllows for managing a realm's default groups.\n\nNote that you should not use `keycloak.DefaultGroups` with a group with memberships managed\nby `keycloak.GroupMemberships`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst _default = new keycloak.DefaultGroups(\"default\", {\n groupIds: [group.id],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ndefault = keycloak.DefaultGroups(\"default\",\n group_ids=[group.id],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var @default = new Keycloak.DefaultGroups(\"default\", new()\n {\n GroupIds = new[]\n {\n @group.Id,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultGroups(ctx, \"default\", \u0026keycloak.DefaultGroupsArgs{\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.DefaultGroups;\nimport com.pulumi.keycloak.DefaultGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var default_ = new DefaultGroups(\"default\", DefaultGroupsArgs.builder() \n .groupIds(group.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n default:\n type: keycloak:DefaultGroups\n properties:\n groupIds:\n - ${group.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in.\n\nExample:\n\n```bash\n$ terraform import keycloak_default_groups.default my-realm\n```\n", + "description": "## # keycloak.DefaultGroups\n\nAllows for managing a realm's default groups.\n\nNote that you should not use `keycloak.DefaultGroups` with a group with memberships managed\nby `keycloak.GroupMemberships`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst _default = new keycloak.DefaultGroups(\"default\", {\n realmId: realm.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\ndefault = keycloak.DefaultGroups(\"default\",\n realm_id=realm.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var @default = new Keycloak.DefaultGroups(\"default\", new()\n {\n RealmId = realm.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultGroups(ctx, \"default\", \u0026keycloak.DefaultGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.DefaultGroups;\nimport com.pulumi.keycloak.DefaultGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var default_ = new DefaultGroups(\"default\", DefaultGroupsArgs.builder() \n .realmId(realm.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n default:\n type: keycloak:DefaultGroups\n properties:\n realmId: ${realm.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_ids` - (Required) A set of group ids that should be default groups on the realm referenced by `realm_id`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}` where `realm_id` is the realm the group exists in.\n\nExample:\n\n```bash\n$ terraform import keycloak_default_groups.default my-realm\n```\n", "properties": { "groupIds": { "type": "array", @@ -2698,7 +2698,7 @@ } }, "keycloak:index/defaultRoles:DefaultRoles": { - "description": "Allows managing default realm roles within Keycloak.\n\nNote: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"defaultRoles\", {\n realmId: realm.id,\n defaultRoles: [\"uma_authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"defaultRoles\",\n realm_id=realm.id,\n default_roles=[\"uma_authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"defaultRoles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"uma_authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"defaultRoles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"uma_authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder() \n .realmId(realm.id())\n .defaultRoles(\"uma_authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - uma_authorization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDefault roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite\n\nrole that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing\n\nthe default roles.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d\n```\n\n", + "description": "Allows managing default realm roles within Keycloak.\n\nNote: This feature was added in Keycloak v13, so this resource will not work on older versions of Keycloak.\n\n## Example Usage\n\n### Realm Role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst defaultRoles = new keycloak.DefaultRoles(\"default_roles\", {\n realmId: realm.id,\n defaultRoles: [\"uma_authorization\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ndefault_roles = keycloak.DefaultRoles(\"default_roles\",\n realm_id=realm.id,\n default_roles=[\"uma_authorization\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var defaultRoles = new Keycloak.DefaultRoles(\"default_roles\", new()\n {\n RealmId = realm.Id,\n RoleNames = new[]\n {\n \"uma_authorization\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewDefaultRoles(ctx, \"default_roles\", \u0026keycloak.DefaultRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDefaultRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"uma_authorization\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.DefaultRoles;\nimport com.pulumi.keycloak.DefaultRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var defaultRoles = new DefaultRoles(\"defaultRoles\", DefaultRolesArgs.builder() \n .realmId(realm.id())\n .defaultRoles(\"uma_authorization\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n defaultRoles:\n type: keycloak:DefaultRoles\n name: default_roles\n properties:\n realmId: ${realm.id}\n defaultRoles:\n - uma_authorization\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nDefault roles can be imported using the format `{{realm_id}}/{{default_role_id}}`, where `default_role_id` is the unique ID of the composite\n\nrole that Keycloak uses to control default realm level roles. The ID is not easy to find in the GUI, but it appears in the dev tools when editing\n\nthe default roles.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/defaultRoles:DefaultRoles default_roles my-realm/a04c35c2-e95a-4dc5-bd32-e83a21be9e7d\n```\n\n", "properties": { "defaultRoles": { "type": "array", @@ -2769,7 +2769,7 @@ } }, "keycloak:index/genericClientProtocolMapper:GenericClientProtocolMapper": { - "description": "## # keycloak.GenericClientProtocolMapper\n\nAllows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. \nTherefore, if possible, a specific mapper should be used.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", {\n clientId: samlClient.id,\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-client\",\n realm_id=realm.id)\nsaml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\",\n client_id=saml_client.id,\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n ClientId = samlClient.Id,\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericClientProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericClientProtocolMapper;\nimport com.pulumi.keycloak.GenericClientProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var samlHardcodeAttributeMapper = new GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", GenericClientProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-client\n realmId: ${realm.id}\n samlHardcodeAttributeMapper:\n type: keycloak:GenericClientProtocolMapper\n properties:\n clientId: ${samlClient.id}\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required) The client this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n- `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be\n compatible with the specified client.\n- `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n\n### Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_client_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.GenericClientProtocolMapper\n\nAllows for creating and managing protocol mapper for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors. \nTherefore, if possible, a specific mapper should be used.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"tes-mapper\",\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"tes-mapper\",\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper(\"saml_hardcode_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"tes-mapper\",\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientProtocolMapper(ctx, \"saml_hardcode_attribute_mapper\", \u0026keycloak.GenericClientProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"tes-mapper\"),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericClientProtocolMapper;\nimport com.pulumi.keycloak.GenericClientProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericClientProtocolMapper(\"samlHardcodeAttributeMapper\", GenericClientProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"tes-mapper\")\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericClientProtocolMapper\n name: saml_hardcode_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: tes-mapper\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required) The client this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `protocol` - (Required) The type of client (either `openid-connect` or `saml`). The type must match the type of the client.\n- `protocol_mapper` - (Required) The name of the protocol mapper. The protocol mapper must be\n compatible with the specified client.\n- `config` - (Required) A map with key / value pairs for configuring the protocol mapper. The supported keys depends on the protocol mapper.\n\n### Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_generic_client_protocol_mapper.saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string", @@ -2897,7 +2897,7 @@ } }, "keycloak:index/genericClientRoleMapper:GenericClientRoleMapper": { - "description": "!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericRoleMapper` instead.\n\nAllow for creating and managing a client's scope mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_client_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", + "description": "!\u003e **WARNING:** This resource is deprecated and will be removed in the next major version. Please use `keycloak.GenericRoleMapper` instead.\n\nAllow for creating and managing a client's scope mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"client_a\", {\n realmId: realm.id,\n clientId: \"client-a\",\n name: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"client_role_a\", {\n realmId: realm.id,\n clientId: clientA.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"client_b\", {\n realmId: realm.id,\n clientId: \"client-b\",\n name: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"client_role_b\", {\n realmId: realm.id,\n clientId: clientB.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"client_a\",\n realm_id=realm.id,\n client_id=\"client-a\",\n name=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"client_role_a\",\n realm_id=realm.id,\n client_id=client_a.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"client_b\",\n realm_id=realm.id,\n client_id=\"client-b\",\n name=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"client_role_b\",\n realm_id=realm.id,\n client_id=client_b.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"client_a\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Name = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"client_role_a\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"client_b\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Name = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"client_role_b\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"client_a\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tName: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"client_role_a\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"client_b\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tName: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role_b\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .name(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .name(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n name: client_a\n properties:\n realmId: ${realm.id}\n clientId: client-a\n name: client-a\n enabled: true\n accessType: BEARER-ONLY\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n name: client_role_a\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n name: my-client-role\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n name: client_b\n properties:\n realmId: ${realm.id}\n clientId: client-b\n name: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n name: client_role_b\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n name: my-client-role\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericClientRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericClientRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericClientRoleMapper(\"clientRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: client.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst clientBRoleMapper = new keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nclient_b_role_mapper = keycloak.GenericClientRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericClientRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericClientRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericClientRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericClientRoleMapper;\nimport com.pulumi.keycloak.GenericClientRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var clientBRoleMapper = new GenericClientRoleMapper(\"clientBRoleMapper\", GenericClientRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n name: my-client-role\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n clientBRoleMapper:\n type: keycloak:GenericClientRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericClientRoleMapper:GenericClientRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", "properties": { "clientId": { "type": "string", @@ -2974,7 +2974,7 @@ } }, "keycloak:index/genericProtocolMapper:GenericProtocolMapper": { - "description": "Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used instead.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper(\"samlHardcodeAttributeMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericProtocolMapper(ctx, \"samlHardcodeAttributeMapper\", \u0026keycloak.GenericProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericProtocolMapper;\nimport com.pulumi.keycloak.GenericProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericProtocolMapper(\"samlHardcodeAttributeMapper\", GenericProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing protocol mappers for both types of clients (openid-connect and saml) within Keycloak.\n\nThere are two uses cases for using this resource:\n* If you implemented a custom protocol mapper, this resource can be used to configure it\n* If the provider doesn't support a particular protocol mapper, this resource can be used instead.\n\nDue to the generic nature of this mapper, it is less user-friendly and more prone to configuration errors.\nTherefore, if possible, a specific mapper should be used instead.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n});\nconst samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"test-mapper\",\n protocol: \"saml\",\n protocolMapper: \"saml-hardcode-attribute-mapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"test-client\")\nsaml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"test-mapper\",\n protocol=\"saml\",\n protocol_mapper=\"saml-hardcode-attribute-mapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.nameformat\": \"Basic\",\n \"attribute.value\": \"value\",\n \"friendly.name\": \"display name\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n });\n\n var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper(\"saml_hardcode_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"test-mapper\",\n Protocol = \"saml\",\n ProtocolMapper = \"saml-hardcode-attribute-mapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.nameformat\", \"Basic\" },\n { \"attribute.value\", \"value\" },\n { \"friendly.name\", \"display name\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericProtocolMapper(ctx, \"saml_hardcode_attribute_mapper\", \u0026keycloak.GenericProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tProtocol: pulumi.String(\"saml\"),\n\t\t\tProtocolMapper: pulumi.String(\"saml-hardcode-attribute-mapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.nameformat\": pulumi.Any(\"Basic\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t\t\"friendly.name\": pulumi.Any(\"display name\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.GenericProtocolMapper;\nimport com.pulumi.keycloak.GenericProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .build());\n\n var samlHardcodeAttributeMapper = new GenericProtocolMapper(\"samlHardcodeAttributeMapper\", GenericProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"test-mapper\")\n .protocol(\"saml\")\n .protocolMapper(\"saml-hardcode-attribute-mapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.nameformat\", \"Basic\"),\n Map.entry(\"attribute.value\", \"value\"),\n Map.entry(\"friendly.name\", \"display name\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n samlHardcodeAttributeMapper:\n type: keycloak:GenericProtocolMapper\n name: saml_hardcode_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: test-mapper\n protocol: saml\n protocolMapper: saml-hardcode-attribute-mapper\n config:\n attribute.name: name\n attribute.nameformat: Basic\n attribute.value: value\n friendly.name: display name\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using the following format: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericProtocolMapper:GenericProtocolMapper saml_hardcode_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -3105,7 +3105,7 @@ } }, "keycloak:index/genericRoleMapper:GenericRoleMapper": { - "description": "Allow for creating and managing a client's or client scope's role mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"clientA\", {\n realmId: realm.id,\n clientId: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"clientRoleA\", {\n realmId: realm.id,\n clientId: clientA.id,\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"clientB\", {\n realmId: realm.id,\n clientId: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"clientRoleB\", {\n realmId: realm.id,\n clientId: clientB.id,\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"clientA\",\n realm_id=realm.id,\n client_id=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"clientRoleA\",\n realm_id=realm.id,\n client_id=client_a.id,\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"clientB\",\n realm_id=realm.id,\n client_id=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"clientRoleB\",\n realm_id=realm.id,\n client_id=client_b.id,\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"clientA\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"clientRoleA\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"clientB\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"clientRoleB\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"clientA\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"clientRoleA\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"clientB\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRoleB\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-a\n enabled: true\n accessType: BEARER-ONLY\n # disable full scope, roles are assigned via keycloak_generic_role_mapper\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"clientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"clientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"clientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: client.id,\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"clientBRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=client.id,\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"clientBRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"clientBRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"clientBRoleMapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", + "description": "Allow for creating and managing a client's or client scope's role mappings within Keycloak.\n\nBy default, all the user role mappings of the user are added as claims within the token (OIDC) or assertion (SAML). When\n`full_scope_allowed` is set to `false` for a client, role scope mapping allows you to limit the roles that get declared\ninside an access token for a client.\n\n## Example Usage\n\n### Realm Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientId: client.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_id=client.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientA = new keycloak.openid.Client(\"client_a\", {\n realmId: realm.id,\n clientId: \"client-a\",\n name: \"client-a\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n fullScopeAllowed: false,\n});\nconst clientRoleA = new keycloak.Role(\"client_role_a\", {\n realmId: realm.id,\n clientId: clientA.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientB = new keycloak.openid.Client(\"client_b\", {\n realmId: realm.id,\n clientId: \"client-b\",\n name: \"client-b\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRoleB = new keycloak.Role(\"client_role_b\", {\n realmId: realm.id,\n clientId: clientB.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientId: clientB.id,\n roleId: clientRoleA.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_a = keycloak.openid.Client(\"client_a\",\n realm_id=realm.id,\n client_id=\"client-a\",\n name=\"client-a\",\n enabled=True,\n access_type=\"BEARER-ONLY\",\n full_scope_allowed=False)\nclient_role_a = keycloak.Role(\"client_role_a\",\n realm_id=realm.id,\n client_id=client_a.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b = keycloak.openid.Client(\"client_b\",\n realm_id=realm.id,\n client_id=\"client-b\",\n name=\"client-b\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role_b = keycloak.Role(\"client_role_b\",\n realm_id=realm.id,\n client_id=client_b.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_id=client_b.id,\n role_id=client_role_a.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientA = new Keycloak.OpenId.Client(\"client_a\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-a\",\n Name = \"client-a\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n FullScopeAllowed = false,\n });\n\n var clientRoleA = new Keycloak.Role(\"client_role_a\", new()\n {\n RealmId = realm.Id,\n ClientId = clientA.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientB = new Keycloak.OpenId.Client(\"client_b\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client-b\",\n Name = \"client-b\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRoleB = new Keycloak.Role(\"client_role_b\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = clientB.Id,\n RoleId = clientRoleA.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientA, err := openid.NewClient(ctx, \"client_a\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-a\"),\n\t\t\tName: pulumi.String(\"client-a\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tFullScopeAllowed: pulumi.Bool(false),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRoleA, err := keycloak.NewRole(ctx, \"client_role_a\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientA.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientB, err := openid.NewClient(ctx, \"client_b\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client-b\"),\n\t\t\tName: pulumi.String(\"client-b\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role_b\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: clientB.ID(),\n\t\t\tRoleId: clientRoleA.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientA = new Client(\"clientA\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-a\")\n .name(\"client-a\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .fullScopeAllowed(false)\n .build());\n\n var clientRoleA = new Role(\"clientRoleA\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientA.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientB = new Client(\"clientB\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client-b\")\n .name(\"client-b\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRoleB = new Role(\"clientRoleB\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientId(clientB.id())\n .roleId(clientRoleA.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientA:\n type: keycloak:openid:Client\n name: client_a\n properties:\n realmId: ${realm.id}\n clientId: client-a\n name: client-a\n enabled: true\n accessType: BEARER-ONLY\n fullScopeAllowed: false\n clientRoleA:\n type: keycloak:Role\n name: client_role_a\n properties:\n realmId: ${realm.id}\n clientId: ${clientA.id}\n name: my-client-role\n description: My Client Role\n clientB:\n type: keycloak:openid:Client\n name: client_b\n properties:\n realmId: ${realm.id}\n clientId: client-b\n name: client-b\n enabled: true\n accessType: BEARER-ONLY\n clientRoleB:\n type: keycloak:Role\n name: client_role_b\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n name: my-client-role\n description: My Client Role\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${clientB.id}\n roleId: ${clientRoleA.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Realm Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst clientRoleMapper = new keycloak.GenericRoleMapper(\"client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: realmRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient_role_mapper = keycloak.GenericRoleMapper(\"client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=realm_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var clientRoleMapper = new Keycloak.GenericRoleMapper(\"client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = realmRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: realmRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var clientRoleMapper = new GenericRoleMapper(\"clientRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(realmRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n clientRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${realmRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Role To Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: client.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"my-client-scope\",\n});\nconst clientBRoleMapper = new keycloak.GenericRoleMapper(\"client_b_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n roleId: clientRole.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client.id,\n name=\"my-client-role\",\n description=\"My Client Role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"my-client-scope\")\nclient_b_role_mapper = keycloak.GenericRoleMapper(\"client_b_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n role_id=client_role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"my-client-scope\",\n });\n\n var clientBRoleMapper = new Keycloak.GenericRoleMapper(\"client_b_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n RoleId = clientRole.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGenericRoleMapper(ctx, \"client_b_role_mapper\", \u0026keycloak.GenericRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRoleId: clientRole.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.GenericRoleMapper;\nimport com.pulumi.keycloak.GenericRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"my-client-scope\")\n .build());\n\n var clientBRoleMapper = new GenericRoleMapper(\"clientBRoleMapper\", GenericRoleMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .roleId(clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n name: my-client-role\n description: My Client Role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: my-client-scope\n clientBRoleMapper:\n type: keycloak:GenericRoleMapper\n name: client_b_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n roleId: ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGeneric client role mappers can be imported using one of the following two formats:\n\n- When mapping a role to a client, use the format `{{realmId}}/client/{{clientId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\n- When mapping a role to a client scope, use the format `{{realmId}}/client-scope/{{clientScopeId}}/scope-mappings/{{roleClientId}}/{{roleId}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/genericRoleMapper:GenericRoleMapper client_role_mapper my-realm/client/23888550-5dcd-41f6-85ba-554233021e9c/scope-mappings/ce51f004-bdfb-4dd5-a963-c4487d2dec5b/ff3aa49f-bc07-4030-8783-41918c3614a3\n```\n\n", "properties": { "clientId": { "type": "string", @@ -3182,7 +3182,7 @@ } }, "keycloak:index/group:Group": { - "description": "## # keycloak.Group\n\nAllows for creating and managing Groups within Keycloak.\n\nGroups provide a logical wrapping for users within Keycloak. Users within a\ngroup can share attributes and roles, and group membership can be mapped\nto a claim.\n\nAttributes can also be defined on Groups.\n\nGroups can also be federated from external data sources, such as LDAP or Active Directory.\nThis resource **should not** be used to manage groups that were created this way.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst parentGroup = new keycloak.Group(\"parentGroup\", {realmId: realm.id});\nconst childGroup = new keycloak.Group(\"childGroup\", {\n parentId: parentGroup.id,\n realmId: realm.id,\n});\nconst childGroupWithOptionalAttributes = new keycloak.Group(\"childGroupWithOptionalAttributes\", {\n attributes: {\n key1: \"value1\",\n key2: \"value2\",\n },\n parentId: parentGroup.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nparent_group = keycloak.Group(\"parentGroup\", realm_id=realm.id)\nchild_group = keycloak.Group(\"childGroup\",\n parent_id=parent_group.id,\n realm_id=realm.id)\nchild_group_with_optional_attributes = keycloak.Group(\"childGroupWithOptionalAttributes\",\n attributes={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n },\n parent_id=parent_group.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var parentGroup = new Keycloak.Group(\"parentGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var childGroup = new Keycloak.Group(\"childGroup\", new()\n {\n ParentId = parentGroup.Id,\n RealmId = realm.Id,\n });\n\n var childGroupWithOptionalAttributes = new Keycloak.Group(\"childGroupWithOptionalAttributes\", new()\n {\n Attributes = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n ParentId = parentGroup.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentGroup, err := keycloak.NewGroup(ctx, \"parentGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroup\", \u0026keycloak.GroupArgs{\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"childGroupWithOptionalAttributes\", \u0026keycloak.GroupArgs{\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key1\": pulumi.Any(\"value1\"),\n\t\t\t\t\"key2\": pulumi.Any(\"value2\"),\n\t\t\t},\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var parentGroup = new Group(\"parentGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var childGroup = new Group(\"childGroup\", GroupArgs.builder() \n .parentId(parentGroup.id())\n .realmId(realm.id())\n .build());\n\n var childGroupWithOptionalAttributes = new Group(\"childGroupWithOptionalAttributes\", GroupArgs.builder() \n .attributes(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .parentId(parentGroup.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n parentGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n childGroup:\n type: keycloak:Group\n properties:\n parentId: ${parentGroup.id}\n realmId: ${realm.id}\n childGroupWithOptionalAttributes:\n type: keycloak:Group\n properties:\n attributes:\n key1: value1\n key2: value2\n parentId: ${parentGroup.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level.\n- `name` - (Required) The name of the group.\n- `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak\nassigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group.child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd\n```\n", + "description": "## # keycloak.Group\n\nAllows for creating and managing Groups within Keycloak.\n\nGroups provide a logical wrapping for users within Keycloak. Users within a\ngroup can share attributes and roles, and group membership can be mapped\nto a claim.\n\nAttributes can also be defined on Groups.\n\nGroups can also be federated from external data sources, such as LDAP or Active Directory.\nThis resource **should not** be used to manage groups that were created this way.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst parentGroup = new keycloak.Group(\"parent_group\", {\n realmId: realm.id,\n name: \"parent-group\",\n});\nconst childGroup = new keycloak.Group(\"child_group\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n name: \"child-group\",\n});\nconst childGroupWithOptionalAttributes = new keycloak.Group(\"child_group_with_optional_attributes\", {\n realmId: realm.id,\n parentId: parentGroup.id,\n name: \"child-group-with-optional-attributes\",\n attributes: {\n key1: \"value1\",\n key2: \"value2\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nparent_group = keycloak.Group(\"parent_group\",\n realm_id=realm.id,\n name=\"parent-group\")\nchild_group = keycloak.Group(\"child_group\",\n realm_id=realm.id,\n parent_id=parent_group.id,\n name=\"child-group\")\nchild_group_with_optional_attributes = keycloak.Group(\"child_group_with_optional_attributes\",\n realm_id=realm.id,\n parent_id=parent_group.id,\n name=\"child-group-with-optional-attributes\",\n attributes={\n \"key1\": \"value1\",\n \"key2\": \"value2\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var parentGroup = new Keycloak.Group(\"parent_group\", new()\n {\n RealmId = realm.Id,\n Name = \"parent-group\",\n });\n\n var childGroup = new Keycloak.Group(\"child_group\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n Name = \"child-group\",\n });\n\n var childGroupWithOptionalAttributes = new Keycloak.Group(\"child_group_with_optional_attributes\", new()\n {\n RealmId = realm.Id,\n ParentId = parentGroup.Id,\n Name = \"child-group-with-optional-attributes\",\n Attributes = \n {\n { \"key1\", \"value1\" },\n { \"key2\", \"value2\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tparentGroup, err := keycloak.NewGroup(ctx, \"parent_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"parent-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"child_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tName: pulumi.String(\"child-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroup(ctx, \"child_group_with_optional_attributes\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tParentId: parentGroup.ID(),\n\t\t\tName: pulumi.String(\"child-group-with-optional-attributes\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"key1\": pulumi.Any(\"value1\"),\n\t\t\t\t\"key2\": pulumi.Any(\"value2\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var parentGroup = new Group(\"parentGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"parent-group\")\n .build());\n\n var childGroup = new Group(\"childGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .parentId(parentGroup.id())\n .name(\"child-group\")\n .build());\n\n var childGroupWithOptionalAttributes = new Group(\"childGroupWithOptionalAttributes\", GroupArgs.builder() \n .realmId(realm.id())\n .parentId(parentGroup.id())\n .name(\"child-group-with-optional-attributes\")\n .attributes(Map.ofEntries(\n Map.entry(\"key1\", \"value1\"),\n Map.entry(\"key2\", \"value2\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n parentGroup:\n type: keycloak:Group\n name: parent_group\n properties:\n realmId: ${realm.id}\n name: parent-group\n childGroup:\n type: keycloak:Group\n name: child_group\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n name: child-group\n childGroupWithOptionalAttributes:\n type: keycloak:Group\n name: child_group_with_optional_attributes\n properties:\n realmId: ${realm.id}\n parentId: ${parentGroup.id}\n name: child-group-with-optional-attributes\n attributes:\n key1: value1\n key2: value2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `parent_id` - (Optional) The ID of this group's parent. If omitted, this group will be defined at the root level.\n- `name` - (Required) The name of the group.\n- `attributes` - (Optional) A dict of key/value pairs to set as custom attributes for the group.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `path` - The complete path of the group. For example, the child group's path in the example configuration would be `/parent-group/child-group`.\n\n### Import\n\nGroups can be imported using the format `{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that Keycloak\nassigns to the group upon creation. This value can be found in the URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group.child_group my-realm/934a4a4e-28bd-4703-a0fa-332df153aabd\n```\n", "properties": { "attributes": { "type": "object", @@ -3258,7 +3258,7 @@ } }, "keycloak:index/groupMemberships:GroupMemberships": { - "description": "## # keycloak.GroupMemberships\n\nAllows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members.\nWhen this resource takes control over a group's members, users that are manually added\nto the group will be removed, and users that are manually removed from the group will\nbe added upon the next run of `pulumi up`. Eventually, a non-authoritative resource\nfor group membership will be added to this provider.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned\nas a default group via `keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members\nfederated from an external source via group mapping.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"groupMembers\", {\n groupId: group.id,\n members: [user.username],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"groupMembers\",\n group_id=group.id,\n members=[user.username],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"groupMembers\", new()\n {\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"groupMembers\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder() \n .groupId(group.id())\n .members(user.username())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n properties:\n groupId: ${group.id}\n members:\n - ${user.username}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should manage memberships for.\n- `members` - (Required) An array of usernames that belong to this group.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", + "description": "## # keycloak.GroupMemberships\n\nAllows for managing a Keycloak group's members.\n\nNote that this resource attempts to be an **authoritative** source over group members.\nWhen this resource takes control over a group's members, users that are manually added\nto the group will be removed, and users that are manually removed from the group will\nbe added upon the next run of `pulumi up`. Eventually, a non-authoritative resource\nfor group membership will be added to this provider.\n\nAlso note that you should not use `keycloak.GroupMemberships` with a group has been assigned\nas a default group via `keycloak.DefaultGroups`.\n\nThis resource **should not** be used to control membership of a group that has its members\nfederated from an external source via group mapping.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst groupMembers = new keycloak.GroupMemberships(\"group_members\", {\n realmId: realm.id,\n groupId: group.id,\n members: [user.username],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\ngroup_members = keycloak.GroupMemberships(\"group_members\",\n realm_id=realm.id,\n group_id=group.id,\n members=[user.username])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var groupMembers = new Keycloak.GroupMemberships(\"group_members\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n Members = new[]\n {\n user.Username,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupMemberships(ctx, \"group_members\", \u0026keycloak.GroupMembershipsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tuser.Username,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.GroupMemberships;\nimport com.pulumi.keycloak.GroupMembershipsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var groupMembers = new GroupMemberships(\"groupMembers\", GroupMembershipsArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .members(user.username())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n groupMembers:\n type: keycloak:GroupMemberships\n name: group_members\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n members:\n - ${user.username}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should manage memberships for.\n- `members` - (Required) An array of usernames that belong to this group.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "groupId": { "type": "string" @@ -3423,7 +3423,7 @@ } }, "keycloak:index/groupRoles:GroupRoles": { - "description": "## # keycloak.GroupRoles\n\nAllows you to manage roles assigned to a Keycloak group.\n\nNote that this resource attempts to be an **authoritative** source over\ngroup roles. When this resource takes control over a group's roles,\nroles that are manually added to the group will be removed, and roles\nthat are manually removed from the group will be added upon the next run\nof `pulumi up`.\n\nNote that when assigning composite roles to a group, you may see a\nnon-empty plan following a `pulumi up` if you assign a role and a\ncomposite that includes that role to the same group.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n description: \"My Realm Role\",\n realmId: realm.id,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst groupRoles = new keycloak.GroupRoles(\"groupRoles\", {\n groupId: group.id,\n realmId: realm.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrealm_role = keycloak.Role(\"realmRole\",\n description=\"My Realm Role\",\n realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\ngroup_roles = keycloak.GroupRoles(\"groupRoles\",\n group_id=group.id,\n realm_id=realm.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n Description = \"My Realm Role\",\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"groupRoles\", new()\n {\n GroupId = @group.Id,\n RealmId = realm.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"groupRoles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tGroupId: group.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .description(\"My Realm Role\")\n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.id())\n .realmId(realm.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n realmRole:\n type: keycloak:Role\n properties:\n description: My Realm Role\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should\n manage roles for.\n- `role_ids` - (Required) A list of role IDs to map to the group\n\n### Import\n\nThis resource can be imported using the format\n`{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that\nKeycloak assigns to the group upon creation. This value can be found in\nthe URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94\n```\n", + "description": "## # keycloak.GroupRoles\n\nAllows you to manage roles assigned to a Keycloak group.\n\nNote that this resource attempts to be an **authoritative** source over\ngroup roles. When this resource takes control over a group's roles,\nroles that are manually added to the group will be removed, and roles\nthat are manually removed from the group will be added upon the next run\nof `pulumi up`.\n\nNote that when assigning composite roles to a group, you may see a\nnon-empty plan following a `pulumi up` if you assign a role and a\ncomposite that includes that role to the same group.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst groupRoles = new keycloak.GroupRoles(\"group_roles\", {\n realmId: realm.id,\n groupId: group.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"my-group\")\ngroup_roles = keycloak.GroupRoles(\"group_roles\",\n realm_id=realm.id,\n group_id=group.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var groupRoles = new Keycloak.GroupRoles(\"group_roles\", new()\n {\n RealmId = realm.Id,\n GroupId = @group.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewGroupRoles(ctx, \"group_roles\", \u0026keycloak.GroupRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tGroupId: group.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: my-group\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists in.\n- `group_id` - (Required) The ID of the group this resource should\n manage roles for.\n- `role_ids` - (Required) A list of role IDs to map to the group\n\n### Import\n\nThis resource can be imported using the format\n`{{realm_id}}/{{group_id}}`, where `group_id` is the unique ID that\nKeycloak assigns to the group upon creation. This value can be found in\nthe URI when editing this group in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_group_roles.group_roles my-realm/18cc6b87-2ce7-4e59-bdc8-b9d49ec98a94\n```\n", "properties": { "exhaustive": { "type": "boolean" @@ -3495,7 +3495,7 @@ } }, "keycloak:index/hardcodedAttributeIdentityProviderMapper:HardcodedAttributeIdentityProviderMapper": { - "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider.\n\nThe identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n attributeName: \"attribute\",\n attributeValue: \"value\",\n userSession: true,\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\noidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n attribute_name=\"attribute\",\n attribute_value=\"value\",\n user_session=True,\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n AttributeName = \"attribute\",\n AttributeValue = \"value\",\n UserSession = true,\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, \"oidcHardcodedAttributeIdentityProviderMapper\", \u0026keycloak.HardcodedAttributeIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tAttributeName: pulumi.String(\"attribute\"),\n\t\t\tAttributeValue: pulumi.String(\"value\"),\n\t\t\tUserSession: pulumi.Bool(true),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", HardcodedAttributeIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .attributeName(\"attribute\")\n .attributeValue(\"value\")\n .userSession(true)\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n oidcHardcodedAttributeIdentityProviderMapper:\n type: keycloak:HardcodedAttributeIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n attributeName: attribute\n attributeValue: value\n userSession: true\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak identity provider.\n\nThe identity provider hardcoded attribute mapper will set the specified value to the IDP attribute.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\", {\n realm: realm.id,\n name: \"hardcodedUserSessionAttribute\",\n identityProviderAlias: oidc.alias,\n attributeName: \"attribute\",\n attributeValue: \"value\",\n userSession: true,\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\noidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\",\n realm=realm.id,\n name=\"hardcodedUserSessionAttribute\",\n identity_provider_alias=oidc.alias,\n attribute_name=\"attribute\",\n attribute_value=\"value\",\n user_session=True,\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"hardcodedUserSessionAttribute\",\n IdentityProviderAlias = oidc.Alias,\n AttributeName = \"attribute\",\n AttributeValue = \"value\",\n UserSession = true,\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, \"oidc\", \u0026keycloak.HardcodedAttributeIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"hardcodedUserSessionAttribute\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tAttributeName: pulumi.String(\"attribute\"),\n\t\t\tAttributeValue: pulumi.String(\"value\"),\n\t\t\tUserSession: pulumi.Bool(true),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapper;\nimport com.pulumi.keycloak.HardcodedAttributeIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper(\"oidcHardcodedAttributeIdentityProviderMapper\", HardcodedAttributeIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .name(\"hardcodedUserSessionAttribute\")\n .identityProviderAlias(oidc.alias())\n .attributeName(\"attribute\")\n .attributeValue(\"value\")\n .userSession(true)\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n oidcHardcodedAttributeIdentityProviderMapper:\n type: keycloak:HardcodedAttributeIdentityProviderMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: hardcodedUserSessionAttribute\n identityProviderAlias: ${oidc.alias}\n attributeName: attribute\n attributeValue: value\n userSession: true\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "attributeName": { "type": "string", @@ -3617,7 +3617,7 @@ } }, "keycloak:index/hardcodedRoleIdentityMapper:HardcodedRoleIdentityMapper": { - "description": "Allows for creating and managing hardcoded role mappers for Keycloak identity provider.\n\nThe identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidcIdentityProvider = new keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", {\n realm: realm.id,\n identityProviderAlias: oidcIdentityProvider.alias,\n role: \"my-realm-role\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc_identity_provider = keycloak.oidc.IdentityProvider(\"oidcIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\noidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\",\n realm=realm.id,\n identity_provider_alias=oidc_identity_provider.alias,\n role=\"my-realm-role\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"oidcIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidcIdentityProvider.Alias,\n Role = \"my-realm-role\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, \"oidcIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, \"oidcHardcodedRoleIdentityMapper\", \u0026keycloak.HardcodedRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidcIdentityProvider.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapper;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidcIdentityProvider = new IdentityProvider(\"oidcIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", HardcodedRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidcIdentityProvider.alias())\n .role(\"my-realm-role\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidcIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n oidcHardcodedRoleIdentityMapper:\n type: keycloak:HardcodedRoleIdentityMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidcIdentityProvider.alias}\n role: my-realm-role\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "Allows for creating and managing hardcoded role mappers for Keycloak identity provider.\n\nThe identity provider hardcoded role mapper grants a specified Keycloak role to each Keycloak user from the LDAP provider.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper(\"oidc\", {\n realm: realm.id,\n name: \"hardcodedRole\",\n identityProviderAlias: oidc.alias,\n role: \"my-realm-role\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\")\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\noidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper(\"oidc\",\n realm=realm.id,\n name=\"hardcodedRole\",\n identity_provider_alias=oidc.alias,\n role=\"my-realm-role\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper(\"oidc\", new()\n {\n Realm = realm.Id,\n Name = \"hardcodedRole\",\n IdentityProviderAlias = oidc.Alias,\n Role = \"my-realm-role\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, \"oidc\", \u0026keycloak.HardcodedRoleIdentityMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"hardcodedRole\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tRole: pulumi.String(\"my-realm-role\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapper;\nimport com.pulumi.keycloak.HardcodedRoleIdentityMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper(\"oidcHardcodedRoleIdentityMapper\", HardcodedRoleIdentityMapperArgs.builder() \n .realm(realm.id())\n .name(\"hardcodedRole\")\n .identityProviderAlias(oidc.alias())\n .role(\"my-realm-role\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n oidcHardcodedRoleIdentityMapper:\n type: keycloak:HardcodedRoleIdentityMapper\n name: oidc\n properties:\n realm: ${realm.id}\n name: hardcodedRole\n identityProviderAlias: ${oidc.alias}\n role: my-realm-role\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "extraConfig": { "type": "object", @@ -3711,7 +3711,7 @@ } }, "keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"tokenExchangeRealm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchangeWebappClient\", {\n realmId: tokenExchangeRealm.id,\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"tokenExchangeRealm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchangeWebappClient\",\n realm_id=token_exchange_realm.id,\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"tokenExchangeRealm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"tokenExchangeMyOidcIdp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchangeWebappClient\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"tokenExchangeRealm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"tokenExchangeMyOidcIdp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchangeWebappClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidcIdpPermission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n //relevant part\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${tokenExchangeRealm.id}\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\nyou assign to the identity provider upon creation.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst tokenExchangeRealm = new keycloak.Realm(\"token_exchange_realm\", {\n realm: \"token-exchange_destination_realm\",\n enabled: true,\n});\nconst tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider(\"token_exchange_my_oidc_idp\", {\n realm: tokenExchangeRealm.id,\n alias: \"myIdp\",\n authorizationUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n tokenUrl: \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n clientId: \"clientId\",\n clientSecret: \"secret\",\n defaultScopes: \"openid\",\n});\nconst token_exchangeWebappClient = new keycloak.openid.Client(\"token-exchange_webapp_client\", {\n realmId: tokenExchangeRealm.id,\n name: \"webapp_client\",\n clientId: \"webapp_client\",\n clientSecret: \"secret\",\n description: \"a webapp client on the destination realm\",\n accessType: \"CONFIDENTIAL\",\n standardFlowEnabled: true,\n validRedirectUris: [\"http://localhost:8080/*\"],\n});\n//relevant part\nconst oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\", {\n realmId: tokenExchangeRealm.id,\n providerAlias: tokenExchangeMyOidcIdp.alias,\n policyType: \"client\",\n clients: [token_exchangeWebappClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\ntoken_exchange_realm = keycloak.Realm(\"token_exchange_realm\",\n realm=\"token-exchange_destination_realm\",\n enabled=True)\ntoken_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider(\"token_exchange_my_oidc_idp\",\n realm=token_exchange_realm.id,\n alias=\"myIdp\",\n authorization_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n token_url=\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n client_id=\"clientId\",\n client_secret=\"secret\",\n default_scopes=\"openid\")\ntoken_exchange_webapp_client = keycloak.openid.Client(\"token-exchange_webapp_client\",\n realm_id=token_exchange_realm.id,\n name=\"webapp_client\",\n client_id=\"webapp_client\",\n client_secret=\"secret\",\n description=\"a webapp client on the destination realm\",\n access_type=\"CONFIDENTIAL\",\n standard_flow_enabled=True,\n valid_redirect_uris=[\"http://localhost:8080/*\"])\n#relevant part\noidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\",\n realm_id=token_exchange_realm.id,\n provider_alias=token_exchange_my_oidc_idp.alias,\n policy_type=\"client\",\n clients=[token_exchange_webapp_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var tokenExchangeRealm = new Keycloak.Realm(\"token_exchange_realm\", new()\n {\n RealmName = \"token-exchange_destination_realm\",\n Enabled = true,\n });\n\n var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider(\"token_exchange_my_oidc_idp\", new()\n {\n Realm = tokenExchangeRealm.Id,\n Alias = \"myIdp\",\n AuthorizationUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\",\n TokenUrl = \"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\",\n ClientId = \"clientId\",\n ClientSecret = \"secret\",\n DefaultScopes = \"openid\",\n });\n\n var token_exchangeWebappClient = new Keycloak.OpenId.Client(\"token-exchange_webapp_client\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n Name = \"webapp_client\",\n ClientId = \"webapp_client\",\n ClientSecret = \"secret\",\n Description = \"a webapp client on the destination realm\",\n AccessType = \"CONFIDENTIAL\",\n StandardFlowEnabled = true,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/*\",\n },\n });\n\n //relevant part\n var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission(\"oidc_idp_permission\", new()\n {\n RealmId = tokenExchangeRealm.Id,\n ProviderAlias = tokenExchangeMyOidcIdp.Alias,\n PolicyType = \"client\",\n Clients = new[]\n {\n token_exchangeWebappClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttokenExchangeRealm, err := keycloak.NewRealm(ctx, \"token_exchange_realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"token-exchange_destination_realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, \"token_exchange_my_oidc_idp\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: tokenExchangeRealm.ID(),\n\t\t\tAlias: pulumi.String(\"myIdp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\"),\n\t\t\tClientId: pulumi.String(\"clientId\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"token-exchange_webapp_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tName: pulumi.String(\"webapp_client\"),\n\t\t\tClientId: pulumi.String(\"webapp_client\"),\n\t\t\tClientSecret: pulumi.String(\"secret\"),\n\t\t\tDescription: pulumi.String(\"a webapp client on the destination realm\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tStandardFlowEnabled: pulumi.Bool(true),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/*\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// relevant part\n\t\t_, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, \"oidc_idp_permission\", \u0026keycloak.IdentityProviderTokenExchangeScopePermissionArgs{\n\t\t\tRealmId: tokenExchangeRealm.ID(),\n\t\t\tProviderAlias: tokenExchangeMyOidcIdp.Alias,\n\t\t\tPolicyType: pulumi.String(\"client\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\ttoken_exchangeWebappClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermission;\nimport com.pulumi.keycloak.IdentityProviderTokenExchangeScopePermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var tokenExchangeRealm = new Realm(\"tokenExchangeRealm\", RealmArgs.builder() \n .realm(\"token-exchange_destination_realm\")\n .enabled(true)\n .build());\n\n var tokenExchangeMyOidcIdp = new IdentityProvider(\"tokenExchangeMyOidcIdp\", IdentityProviderArgs.builder() \n .realm(tokenExchangeRealm.id())\n .alias(\"myIdp\")\n .authorizationUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\")\n .tokenUrl(\"http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\")\n .clientId(\"clientId\")\n .clientSecret(\"secret\")\n .defaultScopes(\"openid\")\n .build());\n\n var token_exchangeWebappClient = new Client(\"token-exchangeWebappClient\", ClientArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .name(\"webapp_client\")\n .clientId(\"webapp_client\")\n .clientSecret(\"secret\")\n .description(\"a webapp client on the destination realm\")\n .accessType(\"CONFIDENTIAL\")\n .standardFlowEnabled(true)\n .validRedirectUris(\"http://localhost:8080/*\")\n .build());\n\n //relevant part\n var oidcIdpPermission = new IdentityProviderTokenExchangeScopePermission(\"oidcIdpPermission\", IdentityProviderTokenExchangeScopePermissionArgs.builder() \n .realmId(tokenExchangeRealm.id())\n .providerAlias(tokenExchangeMyOidcIdp.alias())\n .policyType(\"client\")\n .clients(token_exchangeWebappClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n tokenExchangeRealm:\n type: keycloak:Realm\n name: token_exchange_realm\n properties:\n realm: token-exchange_destination_realm\n enabled: true\n tokenExchangeMyOidcIdp:\n type: keycloak:oidc:IdentityProvider\n name: token_exchange_my_oidc_idp\n properties:\n realm: ${tokenExchangeRealm.id}\n alias: myIdp\n authorizationUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth\n tokenUrl: http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/token\n clientId: clientId\n clientSecret: secret\n defaultScopes: openid\n token-exchangeWebappClient:\n type: keycloak:openid:Client\n name: token-exchange_webapp_client\n properties:\n realmId: ${tokenExchangeRealm.id}\n name: webapp_client\n clientId: webapp_client\n clientSecret: secret\n description: a webapp client on the destination realm\n accessType: CONFIDENTIAL\n standardFlowEnabled: true\n validRedirectUris:\n - http://localhost:8080/*\n # relevant part\n oidcIdpPermission:\n type: keycloak:IdentityProviderTokenExchangeScopePermission\n name: oidc_idp_permission\n properties:\n realmId: ${tokenExchangeRealm.id}\n providerAlias: ${tokenExchangeMyOidcIdp.alias}\n policyType: client\n clients:\n - ${[\"token-exchangeWebappClient\"].id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{provider_alias}}`, where `provider_alias` is the alias that\n\nyou assign to the identity provider upon creation.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/identityProviderTokenExchangeScopePermission:IdentityProviderTokenExchangeScopePermission oidc_idp_permission my-realm/myIdp\n```\n\n", "properties": { "authorizationIdpResourceId": { "type": "string", @@ -4458,7 +4458,7 @@ } }, "keycloak:index/realmEvents:RealmEvents": { - "description": "## # keycloak.RealmEvents\n\nAllows for managing Realm Events settings within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"test\"});\nconst realmEvents = new keycloak.RealmEvents(\"realmEvents\", {\n adminEventsDetailsEnabled: true,\n adminEventsEnabled: true,\n enabledEventTypes: [\n \"LOGIN\",\n \"LOGOUT\",\n ],\n eventsEnabled: true,\n eventsExpiration: 3600,\n eventsListeners: [\"jboss-logging\"],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"test\")\nrealm_events = keycloak.RealmEvents(\"realmEvents\",\n admin_events_details_enabled=True,\n admin_events_enabled=True,\n enabled_event_types=[\n \"LOGIN\",\n \"LOGOUT\",\n ],\n events_enabled=True,\n events_expiration=3600,\n events_listeners=[\"jboss-logging\"],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n });\n\n var realmEvents = new Keycloak.RealmEvents(\"realmEvents\", new()\n {\n AdminEventsDetailsEnabled = true,\n AdminEventsEnabled = true,\n EnabledEventTypes = new[]\n {\n \"LOGIN\",\n \"LOGOUT\",\n },\n EventsEnabled = true,\n EventsExpiration = 3600,\n EventsListeners = new[]\n {\n \"jboss-logging\",\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmEvents(ctx, \"realmEvents\", \u0026keycloak.RealmEventsArgs{\n\t\t\tAdminEventsDetailsEnabled: pulumi.Bool(true),\n\t\t\tAdminEventsEnabled: pulumi.Bool(true),\n\t\t\tEnabledEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"LOGIN\"),\n\t\t\t\tpulumi.String(\"LOGOUT\"),\n\t\t\t},\n\t\t\tEventsEnabled: pulumi.Bool(true),\n\t\t\tEventsExpiration: pulumi.Int(3600),\n\t\t\tEventsListeners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jboss-logging\"),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmEvents;\nimport com.pulumi.keycloak.RealmEventsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .build());\n\n var realmEvents = new RealmEvents(\"realmEvents\", RealmEventsArgs.builder() \n .adminEventsDetailsEnabled(true)\n .adminEventsEnabled(true)\n .enabledEventTypes( \n \"LOGIN\",\n \"LOGOUT\")\n .eventsEnabled(true)\n .eventsExpiration(3600)\n .eventsListeners(\"jboss-logging\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n realmEvents:\n type: keycloak:RealmEvents\n properties:\n adminEventsDetailsEnabled: true\n adminEventsEnabled: true\n # When omitted or left empty, keycloak will enable all event types\n enabledEventTypes:\n - LOGIN\n - LOGOUT\n eventsEnabled: true\n eventsExpiration: 3600\n eventsListeners:\n - jboss-logging\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The name of the realm the event settings apply to.\n- `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n- `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n- `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n- `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n- `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n- `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n", + "description": "## # keycloak.RealmEvents\n\nAllows for managing Realm Events settings within Keycloak.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"test\"});\nconst realmEvents = new keycloak.RealmEvents(\"realm_events\", {\n realmId: realm.id,\n eventsEnabled: true,\n eventsExpiration: 3600,\n adminEventsEnabled: true,\n adminEventsDetailsEnabled: true,\n enabledEventTypes: [\n \"LOGIN\",\n \"LOGOUT\",\n ],\n eventsListeners: [\"jboss-logging\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"test\")\nrealm_events = keycloak.RealmEvents(\"realm_events\",\n realm_id=realm.id,\n events_enabled=True,\n events_expiration=3600,\n admin_events_enabled=True,\n admin_events_details_enabled=True,\n enabled_event_types=[\n \"LOGIN\",\n \"LOGOUT\",\n ],\n events_listeners=[\"jboss-logging\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n });\n\n var realmEvents = new Keycloak.RealmEvents(\"realm_events\", new()\n {\n RealmId = realm.Id,\n EventsEnabled = true,\n EventsExpiration = 3600,\n AdminEventsEnabled = true,\n AdminEventsDetailsEnabled = true,\n EnabledEventTypes = new[]\n {\n \"LOGIN\",\n \"LOGOUT\",\n },\n EventsListeners = new[]\n {\n \"jboss-logging\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmEvents(ctx, \"realm_events\", \u0026keycloak.RealmEventsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEventsEnabled: pulumi.Bool(true),\n\t\t\tEventsExpiration: pulumi.Int(3600),\n\t\t\tAdminEventsEnabled: pulumi.Bool(true),\n\t\t\tAdminEventsDetailsEnabled: pulumi.Bool(true),\n\t\t\tEnabledEventTypes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"LOGIN\"),\n\t\t\t\tpulumi.String(\"LOGOUT\"),\n\t\t\t},\n\t\t\tEventsListeners: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"jboss-logging\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmEvents;\nimport com.pulumi.keycloak.RealmEventsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .build());\n\n var realmEvents = new RealmEvents(\"realmEvents\", RealmEventsArgs.builder() \n .realmId(realm.id())\n .eventsEnabled(true)\n .eventsExpiration(3600)\n .adminEventsEnabled(true)\n .adminEventsDetailsEnabled(true)\n .enabledEventTypes( \n \"LOGIN\",\n \"LOGOUT\")\n .eventsListeners(\"jboss-logging\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n realmEvents:\n type: keycloak:RealmEvents\n name: realm_events\n properties:\n realmId: ${realm.id}\n eventsEnabled: true\n eventsExpiration: 3600\n adminEventsEnabled: true\n adminEventsDetailsEnabled: true # When omitted or left empty, keycloak will enable all event types\n enabledEventTypes:\n - LOGIN\n - LOGOUT\n eventsListeners:\n - jboss-logging\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The name of the realm the event settings apply to.\n- `admin_events_enabled` - (Optional) When true, admin events are saved to the database, making them available through the admin console. Defaults to `false`.\n- `admin_events_details_enabled` - (Optional) When true, saved admin events will included detailed information for create/update requests. Defaults to `false`.\n- `events_enabled` - (Optional) When true, events from `enabled_event_types` are saved to the database, making them available through the admin console. Defaults to `false`.\n- `events_expiration` - (Optional) The amount of time in seconds events will be saved in the database. Defaults to `0` or never.\n- `enabled_event_types` - (Optional) The event types that will be saved to the database. Omitting this field enables all event types. Defaults to `[]` or all event types.\n- `events_listeners` - (Optional) The event listeners that events should be sent to. Defaults to `[]` or none. Note that new realms enable the `jboss-logging` listener by default, and this resource will remove that unless it is specified.\n", "properties": { "adminEventsDetailsEnabled": { "type": "boolean" @@ -4560,7 +4560,7 @@ } }, "keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated": { - "description": "Allows for creating and managing `aes-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n secretSize: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_aes_generated = keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n secret_size=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated(\"keystoreAesGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n SecretSize = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreAesGenerated(ctx, \"keystoreAesGenerated\", \u0026keycloak.RealmKeystoreAesGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tSecretSize: pulumi.Int(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreAesGenerated;\nimport com.pulumi.keycloak.RealmKeystoreAesGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreAesGenerated = new RealmKeystoreAesGenerated(\"keystoreAesGenerated\", RealmKeystoreAesGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .secretSize(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreAesGenerated:\n type: keycloak:RealmKeystoreAesGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n secretSize: 16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `aes-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\", {\n name: \"my-aes-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n secretSize: 16,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_aes_generated = keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\",\n name=\"my-aes-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n secret_size=16)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated(\"keystore_aes_generated\", new()\n {\n Name = \"my-aes-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n SecretSize = 16,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreAesGenerated(ctx, \"keystore_aes_generated\", \u0026keycloak.RealmKeystoreAesGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-aes-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tSecretSize: pulumi.Int(16),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreAesGenerated;\nimport com.pulumi.keycloak.RealmKeystoreAesGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreAesGenerated = new RealmKeystoreAesGenerated(\"keystoreAesGenerated\", RealmKeystoreAesGeneratedArgs.builder() \n .name(\"my-aes-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .secretSize(16)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreAesGenerated:\n type: keycloak:RealmKeystoreAesGenerated\n name: keystore_aes_generated\n properties:\n name: my-aes-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n secretSize: 16\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreAesGenerated:RealmKeystoreAesGenerated keystore_aes_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -4654,7 +4654,7 @@ } }, "keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated": { - "description": "Allows for creating and managing `acdsa_generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n ellipticCurveKey: \"P-256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n elliptic_curve_key=\"P-256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n EllipticCurveKey = \"P-256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, \"keystoreEcdsaGenerated\", \u0026keycloak.RealmKeystoreEcdsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tEllipticCurveKey: pulumi.String(\"P-256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", RealmKeystoreEcdsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .ellipticCurveKey(\"P-256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreEcdsaGenerated:\n type: keycloak:RealmKeystoreEcdsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n ellipticCurveKey: P-256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `acdsa_generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\", {\n name: \"my-ecdsa-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n ellipticCurveKey: \"P-256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\",\n name=\"my-ecdsa-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n elliptic_curve_key=\"P-256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated(\"keystore_ecdsa_generated\", new()\n {\n Name = \"my-ecdsa-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n EllipticCurveKey = \"P-256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, \"keystore_ecdsa_generated\", \u0026keycloak.RealmKeystoreEcdsaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-ecdsa-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tEllipticCurveKey: pulumi.String(\"P-256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreEcdsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated(\"keystoreEcdsaGenerated\", RealmKeystoreEcdsaGeneratedArgs.builder() \n .name(\"my-ecdsa-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .ellipticCurveKey(\"P-256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreEcdsaGenerated:\n type: keycloak:RealmKeystoreEcdsaGenerated\n name: keystore_ecdsa_generated\n properties:\n name: my-ecdsa-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n ellipticCurveKey: P-256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreEcdsaGenerated:RealmKeystoreEcdsaGenerated keystore_ecdsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -4748,7 +4748,7 @@ } }, "keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated": { - "description": "Allows for creating and managing `hmac-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"HS256\",\n secretSize: 64,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"HS256\",\n secret_size=64)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"HS256\",\n SecretSize = 64,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, \"keystoreHmacGenerated\", \u0026keycloak.RealmKeystoreHmacGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"HS256\"),\n\t\t\tSecretSize: pulumi.Int(64),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreHmacGenerated;\nimport com.pulumi.keycloak.RealmKeystoreHmacGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreHmacGenerated = new RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", RealmKeystoreHmacGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"HS256\")\n .secretSize(64)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreHmacGenerated:\n type: keycloak:RealmKeystoreHmacGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: HS256\n secretSize: 64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `hmac-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\", {\n name: \"my-hmac-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"HS256\",\n secretSize: 64,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\",\n name=\"my-hmac-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"HS256\",\n secret_size=64)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated(\"keystore_hmac_generated\", new()\n {\n Name = \"my-hmac-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"HS256\",\n SecretSize = 64,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, \"keystore_hmac_generated\", \u0026keycloak.RealmKeystoreHmacGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-hmac-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"HS256\"),\n\t\t\tSecretSize: pulumi.Int(64),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreHmacGenerated;\nimport com.pulumi.keycloak.RealmKeystoreHmacGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreHmacGenerated = new RealmKeystoreHmacGenerated(\"keystoreHmacGenerated\", RealmKeystoreHmacGeneratedArgs.builder() \n .name(\"my-hmac-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"HS256\")\n .secretSize(64)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreHmacGenerated:\n type: keycloak:RealmKeystoreHmacGenerated\n name: keystore_hmac_generated\n properties:\n name: my-hmac-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: HS256\n secretSize: 64\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreHmacGenerated:RealmKeystoreHmacGenerated keystore_hmac_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -4854,7 +4854,7 @@ } }, "keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated": { - "description": "Allows for creating and managing `java-keystore` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst javaKeystore = new keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n keystore: \"\u003cpath to your keystore\u003e\",\n keystorePassword: \"\u003cpassword for keystore\u003e\",\n keyAlias: \"\u003calias for the private key\u003e\",\n keyPassword: \"\u003cpassword for the private key\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\njava_keystore = keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n keystore=\"\u003cpath to your keystore\u003e\",\n keystore_password=\"\u003cpassword for keystore\u003e\",\n key_alias=\"\u003calias for the private key\u003e\",\n key_password=\"\u003cpassword for the private key\u003e\",\n priority=100,\n algorithm=\"RS256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated(\"javaKeystore\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Keystore = \"\u003cpath to your keystore\u003e\",\n KeystorePassword = \"\u003cpassword for keystore\u003e\",\n KeyAlias = \"\u003calias for the private key\u003e\",\n KeyPassword = \"\u003cpassword for the private key\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, \"javaKeystore\", \u0026keycloak.RealmKeystoreJavaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tKeystore: pulumi.String(\"\u003cpath to your keystore\u003e\"),\n\t\t\tKeystorePassword: pulumi.String(\"\u003cpassword for keystore\u003e\"),\n\t\t\tKeyAlias: pulumi.String(\"\u003calias for the private key\u003e\"),\n\t\t\tKeyPassword: pulumi.String(\"\u003cpassword for the private key\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreJavaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreJavaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var javaKeystore = new RealmKeystoreJavaGenerated(\"javaKeystore\", RealmKeystoreJavaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .keystore(\"\u003cpath to your keystore\u003e\")\n .keystorePassword(\"\u003cpassword for keystore\u003e\")\n .keyAlias(\"\u003calias for the private key\u003e\")\n .keyPassword(\"\u003cpassword for the private key\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n javaKeystore:\n type: keycloak:RealmKeystoreJavaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n keystore: \u003cpath to your keystore\u003e\n keystorePassword: \u003cpassword for keystore\u003e\n keyAlias: \u003calias for the private key\u003e\n keyPassword: \u003cpassword for the private key\u003e\n priority: 100\n algorithm: RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `java-keystore` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst javaKeystore = new keycloak.RealmKeystoreJavaGenerated(\"java_keystore\", {\n name: \"my-java-keystore\",\n realmId: realm.id,\n enabled: true,\n active: true,\n keystore: \"\u003cpath to your keystore\u003e\",\n keystorePassword: \"\u003cpassword for keystore\u003e\",\n keyAlias: \"\u003calias for the private key\u003e\",\n keyPassword: \"\u003cpassword for the private key\u003e\",\n priority: 100,\n algorithm: \"RS256\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\njava_keystore = keycloak.RealmKeystoreJavaGenerated(\"java_keystore\",\n name=\"my-java-keystore\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n keystore=\"\u003cpath to your keystore\u003e\",\n keystore_password=\"\u003cpassword for keystore\u003e\",\n key_alias=\"\u003calias for the private key\u003e\",\n key_password=\"\u003cpassword for the private key\u003e\",\n priority=100,\n algorithm=\"RS256\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated(\"java_keystore\", new()\n {\n Name = \"my-java-keystore\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Keystore = \"\u003cpath to your keystore\u003e\",\n KeystorePassword = \"\u003cpassword for keystore\u003e\",\n KeyAlias = \"\u003calias for the private key\u003e\",\n KeyPassword = \"\u003cpassword for the private key\u003e\",\n Priority = 100,\n Algorithm = \"RS256\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, \"java_keystore\", \u0026keycloak.RealmKeystoreJavaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-java-keystore\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tKeystore: pulumi.String(\"\u003cpath to your keystore\u003e\"),\n\t\t\tKeystorePassword: pulumi.String(\"\u003cpassword for keystore\u003e\"),\n\t\t\tKeyAlias: pulumi.String(\"\u003calias for the private key\u003e\"),\n\t\t\tKeyPassword: pulumi.String(\"\u003cpassword for the private key\u003e\"),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreJavaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreJavaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var javaKeystore = new RealmKeystoreJavaGenerated(\"javaKeystore\", RealmKeystoreJavaGeneratedArgs.builder() \n .name(\"my-java-keystore\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .keystore(\"\u003cpath to your keystore\u003e\")\n .keystorePassword(\"\u003cpassword for keystore\u003e\")\n .keyAlias(\"\u003calias for the private key\u003e\")\n .keyPassword(\"\u003cpassword for the private key\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n javaKeystore:\n type: keycloak:RealmKeystoreJavaGenerated\n name: java_keystore\n properties:\n name: my-java-keystore\n realmId: ${realm.id}\n enabled: true\n active: true\n keystore: \u003cpath to your keystore\u003e\n keystorePassword: \u003cpassword for keystore\u003e\n keyAlias: \u003calias for the private key\u003e\n keyPassword: \u003cpassword for the private key\u003e\n priority: 100\n algorithm: RS256\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreJavaGenerated:RealmKeystoreJavaGenerated java_keystore my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5004,7 +5004,7 @@ } }, "keycloak:index/realmKeystoreRsa:RealmKeystoreRsa": { - "description": "Allows for creating and managing `rsa` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsa;\nimport com.pulumi.keycloak.RealmKeystoreRsaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsa = new RealmKeystoreRsa(\"keystoreRsa\", RealmKeystoreRsaArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .privateKey(\"\u003cyour rsa private key\u003e\")\n .certificate(\"\u003cyour certificate\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .keystoreSize(2048)\n .providerId(\"rsa\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsa:\n type: keycloak:RealmKeystoreRsa\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n privateKey: \u003cyour rsa private key\u003e\n certificate: \u003cyour certificate\u003e\n priority: 100\n algorithm: RS256\n keystoreSize: 2048\n providerId: rsa\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `rsa` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsa;\nimport com.pulumi.keycloak.RealmKeystoreRsaArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsa = new RealmKeystoreRsa(\"keystoreRsa\", RealmKeystoreRsaArgs.builder() \n .name(\"my-rsa-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .privateKey(\"\u003cyour rsa private key\u003e\")\n .certificate(\"\u003cyour certificate\u003e\")\n .priority(100)\n .algorithm(\"RS256\")\n .keystoreSize(2048)\n .providerId(\"rsa\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsa:\n type: keycloak:RealmKeystoreRsa\n name: keystore_rsa\n properties:\n name: my-rsa-key\n realmId: ${realm.id}\n enabled: true\n active: true\n privateKey: \u003cyour rsa private key\u003e\n certificate: \u003cyour certificate\u003e\n priority: 100\n algorithm: RS256\n keystoreSize: 2048\n providerId: rsa\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsa:RealmKeystoreRsa keystore_rsa my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5140,7 +5140,7 @@ } }, "keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated": { - "description": "Allows for creating and managing `rsa-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", {\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"RS256\",\n keySize: 2048,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"RS256\",\n key_size=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", new()\n {\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"RS256\",\n KeySize = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, \"keystoreRsaGenerated\", \u0026keycloak.RealmKeystoreRsaGeneratedArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeySize: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreRsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsaGenerated = new RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", RealmKeystoreRsaGeneratedArgs.builder() \n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"RS256\")\n .keySize(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsaGenerated:\n type: keycloak:RealmKeystoreRsaGenerated\n properties:\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: RS256\n keySize: 2048\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", + "description": "Allows for creating and managing `rsa-generated` Realm keystores within Keycloak.\n\nA realm keystore manages generated key pairs that are used by Keycloak to perform cryptographic signatures and encryption.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {realm: \"my-realm\"});\nconst keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\", {\n name: \"my-rsa-generated-key\",\n realmId: realm.id,\n enabled: true,\n active: true,\n priority: 100,\n algorithm: \"RS256\",\n keySize: 2048,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\", realm=\"my-realm\")\nkeystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\",\n name=\"my-rsa-generated-key\",\n realm_id=realm.id,\n enabled=True,\n active=True,\n priority=100,\n algorithm=\"RS256\",\n key_size=2048)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n });\n\n var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated(\"keystore_rsa_generated\", new()\n {\n Name = \"my-rsa-generated-key\",\n RealmId = realm.Id,\n Enabled = true,\n Active = true,\n Priority = 100,\n Algorithm = \"RS256\",\n KeySize = 2048,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, \"keystore_rsa_generated\", \u0026keycloak.RealmKeystoreRsaGeneratedArgs{\n\t\t\tName: pulumi.String(\"my-rsa-generated-key\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tActive: pulumi.Bool(true),\n\t\t\tPriority: pulumi.Int(100),\n\t\t\tAlgorithm: pulumi.String(\"RS256\"),\n\t\t\tKeySize: pulumi.Int(2048),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmKeystoreRsaGenerated;\nimport com.pulumi.keycloak.RealmKeystoreRsaGeneratedArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n var keystoreRsaGenerated = new RealmKeystoreRsaGenerated(\"keystoreRsaGenerated\", RealmKeystoreRsaGeneratedArgs.builder() \n .name(\"my-rsa-generated-key\")\n .realmId(realm.id())\n .enabled(true)\n .active(true)\n .priority(100)\n .algorithm(\"RS256\")\n .keySize(2048)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n keystoreRsaGenerated:\n type: keycloak:RealmKeystoreRsaGenerated\n name: keystore_rsa_generated\n properties:\n name: my-rsa-generated-key\n realmId: ${realm.id}\n enabled: true\n active: true\n priority: 100\n algorithm: RS256\n keySize: 2048\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nRealm keys can be imported using realm name and keystore id, you can find it in web UI.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/realmKeystoreRsaGenerated:RealmKeystoreRsaGenerated keystore_rsa_generated my-realm/618cfba7-49aa-4c09-9a19-2f699b576f0b\n```\n\n", "properties": { "active": { "type": "boolean", @@ -5246,7 +5246,7 @@ } }, "keycloak:index/realmUserProfile:RealmUserProfile": { - "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\nThis is a preview feature, hence not fully supported and disabled by default.\nTo enable it, start the server with one of the following flags:\n- WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled`\n- Quarkus distribution: `--features=preview` or `--features=declarative-user-profile`\n\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n attributes: {\n userProfileEnabled: true,\n },\n});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: keycloak_realm.my_realm.id,\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n attributes={\n \"userProfileEnabled\": True,\n })\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=keycloak_realm[\"my_realm\"][\"id\"],\n attributes=[\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field1\",\n display_name=\"Field 1\",\n group=\"group1\",\n enabled_when_scopes=[\"offline_access\"],\n required_for_roles=[\"user\"],\n required_for_scopes=[\"offline_access\"],\n permissions=keycloak.RealmUserProfileAttributePermissionsArgs(\n views=[\n \"admin\",\n \"user\",\n ],\n edits=[\n \"admin\",\n \"user\",\n ],\n ),\n validators=[\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"person-name-prohibited-characters\",\n ),\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"pattern\",\n config={\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n ),\n ],\n annotations={\n \"foo\": \"bar\",\n },\n ),\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field2\",\n validators=[keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"options\",\n config={\n \"options\": json.dumps([\"opt1\"]),\n },\n )],\n annotations={\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n ],\n groups=[\n keycloak.RealmUserProfileGroupArgs(\n name=\"group1\",\n display_header=\"Group 1\",\n display_description=\"A first group\",\n annotations={\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n keycloak.RealmUserProfileGroupArgs(\n name=\"group2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Attributes = \n {\n { \"userProfileEnabled\", true },\n },\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = keycloak_realm.My_realm.Id,\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"userProfileEnabled\": pulumi.Any(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_realm.My_realm.Id),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .attributes(Map.of(\"userProfileEnabled\", true))\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder() \n .realmId(keycloak_realm.my_realm().id())\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n attributes:\n userProfileEnabled: true\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${keycloak_realm.my_realm.id}\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n", + "description": "Allows for managing Realm User Profiles within Keycloak.\n\nA user profile defines a schema for representing user attributes and how they are managed within a realm.\nThis is a preview feature, hence not fully supported and disabled by default.\nTo enable it, start the server with one of the following flags:\n- WildFly distribution: `-Dkeycloak.profile.feature.declarative_user_profile=enabled`\n- Quarkus distribution: `--features=preview` or `--features=declarative-user-profile`\n\nThe realm linked to the `keycloak.RealmUserProfile` resource must have the user profile feature enabled.\nIt can be done via the administration UI, or by setting the `userProfileEnabled` realm attribute to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n attributes: {\n userProfileEnabled: true,\n },\n});\nconst userprofile = new keycloak.RealmUserProfile(\"userprofile\", {\n realmId: myRealm.id,\n attributes: [\n {\n name: \"field1\",\n displayName: \"Field 1\",\n group: \"group1\",\n enabledWhenScopes: [\"offline_access\"],\n requiredForRoles: [\"user\"],\n requiredForScopes: [\"offline_access\"],\n permissions: {\n views: [\n \"admin\",\n \"user\",\n ],\n edits: [\n \"admin\",\n \"user\",\n ],\n },\n validators: [\n {\n name: \"person-name-prohibited-characters\",\n },\n {\n name: \"pattern\",\n config: {\n pattern: \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n },\n ],\n annotations: {\n foo: \"bar\",\n },\n },\n {\n name: \"field2\",\n validators: [{\n name: \"options\",\n config: {\n options: JSON.stringify([\"opt1\"]),\n },\n }],\n annotations: {\n foo: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n ],\n groups: [\n {\n name: \"group1\",\n displayHeader: \"Group 1\",\n displayDescription: \"A first group\",\n annotations: {\n foo: \"bar\",\n foo2: JSON.stringify({\n key: \"val\",\n }),\n },\n },\n {\n name: \"group2\",\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n attributes={\n \"userProfileEnabled\": True,\n })\nuserprofile = keycloak.RealmUserProfile(\"userprofile\",\n realm_id=my_realm[\"id\"],\n attributes=[\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field1\",\n display_name=\"Field 1\",\n group=\"group1\",\n enabled_when_scopes=[\"offline_access\"],\n required_for_roles=[\"user\"],\n required_for_scopes=[\"offline_access\"],\n permissions=keycloak.RealmUserProfileAttributePermissionsArgs(\n views=[\n \"admin\",\n \"user\",\n ],\n edits=[\n \"admin\",\n \"user\",\n ],\n ),\n validators=[\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"person-name-prohibited-characters\",\n ),\n keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"pattern\",\n config={\n \"pattern\": \"^[a-z]+$\",\n \"error-message\": \"Nope\",\n },\n ),\n ],\n annotations={\n \"foo\": \"bar\",\n },\n ),\n keycloak.RealmUserProfileAttributeArgs(\n name=\"field2\",\n validators=[keycloak.RealmUserProfileAttributeValidatorArgs(\n name=\"options\",\n config={\n \"options\": json.dumps([\"opt1\"]),\n },\n )],\n annotations={\n \"foo\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n ],\n groups=[\n keycloak.RealmUserProfileGroupArgs(\n name=\"group1\",\n display_header=\"Group 1\",\n display_description=\"A first group\",\n annotations={\n \"foo\": \"bar\",\n \"foo2\": json.dumps({\n \"key\": \"val\",\n }),\n },\n ),\n keycloak.RealmUserProfileGroupArgs(\n name=\"group2\",\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Attributes = \n {\n { \"userProfileEnabled\", true },\n },\n });\n\n var userprofile = new Keycloak.RealmUserProfile(\"userprofile\", new()\n {\n RealmId = myRealm.Id,\n Attributes = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field1\",\n DisplayName = \"Field 1\",\n Group = \"group1\",\n EnabledWhenScopes = new[]\n {\n \"offline_access\",\n },\n RequiredForRoles = new[]\n {\n \"user\",\n },\n RequiredForScopes = new[]\n {\n \"offline_access\",\n },\n Permissions = new Keycloak.Inputs.RealmUserProfileAttributePermissionsArgs\n {\n Views = new[]\n {\n \"admin\",\n \"user\",\n },\n Edits = new[]\n {\n \"admin\",\n \"user\",\n },\n },\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"person-name-prohibited-characters\",\n },\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"pattern\",\n Config = \n {\n { \"pattern\", \"^[a-z]+$\" },\n { \"error-message\", \"Nope\" },\n },\n },\n },\n Annotations = \n {\n { \"foo\", \"bar\" },\n },\n },\n new Keycloak.Inputs.RealmUserProfileAttributeArgs\n {\n Name = \"field2\",\n Validators = new[]\n {\n new Keycloak.Inputs.RealmUserProfileAttributeValidatorArgs\n {\n Name = \"options\",\n Config = \n {\n { \"options\", JsonSerializer.Serialize(new[]\n {\n \"opt1\",\n }) },\n },\n },\n },\n Annotations = \n {\n { \"foo\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n },\n Groups = new[]\n {\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group1\",\n DisplayHeader = \"Group 1\",\n DisplayDescription = \"A first group\",\n Annotations = \n {\n { \"foo\", \"bar\" },\n { \"foo2\", JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"key\"] = \"val\",\n }) },\n },\n },\n new Keycloak.Inputs.RealmUserProfileGroupArgs\n {\n Name = \"group2\",\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"userProfileEnabled\": pulumi.Any(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal([]string{\n\t\t\t\"opt1\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\ttmpJSON2, err := json.Marshal(map[string]interface{}{\n\t\t\t\"key\": \"val\",\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson2 := string(tmpJSON2)\n\t\t_, err = keycloak.NewRealmUserProfile(ctx, \"userprofile\", \u0026keycloak.RealmUserProfileArgs{\n\t\t\tRealmId: pulumi.Any(myRealm.Id),\n\t\t\tAttributes: keycloak.RealmUserProfileAttributeArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field1\"),\n\t\t\t\t\tDisplayName: pulumi.String(\"Field 1\"),\n\t\t\t\t\tGroup: pulumi.String(\"group1\"),\n\t\t\t\t\tEnabledWhenScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForRoles: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t},\n\t\t\t\t\tRequiredForScopes: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\t\t},\n\t\t\t\t\tPermissions: \u0026keycloak.RealmUserProfileAttributePermissionsArgs{\n\t\t\t\t\t\tViews: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\tEdits: pulumi.StringArray{\n\t\t\t\t\t\t\tpulumi.String(\"admin\"),\n\t\t\t\t\t\t\tpulumi.String(\"user\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"person-name-prohibited-characters\"),\n\t\t\t\t\t\t},\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"pattern\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"pattern\": pulumi.String(\"^[a-z]+$\"),\n\t\t\t\t\t\t\t\t\"error-message\": pulumi.String(\"Nope\"),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileAttributeArgs{\n\t\t\t\t\tName: pulumi.String(\"field2\"),\n\t\t\t\t\tValidators: keycloak.RealmUserProfileAttributeValidatorArray{\n\t\t\t\t\t\t\u0026keycloak.RealmUserProfileAttributeValidatorArgs{\n\t\t\t\t\t\t\tName: pulumi.String(\"options\"),\n\t\t\t\t\t\t\tConfig: pulumi.StringMap{\n\t\t\t\t\t\t\t\t\"options\": pulumi.String(json0),\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(json1),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t\tGroups: keycloak.RealmUserProfileGroupArray{\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group1\"),\n\t\t\t\t\tDisplayHeader: pulumi.String(\"Group 1\"),\n\t\t\t\t\tDisplayDescription: pulumi.String(\"A first group\"),\n\t\t\t\t\tAnnotations: pulumi.StringMap{\n\t\t\t\t\t\t\"foo\": pulumi.String(\"bar\"),\n\t\t\t\t\t\t\"foo2\": pulumi.String(json2),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t\t\u0026keycloak.RealmUserProfileGroupArgs{\n\t\t\t\t\tName: pulumi.String(\"group2\"),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RealmUserProfile;\nimport com.pulumi.keycloak.RealmUserProfileArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributeArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileAttributePermissionsArgs;\nimport com.pulumi.keycloak.inputs.RealmUserProfileGroupArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .attributes(Map.of(\"userProfileEnabled\", true))\n .build());\n\n var userprofile = new RealmUserProfile(\"userprofile\", RealmUserProfileArgs.builder() \n .realmId(myRealm.id())\n .attributes( \n RealmUserProfileAttributeArgs.builder()\n .name(\"field1\")\n .displayName(\"Field 1\")\n .group(\"group1\")\n .enabledWhenScopes(\"offline_access\")\n .requiredForRoles(\"user\")\n .requiredForScopes(\"offline_access\")\n .permissions(RealmUserProfileAttributePermissionsArgs.builder()\n .views( \n \"admin\",\n \"user\")\n .edits( \n \"admin\",\n \"user\")\n .build())\n .validators( \n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"person-name-prohibited-characters\")\n .build(),\n RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"pattern\")\n .config(Map.ofEntries(\n Map.entry(\"pattern\", \"^[a-z]+$\"),\n Map.entry(\"error-message\", \"Nope\")\n ))\n .build())\n .annotations(Map.of(\"foo\", \"bar\"))\n .build(),\n RealmUserProfileAttributeArgs.builder()\n .name(\"field2\")\n .validators(RealmUserProfileAttributeValidatorArgs.builder()\n .name(\"options\")\n .config(Map.of(\"options\", serializeJson(\n jsonArray(\"opt1\"))))\n .build())\n .annotations(Map.of(\"foo\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n ))))\n .build())\n .groups( \n RealmUserProfileGroupArgs.builder()\n .name(\"group1\")\n .displayHeader(\"Group 1\")\n .displayDescription(\"A first group\")\n .annotations(Map.ofEntries(\n Map.entry(\"foo\", \"bar\"),\n Map.entry(\"foo2\", serializeJson(\n jsonObject(\n jsonProperty(\"key\", \"val\")\n )))\n ))\n .build(),\n RealmUserProfileGroupArgs.builder()\n .name(\"group2\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n attributes:\n userProfileEnabled: true\n userprofile:\n type: keycloak:RealmUserProfile\n properties:\n realmId: ${myRealm.id}\n attributes:\n - name: field1\n displayName: Field 1\n group: group1\n enabledWhenScopes:\n - offline_access\n requiredForRoles:\n - user\n requiredForScopes:\n - offline_access\n permissions:\n views:\n - admin\n - user\n edits:\n - admin\n - user\n validators:\n - name: person-name-prohibited-characters\n - name: pattern\n config:\n pattern: ^[a-z]+$\n error-message: Nope\n annotations:\n foo: bar\n - name: field2\n validators:\n - name: options\n config:\n options:\n fn::toJSON:\n - opt1\n annotations:\n foo:\n fn::toJSON:\n key: val\n groups:\n - name: group1\n displayHeader: Group 1\n displayDescription: A first group\n annotations:\n foo: bar\n foo2:\n fn::toJSON:\n key: val\n - name: group2\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource currently does not support importing.\n\n", "properties": { "attributes": { "type": "array", @@ -5321,7 +5321,7 @@ } }, "keycloak:index/requiredAction:RequiredAction": { - "description": "Allows for creating and managing required actions within Keycloak.\n\n[Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst requiredAction = new keycloak.RequiredAction(\"requiredAction\", {\n realmId: realm.realm,\n alias: \"webauthn-register\",\n enabled: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrequired_action = keycloak.RequiredAction(\"requiredAction\",\n realm_id=realm.realm,\n alias=\"webauthn-register\",\n enabled=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var requiredAction = new Keycloak.RequiredAction(\"requiredAction\", new()\n {\n RealmId = realm.RealmName,\n Alias = \"webauthn-register\",\n Enabled = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRequiredAction(ctx, \"requiredAction\", \u0026keycloak.RequiredActionArgs{\n\t\t\tRealmId: realm.Realm,\n\t\t\tAlias: pulumi.String(\"webauthn-register\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RequiredAction;\nimport com.pulumi.keycloak.RequiredActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var requiredAction = new RequiredAction(\"requiredAction\", RequiredActionArgs.builder() \n .realmId(realm.realm())\n .alias(\"webauthn-register\")\n .enabled(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n requiredAction:\n type: keycloak:RequiredAction\n properties:\n realmId: ${realm.realm}\n alias: webauthn-register\n enabled: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realm}}/{{alias}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias\n```\n\n", + "description": "Allows for creating and managing required actions within Keycloak.\n\n[Required actions](https://www.keycloak.org/docs/latest/server_admin/#con-required-actions_server_administration_guide) specify actions required before the first login of all new users.\n\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst requiredAction = new keycloak.RequiredAction(\"required_action\", {\n realmId: realm.realm,\n alias: \"webauthn-register\",\n enabled: true,\n name: \"Webauthn Register\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrequired_action = keycloak.RequiredAction(\"required_action\",\n realm_id=realm.realm,\n alias=\"webauthn-register\",\n enabled=True,\n name=\"Webauthn Register\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var requiredAction = new Keycloak.RequiredAction(\"required_action\", new()\n {\n RealmId = realm.RealmName,\n Alias = \"webauthn-register\",\n Enabled = true,\n Name = \"Webauthn Register\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRequiredAction(ctx, \"required_action\", \u0026keycloak.RequiredActionArgs{\n\t\t\tRealmId: realm.Realm,\n\t\t\tAlias: pulumi.String(\"webauthn-register\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tName: pulumi.String(\"Webauthn Register\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.RequiredAction;\nimport com.pulumi.keycloak.RequiredActionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var requiredAction = new RequiredAction(\"requiredAction\", RequiredActionArgs.builder() \n .realmId(realm.realm())\n .alias(\"webauthn-register\")\n .enabled(true)\n .name(\"Webauthn Register\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n requiredAction:\n type: keycloak:RequiredAction\n name: required_action\n properties:\n realmId: ${realm.realm}\n alias: webauthn-register\n enabled: true\n name: Webauthn Register\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nAuthentication executions can be imported using the formats: `{{realm}}/{{alias}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/requiredAction:RequiredAction required_action my-realm/my-default-action-alias\n```\n\n", "properties": { "alias": { "type": "string", @@ -5416,7 +5416,7 @@ } }, "keycloak:index/role:Role": { - "description": "## # keycloak.Role\n\nAllows for creating and managing roles within Keycloak.\n\nRoles allow you define privileges within Keycloak and map them to users\nand groups.\n\n### Example Usage (Realm role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n description: \"My Realm Role\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrealm_role = keycloak.Role(\"realmRole\",\n description=\"My Realm Role\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n Description = \"My Realm Role\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .description(\"My Realm Role\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n realmRole:\n type: keycloak:Role\n properties:\n description: My Realm Role\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Composite role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst createRole = new keycloak.Role(\"createRole\", {realmId: realm.id});\nconst readRole = new keycloak.Role(\"readRole\", {realmId: realm.id});\nconst updateRole = new keycloak.Role(\"updateRole\", {realmId: realm.id});\nconst deleteRole = new keycloak.Role(\"deleteRole\", {realmId: realm.id});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"BEARER-ONLY\",\n clientId: \"client\",\n enabled: true,\n realmId: realm.id,\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n realmId: realm.id,\n});\nconst adminRole = new keycloak.Role(\"adminRole\", {\n compositeRoles: [\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\ncreate_role = keycloak.Role(\"createRole\", realm_id=realm.id)\nread_role = keycloak.Role(\"readRole\", realm_id=realm.id)\nupdate_role = keycloak.Role(\"updateRole\", realm_id=realm.id)\ndelete_role = keycloak.Role(\"deleteRole\", realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n access_type=\"BEARER-ONLY\",\n client_id=\"client\",\n enabled=True,\n realm_id=realm.id)\nclient_role = keycloak.Role(\"clientRole\",\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\",\n realm_id=realm.id)\nadmin_role = keycloak.Role(\"adminRole\",\n composite_roles=[\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var createRole = new Keycloak.Role(\"createRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var readRole = new Keycloak.Role(\"readRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var updateRole = new Keycloak.Role(\"updateRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var deleteRole = new Keycloak.Role(\"deleteRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"BEARER-ONLY\",\n ClientId = \"client\",\n Enabled = true,\n RealmId = realm.Id,\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n RealmId = realm.Id,\n });\n\n var adminRole = new Keycloak.Role(\"adminRole\", new()\n {\n CompositeRoles = new[]\n {\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"createRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"readRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"updateRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"deleteRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"adminRole\", \u0026keycloak.RoleArgs{\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"{keycloak_role.create_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.read_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.update_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.delete_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.client_role.id}\"),\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var createRole = new Role(\"createRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"BEARER-ONLY\")\n .clientId(\"client\")\n .enabled(true)\n .realmId(realm.id())\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .realmId(realm.id())\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder() \n .compositeRoles( \n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n createRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n readRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n updateRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n deleteRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n accessType: BEARER-ONLY\n clientId: client\n enabled: true\n realmId: ${realm.id}\n clientRole:\n type: keycloak:Role\n properties:\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n realmId: ${realm.id}\n adminRole:\n type: keycloak:Role\n properties:\n compositeRoles:\n - '{keycloak_role.create_role.id}'\n - '{keycloak_role.read_role.id}'\n - '{keycloak_role.update_role.id}'\n - '{keycloak_role.delete_role.id}'\n - '{keycloak_role.client_role.id}'\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role will be created as\n a client role attached to the client with the provided ID\n- `name` - (Required) The name of the role\n- `description` - (Optional) The description of the role\n- `composite_roles` - (Optional) When specified, this role will be a\n composite role, composed of all roles that have an ID present within\n this list.\n\n\n### Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where\n`role_id` is the unique ID that Keycloak assigns to the role. The ID is\nnot easy to find in the GUI, but it appears in the URL when editing the\nrole.\n\nExample:\n\n```bash\n$ terraform import keycloak_role.role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n", + "description": "## # keycloak.Role\n\nAllows for creating and managing roles within Keycloak.\n\nRoles allow you define privileges within Keycloak and map them to users\nand groups.\n\n### Example Usage (Realm role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Composite role)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// realm roles\nconst createRole = new keycloak.Role(\"create_role\", {\n realmId: realm.id,\n name: \"create\",\n});\nconst readRole = new keycloak.Role(\"read_role\", {\n realmId: realm.id,\n name: \"read\",\n});\nconst updateRole = new keycloak.Role(\"update_role\", {\n realmId: realm.id,\n name: \"update\",\n});\nconst deleteRole = new keycloak.Role(\"delete_role\", {\n realmId: realm.id,\n name: \"delete\",\n});\n// client role\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst adminRole = new keycloak.Role(\"admin_role\", {\n realmId: realm.id,\n name: \"admin\",\n compositeRoles: [\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# realm roles\ncreate_role = keycloak.Role(\"create_role\",\n realm_id=realm.id,\n name=\"create\")\nread_role = keycloak.Role(\"read_role\",\n realm_id=realm.id,\n name=\"read\")\nupdate_role = keycloak.Role(\"update_role\",\n realm_id=realm.id,\n name=\"update\")\ndelete_role = keycloak.Role(\"delete_role\",\n realm_id=realm.id,\n name=\"delete\")\n# client role\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\nadmin_role = keycloak.Role(\"admin_role\",\n realm_id=realm.id,\n name=\"admin\",\n composite_roles=[\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // realm roles\n var createRole = new Keycloak.Role(\"create_role\", new()\n {\n RealmId = realm.Id,\n Name = \"create\",\n });\n\n var readRole = new Keycloak.Role(\"read_role\", new()\n {\n RealmId = realm.Id,\n Name = \"read\",\n });\n\n var updateRole = new Keycloak.Role(\"update_role\", new()\n {\n RealmId = realm.Id,\n Name = \"update\",\n });\n\n var deleteRole = new Keycloak.Role(\"delete_role\", new()\n {\n RealmId = realm.Id,\n Name = \"delete\",\n });\n\n // client role\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var adminRole = new Keycloak.Role(\"admin_role\", new()\n {\n RealmId = realm.Id,\n Name = \"admin\",\n CompositeRoles = new[]\n {\n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// realm roles\n\t\t_, err = keycloak.NewRole(ctx, \"create_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"create\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"read_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"read\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"update_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"update\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"delete_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"delete\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client role\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"admin_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"admin\"),\n\t\t\tCompositeRoles: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"{keycloak_role.create_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.read_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.update_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.delete_role.id}\"),\n\t\t\t\tpulumi.String(\"{keycloak_role.client_role.id}\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // realm roles\n var createRole = new Role(\"createRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"create\")\n .build());\n\n var readRole = new Role(\"readRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"read\")\n .build());\n\n var updateRole = new Role(\"updateRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"update\")\n .build());\n\n var deleteRole = new Role(\"deleteRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"delete\")\n .build());\n\n // client role\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var adminRole = new Role(\"adminRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"admin\")\n .compositeRoles( \n \"{keycloak_role.create_role.id}\",\n \"{keycloak_role.read_role.id}\",\n \"{keycloak_role.update_role.id}\",\n \"{keycloak_role.delete_role.id}\",\n \"{keycloak_role.client_role.id}\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # realm roles\n createRole:\n type: keycloak:Role\n name: create_role\n properties:\n realmId: ${realm.id}\n name: create\n readRole:\n type: keycloak:Role\n name: read_role\n properties:\n realmId: ${realm.id}\n name: read\n updateRole:\n type: keycloak:Role\n name: update_role\n properties:\n realmId: ${realm.id}\n name: update\n deleteRole:\n type: keycloak:Role\n name: delete_role\n properties:\n realmId: ${realm.id}\n name: delete\n # client role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n adminRole:\n type: keycloak:Role\n name: admin_role\n properties:\n realmId: ${realm.id}\n name: admin\n compositeRoles:\n - '{keycloak_role.create_role.id}'\n - '{keycloak_role.read_role.id}'\n - '{keycloak_role.update_role.id}'\n - '{keycloak_role.delete_role.id}'\n - '{keycloak_role.client_role.id}'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role will be created as\n a client role attached to the client with the provided ID\n- `name` - (Required) The name of the role\n- `description` - (Optional) The description of the role\n- `composite_roles` - (Optional) When specified, this role will be a\n composite role, composed of all roles that have an ID present within\n this list.\n\n\n### Import\n\nRoles can be imported using the format `{{realm_id}}/{{role_id}}`, where\n`role_id` is the unique ID that Keycloak assigns to the role. The ID is\nnot easy to find in the GUI, but it appears in the URL when editing the\nrole.\n\nExample:\n\n```bash\n$ terraform import keycloak_role.role my-realm/7e8cf32a-8acb-4d34-89c4-04fb1d10ccad\n```\n", "properties": { "attributes": { "type": "object", @@ -5512,7 +5512,7 @@ } }, "keycloak:index/user:User": { - "description": "## # keycloak.User\n\nAllows for creating and managing Users within Keycloak.\n\nThis resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource.\nCreating users within Keycloak is not recommended. Instead, users should be federated from external sources\nby configuring user federation providers or identity providers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst user = new keycloak.User(\"user\", {\n email: \"bob@domain.com\",\n enabled: true,\n firstName: \"Bob\",\n lastName: \"Bobson\",\n realmId: realm.id,\n username: \"bob\",\n});\nconst userWithInitialPassword = new keycloak.User(\"userWithInitialPassword\", {\n email: \"alice@domain.com\",\n enabled: true,\n firstName: \"Alice\",\n initialPassword: {\n temporary: true,\n value: \"some password\",\n },\n lastName: \"Aliceberg\",\n realmId: realm.id,\n username: \"alice\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nuser = keycloak.User(\"user\",\n email=\"bob@domain.com\",\n enabled=True,\n first_name=\"Bob\",\n last_name=\"Bobson\",\n realm_id=realm.id,\n username=\"bob\")\nuser_with_initial_password = keycloak.User(\"userWithInitialPassword\",\n email=\"alice@domain.com\",\n enabled=True,\n first_name=\"Alice\",\n initial_password=keycloak.UserInitialPasswordArgs(\n temporary=True,\n value=\"some password\",\n ),\n last_name=\"Aliceberg\",\n realm_id=realm.id,\n username=\"alice\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n Email = \"bob@domain.com\",\n Enabled = true,\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n RealmId = realm.Id,\n Username = \"bob\",\n });\n\n var userWithInitialPassword = new Keycloak.User(\"userWithInitialPassword\", new()\n {\n Email = \"alice@domain.com\",\n Enabled = true,\n FirstName = \"Alice\",\n InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs\n {\n Temporary = true,\n Value = \"some password\",\n },\n LastName = \"Aliceberg\",\n RealmId = realm.Id,\n Username = \"alice\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"userWithInitialPassword\", \u0026keycloak.UserArgs{\n\t\t\tEmail: pulumi.String(\"alice@domain.com\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tInitialPassword: \u0026keycloak.UserInitialPasswordArgs{\n\t\t\t\tTemporary: pulumi.Bool(true),\n\t\t\t\tValue: pulumi.String(\"some password\"),\n\t\t\t},\n\t\t\tLastName: pulumi.String(\"Aliceberg\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.inputs.UserInitialPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .email(\"bob@domain.com\")\n .enabled(true)\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .realmId(realm.id())\n .username(\"bob\")\n .build());\n\n var userWithInitialPassword = new User(\"userWithInitialPassword\", UserArgs.builder() \n .email(\"alice@domain.com\")\n .enabled(true)\n .firstName(\"Alice\")\n .initialPassword(UserInitialPasswordArgs.builder()\n .temporary(true)\n .value(\"some password\")\n .build())\n .lastName(\"Aliceberg\")\n .realmId(realm.id())\n .username(\"alice\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n user:\n type: keycloak:User\n properties:\n email: bob@domain.com\n enabled: true\n firstName: Bob\n lastName: Bobson\n realmId: ${realm.id}\n username: bob\n userWithInitialPassword:\n type: keycloak:User\n properties:\n email: alice@domain.com\n enabled: true\n firstName: Alice\n initialPassword:\n temporary: true\n value: some password\n lastName: Aliceberg\n realmId: ${realm.id}\n username: alice\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this user belongs to.\n- `username` - (Required) The unique username of this user.\n- `initial_password` (Optional) When given, the user's initial password will be set.\n This attribute is only respected during initial user creation.\n - `value` (Required) The initial password.\n - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`.\n- `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`.\n- `email` - (Optional) The user's email.\n- `first_name` - (Optional) The user's first name.\n- `last_name` - (Optional) The user's last name.\n\n### Import\n\nUsers can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\nassigns to the user upon creation. This value can be found in the GUI when editing the user.\n\nExample:\n\n```bash\n$ terraform import keycloak_user.user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4\n```\n", + "description": "## # keycloak.User\n\nAllows for creating and managing Users within Keycloak.\n\nThis resource was created primarily to enable the acceptance tests for the `keycloak.Group` resource.\nCreating users within Keycloak is not recommended. Instead, users should be federated from external sources\nby configuring user federation providers or identity providers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userWithInitialPassword = new keycloak.User(\"user_with_initial_password\", {\n realmId: realm.id,\n username: \"alice\",\n enabled: true,\n email: \"alice@domain.com\",\n firstName: \"Alice\",\n lastName: \"Aliceberg\",\n initialPassword: {\n value: \"some password\",\n temporary: true,\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_with_initial_password = keycloak.User(\"user_with_initial_password\",\n realm_id=realm.id,\n username=\"alice\",\n enabled=True,\n email=\"alice@domain.com\",\n first_name=\"Alice\",\n last_name=\"Aliceberg\",\n initial_password=keycloak.UserInitialPasswordArgs(\n value=\"some password\",\n temporary=True,\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userWithInitialPassword = new Keycloak.User(\"user_with_initial_password\", new()\n {\n RealmId = realm.Id,\n Username = \"alice\",\n Enabled = true,\n Email = \"alice@domain.com\",\n FirstName = \"Alice\",\n LastName = \"Aliceberg\",\n InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs\n {\n Value = \"some password\",\n Temporary = true,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUser(ctx, \"user_with_initial_password\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"alice\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"alice@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Alice\"),\n\t\t\tLastName: pulumi.String(\"Aliceberg\"),\n\t\t\tInitialPassword: \u0026keycloak.UserInitialPasswordArgs{\n\t\t\t\tValue: pulumi.String(\"some password\"),\n\t\t\t\tTemporary: pulumi.Bool(true),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.inputs.UserInitialPasswordArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userWithInitialPassword = new User(\"userWithInitialPassword\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"alice\")\n .enabled(true)\n .email(\"alice@domain.com\")\n .firstName(\"Alice\")\n .lastName(\"Aliceberg\")\n .initialPassword(UserInitialPasswordArgs.builder()\n .value(\"some password\")\n .temporary(true)\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userWithInitialPassword:\n type: keycloak:User\n name: user_with_initial_password\n properties:\n realmId: ${realm.id}\n username: alice\n enabled: true\n email: alice@domain.com\n firstName: Alice\n lastName: Aliceberg\n initialPassword:\n value: some password\n temporary: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this user belongs to.\n- `username` - (Required) The unique username of this user.\n- `initial_password` (Optional) When given, the user's initial password will be set.\n This attribute is only respected during initial user creation.\n - `value` (Required) The initial password.\n - `temporary` (Optional) If set to `true`, the initial password is set up for renewal on first use. Default to `false`.\n- `enabled` - (Optional) When false, this user cannot log in. Defaults to `true`.\n- `email` - (Optional) The user's email.\n- `first_name` - (Optional) The user's first name.\n- `last_name` - (Optional) The user's last name.\n\n### Import\n\nUsers can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\nassigns to the user upon creation. This value can be found in the GUI when editing the user.\n\nExample:\n\n```bash\n$ terraform import keycloak_user.user my-realm/60c3f971-b1d3-4b3a-9035-d16d7540a5e4\n```\n", "properties": { "attributes": { "type": "object", @@ -5663,7 +5663,7 @@ } }, "keycloak:index/userGroups:UserGroups": { - "description": "Allows for managing a Keycloak user's groups.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`.\n\n\n## Example Usage\n\n### Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroups = new keycloak.UserGroups(\"userGroups\", {\n realmId: realm.id,\n userId: user.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups = keycloak.UserGroups(\"userGroups\",\n realm_id=realm.id,\n user_id=user.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroups = new Keycloak.UserGroups(\"userGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroups = new UserGroups(\"userGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Non Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst groupFoo = new keycloak.Group(\"groupFoo\", {realmId: realm.id});\nconst groupBar = new keycloak.Group(\"groupBar\", {realmId: realm.id});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroupsAssociation1UserGroups = new keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupFoo.id],\n});\nconst userGroupsAssociation1Index_userGroupsUserGroups = new keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", {\n realmId: realm.id,\n userId: user.id,\n exhaustive: false,\n groupIds: [groupBar.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup_foo = keycloak.Group(\"groupFoo\", realm_id=realm.id)\ngroup_bar = keycloak.Group(\"groupBar\", realm_id=realm.id)\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups_association1_user_groups = keycloak.UserGroups(\"userGroupsAssociation1UserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_foo.id])\nuser_groups_association1_index_user_groups_user_groups = keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\",\n realm_id=realm.id,\n user_id=user.id,\n exhaustive=False,\n group_ids=[group_bar.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var groupFoo = new Keycloak.Group(\"groupFoo\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupBar = new Keycloak.Group(\"groupBar\", new()\n {\n RealmId = realm.Id,\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroupsAssociation1UserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1UserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupFoo.Id,\n },\n });\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new Keycloak.UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n Exhaustive = false,\n GroupIds = new[]\n {\n groupBar.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupFoo, err := keycloak.NewGroup(ctx, \"groupFoo\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroupBar, err := keycloak.NewGroup(ctx, \"groupBar\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1UserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupFoo.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"userGroupsAssociation1Index/userGroupsUserGroups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tExhaustive: pulumi.Bool(false),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroupBar.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var groupFoo = new Group(\"groupFoo\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupBar = new Group(\"groupBar\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroupsAssociation1UserGroups = new UserGroups(\"userGroupsAssociation1UserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupFoo.id())\n .build());\n\n var userGroupsAssociation1Index_userGroupsUserGroups = new UserGroups(\"userGroupsAssociation1Index/userGroupsUserGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .exhaustive(false)\n .groupIds(groupBar.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupFoo:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupBar:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroupsAssociation1UserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupFoo.id}\n userGroupsAssociation1Index/userGroupsUserGroups:\n type: keycloak:UserGroups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n exhaustive: false\n groupIds:\n - ${groupBar.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\n\nas if it did not already exist on the server.\n\n", + "description": "Allows for managing a Keycloak user's groups.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user groups: groups that are manually added to the user will be removed, and groups that are manually removed from the user group will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of groups to a user. As a result, you can get multiple `keycloak.UserGroups` for the same `user_id`.\n\n\n## Example Usage\n\n### Exhaustive Groups)\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst group = new keycloak.Group(\"group\", {\n realmId: realm.id,\n name: \"foo\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"my-user\",\n});\nconst userGroups = new keycloak.UserGroups(\"user_groups\", {\n realmId: realm.id,\n userId: user.id,\n groupIds: [group.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngroup = keycloak.Group(\"group\",\n realm_id=realm.id,\n name=\"foo\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"my-user\")\nuser_groups = keycloak.UserGroups(\"user_groups\",\n realm_id=realm.id,\n user_id=user.id,\n group_ids=[group.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var @group = new Keycloak.Group(\"group\", new()\n {\n RealmId = realm.Id,\n Name = \"foo\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"my-user\",\n });\n\n var userGroups = new Keycloak.UserGroups(\"user_groups\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n GroupIds = new[]\n {\n @group.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tgroup, err := keycloak.NewGroup(ctx, \"group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"my-user\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserGroups(ctx, \"user_groups\", \u0026keycloak.UserGroupsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tGroupIds: pulumi.StringArray{\n\t\t\t\tgroup.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserGroups;\nimport com.pulumi.keycloak.UserGroupsArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"foo\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"my-user\")\n .build());\n\n var userGroups = new UserGroups(\"userGroups\", UserGroupsArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .groupIds(group.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: foo\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: my-user\n userGroups:\n type: keycloak:UserGroups\n name: user_groups\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n groupIds:\n - ${group.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n", "properties": { "exhaustive": { "type": "boolean", @@ -5747,7 +5747,7 @@ } }, "keycloak:index/userRoles:UserRoles": { - "description": "Allows you to manage roles assigned to a Keycloak user.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the\nuser will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple `keycloak.UserRoles` for the same `user_id`.\n\nNote that when assigning composite roles to a user, you may see a non-empty plan following a `pulumi up` if you assign\na role and a composite that includes that role to the same user.\n\n## Example Usage\n\n### Exhaustive Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {\n realmId: realm.id,\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"clientRole\", {\n realmId: realm.id,\n clientId: keycloak_client.client.id,\n description: \"My Client Role\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userRoles = new keycloak.UserRoles(\"userRoles\", {\n realmId: realm.id,\n userId: user.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\",\n realm_id=realm.id,\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"clientRole\",\n realm_id=realm.id,\n client_id=keycloak_client[\"client\"][\"id\"],\n description=\"My Client Role\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_roles = keycloak.UserRoles(\"userRoles\",\n realm_id=realm.id,\n user_id=user.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"clientRole\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_client.Client.Id,\n Description = \"My Client Role\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userRoles = new Keycloak.UserRoles(\"userRoles\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"clientRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_client.Client.Id),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserRoles(ctx, \"userRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_client.client().id())\n .description(\"My Client Role\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userRoles = new UserRoles(\"userRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_client.client.id}\n description: My Client Role\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\n\nassigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924\n```\n\n", + "description": "Allows you to manage roles assigned to a Keycloak user.\n\nIf `exhaustive` is true, this resource attempts to be an **authoritative** source over user roles: roles that are manually added to the user will be removed, and roles that are manually removed from the\nuser will be added upon the next run of `pulumi up`.\nIf `exhaustive` is false, this resource is a partial assignation of roles to a user. As a result, you can use multiple `keycloak.UserRoles` for the same `user_id`.\n\nNote that when assigning composite roles to a user, you may see a non-empty plan following a `pulumi up` if you assign\na role and a composite that includes that role to the same user.\n\n## Example Usage\n\n### Exhaustive Roles)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n description: \"My Realm Role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"BEARER-ONLY\",\n});\nconst clientRole = new keycloak.Role(\"client_role\", {\n realmId: realm.id,\n clientId: clientKeycloakClient.id,\n name: \"my-client-role\",\n description: \"My Client Role\",\n});\nconst user = new keycloak.User(\"user\", {\n realmId: realm.id,\n username: \"bob\",\n enabled: true,\n email: \"bob@domain.com\",\n firstName: \"Bob\",\n lastName: \"Bobson\",\n});\nconst userRoles = new keycloak.UserRoles(\"user_roles\", {\n realmId: realm.id,\n userId: user.id,\n roleIds: [\n realmRole.id,\n clientRole.id,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\",\n description=\"My Realm Role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"BEARER-ONLY\")\nclient_role = keycloak.Role(\"client_role\",\n realm_id=realm.id,\n client_id=client_keycloak_client[\"id\"],\n name=\"my-client-role\",\n description=\"My Client Role\")\nuser = keycloak.User(\"user\",\n realm_id=realm.id,\n username=\"bob\",\n enabled=True,\n email=\"bob@domain.com\",\n first_name=\"Bob\",\n last_name=\"Bobson\")\nuser_roles = keycloak.UserRoles(\"user_roles\",\n realm_id=realm.id,\n user_id=user.id,\n role_ids=[\n realm_role.id,\n client_role.id,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n Description = \"My Realm Role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"BEARER-ONLY\",\n });\n\n var clientRole = new Keycloak.Role(\"client_role\", new()\n {\n RealmId = realm.Id,\n ClientId = clientKeycloakClient.Id,\n Name = \"my-client-role\",\n Description = \"My Client Role\",\n });\n\n var user = new Keycloak.User(\"user\", new()\n {\n RealmId = realm.Id,\n Username = \"bob\",\n Enabled = true,\n Email = \"bob@domain.com\",\n FirstName = \"Bob\",\n LastName = \"Bobson\",\n });\n\n var userRoles = new Keycloak.UserRoles(\"user_roles\", new()\n {\n RealmId = realm.Id,\n UserId = user.Id,\n RoleIds = new[]\n {\n realmRole.Id,\n clientRole.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t\tDescription: pulumi.String(\"My Realm Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"BEARER-ONLY\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientRole, err := keycloak.NewRole(ctx, \"client_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(clientKeycloakClient.Id),\n\t\t\tName: pulumi.String(\"my-client-role\"),\n\t\t\tDescription: pulumi.String(\"My Client Role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuser, err := keycloak.NewUser(ctx, \"user\", \u0026keycloak.UserArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsername: pulumi.String(\"bob\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tEmail: pulumi.String(\"bob@domain.com\"),\n\t\t\tFirstName: pulumi.String(\"Bob\"),\n\t\t\tLastName: pulumi.String(\"Bobson\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserRoles(ctx, \"user_roles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: user.ID(),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\trealmRole.ID(),\n\t\t\t\tclientRole.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .description(\"My Realm Role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"BEARER-ONLY\")\n .build());\n\n var clientRole = new Role(\"clientRole\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(clientKeycloakClient.id())\n .name(\"my-client-role\")\n .description(\"My Client Role\")\n .build());\n\n var user = new User(\"user\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"bob\")\n .enabled(true)\n .email(\"bob@domain.com\")\n .firstName(\"Bob\")\n .lastName(\"Bobson\")\n .build());\n\n var userRoles = new UserRoles(\"userRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(user.id())\n .roleIds( \n realmRole.id(),\n clientRole.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n description: My Realm Role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: BEARER-ONLY\n clientRole:\n type: keycloak:Role\n name: client_role\n properties:\n realmId: ${realm.id}\n clientId: ${clientKeycloakClient.id}\n name: my-client-role\n description: My Client Role\n user:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: bob\n enabled: true\n email: bob@domain.com\n firstName: Bob\n lastName: Bobson\n userRoles:\n type: keycloak:UserRoles\n name: user_roles\n properties:\n realmId: ${realm.id}\n userId: ${user.id}\n roleIds:\n - ${realmRole.id}\n - ${clientRole.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realm_id}}/{{user_id}}`, where `user_id` is the unique ID that Keycloak\n\nassigns to the user upon creation. This value can be found in the GUI when editing the user, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userRoles:UserRoles user_roles my-realm/b0ae6924-1bd5-4655-9e38-dae7c5e42924\n```\n\n", "properties": { "exhaustive": { "type": "boolean", @@ -5831,7 +5831,7 @@ } }, "keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper": { - "description": "Allows for creating and managing an username template importer identity provider mapper within Keycloak.\n\nThe username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:\n\n- Substitutions are enclosed in \\${}. For example: '\\${ALIAS}.\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", {\n realm: realm.id,\n identityProviderAlias: oidc.alias,\n template: \"${ALIAS}.${CLAIM.email}\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nusername_importer = keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\",\n realm=realm.id,\n identity_provider_alias=oidc.alias,\n template=\"${ALIAS}.${CLAIM.email}\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", new()\n {\n Realm = realm.Id,\n IdentityProviderAlias = oidc.Alias,\n Template = \"${ALIAS}.${CLAIM.email}\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, \"usernameImporter\", \u0026keycloak.UserTemplateImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tTemplate: pulumi.String(\"${ALIAS}.${CLAIM.email}\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var usernameImporter = new UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", UserTemplateImporterIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .identityProviderAlias(oidc.alias())\n .template(\"${ALIAS}.${CLAIM.email}\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n usernameImporter:\n type: keycloak:UserTemplateImporterIdentityProviderMapper\n properties:\n realm: ${realm.id}\n identityProviderAlias: ${oidc.alias}\n template: ${ALIAS}.${CLAIM.email}\n # extra_config with syncMode is required in Keycloak 10+\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", + "description": "Allows for creating and managing an username template importer identity provider mapper within Keycloak.\n\nThe username template importer mapper can be used to map externally defined OIDC claims or SAML attributes with a template to the username of the imported Keycloak user:\n\n- Substitutions are enclosed in \\${}. For example: '\\${ALIAS}.\\${CLAIM.sub}'. ALIAS is the provider alias. CLAIM.\\\u003cNAME\\\u003e references an ID or Access token claim.\n\n\u003e If you are using Keycloak 10 or higher, you will need to specify the `extra_config` argument in order to define a `syncMode` for the mapper.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst oidc = new keycloak.oidc.IdentityProvider(\"oidc\", {\n realm: realm.id,\n alias: \"oidc\",\n authorizationUrl: \"https://example.com/auth\",\n tokenUrl: \"https://example.com/token\",\n clientId: \"example_id\",\n clientSecret: \"example_token\",\n defaultScopes: \"openid random profile\",\n});\nconst usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\", {\n realm: realm.id,\n name: \"username-template-importer\",\n identityProviderAlias: oidc.alias,\n template: \"${ALIAS}.${CLAIM.email}\",\n extraConfig: {\n syncMode: \"INHERIT\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\noidc = keycloak.oidc.IdentityProvider(\"oidc\",\n realm=realm.id,\n alias=\"oidc\",\n authorization_url=\"https://example.com/auth\",\n token_url=\"https://example.com/token\",\n client_id=\"example_id\",\n client_secret=\"example_token\",\n default_scopes=\"openid random profile\")\nusername_importer = keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\",\n realm=realm.id,\n name=\"username-template-importer\",\n identity_provider_alias=oidc.alias,\n template=\"${ALIAS}.${CLAIM.email}\",\n extra_config={\n \"syncMode\": \"INHERIT\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var oidc = new Keycloak.Oidc.IdentityProvider(\"oidc\", new()\n {\n Realm = realm.Id,\n Alias = \"oidc\",\n AuthorizationUrl = \"https://example.com/auth\",\n TokenUrl = \"https://example.com/token\",\n ClientId = \"example_id\",\n ClientSecret = \"example_token\",\n DefaultScopes = \"openid random profile\",\n });\n\n var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper(\"username_importer\", new()\n {\n Realm = realm.Id,\n Name = \"username-template-importer\",\n IdentityProviderAlias = oidc.Alias,\n Template = \"${ALIAS}.${CLAIM.email}\",\n ExtraConfig = \n {\n { \"syncMode\", \"INHERIT\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\toidc, err := oidc.NewIdentityProvider(ctx, \"oidc\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"oidc\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://example.com/auth\"),\n\t\t\tTokenUrl: pulumi.String(\"https://example.com/token\"),\n\t\t\tClientId: pulumi.String(\"example_id\"),\n\t\t\tClientSecret: pulumi.String(\"example_token\"),\n\t\t\tDefaultScopes: pulumi.String(\"openid random profile\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, \"username_importer\", \u0026keycloak.UserTemplateImporterIdentityProviderMapperArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tName: pulumi.String(\"username-template-importer\"),\n\t\t\tIdentityProviderAlias: oidc.Alias,\n\t\t\tTemplate: pulumi.String(\"${ALIAS}.${CLAIM.email}\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"syncMode\": pulumi.Any(\"INHERIT\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapper;\nimport com.pulumi.keycloak.UserTemplateImporterIdentityProviderMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var oidc = new IdentityProvider(\"oidc\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"oidc\")\n .authorizationUrl(\"https://example.com/auth\")\n .tokenUrl(\"https://example.com/token\")\n .clientId(\"example_id\")\n .clientSecret(\"example_token\")\n .defaultScopes(\"openid random profile\")\n .build());\n\n var usernameImporter = new UserTemplateImporterIdentityProviderMapper(\"usernameImporter\", UserTemplateImporterIdentityProviderMapperArgs.builder() \n .realm(realm.id())\n .name(\"username-template-importer\")\n .identityProviderAlias(oidc.alias())\n .template(\"${ALIAS}.${CLAIM.email}\")\n .extraConfig(Map.of(\"syncMode\", \"INHERIT\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n oidc:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: oidc\n authorizationUrl: https://example.com/auth\n tokenUrl: https://example.com/token\n clientId: example_id\n clientSecret: example_token\n defaultScopes: openid random profile\n usernameImporter:\n type: keycloak:UserTemplateImporterIdentityProviderMapper\n name: username_importer\n properties:\n realm: ${realm.id}\n name: username-template-importer\n identityProviderAlias: ${oidc.alias}\n template: ${ALIAS}.${CLAIM.email}\n extraConfig:\n syncMode: INHERIT\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity provider mappers can be imported using the format `{{realm_id}}/{{idp_alias}}/{{idp_mapper_id}}`, where `idp_alias` is the identity provider alias, and `idp_mapper_id` is the unique ID that Keycloak\n\nassigns to the mapper upon creation. This value can be found in the URI when editing this mapper in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:index/userTemplateImporterIdentityProviderMapper:UserTemplateImporterIdentityProviderMapper username_importer my-realm/my-mapper/f446db98-7133-4e30-b18a-3d28fde7ca1b\n```\n\n", "properties": { "extraConfig": { "type": "object", @@ -5928,7 +5928,7 @@ } }, "keycloak:index/usersPermissions:UsersPermissions": { - "description": "Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions\n\nThis is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling fine-grained permissions for users, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the users permissions.\n1. Create scopes `view`, `manage`, `map-roles`, `manage-group-membership`, `impersonate`, and `user-impersonated`.\n1. Create all scope based permission for the scopes and users resources.\n\n\u003e This resource should only be created once per realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.UsersPermissions;\nimport com.pulumi.keycloak.UsersPermissionsArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsViewScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsMapRolesScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageGroupMembershipScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsImpersonateScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsUserImpersonatedScopeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n // enable permissions for realm-management client\n var realmManagementPermission = new ClientPermissions(\"realmManagementPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .enabled(true)\n .build());\n\n // creating a user to use with the keycloak_openid_client_user_policy resource\n var testUser = new User(\"testUser\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"test-user\")\n .email(\"test-user@fakedomain.com\")\n .firstName(\"Testy\")\n .lastName(\"Tester\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder() \n .realmId(realm.id())\n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .users(testUser.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(realmManagementPermission)\n .build());\n\n var usersPermissions = new UsersPermissions(\"usersPermissions\", UsersPermissionsArgs.builder() \n .realmId(realm.id())\n .viewScope(UsersPermissionsViewScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageScope(UsersPermissionsManageScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .mapRolesScope(UsersPermissionsMapRolesScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageGroupMembershipScope(UsersPermissionsManageGroupMembershipScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .impersonateScope(UsersPermissionsImpersonateScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .userImpersonatedScope(UsersPermissionsUserImpersonatedScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n # enable permissions for realm-management client\n realmManagementPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n enabled: true\n # creating a user to use with the keycloak_openid_client_user_policy resource\n testUser:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: test-user\n email: test-user@fakedomain.com\n firstName: Testy\n lastName: Tester\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n properties:\n realmId: ${realm.id}\n resourceServerId: ${realmManagement.id}\n users:\n - ${testUser.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n options:\n dependson:\n - ${realmManagementPermission}\n usersPermissions:\n type: keycloak:UsersPermissions\n properties:\n realmId: ${realm.id}\n viewScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n mapRolesScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageGroupMembershipScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n impersonateScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n userImpersonatedScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: ${realm.id}\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm in which to manage fine-grained user permissions.\n\nEach of the scopes that can be managed are defined below:\n\n- `view_scope` - (Optional) When specified, set the scope based view permission.\n- `manage_scope` - (Optional) When specified, set the scope based manage permission.\n- `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission.\n- `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission.\n- `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission.\n- `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission.\n\nThe configuration block for each of these scopes supports the following arguments:\n\n- `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID.\n- `description` - (Optional) Description of the permission.\n- `decision_strategy` - (Optional) Decision strategy of the permission.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`.\n- `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed.\n", + "description": "Allows you to manage fine-grained permissions for all users in a realm: https://www.keycloak.org/docs/latest/server_admin/#_users-permissions\n\nThis is part of a preview Keycloak feature: `admin_fine_grained_authz` (see https://www.keycloak.org/docs/latest/server_admin/#_fine_grain_permissions).\nThis feature can be enabled with the Keycloak option `-Dkeycloak.profile.feature.admin_fine_grained_authz=enabled`. See the\nexample `docker-compose.yml` file for an example.\n\nWhen enabling fine-grained permissions for users, Keycloak does several things automatically:\n1. Enable Authorization on built-in `realm-management` client (if not already enabled).\n1. Create a resource representing the users permissions.\n1. Create scopes `view`, `manage`, `map-roles`, `manage-group-membership`, `impersonate`, and `user-impersonated`.\n1. Create all scope based permission for the scopes and users resources.\n\n\u003e This resource should only be created once per realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.User;\nimport com.pulumi.keycloak.UserArgs;\nimport com.pulumi.keycloak.openid.ClientUserPolicy;\nimport com.pulumi.keycloak.openid.ClientUserPolicyArgs;\nimport com.pulumi.keycloak.UsersPermissions;\nimport com.pulumi.keycloak.UsersPermissionsArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsViewScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsMapRolesScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsManageGroupMembershipScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsImpersonateScopeArgs;\nimport com.pulumi.keycloak.inputs.UsersPermissionsUserImpersonatedScopeArgs;\nimport com.pulumi.resources.CustomResourceOptions;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(realm.id())\n .clientId(\"realm-management\")\n .build());\n\n // enable permissions for realm-management client\n var realmManagementPermission = new ClientPermissions(\"realmManagementPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .enabled(true)\n .build());\n\n // creating a user to use with the keycloak_openid_client_user_policy resource\n var test = new User(\"test\", UserArgs.builder() \n .realmId(realm.id())\n .username(\"test-user\")\n .email(\"test-user@fakedomain.com\")\n .firstName(\"Testy\")\n .lastName(\"Tester\")\n .build());\n\n var testClientUserPolicy = new ClientUserPolicy(\"testClientUserPolicy\", ClientUserPolicyArgs.builder() \n .realmId(realm.id())\n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult).applyValue(realmManagement -\u003e realmManagement.applyValue(getClientResult -\u003e getClientResult.id())))\n .name(\"client_user_policy_test\")\n .users(test.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .build(), CustomResourceOptions.builder()\n .dependsOn(realmManagementPermission)\n .build());\n\n var usersPermissions = new UsersPermissions(\"usersPermissions\", UsersPermissionsArgs.builder() \n .realmId(realm.id())\n .viewScope(UsersPermissionsViewScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageScope(UsersPermissionsManageScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .mapRolesScope(UsersPermissionsMapRolesScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .manageGroupMembershipScope(UsersPermissionsManageGroupMembershipScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .impersonateScope(UsersPermissionsImpersonateScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .userImpersonatedScope(UsersPermissionsUserImpersonatedScopeArgs.builder()\n .policies(testClientUserPolicy.id())\n .description(\"description\")\n .decisionStrategy(\"UNANIMOUS\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n # enable permissions for realm-management client\n realmManagementPermission:\n type: keycloak:openid:ClientPermissions\n name: realm_management_permission\n properties:\n realmId: ${realm.id}\n clientId: ${realmManagement.id}\n enabled: true\n # creating a user to use with the keycloak_openid_client_user_policy resource\n test:\n type: keycloak:User\n properties:\n realmId: ${realm.id}\n username: test-user\n email: test-user@fakedomain.com\n firstName: Testy\n lastName: Tester\n testClientUserPolicy:\n type: keycloak:openid:ClientUserPolicy\n name: test\n properties:\n realmId: ${realm.id}\n resourceServerId: ${realmManagement.id}\n name: client_user_policy_test\n users:\n - ${test.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n options:\n dependson:\n - ${realmManagementPermission}\n usersPermissions:\n type: keycloak:UsersPermissions\n name: users_permissions\n properties:\n realmId: ${realm.id}\n viewScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n mapRolesScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n manageGroupMembershipScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n impersonateScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\n userImpersonatedScope:\n policies:\n - ${testClientUserPolicy.id}\n description: description\n decisionStrategy: UNANIMOUS\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: ${realm.id}\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm in which to manage fine-grained user permissions.\n\nEach of the scopes that can be managed are defined below:\n\n- `view_scope` - (Optional) When specified, set the scope based view permission.\n- `manage_scope` - (Optional) When specified, set the scope based manage permission.\n- `map_roles_scope` - (Optional) When specified, set the scope based map_roles permission.\n- `manage_group_membership_scope` - (Optional) When specified, set the scope based manage_group_membership permission.\n- `impersonate_scope` - (Optional) When specified, set the scope based impersonate permission.\n- `user_impersonated_scope` - (Optional) When specified, set the scope based user_impersonated permission.\n\nThe configuration block for each of these scopes supports the following arguments:\n\n- `policies` - (Optional) Assigned policies to the permission. Each element within this list should be a policy ID.\n- `description` - (Optional) Description of the permission.\n- `decision_strategy` - (Optional) Decision strategy of the permission.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `enabled` - When true, this indicates that fine-grained user permissions are enabled. This will always be `true`.\n- `authorization_resource_server_id` - Resource server id representing the realm management client on which these permissions are managed.\n", "properties": { "authorizationResourceServerId": { "type": "string", @@ -6028,7 +6028,7 @@ } }, "keycloak:ldap/customMapper:CustomMapper": { - "description": "Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to\nspecify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional\nproperties via config map.\n\nThe custom mapper should already be deployed into keycloak in order to be correctly configured.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst customMapper = new keycloak.ldap.CustomMapper(\"customMapper\", {\n realmId: keycloak_ldap_user_federation.openldap.realm_id,\n ldapUserFederationId: keycloak_ldap_user_federation.openldap.id,\n providerId: \"custom-provider-registered-in-keycloak\",\n providerType: \"com.example.custom.ldap.mappers.CustomMapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\ncustom_mapper = keycloak.ldap.CustomMapper(\"customMapper\",\n realm_id=keycloak_ldap_user_federation[\"openldap\"][\"realm_id\"],\n ldap_user_federation_id=keycloak_ldap_user_federation[\"openldap\"][\"id\"],\n provider_id=\"custom-provider-registered-in-keycloak\",\n provider_type=\"com.example.custom.ldap.mappers.CustomMapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var customMapper = new Keycloak.Ldap.CustomMapper(\"customMapper\", new()\n {\n RealmId = keycloak_ldap_user_federation.Openldap.Realm_id,\n LdapUserFederationId = keycloak_ldap_user_federation.Openldap.Id,\n ProviderId = \"custom-provider-registered-in-keycloak\",\n ProviderType = \"com.example.custom.ldap.mappers.CustomMapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.value\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewCustomMapper(ctx, \"customMapper\", \u0026ldap.CustomMapperArgs{\n\t\t\tRealmId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Realm_id),\n\t\t\tLdapUserFederationId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Id),\n\t\t\tProviderId: pulumi.String(\"custom-provider-registered-in-keycloak\"),\n\t\t\tProviderType: pulumi.String(\"com.example.custom.ldap.mappers.CustomMapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.CustomMapper;\nimport com.pulumi.keycloak.ldap.CustomMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var customMapper = new CustomMapper(\"customMapper\", CustomMapperArgs.builder() \n .realmId(keycloak_ldap_user_federation.openldap().realm_id())\n .ldapUserFederationId(keycloak_ldap_user_federation.openldap().id())\n .providerId(\"custom-provider-registered-in-keycloak\")\n .providerType(\"com.example.custom.ldap.mappers.CustomMapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.value\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n customMapper:\n type: keycloak:ldap:CustomMapper\n properties:\n realmId: ${keycloak_ldap_user_federation.openldap.realm_id}\n ldapUserFederationId: ${keycloak_ldap_user_federation.openldap.id}\n providerId: custom-provider-registered-in-keycloak\n providerType: com.example.custom.ldap.mappers.CustomMapper\n config:\n attribute.name: name\n attribute.value: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", + "description": "Allows for creating and managing custom attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP custom mapper is implemented and deployed into Keycloak as a custom provider. This resource allows to\nspecify the custom id and custom implementation class of the self-implemented attribute mapper as well as additional\nproperties via config map.\n\nThe custom mapper should already be deployed into keycloak in order to be correctly configured.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst customMapper = new keycloak.ldap.CustomMapper(\"custom_mapper\", {\n name: \"custom-mapper\",\n realmId: openldap.realmId,\n ldapUserFederationId: openldap.id,\n providerId: \"custom-provider-registered-in-keycloak\",\n providerType: \"com.example.custom.ldap.mappers.CustomMapper\",\n config: {\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\ncustom_mapper = keycloak.ldap.CustomMapper(\"custom_mapper\",\n name=\"custom-mapper\",\n realm_id=openldap[\"realmId\"],\n ldap_user_federation_id=openldap[\"id\"],\n provider_id=\"custom-provider-registered-in-keycloak\",\n provider_type=\"com.example.custom.ldap.mappers.CustomMapper\",\n config={\n \"attribute.name\": \"name\",\n \"attribute.value\": \"value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var customMapper = new Keycloak.Ldap.CustomMapper(\"custom_mapper\", new()\n {\n Name = \"custom-mapper\",\n RealmId = openldap.RealmId,\n LdapUserFederationId = openldap.Id,\n ProviderId = \"custom-provider-registered-in-keycloak\",\n ProviderType = \"com.example.custom.ldap.mappers.CustomMapper\",\n Config = \n {\n { \"attribute.name\", \"name\" },\n { \"attribute.value\", \"value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewCustomMapper(ctx, \"custom_mapper\", \u0026ldap.CustomMapperArgs{\n\t\t\tName: pulumi.String(\"custom-mapper\"),\n\t\t\tRealmId: pulumi.Any(openldap.RealmId),\n\t\t\tLdapUserFederationId: pulumi.Any(openldap.Id),\n\t\t\tProviderId: pulumi.String(\"custom-provider-registered-in-keycloak\"),\n\t\t\tProviderType: pulumi.String(\"com.example.custom.ldap.mappers.CustomMapper\"),\n\t\t\tConfig: pulumi.Map{\n\t\t\t\t\"attribute.name\": pulumi.Any(\"name\"),\n\t\t\t\t\"attribute.value\": pulumi.Any(\"value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.CustomMapper;\nimport com.pulumi.keycloak.ldap.CustomMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var customMapper = new CustomMapper(\"customMapper\", CustomMapperArgs.builder() \n .name(\"custom-mapper\")\n .realmId(openldap.realmId())\n .ldapUserFederationId(openldap.id())\n .providerId(\"custom-provider-registered-in-keycloak\")\n .providerType(\"com.example.custom.ldap.mappers.CustomMapper\")\n .config(Map.ofEntries(\n Map.entry(\"attribute.name\", \"name\"),\n Map.entry(\"attribute.value\", \"value\")\n ))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n customMapper:\n type: keycloak:ldap:CustomMapper\n name: custom_mapper\n properties:\n name: custom-mapper\n realmId: ${openldap.realmId}\n ldapUserFederationId: ${openldap.id}\n providerId: custom-provider-registered-in-keycloak\n providerType: com.example.custom.ldap.mappers.CustomMapper\n config:\n attribute.name: name\n attribute.value: value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/customMapper:CustomMapper custom_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "config": { "type": "object", @@ -6143,7 +6143,7 @@ } }, "keycloak:ldap/fullNameMapper:FullNameMapper": { - "description": "## # keycloak.ldap.FullNameMapper\n\nAllows for creating and managing full name mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP full name mapper can map a user's full name from an LDAP attribute\nto the first and last name attributes of a Keycloak user.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapFullNameMapper = new keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\", {\n ldapFullNameAttribute: \"cn\",\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_full_name_mapper = keycloak.ldap.FullNameMapper(\"ldapFullNameMapper\",\n ldap_full_name_attribute=\"cn\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper(\"ldapFullNameMapper\", new()\n {\n LdapFullNameAttribute = \"cn\",\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewFullNameMapper(ctx, \"ldapFullNameMapper\", \u0026ldap.FullNameMapperArgs{\n\t\t\tLdapFullNameAttribute: pulumi.String(\"cn\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.FullNameMapper;\nimport com.pulumi.keycloak.ldap.FullNameMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapFullNameMapper = new FullNameMapper(\"ldapFullNameMapper\", FullNameMapperArgs.builder() \n .ldapFullNameAttribute(\"cn\")\n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapFullNameMapper:\n type: keycloak:ldap:FullNameMapper\n properties:\n ldapFullNameAttribute: cn\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name.\n- `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n- `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_full_name_mapper.ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", + "description": "## # keycloak.ldap.FullNameMapper\n\nAllows for creating and managing full name mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP full name mapper can map a user's full name from an LDAP attribute\nto the first and last name attributes of a Keycloak user.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapFullNameMapper = new keycloak.ldap.FullNameMapper(\"ldap_full_name_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"full-name-mapper\",\n ldapFullNameAttribute: \"cn\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_full_name_mapper = keycloak.ldap.FullNameMapper(\"ldap_full_name_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"full-name-mapper\",\n ldap_full_name_attribute=\"cn\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper(\"ldap_full_name_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"full-name-mapper\",\n LdapFullNameAttribute = \"cn\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewFullNameMapper(ctx, \"ldap_full_name_mapper\", \u0026ldap.FullNameMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t\tLdapFullNameAttribute: pulumi.String(\"cn\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.FullNameMapper;\nimport com.pulumi.keycloak.ldap.FullNameMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapFullNameMapper = new FullNameMapper(\"ldapFullNameMapper\", FullNameMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"full-name-mapper\")\n .ldapFullNameAttribute(\"cn\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapFullNameMapper:\n type: keycloak:ldap:FullNameMapper\n name: ldap_full_name_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: full-name-mapper\n ldapFullNameAttribute: cn\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_full_name_attribute` - (Required) The name of the LDAP attribute containing the user's full name.\n- `read_only` - (Optional) When `true`, updates to a user within Keycloak will not be written back to LDAP. Defaults to `false`.\n- `write_only` - (Optional) When `true`, this mapper will only be used to write updates to LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_full_name_mapper.ldap_full_name_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapFullNameAttribute": { "type": "string" @@ -6234,7 +6234,7 @@ } }, "keycloak:ldap/groupMapper:GroupMapper": { - "description": "## # keycloak.ldap.GroupMapper\n\nAllows for creating and managing group mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's groups from some DN\nto Keycloak groups. This group mapper will also create the groups within Keycloak\nif they do not already exist.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapGroupMapper = new keycloak.ldap.GroupMapper(\"ldapGroupMapper\", {\n groupNameLdapAttribute: \"cn\",\n groupObjectClasses: [\"groupOfNames\"],\n ldapGroupsDn: \"dc=example,dc=org\",\n ldapUserFederationId: ldapUserFederation.id,\n memberofLdapAttribute: \"memberOf\",\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_group_mapper = keycloak.ldap.GroupMapper(\"ldapGroupMapper\",\n group_name_ldap_attribute=\"cn\",\n group_object_classes=[\"groupOfNames\"],\n ldap_groups_dn=\"dc=example,dc=org\",\n ldap_user_federation_id=ldap_user_federation.id,\n memberof_ldap_attribute=\"memberOf\",\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapGroupMapper = new Keycloak.Ldap.GroupMapper(\"ldapGroupMapper\", new()\n {\n GroupNameLdapAttribute = \"cn\",\n GroupObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n LdapGroupsDn = \"dc=example,dc=org\",\n LdapUserFederationId = ldapUserFederation.Id,\n MemberofLdapAttribute = \"memberOf\",\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewGroupMapper(ctx, \"ldapGroupMapper\", \u0026ldap.GroupMapperArgs{\n\t\t\tGroupNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tGroupObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tLdapGroupsDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.GroupMapper;\nimport com.pulumi.keycloak.ldap.GroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapGroupMapper = new GroupMapper(\"ldapGroupMapper\", GroupMapperArgs.builder() \n .groupNameLdapAttribute(\"cn\")\n .groupObjectClasses(\"groupOfNames\")\n .ldapGroupsDn(\"dc=example,dc=org\")\n .ldapUserFederationId(ldapUserFederation.id())\n .memberofLdapAttribute(\"memberOf\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapGroupMapper:\n type: keycloak:ldap:GroupMapper\n properties:\n groupNameLdapAttribute: cn\n groupObjectClasses:\n - groupOfNames\n ldapGroupsDn: dc=example,dc=org\n ldapUserFederationId: ${ldapUserFederation.id}\n memberofLdapAttribute: memberOf\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_groups_dn` - (Required) The LDAP DN where groups can be found.\n- `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n- `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one.\n- `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n- `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored.\n- `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings.\n- `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`.\n- `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings.\n- `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n- `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`.\n- `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n- `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n- `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n- `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_group_mapper.ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", + "description": "## # keycloak.ldap.GroupMapper\n\nAllows for creating and managing group mappers for Keycloak users federated\nvia LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's groups from some DN\nto Keycloak groups. This group mapper will also create the groups within Keycloak\nif they do not already exist.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapGroupMapper = new keycloak.ldap.GroupMapper(\"ldap_group_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"group-mapper\",\n ldapGroupsDn: \"dc=example,dc=org\",\n groupNameLdapAttribute: \"cn\",\n groupObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_group_mapper = keycloak.ldap.GroupMapper(\"ldap_group_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"group-mapper\",\n ldap_groups_dn=\"dc=example,dc=org\",\n group_name_ldap_attribute=\"cn\",\n group_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapGroupMapper = new Keycloak.Ldap.GroupMapper(\"ldap_group_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"group-mapper\",\n LdapGroupsDn = \"dc=example,dc=org\",\n GroupNameLdapAttribute = \"cn\",\n GroupObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewGroupMapper(ctx, \"ldap_group_mapper\", \u0026ldap.GroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"group-mapper\"),\n\t\t\tLdapGroupsDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tGroupNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tGroupObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.GroupMapper;\nimport com.pulumi.keycloak.ldap.GroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapGroupMapper = new GroupMapper(\"ldapGroupMapper\", GroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"group-mapper\")\n .ldapGroupsDn(\"dc=example,dc=org\")\n .groupNameLdapAttribute(\"cn\")\n .groupObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapGroupMapper:\n type: keycloak:ldap:GroupMapper\n name: ldap_group_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: group-mapper\n ldapGroupsDn: dc=example,dc=org\n groupNameLdapAttribute: cn\n groupObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_groups_dn` - (Required) The LDAP DN where groups can be found.\n- `group_name_ldap_attribute` - (Required) The name of the LDAP attribute that is used in group objects for the name and RDN of the group. Typically `cn`.\n- `group_object_classes` - (Required) Array of strings representing the object classes for the group. Must contain at least one.\n- `preserve_group_inheritance` - (Optional) When `true`, group inheritance will be propagated from LDAP to Keycloak. When `false`, all LDAP groups will be propagated as top level groups within Keycloak.\n- `ignore_missing_groups` - (Optional) When `true`, missing groups in the hierarchy will be ignored.\n- `membership_ldap_attribute` - (Required) The name of the LDAP attribute that is used for membership mappings.\n- `membership_attribute_type` - (Optional) Can be one of `DN` or `UID`. Defaults to `DN`.\n- `membership_user_ldap_attribute` - (Required) The name of the LDAP attribute on a user that is used for membership mappings.\n- `groups_ldap_filter` - (Optional) When specified, adds an additional custom filter to be used when querying for groups. Must start with `(` and end with `)`.\n- `mode` - (Optional) Can be one of `READ_ONLY` or `LDAP_ONLY`. Defaults to `READ_ONLY`.\n- `user_roles_retrieve_strategy` - (Optional) Can be one of `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`, `GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE`, or `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY`. Defaults to `LOAD_GROUPS_BY_MEMBER_ATTRIBUTE`.\n- `memberof_ldap_attribute` - (Optional) Specifies the name of the LDAP attribute on the LDAP user that contains the groups the user is a member of. Defaults to `memberOf`.\n- `mapped_group_attributes` - (Optional) Array of strings representing attributes on the LDAP group which will be mapped to attributes on the Keycloak group.\n- `drop_non_existing_groups_during_sync` - (Optional) When `true`, groups that no longer exist within LDAP will be dropped in Keycloak during sync. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_group_mapper.ldap_group_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "dropNonExistingGroupsDuringSync": { "type": "boolean" @@ -6460,7 +6460,7 @@ } }, "keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper": { - "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.\n\n**NOTE**: This mapper only works when the `sync_registrations` attribute on the `keycloak.ldap.UserFederation` resource is set to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n attributeName: \"foo\",\n attributeValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nassign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper(\"assignBarToFoo\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n attribute_name=\"foo\",\n attribute_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper(\"assignBarToFoo\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n AttributeName = \"foo\",\n AttributeValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedAttributeMapper(ctx, \"assignBarToFoo\", \u0026ldap.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tAttributeName: pulumi.String(\"foo\"),\n\t\t\tAttributeValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var assignBarToFoo = new HardcodedAttributeMapper(\"assignBarToFoo\", HardcodedAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .attributeName(\"foo\")\n .attributeValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n assignBarToFoo:\n type: keycloak:ldap:HardcodedAttributeMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n attributeName: foo\n attributeValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", + "description": "Allows for creating and managing hardcoded attribute mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded attribute mapper will set the specified value to the LDAP attribute.\n\n**NOTE**: This mapper only works when the `sync_registrations` attribute on the `keycloak.ldap.UserFederation` resource is set to `true`.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n syncRegistrations: true,\n});\nconst assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-foo-to-bar\",\n attributeName: \"foo\",\n attributeValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n sync_registrations=True)\nassign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-foo-to-bar\",\n attribute_name=\"foo\",\n attribute_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n SyncRegistrations = true,\n });\n\n var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper(\"assign_bar_to_foo\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-foo-to-bar\",\n AttributeName = \"foo\",\n AttributeValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tSyncRegistrations: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedAttributeMapper(ctx, \"assign_bar_to_foo\", \u0026ldap.HardcodedAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-foo-to-bar\"),\n\t\t\tAttributeName: pulumi.String(\"foo\"),\n\t\t\tAttributeValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapper;\nimport com.pulumi.keycloak.ldap.HardcodedAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .syncRegistrations(true)\n .build());\n\n var assignBarToFoo = new HardcodedAttributeMapper(\"assignBarToFoo\", HardcodedAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-foo-to-bar\")\n .attributeName(\"foo\")\n .attributeValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n syncRegistrations: true\n assignBarToFoo:\n type: keycloak:ldap:HardcodedAttributeMapper\n name: assign_bar_to_foo\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-foo-to-bar\n attributeName: foo\n attributeValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedAttributeMapper:HardcodedAttributeMapper assign_bar_to_foo my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "attributeName": { "type": "string", @@ -6554,7 +6554,7 @@ } }, "keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper": { - "description": "Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmGroup = new keycloak.Group(\"realmGroup\", {realmId: realm.id});\nconst assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n group: realmGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_group = keycloak.Group(\"realmGroup\", realm_id=realm.id)\nassign_group_to_users = keycloak.ldap.HardcodedGroupMapper(\"assignGroupToUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n group=realm_group.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmGroup = new Keycloak.Group(\"realmGroup\", new()\n {\n RealmId = realm.Id,\n });\n\n var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper(\"assignGroupToUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Group = realmGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmGroup, err := keycloak.NewGroup(ctx, \"realmGroup\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedGroupMapper(ctx, \"assignGroupToUsers\", \u0026ldap.HardcodedGroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tGroup: realmGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapper;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var assignGroupToUsers = new HardcodedGroupMapper(\"assignGroupToUsers\", HardcodedGroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .group(realmGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmGroup:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n assignGroupToUsers:\n type: keycloak:ldap:HardcodedGroupMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n group: ${realmGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", + "description": "Allows for creating and managing hardcoded group mappers for Keycloak users federated via LDAP.\n\nThe LDAP hardcoded group mapper will grant a specified Keycloak group to each Keycloak user linked with LDAP.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst realmGroup = new keycloak.Group(\"realm_group\", {\n realmId: realm.id,\n name: \"my-group\",\n});\nconst assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper(\"assign_group_to_users\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-group-to-users\",\n group: realmGroup.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nrealm_group = keycloak.Group(\"realm_group\",\n realm_id=realm.id,\n name=\"my-group\")\nassign_group_to_users = keycloak.ldap.HardcodedGroupMapper(\"assign_group_to_users\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-group-to-users\",\n group=realm_group.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var realmGroup = new Keycloak.Group(\"realm_group\", new()\n {\n RealmId = realm.Id,\n Name = \"my-group\",\n });\n\n var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper(\"assign_group_to_users\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-group-to-users\",\n Group = realmGroup.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmGroup, err := keycloak.NewGroup(ctx, \"realm_group\", \u0026keycloak.GroupArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedGroupMapper(ctx, \"assign_group_to_users\", \u0026ldap.HardcodedGroupMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-group-to-users\"),\n\t\t\tGroup: realmGroup.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapper;\nimport com.pulumi.keycloak.ldap.HardcodedGroupMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var realmGroup = new Group(\"realmGroup\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"my-group\")\n .build());\n\n var assignGroupToUsers = new HardcodedGroupMapper(\"assignGroupToUsers\", HardcodedGroupMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-group-to-users\")\n .group(realmGroup.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n realmGroup:\n type: keycloak:Group\n name: realm_group\n properties:\n realmId: ${realm.id}\n name: my-group\n assignGroupToUsers:\n type: keycloak:ldap:HardcodedGroupMapper\n name: assign_group_to_users\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-group-to-users\n group: ${realmGroup.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/hardcodedGroupMapper:HardcodedGroupMapper assign_group_to_users my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "group": { "type": "string", @@ -6632,7 +6632,7 @@ } }, "keycloak:ldap/hardcodedRoleMapper:HardcodedRoleMapper": { - "description": "## # keycloak.ldap.HardcodedRoleMapper\n\nThis mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n role: \"admin\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n role=\"admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Role = \"admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assignAdminRoleToAllUsers\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRole: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .role(\"admin\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n role: admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `role` - (Required) The role which should be assigned to the users.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_role_mapper.ldap_hardcoded_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", + "description": "## # keycloak.ldap.HardcodedRoleMapper\n\nThis mapper will grant a specified Keycloak role to each Keycloak user linked with LDAP.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"assign-admin-role-to-all-users\",\n role: \"admin\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nassign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"assign-admin-role-to-all-users\",\n role=\"admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper(\"assign_admin_role_to_all_users\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"assign-admin-role-to-all-users\",\n Role = \"admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewHardcodedRoleMapper(ctx, \"assign_admin_role_to_all_users\", \u0026ldap.HardcodedRoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"assign-admin-role-to-all-users\"),\n\t\t\tRole: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapper;\nimport com.pulumi.keycloak.ldap.HardcodedRoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var assignAdminRoleToAllUsers = new HardcodedRoleMapper(\"assignAdminRoleToAllUsers\", HardcodedRoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"assign-admin-role-to-all-users\")\n .role(\"admin\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n assignAdminRoleToAllUsers:\n type: keycloak:ldap:HardcodedRoleMapper\n name: assign_admin_role_to_all_users\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: assign-admin-role-to-all-users\n role: admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `role` - (Required) The role which should be assigned to the users.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_hardcoded_role_mapper.ldap_hardcoded_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapUserFederationId": { "type": "string", @@ -6710,7 +6710,7 @@ } }, "keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper": { - "description": "Allows for creating and managing MSAD-LDS user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD-LDS, and it can propagate\nAD-LDS user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, \"msadLdsUserAccountControlMapper\", \u0026ldap.MsadLdsUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", MsadLdsUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadLdsUserAccountControlMapper:\n type: keycloak:ldap:MsadLdsUserAccountControlMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", + "description": "Allows for creating and managing MSAD-LDS user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD-LDS (Microsoft Active Directory Lightweight Directory Service) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD-LDS, and it can propagate\nAD-LDS user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"ad\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"msad-lds-user-account-control-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"ad\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"msad-lds-user-account-control-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"ad\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper(\"msad_lds_user_account_control_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"msad-lds-user-account-control-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"ad\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, \"msad_lds_user_account_control_mapper\", \u0026ldap.MsadLdsUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"msad-lds-user-account-control-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadLdsUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"ad\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper(\"msadLdsUserAccountControlMapper\", MsadLdsUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"msad-lds-user-account-control-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: ad\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadLdsUserAccountControlMapper:\n type: keycloak:ldap:MsadLdsUserAccountControlMapper\n name: msad_lds_user_account_control_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: msad-lds-user-account-control-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/msadLdsUserAccountControlMapper:MsadLdsUserAccountControlMapper msad_lds_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "ldapUserFederationId": { "type": "string", @@ -6772,7 +6772,7 @@ } }, "keycloak:ldap/msadUserAccountControlMapper:MsadUserAccountControlMapper": { - "description": "## # keycloak.ldap.MsadUserAccountControlMapper\n\nAllows for creating and managing MSAD user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD (Microsoft Active Directory) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD, and it can propagate\nAD user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://my-ad-server\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"objectGUID\",\n});\nconst msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", {\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://my-ad-server\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"objectGUID\")\nmsad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://my-ad-server\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"objectGUID\",\n });\n\n var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", new()\n {\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadUserAccountControlMapper(ctx, \"msadUserAccountControlMapper\", \u0026ldap.MsadUserAccountControlMapperArgs{\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://my-ad-server\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"objectGUID\")\n .build());\n\n var msadUserAccountControlMapper = new MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", MsadUserAccountControlMapperArgs.builder() \n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://my-ad-server\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: objectGUID\n msadUserAccountControlMapper:\n type: keycloak:ldap:MsadUserAccountControlMapper\n properties:\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_msad_user_account_control_mapper.msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", + "description": "## # keycloak.ldap.MsadUserAccountControlMapper\n\nAllows for creating and managing MSAD user account control mappers for Keycloak\nusers federated via LDAP.\n\nThe MSAD (Microsoft Active Directory) user account control mapper is specific\nto LDAP user federation providers that are pulling from AD, and it can propagate\nAD user state to Keycloak in order to enforce settings like expired passwords\nor disabled accounts.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"ad\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"objectGUID\",\n userObjectClasses: [\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connectionUrl: \"ldap://my-ad-server\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"msad-user-account-control-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"ad\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"objectGUID\",\n user_object_classes=[\n \"person\",\n \"organizationalPerson\",\n \"user\",\n ],\n connection_url=\"ldap://my-ad-server\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nmsad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"msad-user-account-control-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"ad\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"objectGUID\",\n UserObjectClasses = new[]\n {\n \"person\",\n \"organizationalPerson\",\n \"user\",\n },\n ConnectionUrl = \"ldap://my-ad-server\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper(\"msad_user_account_control_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"msad-user-account-control-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"ad\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"objectGUID\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"person\"),\n\t\t\t\tpulumi.String(\"organizationalPerson\"),\n\t\t\t\tpulumi.String(\"user\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://my-ad-server\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewMsadUserAccountControlMapper(ctx, \"msad_user_account_control_mapper\", \u0026ldap.MsadUserAccountControlMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"msad-user-account-control-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapper;\nimport com.pulumi.keycloak.ldap.MsadUserAccountControlMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"ad\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"objectGUID\")\n .userObjectClasses( \n \"person\",\n \"organizationalPerson\",\n \"user\")\n .connectionUrl(\"ldap://my-ad-server\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var msadUserAccountControlMapper = new MsadUserAccountControlMapper(\"msadUserAccountControlMapper\", MsadUserAccountControlMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"msad-user-account-control-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: ad\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: objectGUID\n userObjectClasses:\n - person\n - organizationalPerson\n - user\n connectionUrl: ldap://my-ad-server\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n msadUserAccountControlMapper:\n type: keycloak:ldap:MsadUserAccountControlMapper\n name: msad_user_account_control_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: msad-user-account-control-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `ldap_password_policy_hints_enabled` - (Optional) When `true`, advanced password policies, such as password hints and previous password history will be used when writing new passwords to AD. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_msad_user_account_control_mapper.msad_user_account_control_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "ldapPasswordPolicyHintsEnabled": { "type": "boolean" @@ -6843,7 +6843,7 @@ } }, "keycloak:ldap/roleMapper:RoleMapper": { - "description": "Allows for creating and managing role mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapRoleMapper = new keycloak.ldap.RoleMapper(\"ldapRoleMapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n ldapRolesDn: \"dc=example,dc=org\",\n roleNameLdapAttribute: \"cn\",\n roleObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n userRolesRetrieveStrategy: \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_role_mapper = keycloak.ldap.RoleMapper(\"ldapRoleMapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n ldap_roles_dn=\"dc=example,dc=org\",\n role_name_ldap_attribute=\"cn\",\n role_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n user_roles_retrieve_strategy=\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapRoleMapper = new Keycloak.Ldap.RoleMapper(\"ldapRoleMapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n LdapRolesDn = \"dc=example,dc=org\",\n RoleNameLdapAttribute = \"cn\",\n RoleObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n UserRolesRetrieveStrategy = \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewRoleMapper(ctx, \"ldapRoleMapper\", \u0026ldap.RoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tLdapRolesDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tRoleNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRoleObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUserRolesRetrieveStrategy: pulumi.String(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.RoleMapper;\nimport com.pulumi.keycloak.ldap.RoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapRoleMapper = new RoleMapper(\"ldapRoleMapper\", RoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .ldapRolesDn(\"dc=example,dc=org\")\n .roleNameLdapAttribute(\"cn\")\n .roleObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .userRolesRetrieveStrategy(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapRoleMapper:\n type: keycloak:ldap:RoleMapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n ldapRolesDn: dc=example,dc=org\n roleNameLdapAttribute: cn\n roleObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n userRolesRetrieveStrategy: GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", + "description": "Allows for creating and managing role mappers for Keycloak users federated via LDAP.\n\nThe LDAP group mapper can be used to map an LDAP user's roles from some DN to Keycloak roles.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapRoleMapper = new keycloak.ldap.RoleMapper(\"ldap_role_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"role-mapper\",\n ldapRolesDn: \"dc=example,dc=org\",\n roleNameLdapAttribute: \"cn\",\n roleObjectClasses: [\"groupOfNames\"],\n membershipAttributeType: \"DN\",\n membershipLdapAttribute: \"member\",\n membershipUserLdapAttribute: \"cn\",\n userRolesRetrieveStrategy: \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberofLdapAttribute: \"memberOf\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_role_mapper = keycloak.ldap.RoleMapper(\"ldap_role_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"role-mapper\",\n ldap_roles_dn=\"dc=example,dc=org\",\n role_name_ldap_attribute=\"cn\",\n role_object_classes=[\"groupOfNames\"],\n membership_attribute_type=\"DN\",\n membership_ldap_attribute=\"member\",\n membership_user_ldap_attribute=\"cn\",\n user_roles_retrieve_strategy=\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n memberof_ldap_attribute=\"memberOf\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapRoleMapper = new Keycloak.Ldap.RoleMapper(\"ldap_role_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"role-mapper\",\n LdapRolesDn = \"dc=example,dc=org\",\n RoleNameLdapAttribute = \"cn\",\n RoleObjectClasses = new[]\n {\n \"groupOfNames\",\n },\n MembershipAttributeType = \"DN\",\n MembershipLdapAttribute = \"member\",\n MembershipUserLdapAttribute = \"cn\",\n UserRolesRetrieveStrategy = \"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\",\n MemberofLdapAttribute = \"memberOf\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewRoleMapper(ctx, \"ldap_role_mapper\", \u0026ldap.RoleMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"role-mapper\"),\n\t\t\tLdapRolesDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tRoleNameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRoleObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"groupOfNames\"),\n\t\t\t},\n\t\t\tMembershipAttributeType: pulumi.String(\"DN\"),\n\t\t\tMembershipLdapAttribute: pulumi.String(\"member\"),\n\t\t\tMembershipUserLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUserRolesRetrieveStrategy: pulumi.String(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\"),\n\t\t\tMemberofLdapAttribute: pulumi.String(\"memberOf\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.RoleMapper;\nimport com.pulumi.keycloak.ldap.RoleMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapRoleMapper = new RoleMapper(\"ldapRoleMapper\", RoleMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"role-mapper\")\n .ldapRolesDn(\"dc=example,dc=org\")\n .roleNameLdapAttribute(\"cn\")\n .roleObjectClasses(\"groupOfNames\")\n .membershipAttributeType(\"DN\")\n .membershipLdapAttribute(\"member\")\n .membershipUserLdapAttribute(\"cn\")\n .userRolesRetrieveStrategy(\"GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\")\n .memberofLdapAttribute(\"memberOf\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapRoleMapper:\n type: keycloak:ldap:RoleMapper\n name: ldap_role_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: role-mapper\n ldapRolesDn: dc=example,dc=org\n roleNameLdapAttribute: cn\n roleObjectClasses:\n - groupOfNames\n membershipAttributeType: DN\n membershipLdapAttribute: member\n membershipUserLdapAttribute: cn\n userRolesRetrieveStrategy: GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE\n memberofLdapAttribute: memberOf\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\n\nThe ID of the LDAP user federation provider and the mapper can be found within the Keycloak GUI, and they are typically GUIDs.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:ldap/roleMapper:RoleMapper ldap_role_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n\n", "properties": { "clientId": { "type": "string", @@ -7068,7 +7068,7 @@ } }, "keycloak:ldap/userAttributeMapper:UserAttributeMapper": { - "description": "## # keycloak.ldap.UserAttributeMapper\n\nAllows for creating and managing user attribute mappers for Keycloak users\nfederated via LDAP.\n\nThe LDAP user attribute mapper can be used to map a single LDAP attribute\nto an attribute on the Keycloak user model.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionUrl: \"ldap://openldap\",\n rdnLdapAttribute: \"cn\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\nconst ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", {\n ldapAttribute: \"bar\",\n ldapUserFederationId: ldapUserFederation.id,\n realmId: realm.id,\n userModelAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_url=\"ldap://openldap\",\n rdn_ldap_attribute=\"cn\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\nldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper(\"ldapUserAttributeMapper\",\n ldap_attribute=\"bar\",\n ldap_user_federation_id=ldap_user_federation.id,\n realm_id=realm.id,\n user_model_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionUrl = \"ldap://openldap\",\n RdnLdapAttribute = \"cn\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper(\"ldapUserAttributeMapper\", new()\n {\n LdapAttribute = \"bar\",\n LdapUserFederationId = ldapUserFederation.Id,\n RealmId = realm.Id,\n UserModelAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserAttributeMapper(ctx, \"ldapUserAttributeMapper\", \u0026ldap.UserAttributeMapperArgs{\n\t\t\tLdapAttribute: pulumi.String(\"bar\"),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserModelAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.UserAttributeMapper;\nimport com.pulumi.keycloak.ldap.UserAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionUrl(\"ldap://openldap\")\n .rdnLdapAttribute(\"cn\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n var ldapUserAttributeMapper = new UserAttributeMapper(\"ldapUserAttributeMapper\", UserAttributeMapperArgs.builder() \n .ldapAttribute(\"bar\")\n .ldapUserFederationId(ldapUserFederation.id())\n .realmId(realm.id())\n .userModelAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionUrl: ldap://openldap\n rdnLdapAttribute: cn\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n ldapUserAttributeMapper:\n type: keycloak:ldap:UserAttributeMapper\n properties:\n ldapAttribute: bar\n ldapUserFederationId: ${ldapUserFederation.id}\n realmId: ${realm.id}\n userModelAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into.\n- `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object.\n- `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n- `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n- `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_user_attribute_mapper.ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", + "description": "## # keycloak.ldap.UserAttributeMapper\n\nAllows for creating and managing user attribute mappers for Keycloak users\nfederated via LDAP.\n\nThe LDAP user attribute mapper can be used to map a single LDAP attribute\nto an attribute on the Keycloak user model.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n});\nconst ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\", {\n realmId: realm.id,\n ldapUserFederationId: ldapUserFederation.id,\n name: \"user-attribute-mapper\",\n userModelAttribute: \"foo\",\n ldapAttribute: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\")\nldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\",\n realm_id=realm.id,\n ldap_user_federation_id=ldap_user_federation.id,\n name=\"user-attribute-mapper\",\n user_model_attribute=\"foo\",\n ldap_attribute=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n });\n\n var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper(\"ldap_user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n LdapUserFederationId = ldapUserFederation.Id,\n Name = \"user-attribute-mapper\",\n UserModelAttribute = \"foo\",\n LdapAttribute = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tldapUserFederation, err := ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserAttributeMapper(ctx, \"ldap_user_attribute_mapper\", \u0026ldap.UserAttributeMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tLdapUserFederationId: ldapUserFederation.ID(),\n\t\t\tName: pulumi.String(\"user-attribute-mapper\"),\n\t\t\tUserModelAttribute: pulumi.String(\"foo\"),\n\t\t\tLdapAttribute: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport com.pulumi.keycloak.ldap.UserAttributeMapper;\nimport com.pulumi.keycloak.ldap.UserAttributeMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .build());\n\n var ldapUserAttributeMapper = new UserAttributeMapper(\"ldapUserAttributeMapper\", UserAttributeMapperArgs.builder() \n .realmId(realm.id())\n .ldapUserFederationId(ldapUserFederation.id())\n .name(\"user-attribute-mapper\")\n .userModelAttribute(\"foo\")\n .ldapAttribute(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n ldapUserAttributeMapper:\n type: keycloak:ldap:UserAttributeMapper\n name: ldap_user_attribute_mapper\n properties:\n realmId: ${realm.id}\n ldapUserFederationId: ${ldapUserFederation.id}\n name: user-attribute-mapper\n userModelAttribute: foo\n ldapAttribute: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this LDAP mapper will exist in.\n- `ldap_user_federation_id` - (Required) The ID of the LDAP user federation provider to attach this mapper to.\n- `name` - (Required) Display name of this mapper when displayed in the console.\n- `user_model_attribute` - (Required) Name of the user property or attribute you want to map the LDAP attribute into.\n- `ldap_attribute` - (Required) Name of the mapped attribute on the LDAP object.\n- `read_only` - (Optional) When `true`, this attribute is not saved back to LDAP when the user attribute is updated in Keycloak. Defaults to `false`.\n- `always_read_value_from_ldap` - (Optional) When `true`, the value fetched from LDAP will override the value stored in Keycloak. Defaults to `false`.\n- `is_mandatory_in_ldap` - (Optional) When `true`, this attribute must exist in LDAP. Defaults to `false`.\n\n### Import\n\nLDAP mappers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}/{{ldap_mapper_id}}`.\nThe ID of the LDAP user federation provider and the mapper can be found within\nthe Keycloak GUI, and they are typically GUIDs:\n\n```bash\n$ terraform import keycloak_ldap_user_attribute_mapper.ldap_user_attribute_mapper my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860/3d923ece-1a91-4bf7-adaf-3b82f2a12b67\n```\n", "properties": { "alwaysReadValueFromLdap": { "type": "boolean", @@ -7218,7 +7218,7 @@ } }, "keycloak:ldap/userFederation:UserFederation": { - "description": "## # keycloak.ldap.UserFederation\n\nAllows for creating and managing LDAP user federation providers within Keycloak.\n\nKeycloak can use an LDAP user federation provider to federate users to Keycloak\nfrom a directory system such as LDAP or Active Directory. Federated users\nwill exist within the realm and will be able to log in to clients. Federated\nusers can have their attributes defined using mappers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"test\",\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldapUserFederation\", {\n bindCredential: \"admin\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n connectionTimeout: \"5s\",\n connectionUrl: \"ldap://openldap\",\n enabled: true,\n rdnLdapAttribute: \"cn\",\n readTimeout: \"10s\",\n realmId: realm.id,\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n usernameLdapAttribute: \"cn\",\n usersDn: \"dc=example,dc=org\",\n uuidLdapAttribute: \"entryDN\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"test\")\nldap_user_federation = keycloak.ldap.UserFederation(\"ldapUserFederation\",\n bind_credential=\"admin\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n connection_timeout=\"5s\",\n connection_url=\"ldap://openldap\",\n enabled=True,\n rdn_ldap_attribute=\"cn\",\n read_timeout=\"10s\",\n realm_id=realm.id,\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n username_ldap_attribute=\"cn\",\n users_dn=\"dc=example,dc=org\",\n uuid_ldap_attribute=\"entryDN\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"test\",\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldapUserFederation\", new()\n {\n BindCredential = \"admin\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n ConnectionTimeout = \"5s\",\n ConnectionUrl = \"ldap://openldap\",\n Enabled = true,\n RdnLdapAttribute = \"cn\",\n ReadTimeout = \"10s\",\n RealmId = realm.Id,\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n UsernameLdapAttribute = \"cn\",\n UsersDn = \"dc=example,dc=org\",\n UuidLdapAttribute = \"entryDN\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldapUserFederation\", \u0026ldap.UserFederationArgs{\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tConnectionTimeout: pulumi.String(\"5s\"),\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tReadTimeout: pulumi.String(\"10s\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"test\")\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .bindCredential(\"admin\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .connectionTimeout(\"5s\")\n .connectionUrl(\"ldap://openldap\")\n .enabled(true)\n .rdnLdapAttribute(\"cn\")\n .readTimeout(\"10s\")\n .realmId(realm.id())\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .usernameLdapAttribute(\"cn\")\n .usersDn(\"dc=example,dc=org\")\n .uuidLdapAttribute(\"entryDN\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: test\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n properties:\n bindCredential: admin\n bindDn: cn=admin,dc=example,dc=org\n connectionTimeout: 5s\n connectionUrl: ldap://openldap\n enabled: true\n rdnLdapAttribute: cn\n readTimeout: 10s\n realmId: ${realm.id}\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n usernameLdapAttribute: cn\n usersDn: dc=example,dc=org\n uuidLdapAttribute: entryDN\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n- `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n- `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n- `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`.\n- `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username.\n- `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name.\n- `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n- `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n- `connection_url` - (Required) Connection URL to the LDAP server.\n- `users_dn` - (Required) Full DN of LDAP tree where your users are.\n- `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n- `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n- `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n- `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`:\n - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.\n - `SUBTREE`: Search entire LDAP subtree.\n- `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it.\n- `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n - `ALWAYS` - Always use the truststore SPI for LDAP connections.\n - `NEVER` - Never use the truststore SPI for LDAP connections.\n - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n- `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n- `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`.\n- `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n- `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nLDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`.\nThe ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_ldap_user_federation.ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", + "description": "## # keycloak.ldap.UserFederation\n\nAllows for creating and managing LDAP user federation providers within Keycloak.\n\nKeycloak can use an LDAP user federation provider to federate users to Keycloak\nfrom a directory system such as LDAP or Active Directory. Federated users\nwill exist within the realm and will be able to log in to clients. Federated\nusers can have their attributes defined using mappers.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"test\",\n enabled: true,\n});\nconst ldapUserFederation = new keycloak.ldap.UserFederation(\"ldap_user_federation\", {\n name: \"openldap\",\n realmId: realm.id,\n enabled: true,\n usernameLdapAttribute: \"cn\",\n rdnLdapAttribute: \"cn\",\n uuidLdapAttribute: \"entryDN\",\n userObjectClasses: [\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connectionUrl: \"ldap://openldap\",\n usersDn: \"dc=example,dc=org\",\n bindDn: \"cn=admin,dc=example,dc=org\",\n bindCredential: \"admin\",\n connectionTimeout: \"5s\",\n readTimeout: \"10s\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"test\",\n enabled=True)\nldap_user_federation = keycloak.ldap.UserFederation(\"ldap_user_federation\",\n name=\"openldap\",\n realm_id=realm.id,\n enabled=True,\n username_ldap_attribute=\"cn\",\n rdn_ldap_attribute=\"cn\",\n uuid_ldap_attribute=\"entryDN\",\n user_object_classes=[\n \"simpleSecurityObject\",\n \"organizationalRole\",\n ],\n connection_url=\"ldap://openldap\",\n users_dn=\"dc=example,dc=org\",\n bind_dn=\"cn=admin,dc=example,dc=org\",\n bind_credential=\"admin\",\n connection_timeout=\"5s\",\n read_timeout=\"10s\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"test\",\n Enabled = true,\n });\n\n var ldapUserFederation = new Keycloak.Ldap.UserFederation(\"ldap_user_federation\", new()\n {\n Name = \"openldap\",\n RealmId = realm.Id,\n Enabled = true,\n UsernameLdapAttribute = \"cn\",\n RdnLdapAttribute = \"cn\",\n UuidLdapAttribute = \"entryDN\",\n UserObjectClasses = new[]\n {\n \"simpleSecurityObject\",\n \"organizationalRole\",\n },\n ConnectionUrl = \"ldap://openldap\",\n UsersDn = \"dc=example,dc=org\",\n BindDn = \"cn=admin,dc=example,dc=org\",\n BindCredential = \"admin\",\n ConnectionTimeout = \"5s\",\n ReadTimeout = \"10s\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/ldap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"test\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = ldap.NewUserFederation(ctx, \"ldap_user_federation\", \u0026ldap.UserFederationArgs{\n\t\t\tName: pulumi.String(\"openldap\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tUsernameLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tRdnLdapAttribute: pulumi.String(\"cn\"),\n\t\t\tUuidLdapAttribute: pulumi.String(\"entryDN\"),\n\t\t\tUserObjectClasses: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"simpleSecurityObject\"),\n\t\t\t\tpulumi.String(\"organizationalRole\"),\n\t\t\t},\n\t\t\tConnectionUrl: pulumi.String(\"ldap://openldap\"),\n\t\t\tUsersDn: pulumi.String(\"dc=example,dc=org\"),\n\t\t\tBindDn: pulumi.String(\"cn=admin,dc=example,dc=org\"),\n\t\t\tBindCredential: pulumi.String(\"admin\"),\n\t\t\tConnectionTimeout: pulumi.String(\"5s\"),\n\t\t\tReadTimeout: pulumi.String(\"10s\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.ldap.UserFederation;\nimport com.pulumi.keycloak.ldap.UserFederationArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"test\")\n .enabled(true)\n .build());\n\n var ldapUserFederation = new UserFederation(\"ldapUserFederation\", UserFederationArgs.builder() \n .name(\"openldap\")\n .realmId(realm.id())\n .enabled(true)\n .usernameLdapAttribute(\"cn\")\n .rdnLdapAttribute(\"cn\")\n .uuidLdapAttribute(\"entryDN\")\n .userObjectClasses( \n \"simpleSecurityObject\",\n \"organizationalRole\")\n .connectionUrl(\"ldap://openldap\")\n .usersDn(\"dc=example,dc=org\")\n .bindDn(\"cn=admin,dc=example,dc=org\")\n .bindCredential(\"admin\")\n .connectionTimeout(\"5s\")\n .readTimeout(\"10s\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: test\n enabled: true\n ldapUserFederation:\n type: keycloak:ldap:UserFederation\n name: ldap_user_federation\n properties:\n name: openldap\n realmId: ${realm.id}\n enabled: true\n usernameLdapAttribute: cn\n rdnLdapAttribute: cn\n uuidLdapAttribute: entryDN\n userObjectClasses:\n - simpleSecurityObject\n - organizationalRole\n connectionUrl: ldap://openldap\n usersDn: dc=example,dc=org\n bindDn: cn=admin,dc=example,dc=org\n bindCredential: admin\n connectionTimeout: 5s\n readTimeout: 10s\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm that this provider will provide user federation for.\n- `name` - (Required) Display name of the provider when displayed in the console.\n- `enabled` - (Optional) When `false`, this provider will not be used when performing queries for users. Defaults to `true`.\n- `priority` - (Optional) Priority of this provider when looking up users. Lower values are first. Defaults to `0`.\n- `import_enabled` - (Optional) When `true`, LDAP users will be imported into the Keycloak database. Defaults to `true`.\n- `edit_mode` - (Optional) Can be one of `READ_ONLY`, `WRITABLE`, or `UNSYNCED`. `UNSYNCED` allows user data to be imported but not synced back to LDAP. Defaults to `READ_ONLY`.\n- `sync_registrations` - (Optional) When `true`, newly created users will be synced back to LDAP. Defaults to `false`.\n- `vendor` - (Optional) Can be one of `OTHER`, `EDIRECTORY`, `AD`, `RHDS`, or `TIVOLI`. When this is selected in the GUI, it provides reasonable defaults for other fields. When used with the Keycloak API, this attribute does nothing, but is still required. Defaults to `OPTIONAL`.\n- `username_ldap_attribute` - (Required) Name of the LDAP attribute to use as the Keycloak username.\n- `rdn_ldap_attribute` - (Required) Name of the LDAP attribute to use as the relative distinguished name.\n- `uuid_ldap_attribute` - (Required) Name of the LDAP attribute to use as a unique object identifier for objects in LDAP.\n- `user_object_classes` - (Required) Array of all values of LDAP objectClass attribute for users in LDAP. Must contain at least one.\n- `connection_url` - (Required) Connection URL to the LDAP server.\n- `users_dn` - (Required) Full DN of LDAP tree where your users are.\n- `bind_dn` - (Optional) DN of LDAP admin, which will be used by Keycloak to access LDAP server. This attribute must be set if `bind_credential` is set.\n- `bind_credential` - (Optional) Password of LDAP admin. This attribute must be set if `bind_dn` is set.\n- `custom_user_search_filter` - (Optional) Additional LDAP filter for filtering searched users. Must begin with `(` and end with `)`.\n- `search_scope` - (Optional) Can be one of `ONE_LEVEL` or `SUBTREE`:\n - `ONE_LEVEL`: Only search for users in the DN specified by `user_dn`.\n - `SUBTREE`: Search entire LDAP subtree.\n- `validate_password_policy` - (Optional) When `true`, Keycloak will validate passwords using the realm policy before updating it.\n- `use_truststore_spi` - (Optional) Can be one of `ALWAYS`, `ONLY_FOR_LDAPS`, or `NEVER`:\n - `ALWAYS` - Always use the truststore SPI for LDAP connections.\n - `NEVER` - Never use the truststore SPI for LDAP connections.\n - `ONLY_FOR_LDAPS` - Only use the truststore SPI if your LDAP connection uses the ldaps protocol.\n- `connection_timeout` - (Optional) LDAP connection timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `read_timeout` - (Optional) LDAP read timeout in the format of a [Go duration string](https://golang.org/pkg/time/#Duration.String).\n- `pagination` - (Optional) When true, Keycloak assumes the LDAP server supports pagination. Defaults to `true`.\n- `batch_size_for_sync` - (Optional) The number of users to sync within a single transaction. Defaults to `1000`.\n- `full_sync_period` - (Optional) How frequently Keycloak should sync all LDAP users, in seconds. Omit this property to disable periodic full sync.\n- `changed_sync_period` - (Optional) How frequently Keycloak should sync changed LDAP users, in seconds. Omit this property to disable periodic changed users sync.\n- `cache_policy` - (Optional) Can be one of `DEFAULT`, `EVICT_DAILY`, `EVICT_WEEKLY`, `MAX_LIFESPAN`, or `NO_CACHE`. Defaults to `DEFAULT`.\n\n### Import\n\nLDAP user federation providers can be imported using the format `{{realm_id}}/{{ldap_user_federation_id}}`.\nThe ID of the LDAP user federation provider can be found within the Keycloak GUI and is typically a GUID:\n\n```bash\n$ terraform import keycloak_ldap_user_federation.ldap_user_federation my-realm/af2a6ca3-e4d7-49c3-b08b-1b3c70b4b860\n```\n", "properties": { "batchSizeForSync": { "type": "integer", @@ -7647,7 +7647,7 @@ } }, "keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider": { - "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst google = new keycloak.oidc.GoogleIdentityProvider(\"google\", {\n realm: realm.id,\n clientId: _var.google_identity_provider_client_id,\n clientSecret: _var.google_identity_provider_client_secret,\n trustEmail: true,\n hostedDomain: \"example.com\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngoogle = keycloak.oidc.GoogleIdentityProvider(\"google\",\n realm=realm.id,\n client_id=var[\"google_identity_provider_client_id\"],\n client_secret=var[\"google_identity_provider_client_secret\"],\n trust_email=True,\n hosted_domain=\"example.com\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var google = new Keycloak.Oidc.GoogleIdentityProvider(\"google\", new()\n {\n Realm = realm.Id,\n ClientId = @var.Google_identity_provider_client_id,\n ClientSecret = @var.Google_identity_provider_client_secret,\n TrustEmail = true,\n HostedDomain = \"example.com\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGoogleIdentityProvider(ctx, \"google\", \u0026oidc.GoogleIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(_var.Google_identity_provider_client_id),\n\t\t\tClientSecret: pulumi.Any(_var.Google_identity_provider_client_secret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tHostedDomain: pulumi.String(\"example.com\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"myCustomConfigKey\": pulumi.Any(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProvider;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var google = new GoogleIdentityProvider(\"google\", GoogleIdentityProviderArgs.builder() \n .realm(realm.id())\n .clientId(var_.google_identity_provider_client_id())\n .clientSecret(var_.google_identity_provider_client_secret())\n .trustEmail(true)\n .hostedDomain(\"example.com\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n google:\n type: keycloak:oidc:GoogleIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${var.google_identity_provider_client_id}\n clientSecret: ${var.google_identity_provider_client_secret}\n trustEmail: true\n hostedDomain: example.com\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogle Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp\n```\n\n", + "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst google = new keycloak.oidc.GoogleIdentityProvider(\"google\", {\n realm: realm.id,\n clientId: googleIdentityProviderClientId,\n clientSecret: googleIdentityProviderClientSecret,\n trustEmail: true,\n hostedDomain: \"example.com\",\n syncMode: \"IMPORT\",\n extraConfig: {\n myCustomConfigKey: \"myValue\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\ngoogle = keycloak.oidc.GoogleIdentityProvider(\"google\",\n realm=realm.id,\n client_id=google_identity_provider_client_id,\n client_secret=google_identity_provider_client_secret,\n trust_email=True,\n hosted_domain=\"example.com\",\n sync_mode=\"IMPORT\",\n extra_config={\n \"myCustomConfigKey\": \"myValue\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var google = new Keycloak.Oidc.GoogleIdentityProvider(\"google\", new()\n {\n Realm = realm.Id,\n ClientId = googleIdentityProviderClientId,\n ClientSecret = googleIdentityProviderClientSecret,\n TrustEmail = true,\n HostedDomain = \"example.com\",\n SyncMode = \"IMPORT\",\n ExtraConfig = \n {\n { \"myCustomConfigKey\", \"myValue\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewGoogleIdentityProvider(ctx, \"google\", \u0026oidc.GoogleIdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tClientId: pulumi.Any(googleIdentityProviderClientId),\n\t\t\tClientSecret: pulumi.Any(googleIdentityProviderClientSecret),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tHostedDomain: pulumi.String(\"example.com\"),\n\t\t\tSyncMode: pulumi.String(\"IMPORT\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"myCustomConfigKey\": pulumi.Any(\"myValue\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProvider;\nimport com.pulumi.keycloak.oidc.GoogleIdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var google = new GoogleIdentityProvider(\"google\", GoogleIdentityProviderArgs.builder() \n .realm(realm.id())\n .clientId(googleIdentityProviderClientId)\n .clientSecret(googleIdentityProviderClientSecret)\n .trustEmail(true)\n .hostedDomain(\"example.com\")\n .syncMode(\"IMPORT\")\n .extraConfig(Map.of(\"myCustomConfigKey\", \"myValue\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n google:\n type: keycloak:oidc:GoogleIdentityProvider\n properties:\n realm: ${realm.id}\n clientId: ${googleIdentityProviderClientId}\n clientSecret: ${googleIdentityProviderClientSecret}\n trustEmail: true\n hostedDomain: example.com\n syncMode: IMPORT\n extraConfig:\n myCustomConfigKey: myValue\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nGoogle Identity providers can be imported using the format {{realm_id}}/{{idp_alias}}, where idp_alias is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/googleIdentityProvider:GoogleIdentityProvider google_identity_provider my-realm/my-google-idp\n```\n\n", "properties": { "acceptsPromptNoneForwardFromClient": { "type": "boolean", @@ -7974,7 +7974,7 @@ } }, "keycloak:oidc/identityProvider:IdentityProvider": { - "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realmIdentityProvider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n extraConfig: {\n clientAuthMethod: \"client_secret_post\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realmIdentityProvider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n extra_config={\n \"clientAuthMethod\": \"client_secret_post\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realmIdentityProvider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n ExtraConfig = \n {\n { \"clientAuthMethod\", \"client_secret_post\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realmIdentityProvider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"clientAuthMethod\": pulumi.Any(\"client_secret_post\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .extraConfig(Map.of(\"clientAuthMethod\", \"client_secret_post\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n extraConfig:\n clientAuthMethod: client_secret_post\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp\n```\n\n", + "description": "Allows for creating and managing OIDC Identity Providers within Keycloak.\n\nOIDC (OpenID Connect) identity providers allows users to authenticate through a third party system using the OIDC standard.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmIdentityProvider = new keycloak.oidc.IdentityProvider(\"realm_identity_provider\", {\n realm: realm.id,\n alias: \"my-idp\",\n authorizationUrl: \"https://authorizationurl.com\",\n clientId: \"clientID\",\n clientSecret: \"clientSecret\",\n tokenUrl: \"https://tokenurl.com\",\n extraConfig: {\n clientAuthMethod: \"client_secret_post\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_identity_provider = keycloak.oidc.IdentityProvider(\"realm_identity_provider\",\n realm=realm.id,\n alias=\"my-idp\",\n authorization_url=\"https://authorizationurl.com\",\n client_id=\"clientID\",\n client_secret=\"clientSecret\",\n token_url=\"https://tokenurl.com\",\n extra_config={\n \"clientAuthMethod\": \"client_secret_post\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider(\"realm_identity_provider\", new()\n {\n Realm = realm.Id,\n Alias = \"my-idp\",\n AuthorizationUrl = \"https://authorizationurl.com\",\n ClientId = \"clientID\",\n ClientSecret = \"clientSecret\",\n TokenUrl = \"https://tokenurl.com\",\n ExtraConfig = \n {\n { \"clientAuthMethod\", \"client_secret_post\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/oidc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = oidc.NewIdentityProvider(ctx, \"realm_identity_provider\", \u0026oidc.IdentityProviderArgs{\n\t\t\tRealm: realm.ID(),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tAuthorizationUrl: pulumi.String(\"https://authorizationurl.com\"),\n\t\t\tClientId: pulumi.String(\"clientID\"),\n\t\t\tClientSecret: pulumi.String(\"clientSecret\"),\n\t\t\tTokenUrl: pulumi.String(\"https://tokenurl.com\"),\n\t\t\tExtraConfig: pulumi.Map{\n\t\t\t\t\"clientAuthMethod\": pulumi.Any(\"client_secret_post\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.oidc.IdentityProvider;\nimport com.pulumi.keycloak.oidc.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .realm(realm.id())\n .alias(\"my-idp\")\n .authorizationUrl(\"https://authorizationurl.com\")\n .clientId(\"clientID\")\n .clientSecret(\"clientSecret\")\n .tokenUrl(\"https://tokenurl.com\")\n .extraConfig(Map.of(\"clientAuthMethod\", \"client_secret_post\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmIdentityProvider:\n type: keycloak:oidc:IdentityProvider\n name: realm_identity_provider\n properties:\n realm: ${realm.id}\n alias: my-idp\n authorizationUrl: https://authorizationurl.com\n clientId: clientID\n clientSecret: clientSecret\n tokenUrl: https://tokenurl.com\n extraConfig:\n clientAuthMethod: client_secret_post\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:oidc/identityProvider:IdentityProvider realm_identity_provider my-realm/my-idp\n```\n\n", "properties": { "acceptsPromptNoneForwardFromClient": { "type": "boolean", @@ -8399,7 +8399,7 @@ } }, "keycloak:openid/audienceProtocolMapper:AudienceProtocolMapper": { - "description": "## # keycloak.openid.AudienceProtocolMapper\n\nAllows for creating and managing audience protocol mappers within\nKeycloak. This mapper was added in Keycloak v4.6.0.Final.\n\nAudience protocol mappers allow you add audiences to the `aud` claim\nwithin issued tokens. The audience can be a custom string, or it can be\nmapped to the ID of a pre-existing client.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n clientId: openidClient.id,\n includedCustomAudience: \"foo\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n client_id=openid_client.id,\n included_custom_audience=\"foo\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n ClientId = openidClient.Id,\n IncludedCustomAudience = \"foo\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .includedCustomAudience(\"foo\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n clientId: ${openidClient.id}\n includedCustomAudience: foo\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n clientScopeId: clientScope.id,\n includedCustomAudience: \"foo\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n client_scope_id=client_scope.id,\n included_custom_audience=\"foo\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n IncludedCustomAudience = \"foo\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .includedCustomAudience(\"foo\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n includedCustomAudience: foo\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim.\n- `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim.\n- `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.AudienceProtocolMapper\n\nAllows for creating and managing audience protocol mappers within\nKeycloak. This mapper was added in Keycloak v4.6.0.Final.\n\nAudience protocol mappers allow you add audiences to the `aud` claim\nwithin issued tokens. The audience can be a custom string, or it can be\nmapped to the ID of a pre-existing client.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: audience-mapper\n includedCustomAudience: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `included_client_audience` - (Required if `included_custom_audience` is not specified) A client ID to include within the token's `aud` claim.\n- `included_custom_audience` - (Required if `included_client_audience` is not specified) A custom audience to include within the token's `aud` claim.\n- `add_to_id_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the audience should be included in the `aud` claim for the id token. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_audience_protocol_mapper.audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -8521,7 +8521,7 @@ } }, "keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper": { - "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"my-audience-resolve-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"my-audience-resolve-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"my-audience-resolve-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"my-audience-resolve-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"my-audience-resolve-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: my-audience-resolve-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMapper:AudienceResolveProtocolMapper audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -8602,7 +8602,7 @@ ] }, "keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter": { - "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_id=openid_client.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating the \"Audience Resolve\" OIDC protocol mapper within Keycloak.\n\nThis protocol mapper is useful to avoid manual management of audiences, instead relying on the presence of client roles\nto imply which audiences are appropriate for the token. See the\n[Keycloak docs](https://www.keycloak.org/docs/latest/server_admin/#_audience_resolve) for more details.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"my-audience-resolve-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\naudience_mapper = keycloak.openid.AudienceResolveProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"my-audience-resolve-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"my-audience-resolve-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceResolveProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceResolveProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"my-audience-resolve-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceResolveProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var audienceMapper = new AudienceResolveProtocolMapper(\"audienceMapper\", AudienceResolveProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"my-audience-resolve-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n audienceMapper:\n type: keycloak:openid:AudienceResolveProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: my-audience-resolve-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/audienceResolveProtocolMappter:AudienceResolveProtocolMappter audience_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -8679,7 +8679,7 @@ "deprecationMessage": "keycloak.openid/audienceresolveprotocolmappter.AudienceResolveProtocolMappter has been deprecated in favor of keycloak.openid/audienceresolveprotocolmapper.AudienceResolveProtocolMapper" }, "keycloak:openid/client:Client": { - "description": "## # keycloak.openid.Client\n\nAllows for creating and managing Keycloak clients that use the OpenID Connect protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client is attached to.\n- `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n- `name` - (Optional) The display name of this client in the GUI.\n- `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n- `description` - (Optional) The description of this client in the GUI.\n- `access_type` - (Required) Specifies the type of client, which can be one of the following:\n - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\n This client should be used for applications using the Authorization Code or Client Credentials grant flows.\n - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\n URIs for security. This client should be used for applications using the Implicit grant flow.\n - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n- `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and\nshould be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.\n- `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n- `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n- `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n- `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n- `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n- `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins.\n- `admin_url` - (Optional) URL to the admin interface of the client.\n- `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.\n- `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n- `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", + "description": "## # keycloak.openid.Client\n\nAllows for creating and managing Keycloak clients that use the OpenID Connect protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client is attached to.\n- `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n- `name` - (Optional) The display name of this client in the GUI.\n- `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n- `description` - (Optional) The description of this client in the GUI.\n- `access_type` - (Required) Specifies the type of client, which can be one of the following:\n - `CONFIDENTIAL` - Used for server-side clients that require both client ID and secret when authenticating.\n This client should be used for applications using the Authorization Code or Client Credentials grant flows.\n - `PUBLIC` - Used for browser-only applications that do not require a client secret, and instead rely only on authorized redirect\n URIs for security. This client should be used for applications using the Implicit grant flow.\n - `BEARER-ONLY` - Used for services that never initiate a login. This client will only allow bearer token requests.\n- `client_secret` - (Optional) The secret for clients with an `access_type` of `CONFIDENTIAL` or `BEARER-ONLY`. This value is sensitive and\nshould be treated with the same care as a password. If omitted, Keycloak will generate a GUID for this attribute.\n- `standard_flow_enabled` - (Optional) When `true`, the OAuth2 Authorization Code Grant will be enabled for this client. Defaults to `false`.\n- `implicit_flow_enabled` - (Optional) When `true`, the OAuth2 Implicit Grant will be enabled for this client. Defaults to `false`.\n- `direct_access_grants_enabled` - (Optional) When `true`, the OAuth2 Resource Owner Password Grant will be enabled for this client. Defaults to `false`.\n- `service_accounts_enabled` - (Optional) When `true`, the OAuth2 Client Credentials grant will be enabled for this client. Defaults to `false`.\n- `valid_redirect_uris` - (Optional) A list of valid URIs a browser is permitted to redirect to after a successful login or logout. Simple\nwildcards in the form of an asterisk can be used here. This attribute must be set if either `standard_flow_enabled` or `implicit_flow_enabled`\nis set to `true`.\n- `web_origins` - (Optional) A list of allowed CORS origins. `+` can be used to permit all valid redirect URIs, and `*` can be used to permit all origins.\n- `admin_url` - (Optional) URL to the admin interface of the client.\n- `base_url` - (Optional) Default URL to use when the auth server needs to redirect or link back to the client.\n- `pkce_code_challenge_method` - (Optional) The challenge method to use for Proof Key for Code Exchange. Can be either `plain` or `S256` or set to empty value ``.\n- `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token.\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `service_account_user_id` - When service accounts are enabled for this client, this attribute is the unique ID for the Keycloak user that represents this service account.\n\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client.openid_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", "properties": { "accessTokenLifespan": { "type": "string" @@ -9630,7 +9630,7 @@ } }, "keycloak:openid/clientDefaultScopes:ClientDefaultScopes": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\", {\n clientId: client.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.openid.ClientDefaultScopes(\"clientDefaultScopes\",\n client_id=client.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes(\"clientDefaultScopes\", new()\n {\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientDefaultScopes(ctx, \"clientDefaultScopes\", \u0026openid.ClientDefaultScopesArgs{\n\t\t\tClientId: client.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientDefaultScopes;\nimport com.pulumi.keycloak.openid.ClientDefaultScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScopes(\"clientDefaultScopes\", ClientDefaultScopesArgs.builder() \n .clientId(client.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:openid:ClientDefaultScopes\n properties:\n clientId: ${client.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `default_scopes` - (Required) An array of client scope names to attach to this client.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst clientDefaultScopes = new keycloak.openid.ClientDefaultScopes(\"client_default_scopes\", {\n realmId: realm.id,\n clientId: client.id,\n defaultScopes: [\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nclient_default_scopes = keycloak.openid.ClientDefaultScopes(\"client_default_scopes\",\n realm_id=realm.id,\n client_id=client.id,\n default_scopes=[\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes(\"client_default_scopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n DefaultScopes = new[]\n {\n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientDefaultScopes(ctx, \"client_default_scopes\", \u0026openid.ClientDefaultScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"profile\"),\n\t\t\t\tpulumi.String(\"email\"),\n\t\t\t\tpulumi.String(\"roles\"),\n\t\t\t\tpulumi.String(\"web-origins\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientDefaultScopes;\nimport com.pulumi.keycloak.openid.ClientDefaultScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var clientDefaultScopes = new ClientDefaultScopes(\"clientDefaultScopes\", ClientDefaultScopesArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .defaultScopes( \n \"profile\",\n \"email\",\n \"roles\",\n \"web-origins\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n clientDefaultScopes:\n type: keycloak:openid:ClientDefaultScopes\n name: client_default_scopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n defaultScopes:\n - profile\n - email\n - roles\n - web-origins\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `default_scopes` - (Required) An array of client scope names to attach to this client.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "clientId": { "type": "string" @@ -9896,7 +9896,7 @@ } }, "keycloak:openid/clientOptionalScopes:ClientOptionalScopes": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n realmId: realm.id,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientOptionalScopes = new keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\", {\n clientId: client.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name,\n ],\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient = keycloak.openid.Client(\"client\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_optional_scopes = keycloak.openid.ClientOptionalScopes(\"clientOptionalScopes\",\n client_id=client.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n client_scope.name,\n ],\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes(\"clientOptionalScopes\", new()\n {\n ClientId = client.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.Name,\n },\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientOptionalScopes(ctx, \"clientOptionalScopes\", \u0026openid.ClientOptionalScopesArgs{\n\t\t\tClientId: client.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientOptionalScopes;\nimport com.pulumi.keycloak.openid.ClientOptionalScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientOptionalScopes = new ClientOptionalScopes(\"clientOptionalScopes\", ClientOptionalScopesArgs.builder() \n .clientId(client.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n client:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n clientOptionalScopes:\n type: keycloak:openid:ClientOptionalScopes\n properties:\n clientId: ${client.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - ${clientScope.name}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", + "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n accessType: \"CONFIDENTIAL\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst clientOptionalScopes = new keycloak.openid.ClientOptionalScopes(\"client_optional_scopes\", {\n realmId: realm.id,\n clientId: client.id,\n optionalScopes: [\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n access_type=\"CONFIDENTIAL\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nclient_optional_scopes = keycloak.openid.ClientOptionalScopes(\"client_optional_scopes\",\n realm_id=realm.id,\n client_id=client.id,\n optional_scopes=[\n \"address\",\n \"phone\",\n \"offline_access\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n AccessType = \"CONFIDENTIAL\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes(\"client_optional_scopes\", new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n OptionalScopes = new[]\n {\n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientOptionalScopes(ctx, \"client_optional_scopes\", \u0026openid.ClientOptionalScopesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t\tOptionalScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"address\"),\n\t\t\t\tpulumi.String(\"phone\"),\n\t\t\t\tpulumi.String(\"offline_access\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ClientOptionalScopes;\nimport com.pulumi.keycloak.openid.ClientOptionalScopesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .accessType(\"CONFIDENTIAL\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var clientOptionalScopes = new ClientOptionalScopes(\"clientOptionalScopes\", ClientOptionalScopesArgs.builder() \n .realmId(realm.id())\n .clientId(client.id())\n .optionalScopes( \n \"address\",\n \"phone\",\n \"offline_access\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n accessType: CONFIDENTIAL\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n clientOptionalScopes:\n type: keycloak:openid:ClientOptionalScopes\n name: client_optional_scopes\n properties:\n realmId: ${realm.id}\n clientId: ${client.id}\n optionalScopes:\n - address\n - phone\n - offline_access\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client and scopes exists in.\n- `client_id` - (Required) The ID of the client to attach optional scopes to. Note that this is the unique ID of the client generated by Keycloak.\n- `optional_scopes` - (Required) An array of client scope names to attach to this client as optional scopes.\n\n### Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource\nas if it did not already exist on the server.\n", "properties": { "clientId": { "type": "string" @@ -10081,7 +10081,7 @@ } }, "keycloak:openid/clientPolicy:ClientPolicy": { - "description": "This resource can be used to create client policy.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n clientId: \"openid_client\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst myPermission = new keycloak.openid.ClientPermissions(\"myPermission\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst tokenExchange = new keycloak.openid.ClientPolicy(\"tokenExchange\", {\n resourceServerId: realmManagement.then(realmManagement =\u003e realmManagement.id),\n realmId: realm.id,\n logic: \"POSITIVE\",\n decisionStrategy: \"UNANIMOUS\",\n clients: [openidClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n client_id=\"openid_client\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nmy_permission = keycloak.openid.ClientPermissions(\"myPermission\",\n realm_id=realm.id,\n client_id=openid_client.id)\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\ntoken_exchange = keycloak.openid.ClientPolicy(\"tokenExchange\",\n resource_server_id=realm_management.id,\n realm_id=realm.id,\n logic=\"POSITIVE\",\n decision_strategy=\"UNANIMOUS\",\n clients=[openid_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n ClientId = \"openid_client\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var myPermission = new Keycloak.OpenId.ClientPermissions(\"myPermission\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var tokenExchange = new Keycloak.OpenId.ClientPolicy(\"tokenExchange\", new()\n {\n ResourceServerId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n RealmId = realm.Id,\n Logic = \"POSITIVE\",\n DecisionStrategy = \"UNANIMOUS\",\n Clients = new[]\n {\n openidClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"openid_client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPermissions(ctx, \"myPermission\", \u0026openid.ClientPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPolicy(ctx, \"tokenExchange\", \u0026openid.ClientPolicyArgs{\n\t\t\tResourceServerId: pulumi.String(realmManagement.Id),\n\t\t\tRealmId: realm.ID(),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\topenidClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPolicy;\nimport com.pulumi.keycloak.openid.ClientPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .clientId(\"openid_client\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var myPermission = new ClientPermissions(\"myPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n var tokenExchange = new ClientPolicy(\"tokenExchange\", ClientPolicyArgs.builder() \n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .realmId(realm.id())\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .clients(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n clientId: openid_client\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n myPermission:\n type: keycloak:openid:ClientPermissions\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n tokenExchange:\n type: keycloak:openid:ClientPolicy\n properties:\n resourceServerId: ${realmManagement.id}\n realmId: ${realm.id}\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n clients:\n - ${openidClient.id}\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This resource can be used to create client policy.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client, then enabled permissions for the client. A client without permissions disabled cannot be assigned by a client policy. We'll use the `keycloak.openid.ClientPolicy` resource to create a new client policy, which could be applied to many clients, for a realm and a resource_server_id.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n clientId: \"openid_client\",\n name: \"openid_client\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst myPermission = new keycloak.openid.ClientPermissions(\"my_permission\", {\n realmId: realm.id,\n clientId: openidClient.id,\n});\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst tokenExchange = new keycloak.openid.ClientPolicy(\"token_exchange\", {\n resourceServerId: realmManagement.then(realmManagement =\u003e realmManagement.id),\n realmId: realm.id,\n name: \"my-policy\",\n logic: \"POSITIVE\",\n decisionStrategy: \"UNANIMOUS\",\n clients: [openidClient.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n client_id=\"openid_client\",\n name=\"openid_client\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nmy_permission = keycloak.openid.ClientPermissions(\"my_permission\",\n realm_id=realm.id,\n client_id=openid_client.id)\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\ntoken_exchange = keycloak.openid.ClientPolicy(\"token_exchange\",\n resource_server_id=realm_management.id,\n realm_id=realm.id,\n name=\"my-policy\",\n logic=\"POSITIVE\",\n decision_strategy=\"UNANIMOUS\",\n clients=[openid_client.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n ClientId = \"openid_client\",\n Name = \"openid_client\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var myPermission = new Keycloak.OpenId.ClientPermissions(\"my_permission\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n });\n\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var tokenExchange = new Keycloak.OpenId.ClientPolicy(\"token_exchange\", new()\n {\n ResourceServerId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n RealmId = realm.Id,\n Name = \"my-policy\",\n Logic = \"POSITIVE\",\n DecisionStrategy = \"UNANIMOUS\",\n Clients = new[]\n {\n openidClient.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"openid_client\"),\n\t\t\tName: pulumi.String(\"openid_client\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPermissions(ctx, \"my_permission\", \u0026openid.ClientPermissionsArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientPolicy(ctx, \"token_exchange\", \u0026openid.ClientPolicyArgs{\n\t\t\tResourceServerId: pulumi.String(realmManagement.Id),\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-policy\"),\n\t\t\tLogic: pulumi.String(\"POSITIVE\"),\n\t\t\tDecisionStrategy: pulumi.String(\"UNANIMOUS\"),\n\t\t\tClients: pulumi.StringArray{\n\t\t\t\topenidClient.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientPermissions;\nimport com.pulumi.keycloak.openid.ClientPermissionsArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.openid.ClientPolicy;\nimport com.pulumi.keycloak.openid.ClientPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .clientId(\"openid_client\")\n .name(\"openid_client\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n var myPermission = new ClientPermissions(\"myPermission\", ClientPermissionsArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .build());\n\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n var tokenExchange = new ClientPolicy(\"tokenExchange\", ClientPolicyArgs.builder() \n .resourceServerId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .realmId(realm.id())\n .name(\"my-policy\")\n .logic(\"POSITIVE\")\n .decisionStrategy(\"UNANIMOUS\")\n .clients(openidClient.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n clientId: openid_client\n name: openid_client\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n myPermission:\n type: keycloak:openid:ClientPermissions\n name: my_permission\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n tokenExchange:\n type: keycloak:openid:ClientPolicy\n name: token_exchange\n properties:\n resourceServerId: ${realmManagement.id}\n realmId: ${realm.id}\n name: my-policy\n logic: POSITIVE\n decisionStrategy: UNANIMOUS\n clients:\n - ${openidClient.id}\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "properties": { "clients": { "type": "array", @@ -10304,7 +10304,7 @@ } }, "keycloak:openid/clientScope:ClientScope": { - "description": "## # keycloak.openid.ClientScope\n\nAllows for creating and managing Keycloak client scopes that can be attached to\nclients that use the OpenID Connect protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple\nclients within a realm. They can also be used by clients to conditionally request\nclaims or roles for a user based on the OAuth 2.0 `scope` parameter.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClientScope = new keycloak.openid.ClientScope(\"openidClientScope\", {\n description: \"When requested, this scope will map a user's group memberships to a claim\",\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client_scope = keycloak.openid.ClientScope(\"openidClientScope\",\n description=\"When requested, this scope will map a user's group memberships to a claim\",\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClientScope = new Keycloak.OpenId.ClientScope(\"openidClientScope\", new()\n {\n Description = \"When requested, this scope will map a user's group memberships to a claim\",\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientScope(ctx, \"openidClientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tDescription: pulumi.String(\"When requested, this scope will map a user's group memberships to a claim\"),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClientScope = new ClientScope(\"openidClientScope\", ClientScopeArgs.builder() \n .description(\"When requested, this scope will map a user's group memberships to a claim\")\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClientScope:\n type: keycloak:openid:ClientScope\n properties:\n description: When requested, this scope will map a user's group memberships to a claim\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client scope belongs to.\n- `name` - (Required) The display name of this client scope in the GUI.\n- `description` - (Optional) The description of this client scope in the GUI.\n- `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users\nauthenticating to clients with this scope attached. The consent screen will display the string\nvalue of this attribute.\n\n### Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_scope.openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52\n```\n", + "description": "## # keycloak.openid.ClientScope\n\nAllows for creating and managing Keycloak client scopes that can be attached to\nclients that use the OpenID Connect protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple\nclients within a realm. They can also be used by clients to conditionally request\nclaims or roles for a user based on the OAuth 2.0 `scope` parameter.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClientScope = new keycloak.openid.ClientScope(\"openid_client_scope\", {\n realmId: realm.id,\n name: \"groups\",\n description: \"When requested, this scope will map a user's group memberships to a claim\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client_scope = keycloak.openid.ClientScope(\"openid_client_scope\",\n realm_id=realm.id,\n name=\"groups\",\n description=\"When requested, this scope will map a user's group memberships to a claim\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClientScope = new Keycloak.OpenId.ClientScope(\"openid_client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"groups\",\n Description = \"When requested, this scope will map a user's group memberships to a claim\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientScope(ctx, \"openid_client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"groups\"),\n\t\t\tDescription: pulumi.String(\"When requested, this scope will map a user's group memberships to a claim\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClientScope = new ClientScope(\"openidClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"groups\")\n .description(\"When requested, this scope will map a user's group memberships to a claim\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClientScope:\n type: keycloak:openid:ClientScope\n name: openid_client_scope\n properties:\n realmId: ${realm.id}\n name: groups\n description: When requested, this scope will map a user's group memberships to a claim\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client scope belongs to.\n- `name` - (Required) The display name of this client scope in the GUI.\n- `description` - (Optional) The description of this client scope in the GUI.\n- `consent_screen_text` - (Optional) When set, a consent screen will be displayed to users\nauthenticating to clients with this scope attached. The consent screen will display the string\nvalue of this attribute.\n\n### Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_client_scope.openid_client_scope my-realm/8e8f7fe1-df9b-40ed-bed3-4597aa0dac52\n```\n", "properties": { "consentScreenText": { "type": "string" @@ -10380,7 +10380,7 @@ } }, "keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole": { - "description": "Allows for assigning realm roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach client roles to a service account, please use the `keycloak.openid.ClientServiceAccountRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realmRole\", {realmId: realm.id});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client.serviceAccountUserId,\n role: realmRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realmRole\", realm_id=realm.id)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient_service_account_role = keycloak.openid.ClientServiceAccountRealmRole(\"clientServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client.service_account_user_id,\n role=realm_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realmRole\", new()\n {\n RealmId = realm.Id,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole(\"clientServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client.ServiceAccountUserId,\n Role = realmRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realmRole\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRealmRole(ctx, \"clientServiceAccountRole\", \u0026openid.ClientServiceAccountRealmRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client.ServiceAccountUserId,\n\t\t\tRole: realmRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var clientServiceAccountRole = new ClientServiceAccountRealmRole(\"clientServiceAccountRole\", ClientServiceAccountRealmRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client.serviceAccountUserId())\n .role(realmRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n clientServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRealmRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client.serviceAccountUserId}\n role: ${realmRole.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", + "description": "Allows for assigning realm roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach client roles to a service account, please use the `keycloak.openid.ClientServiceAccountRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst realmRole = new keycloak.Role(\"realm_role\", {\n realmId: realm.id,\n name: \"my-realm-role\",\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n name: \"client\",\n serviceAccountsEnabled: true,\n});\nconst clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole(\"client_service_account_role\", {\n realmId: realm.id,\n serviceAccountUserId: client.serviceAccountUserId,\n role: realmRole.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrealm_role = keycloak.Role(\"realm_role\",\n realm_id=realm.id,\n name=\"my-realm-role\")\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n name=\"client\",\n service_accounts_enabled=True)\nclient_service_account_role = keycloak.openid.ClientServiceAccountRealmRole(\"client_service_account_role\",\n realm_id=realm.id,\n service_account_user_id=client.service_account_user_id,\n role=realm_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var realmRole = new Keycloak.Role(\"realm_role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-realm-role\",\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n Name = \"client\",\n ServiceAccountsEnabled = true,\n });\n\n var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole(\"client_service_account_role\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client.ServiceAccountUserId,\n Role = realmRole.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trealmRole, err := keycloak.NewRole(ctx, \"realm_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-realm-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRealmRole(ctx, \"client_service_account_role\", \u0026openid.ClientServiceAccountRealmRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client.ServiceAccountUserId,\n\t\t\tRole: realmRole.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRealmRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var realmRole = new Role(\"realmRole\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-realm-role\")\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .name(\"client\")\n .serviceAccountsEnabled(true)\n .build());\n\n var clientServiceAccountRole = new ClientServiceAccountRealmRole(\"clientServiceAccountRole\", ClientServiceAccountRealmRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client.serviceAccountUserId())\n .role(realmRole.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n realmRole:\n type: keycloak:Role\n name: realm_role\n properties:\n realmId: ${realm.id}\n name: my-realm-role\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client\n serviceAccountsEnabled: true\n clientServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRealmRole\n name: client_service_account_role\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client.serviceAccountUserId}\n role: ${realmRole.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRealmRole:ClientServiceAccountRealmRole client_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", "properties": { "realmId": { "type": "string", @@ -10445,7 +10445,7 @@ } }, "keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole": { - "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {realmId: realm.id});\nconst client1Role = new keycloak.Role(\"client1Role\", {\n realmId: realm.id,\n clientId: client1.id,\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\", realm_id=realm.id)\nclient1_role = keycloak.Role(\"client1Role\",\n realm_id=realm.id,\n client_id=client1.id,\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2ServiceAccountRole\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n });\n\n var client1Role = new Keycloak.Role(\"client1Role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2ServiceAccountRole\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1Role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2ServiceAccountRole\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // client1 provides a role to other clients\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .description(\"A role that client1 provides\")\n .build());\n\n // client2 is assigned the role of client1\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n client1Role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", + "description": "Allows for assigning client roles to the service account of an openid client.\nYou need to set `service_accounts_enabled` to `true` for the openid client that should be assigned the role.\n\nIf you'd like to attach realm roles to a service account, please use the `keycloak.openid.ClientServiceAccountRealmRole`\nresource.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\n// client1 provides a role to other clients\nconst client1 = new keycloak.openid.Client(\"client1\", {\n realmId: realm.id,\n name: \"client1\",\n});\nconst client1Role = new keycloak.Role(\"client1_role\", {\n realmId: realm.id,\n clientId: client1.id,\n name: \"my-client1-role\",\n description: \"A role that client1 provides\",\n});\n// client2 is assigned the role of client1\nconst client2 = new keycloak.openid.Client(\"client2\", {\n realmId: realm.id,\n name: \"client2\",\n serviceAccountsEnabled: true,\n});\nconst client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole(\"client2_service_account_role\", {\n realmId: realm.id,\n serviceAccountUserId: client2.serviceAccountUserId,\n clientId: client1.id,\n role: client1Role.name,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\n# client1 provides a role to other clients\nclient1 = keycloak.openid.Client(\"client1\",\n realm_id=realm.id,\n name=\"client1\")\nclient1_role = keycloak.Role(\"client1_role\",\n realm_id=realm.id,\n client_id=client1.id,\n name=\"my-client1-role\",\n description=\"A role that client1 provides\")\n# client2 is assigned the role of client1\nclient2 = keycloak.openid.Client(\"client2\",\n realm_id=realm.id,\n name=\"client2\",\n service_accounts_enabled=True)\nclient2_service_account_role = keycloak.openid.ClientServiceAccountRole(\"client2_service_account_role\",\n realm_id=realm.id,\n service_account_user_id=client2.service_account_user_id,\n client_id=client1.id,\n role=client1_role.name)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n // client1 provides a role to other clients\n var client1 = new Keycloak.OpenId.Client(\"client1\", new()\n {\n RealmId = realm.Id,\n Name = \"client1\",\n });\n\n var client1Role = new Keycloak.Role(\"client1_role\", new()\n {\n RealmId = realm.Id,\n ClientId = client1.Id,\n Name = \"my-client1-role\",\n Description = \"A role that client1 provides\",\n });\n\n // client2 is assigned the role of client1\n var client2 = new Keycloak.OpenId.Client(\"client2\", new()\n {\n RealmId = realm.Id,\n Name = \"client2\",\n ServiceAccountsEnabled = true,\n });\n\n var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole(\"client2_service_account_role\", new()\n {\n RealmId = realm.Id,\n ServiceAccountUserId = client2.ServiceAccountUserId,\n ClientId = client1.Id,\n Role = client1Role.Name,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client1 provides a role to other clients\n\t\tclient1, err := openid.NewClient(ctx, \"client1\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client1\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient1Role, err := keycloak.NewRole(ctx, \"client1_role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client1.ID(),\n\t\t\tName: pulumi.String(\"my-client1-role\"),\n\t\t\tDescription: pulumi.String(\"A role that client1 provides\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// client2 is assigned the role of client1\n\t\tclient2, err := openid.NewClient(ctx, \"client2\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client2\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientServiceAccountRole(ctx, \"client2_service_account_role\", \u0026openid.ClientServiceAccountRoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tServiceAccountUserId: client2.ServiceAccountUserId,\n\t\t\tClientId: client1.ID(),\n\t\t\tRole: client1Role.Name,\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRole;\nimport com.pulumi.keycloak.openid.ClientServiceAccountRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n // client1 provides a role to other clients\n var client1 = new Client(\"client1\", ClientArgs.builder() \n .realmId(realm.id())\n .name(\"client1\")\n .build());\n\n var client1Role = new Role(\"client1Role\", RoleArgs.builder() \n .realmId(realm.id())\n .clientId(client1.id())\n .name(\"my-client1-role\")\n .description(\"A role that client1 provides\")\n .build());\n\n // client2 is assigned the role of client1\n var client2 = new Client(\"client2\", ClientArgs.builder() \n .realmId(realm.id())\n .name(\"client2\")\n .serviceAccountsEnabled(true)\n .build());\n\n var client2ServiceAccountRole = new ClientServiceAccountRole(\"client2ServiceAccountRole\", ClientServiceAccountRoleArgs.builder() \n .realmId(realm.id())\n .serviceAccountUserId(client2.serviceAccountUserId())\n .clientId(client1.id())\n .role(client1Role.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # client1 provides a role to other clients\n client1:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client1\n client1Role:\n type: keycloak:Role\n name: client1_role\n properties:\n realmId: ${realm.id}\n clientId: ${client1.id}\n name: my-client1-role\n description: A role that client1 provides\n # client2 is assigned the role of client1\n client2:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n name: client2\n serviceAccountsEnabled: true\n client2ServiceAccountRole:\n type: keycloak:openid:ClientServiceAccountRole\n name: client2_service_account_role\n properties:\n realmId: ${realm.id}\n serviceAccountUserId: ${client2.serviceAccountUserId}\n clientId: ${client1.id}\n role: ${client1Role.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource can be imported using the format `{{realmId}}/{{serviceAccountUserId}}/{{clientId}}/{{roleId}}`.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/clientServiceAccountRole:ClientServiceAccountRole client2_service_account_role my-realm/489ba513-1ceb-49ba-ae0b-1ab1f5099ebf/baf01820-0f8b-4494-9be2-fb3bc8a397a4/c7230ab7-8e4e-4135-995d-e81b50696ad8\n```\n\n", "properties": { "clientId": { "type": "string", @@ -10808,7 +10808,7 @@ } }, "keycloak:openid/fullNameProtocolMapper:FullNameProtocolMapper": { - "description": "## # keycloak.openid.FullNameProtocolMapper\n\nAllows for creating and managing full name protocol mappers within\nKeycloak.\n\nFull name protocol mappers allow you to map a user's first and last name\nto the OpenID Connect `name` claim in a token. Protocol mappers can be defined\nfor a single client, or they can be defined for a client scope which can\nbe shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\", {\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"fullNameMapper\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"fullNameMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"fullNameMapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.FullNameProtocolMapper\n\nAllows for creating and managing full name protocol mappers within\nKeycloak.\n\nFull name protocol mappers allow you to map a user's first and last name\nto the OpenID Connect `name` claim in a token. Protocol mappers can be defined\nfor a single client, or they can be defined for a client scope which can\nbe shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"full-name-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"full-name-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"full_name_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"full-name-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"full_name_mapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"full-name-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n name: full_name_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: full-name-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst fullNameMapper = new keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"full-name-mapper\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nfull_name_mapper = keycloak.openid.FullNameProtocolMapper(\"full_name_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"full-name-mapper\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper(\"full_name_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"full-name-mapper\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewFullNameProtocolMapper(ctx, \"full_name_mapper\", \u0026openid.FullNameProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"full-name-mapper\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapper;\nimport com.pulumi.keycloak.openid.FullNameProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var fullNameMapper = new FullNameProtocolMapper(\"fullNameMapper\", FullNameProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"full-name-mapper\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n fullNameMapper:\n type: keycloak:openid:FullNameProtocolMapper\n name: full_name_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: full-name-mapper\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `add_to_id_token` - (Optional) Indicates if the user's full name should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the user's full name should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the user's full name should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_full_name_protocol_mapper.full_name_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean" @@ -10911,7 +10911,7 @@ } }, "keycloak:openid/groupMembershipProtocolMapper:GroupMembershipProtocolMapper": { - "description": "## # keycloak.openid.GroupMembershipProtocolMapper\n\nAllows for creating and managing group membership protocol mappers within\nKeycloak.\n\nGroup membership protocol mappers allow you to map a user's group memberships\nto a claim in a token. Protocol mappers can be defined for a single client,\nor they can be defined for a client scope which can be shared between multiple\ndifferent clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n claimName: \"groups\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n claim_name=\"groups\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n ClaimName = \"groups\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .claimName(\"groups\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n claimName: groups\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\", {\n claimName: \"groups\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"groupMembershipMapper\",\n claim_name=\"groups\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"groupMembershipMapper\", new()\n {\n ClaimName = \"groups\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"groupMembershipMapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .claimName(\"groups\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n properties:\n claimName: groups\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.GroupMembershipProtocolMapper\n\nAllows for creating and managing group membership protocol mappers within\nKeycloak.\n\nGroup membership protocol mappers allow you to map a user's group memberships\nto a claim in a token. Protocol mappers can be defined for a single client,\nor they can be defined for a client scope which can be shared between multiple\ndifferent clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"group-membership-mapper\",\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"group-membership-mapper\",\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"group_membership_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"group-membership-mapper\",\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"group_membership_mapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"group-membership-mapper\"),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"group-membership-mapper\")\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n name: group_membership_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: group-membership-mapper\n claimName: groups\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"group-membership-mapper\",\n claimName: \"groups\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\ngroup_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper(\"group_membership_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"group-membership-mapper\",\n claim_name=\"groups\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper(\"group_membership_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"group-membership-mapper\",\n ClaimName = \"groups\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewGroupMembershipProtocolMapper(ctx, \"group_membership_mapper\", \u0026openid.GroupMembershipProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"group-membership-mapper\"),\n\t\t\tClaimName: pulumi.String(\"groups\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapper;\nimport com.pulumi.keycloak.openid.GroupMembershipProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var groupMembershipMapper = new GroupMembershipProtocolMapper(\"groupMembershipMapper\", GroupMembershipProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"group-membership-mapper\")\n .claimName(\"groups\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n groupMembershipMapper:\n type: keycloak:openid:GroupMembershipProtocolMapper\n name: group_membership_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: group-membership-mapper\n claimName: groups\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `full_path` - (Optional) Indicates whether the full path of the group including its parents will be used. Defaults to `true`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_group_membership_protocol_mapper.group_membership_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean" @@ -11034,7 +11034,7 @@ } }, "keycloak:openid/hardcodedClaimProtocolMapper:HardcodedClaimProtocolMapper": { - "description": "## # keycloak.openid.HardcodedClaimProtocolMapper\n\nAllows for creating and managing hardcoded claim protocol mappers within\nKeycloak.\n\nHardcoded claim protocol mappers allow you to define a claim with a hardcoded\nvalue. Protocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n claimName: \"foo\",\n claimValue: \"bar\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n claim_name=\"foo\",\n claim_value=\"bar\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .claimValue(\"bar\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n claimName: foo\n claimValue: bar\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", {\n claimName: \"foo\",\n claimValue: \"bar\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\",\n claim_name=\"foo\",\n claim_value=\"bar\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", new()\n {\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcodedClaimMapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .claimValue(\"bar\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n properties:\n claimName: foo\n claimValue: bar\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value` - (Required) The hardcoded value of the claim.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.HardcodedClaimProtocolMapper\n\nAllows for creating and managing hardcoded claim protocol mappers within\nKeycloak.\n\nHardcoded claim protocol mappers allow you to define a claim with a hardcoded\nvalue. Protocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"hardcoded-claim-mapper\",\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"hardcoded-claim-mapper\",\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"hardcoded-claim-mapper\",\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcoded_claim_mapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-claim-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"hardcoded-claim-mapper\")\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n name: hardcoded_claim_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: hardcoded-claim-mapper\n claimName: foo\n claimValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"hardcoded-claim-mapper\",\n claimName: \"foo\",\n claimValue: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nhardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"hardcoded-claim-mapper\",\n claim_name=\"foo\",\n claim_value=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper(\"hardcoded_claim_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"hardcoded-claim-mapper\",\n ClaimName = \"foo\",\n ClaimValue = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedClaimProtocolMapper(ctx, \"hardcoded_claim_mapper\", \u0026openid.HardcodedClaimProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-claim-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValue: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedClaimProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var hardcodedClaimMapper = new HardcodedClaimProtocolMapper(\"hardcodedClaimMapper\", HardcodedClaimProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"hardcoded-claim-mapper\")\n .claimName(\"foo\")\n .claimValue(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n hardcodedClaimMapper:\n type: keycloak:openid:HardcodedClaimProtocolMapper\n name: hardcoded_claim_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: hardcoded-claim-mapper\n claimName: foo\n claimValue: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value` - (Required) The hardcoded value of the claim.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_claim_protocol_mapper.hardcoded_claim_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -11178,7 +11178,7 @@ } }, "keycloak:openid/hardcodedRoleProtocolMapper:HardcodedRoleProtocolMapper": { - "description": "## # keycloak.openid.HardcodedRoleProtocolMapper\n\nAllows for creating and managing hardcoded role protocol mappers within\nKeycloak.\n\nHardcoded role protocol mappers allow you to specify a single role to\nalways map to an access token for a client. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope\nwhich can be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n clientId: openidClient.id,\n realmId: realm.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n client_id=openid_client.id,\n realm_id=realm.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .clientId(openidClient.id())\n .realmId(realm.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst role = new keycloak.Role(\"role\", {realmId: realm.id});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", {\n clientScopeId: clientScope.id,\n realmId: realm.id,\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nrole = keycloak.Role(\"role\", realm_id=realm.id)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", new()\n {\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcodedRoleMapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n properties:\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the\n GUI.\n- `role_id` - (Required) The ID of the role to map to an access token.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.HardcodedRoleProtocolMapper\n\nAllows for creating and managing hardcoded role protocol mappers within\nKeycloak.\n\nHardcoded role protocol mappers allow you to specify a single role to\nalways map to an access token for a client. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope\nwhich can be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {\n realmId: realm.id,\n name: \"my-role\",\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"hardcoded-role-mapper\",\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\",\n realm_id=realm.id,\n name=\"my-role\")\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"hardcoded-role-mapper\",\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-role\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"hardcoded-role-mapper\",\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcoded_role_mapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-role-mapper\"),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-role\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"hardcoded-role-mapper\")\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n name: my-role\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n name: hardcoded_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: hardcoded-role-mapper\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst role = new keycloak.Role(\"role\", {\n realmId: realm.id,\n name: \"my-role\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"hardcoded-role-mapper\",\n roleId: role.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nrole = keycloak.Role(\"role\",\n realm_id=realm.id,\n name=\"my-role\")\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nhardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"hardcoded-role-mapper\",\n role_id=role.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var role = new Keycloak.Role(\"role\", new()\n {\n RealmId = realm.Id,\n Name = \"my-role\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper(\"hardcoded_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"hardcoded-role-mapper\",\n RoleId = role.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\trole, err := keycloak.NewRole(ctx, \"role\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"my-role\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewHardcodedRoleProtocolMapper(ctx, \"hardcoded_role_mapper\", \u0026openid.HardcodedRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"hardcoded-role-mapper\"),\n\t\t\tRoleId: role.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.HardcodedRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var role = new Role(\"role\", RoleArgs.builder() \n .realmId(realm.id())\n .name(\"my-role\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var hardcodedRoleMapper = new HardcodedRoleProtocolMapper(\"hardcodedRoleMapper\", HardcodedRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"hardcoded-role-mapper\")\n .roleId(role.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n role:\n type: keycloak:Role\n properties:\n realmId: ${realm.id}\n name: my-role\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n hardcodedRoleMapper:\n type: keycloak:openid:HardcodedRoleProtocolMapper\n name: hardcoded_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: hardcoded-role-mapper\n roleId: ${role.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the\n GUI.\n- `role_id` - (Required) The ID of the role to map to an access token.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_hardcoded_role_protocol_mapper.hardcoded_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string", @@ -11265,7 +11265,7 @@ } }, "keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper": { - "description": "Allows for creating and managing script protocol mappers within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce a token claim based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n\u003e Support for this protocol mapper was removed in Keycloak 18.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"scriptMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"scriptMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"scriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"scriptMapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing script protocol mappers within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce a token claim based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n\u003e Support for this protocol mapper was removed in Keycloak 18.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"script_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"script-mapper\",\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"script_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"script-mapper\",\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"script-mapper\",\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"script_mapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"script-mapper\")\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n name: script_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: script-mapper\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst scriptMapper = new keycloak.openid.ScriptProtocolMapper(\"script_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"script-mapper\",\n claimName: \"foo\",\n script: \"exports = 'foo';\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nscript_mapper = keycloak.openid.ScriptProtocolMapper(\"script_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"script-mapper\",\n claim_name=\"foo\",\n script=\"exports = 'foo';\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper(\"script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"script-mapper\",\n ClaimName = \"foo\",\n Script = \"exports = 'foo';\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewScriptProtocolMapper(ctx, \"script_mapper\", \u0026openid.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapper;\nimport com.pulumi.keycloak.openid.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var scriptMapper = new ScriptProtocolMapper(\"scriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"script-mapper\")\n .claimName(\"foo\")\n .script(\"exports = 'foo';\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n scriptMapper:\n type: keycloak:openid:ScriptProtocolMapper\n name: script_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: script-mapper\n claimName: foo\n script: exports = 'foo';\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/scriptProtocolMapper:ScriptProtocolMapper script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -11427,7 +11427,7 @@ } }, "keycloak:openid/userAttributeProtocolMapper:UserAttributeProtocolMapper": { - "description": "## # keycloak.openid.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers within\nKeycloak.\n\nUser attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n claimName: \"bar\",\n clientId: openidClient.id,\n realmId: realm.id,\n userAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n claim_name=\"bar\",\n client_id=openid_client.id,\n realm_id=realm.id,\n user_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n ClaimName = \"bar\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n UserAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .claimName(\"bar\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .userAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n claimName: bar\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n userAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\", {\n claimName: \"bar\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n userAttribute: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"userAttributeMapper\",\n claim_name=\"bar\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n user_attribute=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"userAttributeMapper\", new()\n {\n ClaimName = \"bar\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n UserAttribute = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"userAttributeMapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .claimName(\"bar\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .userAttribute(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n properties:\n claimName: bar\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n userAttribute: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n- `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers within\nKeycloak.\n\nUser attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"test-mapper\",\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"test-mapper\",\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"test-mapper\",\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"user_attribute_mapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"test-mapper\")\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n name: user_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: test-mapper\n userAttribute: foo\n claimName: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"test-mapper\",\n userAttribute: \"foo\",\n claimName: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nuser_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper(\"user_attribute_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"test-mapper\",\n user_attribute=\"foo\",\n claim_name=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper(\"user_attribute_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"test-mapper\",\n UserAttribute = \"foo\",\n ClaimName = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserAttributeProtocolMapper(ctx, \"user_attribute_mapper\", \u0026openid.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"foo\"),\n\t\t\tClaimName: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.openid.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var userAttributeMapper = new UserAttributeProtocolMapper(\"userAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"test-mapper\")\n .userAttribute(\"foo\")\n .claimName(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n userAttributeMapper:\n type: keycloak:openid:UserAttributeProtocolMapper\n name: user_attribute_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: test-mapper\n userAttribute: foo\n claimName: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates whether this attribute is a single value or an array of values. Defaults to `false`.\n- `add_to_id_token` - (Optional) Indicates if the attribute should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the attribute should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the attribute should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_attribute_protocol_mapper.user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -11595,7 +11595,7 @@ } }, "keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper": { - "description": "Allows for creating and managing user client role protocol mappers within Keycloak.\n\nUser client role protocol mappers allow you to define a claim containing the list of a client roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"userClientRoleMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"userClientRoleMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"userClientRoleMapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing user client role protocol mappers within Keycloak.\n\nUser client role protocol mappers allow you to define a claim containing the list of a client roles.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-client-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-client-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"user_client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-client-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"user_client_role_mapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-client-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-client-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n name: user_client_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-client-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-client-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper(\"user_client_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-client-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper(\"user_client_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-client-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserClientRoleProtocolMapper(ctx, \"user_client_role_mapper\", \u0026openid.UserClientRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-client-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserClientRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userClientRoleMapper = new UserClientRoleProtocolMapper(\"userClientRoleMapper\", UserClientRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-client-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userClientRoleMapper:\n type: keycloak:openid:UserClientRoleProtocolMapper\n name: user_client_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-client-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userClientRoleProtocolMapper:UserClientRoleProtocolMapper user_client_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -11767,7 +11767,7 @@ } }, "keycloak:openid/userPropertyProtocolMapper:UserPropertyProtocolMapper": { - "description": "## # keycloak.openid.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers within\nKeycloak.\n\nUser property protocol mappers allow you to map built in properties defined\non the Keycloak user interface to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n claimName: \"email\",\n clientId: openidClient.id,\n realmId: realm.id,\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n claim_name=\"email\",\n client_id=openid_client.id,\n realm_id=realm.id,\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n ClaimName = \"email\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .claimName(\"email\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n claimName: email\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\", {\n claimName: \"email\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"userPropertyMapper\",\n claim_name=\"email\",\n client_scope_id=client_scope.id,\n realm_id=realm.id,\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"userPropertyMapper\", new()\n {\n ClaimName = \"email\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"userPropertyMapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .claimName(\"email\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n properties:\n claimName: email\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The built in user property (such as email) to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers within\nKeycloak.\n\nUser property protocol mappers allow you to map built in properties defined\non the Keycloak user interface to a claim in a token. Protocol mappers can be\ndefined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"test-mapper\",\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"test-mapper\",\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"user_property_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"test-mapper\",\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"user_property_mapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"test-mapper\")\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n name: user_property_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: test-mapper\n userProperty: email\n claimName: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"test-mapper\",\n userProperty: \"email\",\n claimName: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nuser_property_mapper = keycloak.openid.UserPropertyProtocolMapper(\"user_property_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"test-mapper\",\n user_property=\"email\",\n claim_name=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper(\"user_property_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"test-mapper\",\n UserProperty = \"email\",\n ClaimName = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserPropertyProtocolMapper(ctx, \"user_property_mapper\", \u0026openid.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"test-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tClaimName: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.openid.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var userPropertyMapper = new UserPropertyProtocolMapper(\"userPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"test-mapper\")\n .userProperty(\"email\")\n .claimName(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n userPropertyMapper:\n type: keycloak:openid:UserPropertyProtocolMapper\n name: user_property_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: test-mapper\n userProperty: email\n claimName: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The built in user property (such as email) to map a claim for.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_property_protocol_mapper.user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -11911,7 +11911,7 @@ } }, "keycloak:openid/userRealmRoleProtocolMapper:UserRealmRoleProtocolMapper": { - "description": "## # keycloak.openid.UserRealmRoleProtocolMapper\n\nAllows for creating and managing user realm role protocol mappers within\nKeycloak.\n\nUser realm role protocol mappers allow you to define a claim containing the list of the realm roles.\nProtocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n accessType: \"CONFIDENTIAL\",\n clientId: \"test-client\",\n enabled: true,\n realmId: realm.id,\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n claimName: \"foo\",\n clientId: openidClient.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nopenid_client = keycloak.openid.Client(\"openidClient\",\n access_type=\"CONFIDENTIAL\",\n client_id=\"test-client\",\n enabled=True,\n realm_id=realm.id,\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n claim_name=\"foo\",\n client_id=openid_client.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n AccessType = \"CONFIDENTIAL\",\n ClientId = \"test-client\",\n Enabled = true,\n RealmId = realm.Id,\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n ClaimName = \"foo\",\n ClientId = openidClient.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .accessType(\"CONFIDENTIAL\")\n .clientId(\"test-client\")\n .enabled(true)\n .realmId(realm.id())\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .clientId(openidClient.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n openidClient:\n type: keycloak:openid:Client\n properties:\n accessType: CONFIDENTIAL\n clientId: test-client\n enabled: true\n realmId: ${realm.id}\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n claimName: foo\n clientId: ${openidClient.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", {\n claimName: \"foo\",\n clientScopeId: clientScope.id,\n realmId: realm.id,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\",\n claim_name=\"foo\",\n client_scope_id=client_scope.id,\n realm_id=realm.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", new()\n {\n ClaimName = \"foo\",\n ClientScopeId = clientScope.Id,\n RealmId = realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"userRealmRoleMapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .claimName(\"foo\")\n .clientScopeId(clientScope.id())\n .realmId(realm.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n properties:\n claimName: foo\n clientScopeId: ${clientScope.id}\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`.\n- `realm_role_prefix` - (Optional) A prefix for each Realm Role.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.openid.UserRealmRoleProtocolMapper\n\nAllows for creating and managing user realm role protocol mappers within\nKeycloak.\n\nUser realm role protocol mappers allow you to define a claim containing the list of the realm roles.\nProtocol mappers can be defined for a single client, or they can\nbe defined for a client scope which can be shared between multiple different\nclients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"test-client\",\n name: \"test client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-realm-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"test-client\",\n name=\"test client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-realm-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-client\",\n Name = \"test client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-realm-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-client\"),\n\t\t\tName: pulumi.String(\"test client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"user_realm_role_mapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-realm-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-client\")\n .name(\"test client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-realm-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: test-client\n name: test client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n name: user_realm_role_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-realm-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example Usage (Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"test-client-scope\",\n});\nconst userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-realm-role-mapper\",\n claimName: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"test-client-scope\")\nuser_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-realm-role-mapper\",\n claim_name=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"test-client-scope\",\n });\n\n var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper(\"user_realm_role_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-realm-role-mapper\",\n ClaimName = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"test-client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserRealmRoleProtocolMapper(ctx, \"user_realm_role_mapper\", \u0026openid.UserRealmRoleProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-realm-role-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapper;\nimport com.pulumi.keycloak.openid.UserRealmRoleProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"test-client-scope\")\n .build());\n\n var userRealmRoleMapper = new UserRealmRoleProtocolMapper(\"userRealmRoleMapper\", UserRealmRoleProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-realm-role-mapper\")\n .claimName(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: test-client-scope\n userRealmRoleMapper:\n type: keycloak:openid:UserRealmRoleProtocolMapper\n name: user_realm_role_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-realm-role-mapper\n claimName: foo\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `claim_name` - (Required) The name of the claim to insert into a token.\n- `claim_value_type` - (Optional) The claim type used when serializing JSON tokens. Can be one of `String`, `long`, `int`, or `boolean`. Defaults to `String`.\n- `multivalued` - (Optional) Indicates if attribute supports multiple values. If true, then the list of all values of this attribute will be set as claim. If false, then just first value will be set as claim. Defaults to `true`.\n- `realm_role_prefix` - (Optional) A prefix for each Realm Role.\n- `add_to_id_token` - (Optional) Indicates if the property should be added as a claim to the id token. Defaults to `true`.\n- `add_to_access_token` - (Optional) Indicates if the property should be added as a claim to the access token. Defaults to `true`.\n- `add_to_userinfo` - (Optional) Indicates if the property should be added as a claim to the UserInfo response body. Defaults to `true`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_openid_user_realm_role_protocol_mapper.user_realm_role_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -12068,7 +12068,7 @@ } }, "keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper": { - "description": "Allows for creating and managing user session note protocol mappers within Keycloak.\n\nUser session note protocol mappers map a custom user session note to a token claim.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openidClient\", {\n realmId: realm.id,\n clientId: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openidClient\",\n realm_id=realm.id,\n client_id=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openidClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openidClient\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"clientScope\", {realmId: realm.id});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"clientScope\", realm_id=realm.id)\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"clientScope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"userSessionNoteMapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n properties:\n realmId: ${realm.id}\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing user session note protocol mappers within Keycloak.\n\nUser session note protocol mappers map a custom user session note to a token claim.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n### Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst openidClient = new keycloak.openid.Client(\"openid_client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n enabled: true,\n accessType: \"CONFIDENTIAL\",\n validRedirectUris: [\"http://localhost:8080/openid-callback\"],\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", {\n realmId: realm.id,\n clientId: openidClient.id,\n name: \"user-session-note-mapper\",\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nopenid_client = keycloak.openid.Client(\"openid_client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n enabled=True,\n access_type=\"CONFIDENTIAL\",\n valid_redirect_uris=[\"http://localhost:8080/openid-callback\"])\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\",\n realm_id=realm.id,\n client_id=openid_client.id,\n name=\"user-session-note-mapper\",\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var openidClient = new Keycloak.OpenId.Client(\"openid_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n Enabled = true,\n AccessType = \"CONFIDENTIAL\",\n ValidRedirectUris = new[]\n {\n \"http://localhost:8080/openid-callback\",\n },\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = openidClient.Id,\n Name = \"user-session-note-mapper\",\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\topenidClient, err := openid.NewClient(ctx, \"openid_client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tValidRedirectUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"http://localhost:8080/openid-callback\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"user_session_note_mapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: openidClient.ID(),\n\t\t\tName: pulumi.String(\"user-session-note-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var openidClient = new Client(\"openidClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .enabled(true)\n .accessType(\"CONFIDENTIAL\")\n .validRedirectUris(\"http://localhost:8080/openid-callback\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(openidClient.id())\n .name(\"user-session-note-mapper\")\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n openidClient:\n type: keycloak:openid:Client\n name: openid_client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n enabled: true\n accessType: CONFIDENTIAL\n validRedirectUris:\n - http://localhost:8080/openid-callback\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n name: user_session_note_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${openidClient.id}\n name: user-session-note-mapper\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Client Scope)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientScope = new keycloak.openid.ClientScope(\"client_scope\", {\n realmId: realm.id,\n name: \"client-scope\",\n});\nconst userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", {\n realmId: realm.id,\n clientScopeId: clientScope.id,\n name: \"user-session-note-mapper\",\n claimName: \"foo\",\n claimValueType: \"String\",\n sessionNote: \"bar\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_scope = keycloak.openid.ClientScope(\"client_scope\",\n realm_id=realm.id,\n name=\"client-scope\")\nuser_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper(\"user_session_note_mapper\",\n realm_id=realm.id,\n client_scope_id=client_scope.id,\n name=\"user-session-note-mapper\",\n claim_name=\"foo\",\n claim_value_type=\"String\",\n session_note=\"bar\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientScope = new Keycloak.OpenId.ClientScope(\"client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"client-scope\",\n });\n\n var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper(\"user_session_note_mapper\", new()\n {\n RealmId = realm.Id,\n ClientScopeId = clientScope.Id,\n Name = \"user-session-note-mapper\",\n ClaimName = \"foo\",\n ClaimValueType = \"String\",\n SessionNote = \"bar\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := openid.NewClientScope(ctx, \"client_scope\", \u0026openid.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"client-scope\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewUserSessionNoteProtocolMapper(ctx, \"user_session_note_mapper\", \u0026openid.UserSessionNoteProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientScopeId: clientScope.ID(),\n\t\t\tName: pulumi.String(\"user-session-note-mapper\"),\n\t\t\tClaimName: pulumi.String(\"foo\"),\n\t\t\tClaimValueType: pulumi.String(\"String\"),\n\t\t\tSessionNote: pulumi.String(\"bar\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.ClientScope;\nimport com.pulumi.keycloak.openid.ClientScopeArgs;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapper;\nimport com.pulumi.keycloak.openid.UserSessionNoteProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"client-scope\")\n .build());\n\n var userSessionNoteMapper = new UserSessionNoteProtocolMapper(\"userSessionNoteMapper\", UserSessionNoteProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientScopeId(clientScope.id())\n .name(\"user-session-note-mapper\")\n .claimName(\"foo\")\n .claimValueType(\"String\")\n .sessionNote(\"bar\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientScope:\n type: keycloak:openid:ClientScope\n name: client_scope\n properties:\n realmId: ${realm.id}\n name: client-scope\n userSessionNoteMapper:\n type: keycloak:openid:UserSessionNoteProtocolMapper\n name: user_session_note_mapper\n properties:\n realmId: ${realm.id}\n clientScopeId: ${clientScope.id}\n name: user-session-note-mapper\n claimName: foo\n claimValueType: String\n sessionNote: bar\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:openid/userSessionNoteProtocolMapper:UserSessionNoteProtocolMapper user_session_note_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "addToAccessToken": { "type": "boolean", @@ -12204,7 +12204,7 @@ } }, "keycloak:saml/client:Client": { - "description": "## # keycloak.saml.Client\n\nAllows for creating and managing Keycloak clients that use the SAML protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n includeAuthnStatement: true,\n realmId: realm.id,\n signAssertions: true,\n signDocuments: false,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n include_authn_statement=True,\n realm_id=realm.id,\n sign_assertions=True,\n sign_documents=False,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n IncludeAuthnStatement = true,\n RealmId = realm.Id,\n SignAssertions = true,\n SignDocuments = false,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tRealmId: realm.ID(),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .includeAuthnStatement(true)\n .realmId(realm.id())\n .signAssertions(true)\n .signDocuments(false)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n includeAuthnStatement: true\n realmId: ${realm.id}\n signAssertions: true\n signDocuments: false\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this client is attached to.\n- `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens.\n- `name` - (Optional) The display name of this client in the GUI.\n- `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`.\n- `description` - (Optional) The description of this client in the GUI.\n- `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response.\n- `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key.\n- `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response.\n- `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`.\n- `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding.\n- `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout.\n- `name_id_format` - (Optional) Sets the Name ID format for the subject.\n- `root_url` - (Optional) When specified, this value is prepended to all relative URLs.\n- `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request.\n- `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client.\n- `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests.\n- `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature.\n- `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature.\n- `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO.\n- `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO.\n- `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses).\n- `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses).\n- `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service.\n- `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service.\n- `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_client.saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", + "description": "## # keycloak.saml.Client\n\nAllows for creating and managing Keycloak clients that use the SAML protocol.\n\nClients are entities that can use Keycloak for user authentication. Typically,\nclients are applications that redirect users to Keycloak for authentication\nin order to take advantage of Keycloak's user sessions for SSO.\n\n### Import\n\nClients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak\nassigns to the client upon creation. This value can be found in the URI when editing this client in the GUI, and is typically a GUID.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_client.saml_client my-realm/dcbc4c73-e478-4928-ae2e-d5e420223352\n```\n", "properties": { "assertionConsumerPostUrl": { "type": "string" @@ -12577,7 +12577,7 @@ } }, "keycloak:saml/clientDefaultScope:ClientDefaultScope": { - "description": "## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst clientScope = new keycloak.saml.ClientScope(\"clientScope\", {realmId: realm.id});\nconst clientDefaultScopes = new keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\", {\n realmId: realm.id,\n clientId: keycloak_saml_client.client.id,\n defaultScopes: [\n \"role_list\",\n clientScope.name,\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nclient_scope = keycloak.saml.ClientScope(\"clientScope\", realm_id=realm.id)\nclient_default_scopes = keycloak.saml.ClientDefaultScope(\"clientDefaultScopes\",\n realm_id=realm.id,\n client_id=keycloak_saml_client[\"client\"][\"id\"],\n default_scopes=[\n \"role_list\",\n client_scope.name,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var clientScope = new Keycloak.Saml.ClientScope(\"clientScope\", new()\n {\n RealmId = realm.Id,\n });\n\n var clientDefaultScopes = new Keycloak.Saml.ClientDefaultScope(\"clientDefaultScopes\", new()\n {\n RealmId = realm.Id,\n ClientId = keycloak_saml_client.Client.Id,\n DefaultScopes = new[]\n {\n \"role_list\",\n clientScope.Name,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientScope, err := saml.NewClientScope(ctx, \"clientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientDefaultScope(ctx, \"clientDefaultScopes\", \u0026saml.ClientDefaultScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.Any(keycloak_saml_client.Client.Id),\n\t\t\tDefaultScopes: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"role_list\"),\n\t\t\t\tclientScope.Name,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport com.pulumi.keycloak.saml.ClientDefaultScope;\nimport com.pulumi.keycloak.saml.ClientDefaultScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n var clientScope = new ClientScope(\"clientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .build());\n\n var clientDefaultScopes = new ClientDefaultScope(\"clientDefaultScopes\", ClientDefaultScopeArgs.builder() \n .realmId(realm.id())\n .clientId(keycloak_saml_client.client().id())\n .defaultScopes( \n \"role_list\",\n clientScope.name())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n clientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n clientDefaultScopes:\n type: keycloak:saml:ClientDefaultScope\n properties:\n realmId: ${realm.id}\n clientId: ${keycloak_saml_client.client.id}\n defaultScopes:\n - role_list\n - ${clientScope.name}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nThis resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist\n\non the server.\n\n", + "description": "## Example Usage\n\n", "properties": { "clientId": { "type": "string", @@ -12649,7 +12649,7 @@ } }, "keycloak:saml/clientScope:ClientScope": { - "description": "Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientScope = new keycloak.saml.ClientScope(\"samlClientScope\", {\n realmId: realm.id,\n description: \"This scope will map a user's group memberships to SAML assertion\",\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_scope = keycloak.saml.ClientScope(\"samlClientScope\",\n realm_id=realm.id,\n description=\"This scope will map a user's group memberships to SAML assertion\",\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientScope = new Keycloak.Saml.ClientScope(\"samlClientScope\", new()\n {\n RealmId = realm.Id,\n Description = \"This scope will map a user's group memberships to SAML assertion\",\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientScope(ctx, \"samlClientScope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tDescription: pulumi.String(\"This scope will map a user's group memberships to SAML assertion\"),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClientScope = new ClientScope(\"samlClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .description(\"This scope will map a user's group memberships to SAML assertion\")\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientScope:\n type: keycloak:saml:ClientScope\n properties:\n realmId: ${realm.id}\n description: This scope will map a user's group memberships to SAML assertion\n guiOrder: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\n\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e\n```\n\n", + "description": "Allows for creating and managing Keycloak client scopes that can be attached to clients that use the SAML protocol.\n\nClient Scopes can be used to share common protocol and role mappings between multiple clients within a realm.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientScope = new keycloak.saml.ClientScope(\"saml_client_scope\", {\n realmId: realm.id,\n name: \"groups\",\n description: \"This scope will map a user's group memberships to SAML assertion\",\n guiOrder: 1,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_scope = keycloak.saml.ClientScope(\"saml_client_scope\",\n realm_id=realm.id,\n name=\"groups\",\n description=\"This scope will map a user's group memberships to SAML assertion\",\n gui_order=1)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientScope = new Keycloak.Saml.ClientScope(\"saml_client_scope\", new()\n {\n RealmId = realm.Id,\n Name = \"groups\",\n Description = \"This scope will map a user's group memberships to SAML assertion\",\n GuiOrder = 1,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewClientScope(ctx, \"saml_client_scope\", \u0026saml.ClientScopeArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"groups\"),\n\t\t\tDescription: pulumi.String(\"This scope will map a user's group memberships to SAML assertion\"),\n\t\t\tGuiOrder: pulumi.Int(1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.ClientScope;\nimport com.pulumi.keycloak.saml.ClientScopeArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClientScope = new ClientScope(\"samlClientScope\", ClientScopeArgs.builder() \n .realmId(realm.id())\n .name(\"groups\")\n .description(\"This scope will map a user's group memberships to SAML assertion\")\n .guiOrder(1)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientScope:\n type: keycloak:saml:ClientScope\n name: saml_client_scope\n properties:\n realmId: ${realm.id}\n name: groups\n description: This scope will map a user's group memberships to SAML assertion\n guiOrder: 1\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nClient scopes can be imported using the format `{{realm_id}}/{{client_scope_id}}`, where `client_scope_id` is the unique ID that Keycloak\n\nassigns to the client scope upon creation. This value can be found in the URI when editing this client scope in the GUI, and is typically a GUID.\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/clientScope:ClientScope saml_client_scope my-realm/e8a5d115-6985-4de3-a0f5-732e1be4525e\n```\n\n", "properties": { "consentScreenText": { "type": "string", @@ -12731,7 +12731,7 @@ } }, "keycloak:saml/identityProvider:IdentityProvider": { - "description": "## # keycloak.saml.IdentityProvider\n\nAllows to create and manage SAML Identity Providers within Keycloak.\n\nSAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmIdentityProvider = new keycloak.saml.IdentityProvider(\"realmIdentityProvider\", {\n alias: \"my-idp\",\n backchannelSupported: true,\n forceAuthn: true,\n postBindingAuthnRequest: true,\n postBindingLogout: true,\n postBindingResponse: true,\n realm: \"my-realm\",\n singleLogoutServiceUrl: \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n singleSignOnServiceUrl: \"https://domain.com/adfs/ls/\",\n storeToken: false,\n trustEmail: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_identity_provider = keycloak.saml.IdentityProvider(\"realmIdentityProvider\",\n alias=\"my-idp\",\n backchannel_supported=True,\n force_authn=True,\n post_binding_authn_request=True,\n post_binding_logout=True,\n post_binding_response=True,\n realm=\"my-realm\",\n single_logout_service_url=\"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n single_sign_on_service_url=\"https://domain.com/adfs/ls/\",\n store_token=False,\n trust_email=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmIdentityProvider = new Keycloak.Saml.IdentityProvider(\"realmIdentityProvider\", new()\n {\n Alias = \"my-idp\",\n BackchannelSupported = true,\n ForceAuthn = true,\n PostBindingAuthnRequest = true,\n PostBindingLogout = true,\n PostBindingResponse = true,\n Realm = \"my-realm\",\n SingleLogoutServiceUrl = \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n SingleSignOnServiceUrl = \"https://domain.com/adfs/ls/\",\n StoreToken = false,\n TrustEmail = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := saml.NewIdentityProvider(ctx, \"realmIdentityProvider\", \u0026saml.IdentityProviderArgs{\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tBackchannelSupported: pulumi.Bool(true),\n\t\t\tForceAuthn: pulumi.Bool(true),\n\t\t\tPostBindingAuthnRequest: pulumi.Bool(true),\n\t\t\tPostBindingLogout: pulumi.Bool(true),\n\t\t\tPostBindingResponse: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tSingleLogoutServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/?wa=wsignout1.0\"),\n\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/\"),\n\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.IdentityProvider;\nimport com.pulumi.keycloak.saml.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .alias(\"my-idp\")\n .backchannelSupported(true)\n .forceAuthn(true)\n .postBindingAuthnRequest(true)\n .postBindingLogout(true)\n .postBindingResponse(true)\n .realm(\"my-realm\")\n .singleLogoutServiceUrl(\"https://domain.com/adfs/ls/?wa=wsignout1.0\")\n .singleSignOnServiceUrl(\"https://domain.com/adfs/ls/\")\n .storeToken(false)\n .trustEmail(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realmIdentityProvider:\n type: keycloak:saml:IdentityProvider\n properties:\n alias: my-idp\n backchannelSupported: true\n forceAuthn: true\n postBindingAuthnRequest: true\n postBindingLogout: true\n postBindingResponse: true\n realm: my-realm\n singleLogoutServiceUrl: https://domain.com/adfs/ls/?wa=wsignout1.0\n singleSignOnServiceUrl: https://domain.com/adfs/ls/\n storeToken: false\n trustEmail: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm. This is unique across Keycloak.\n- `alias` - (Optional) The uniq name of identity provider.\n- `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`.\n- `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console.\n- `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`.\n- `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`.\n- `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`.\n- `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`.\n- `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n- `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n- `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n- `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`.\n\n#### SAML Configuration\n\n- `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).\n- `single_logout_service_url` - (Optional) The Url that must be used to send logout requests.\n- `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?.\n- `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n- `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n- `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion.\n- `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion.\n- `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n- `validate_signature` - (Optional) Enable/disable signature validation of SAML responses.\n- `signing_certificate` - (Optional) Signing Certificate.\n- `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty.\n- `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty.\n\n### Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_identity_provider.realm_identity_provider my-realm/my-idp\n```\n", + "description": "## # keycloak.saml.IdentityProvider\n\nAllows to create and manage SAML Identity Providers within Keycloak.\n\nSAML (Security Assertion Markup Language) identity providers allows to authenticate through a third-party system, using SAML standard.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmIdentityProvider = new keycloak.saml.IdentityProvider(\"realm_identity_provider\", {\n realm: \"my-realm\",\n alias: \"my-idp\",\n singleSignOnServiceUrl: \"https://domain.com/adfs/ls/\",\n singleLogoutServiceUrl: \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannelSupported: true,\n postBindingResponse: true,\n postBindingLogout: true,\n postBindingAuthnRequest: true,\n storeToken: false,\n trustEmail: true,\n forceAuthn: true,\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_identity_provider = keycloak.saml.IdentityProvider(\"realm_identity_provider\",\n realm=\"my-realm\",\n alias=\"my-idp\",\n single_sign_on_service_url=\"https://domain.com/adfs/ls/\",\n single_logout_service_url=\"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n backchannel_supported=True,\n post_binding_response=True,\n post_binding_logout=True,\n post_binding_authn_request=True,\n store_token=False,\n trust_email=True,\n force_authn=True)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmIdentityProvider = new Keycloak.Saml.IdentityProvider(\"realm_identity_provider\", new()\n {\n Realm = \"my-realm\",\n Alias = \"my-idp\",\n SingleSignOnServiceUrl = \"https://domain.com/adfs/ls/\",\n SingleLogoutServiceUrl = \"https://domain.com/adfs/ls/?wa=wsignout1.0\",\n BackchannelSupported = true,\n PostBindingResponse = true,\n PostBindingLogout = true,\n PostBindingAuthnRequest = true,\n StoreToken = false,\n TrustEmail = true,\n ForceAuthn = true,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := saml.NewIdentityProvider(ctx, \"realm_identity_provider\", \u0026saml.IdentityProviderArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tAlias: pulumi.String(\"my-idp\"),\n\t\t\tSingleSignOnServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/\"),\n\t\t\tSingleLogoutServiceUrl: pulumi.String(\"https://domain.com/adfs/ls/?wa=wsignout1.0\"),\n\t\t\tBackchannelSupported: pulumi.Bool(true),\n\t\t\tPostBindingResponse: pulumi.Bool(true),\n\t\t\tPostBindingLogout: pulumi.Bool(true),\n\t\t\tPostBindingAuthnRequest: pulumi.Bool(true),\n\t\t\tStoreToken: pulumi.Bool(false),\n\t\t\tTrustEmail: pulumi.Bool(true),\n\t\t\tForceAuthn: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.IdentityProvider;\nimport com.pulumi.keycloak.saml.IdentityProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realmIdentityProvider = new IdentityProvider(\"realmIdentityProvider\", IdentityProviderArgs.builder() \n .realm(\"my-realm\")\n .alias(\"my-idp\")\n .singleSignOnServiceUrl(\"https://domain.com/adfs/ls/\")\n .singleLogoutServiceUrl(\"https://domain.com/adfs/ls/?wa=wsignout1.0\")\n .backchannelSupported(true)\n .postBindingResponse(true)\n .postBindingLogout(true)\n .postBindingAuthnRequest(true)\n .storeToken(false)\n .trustEmail(true)\n .forceAuthn(true)\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realmIdentityProvider:\n type: keycloak:saml:IdentityProvider\n name: realm_identity_provider\n properties:\n realm: my-realm\n alias: my-idp\n singleSignOnServiceUrl: https://domain.com/adfs/ls/\n singleLogoutServiceUrl: https://domain.com/adfs/ls/?wa=wsignout1.0\n backchannelSupported: true\n postBindingResponse: true\n postBindingLogout: true\n postBindingAuthnRequest: true\n storeToken: false\n trustEmail: true\n forceAuthn: true\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The name of the realm. This is unique across Keycloak.\n- `alias` - (Optional) The uniq name of identity provider.\n- `enabled` - (Optional) When false, users and clients will not be able to access this realm. Defaults to `true`.\n- `display_name` - (Optional) The display name for the realm that is shown when logging in to the admin console.\n- `store_token` - (Optional) Enable/disable if tokens must be stored after authenticating users. Defaults to `true`.\n- `add_read_token_role_on_create` - (Optional) Enable/disable if new users can read any stored tokens. This assigns the broker.read-token role. Defaults to `false`.\n- `trust_email` - (Optional) If enabled then email provided by this provider is not verified even if verification is enabled for the realm. Defaults to `false`.\n- `link_only` - (Optional) If true, users cannot log in through this provider. They can only link to this provider. This is useful if you don't want to allow login from the provider, but want to integrate with a provider. Defaults to `false`.\n- `hide_on_login_page` - (Optional) If hidden, then login with this provider is possible only if requested explicitly, e.g. using the 'kc_idp_hint' parameter.\n- `first_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after first login with this identity provider. Term 'First Login' means that there is not yet existing Keycloak account linked with the authenticated identity provider account. Defaults to `first broker login`.\n- `post_broker_login_flow_alias` - (Optional) Alias of authentication flow, which is triggered after each login with this identity provider. Useful if you want additional verification of each user authenticated with this identity provider (for example OTP). Leave this empty if you don't want any additional authenticators to be triggered after login with this identity provider. Also note, that authenticator implementations must assume that user is already set in ClientSession as identity provider already set it. Defaults to empty.\n- `authenticate_by_default` - (Optional) Authenticate users by default. Defaults to `false`.\n\n#### SAML Configuration\n\n- `single_sign_on_service_url` - (Optional) The Url that must be used to send authentication requests (SAML AuthnRequest).\n- `single_logout_service_url` - (Optional) The Url that must be used to send logout requests.\n- `backchannel_supported` - (Optional) Does the external IDP support back-channel logout ?.\n- `name_id_policy_format` - (Optional) Specifies the URI reference corresponding to a name identifier format. Defaults to empty.\n- `post_binding_response` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used..\n- `post_binding_authn_request` - (Optional) Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `post_binding_logout` - (Optional) Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.\n- `want_assertions_signed` - (Optional) Indicates whether this service provider expects a signed Assertion.\n- `want_assertions_encrypted` - (Optional) Indicates whether this service provider expects an encrypted Assertion.\n- `force_authn` - (Optional) Indicates whether the identity provider must authenticate the presenter directly rather than rely on a previous security context.\n- `validate_signature` - (Optional) Enable/disable signature validation of SAML responses.\n- `signing_certificate` - (Optional) Signing Certificate.\n- `signature_algorithm` - (Optional) Signing Algorithm. Defaults to empty.\n- `xml_sign_key_info_key_name_transformer` - (Optional) Sign Key Transformer. Defaults to empty.\n\n### Import\n\nIdentity providers can be imported using the format `{{realm_id}}/{{idp_alias}}`, where `idp_alias` is the identity provider alias.\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_identity_provider.realm_identity_provider my-realm/my-idp\n```\n", "properties": { "addReadTokenRoleOnCreate": { "type": "boolean", @@ -13239,7 +13239,7 @@ } }, "keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper": { - "description": "Allows for creating and managing script protocol mappers for SAML clients within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n});\nconst samlScriptMapper = new keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n script: \"exports = 'foo';\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"saml-client\")\nsaml_script_mapper = keycloak.saml.ScriptProtocolMapper(\"samlScriptMapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n script=\"exports = 'foo';\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n });\n\n var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper(\"samlScriptMapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Script = \"exports = 'foo';\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewScriptProtocolMapper(ctx, \"samlScriptMapper\", \u0026saml.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapper;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .build());\n\n var samlScriptMapper = new ScriptProtocolMapper(\"samlScriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .script(\"exports = 'foo';\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n samlScriptMapper:\n type: keycloak:saml:ScriptProtocolMapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n script: exports = 'foo';\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", + "description": "Allows for creating and managing script protocol mappers for SAML clients within Keycloak.\n\nScript protocol mappers evaluate a JavaScript function to produce an attribute value based on context information.\n\nProtocol mappers can be defined for a single client, or they can be defined for a client scope which can be shared between\nmultiple different clients.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: \"saml-client\",\n name: \"saml-client\",\n});\nconst samlScriptMapper = new keycloak.saml.ScriptProtocolMapper(\"saml_script_mapper\", {\n realmId: realm.id,\n clientId: samlClient.id,\n name: \"script-mapper\",\n script: \"exports = 'foo';\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=\"saml-client\",\n name=\"saml-client\")\nsaml_script_mapper = keycloak.saml.ScriptProtocolMapper(\"saml_script_mapper\",\n realm_id=realm.id,\n client_id=saml_client.id,\n name=\"script-mapper\",\n script=\"exports = 'foo';\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"saml-client\",\n Name = \"saml-client\",\n });\n\n var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper(\"saml_script_mapper\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n Name = \"script-mapper\",\n Script = \"exports = 'foo';\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"saml-client\"),\n\t\t\tName: pulumi.String(\"saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewScriptProtocolMapper(ctx, \"saml_script_mapper\", \u0026saml.ScriptProtocolMapperArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"script-mapper\"),\n\t\t\tScript: pulumi.String(\"exports = 'foo';\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapper;\nimport com.pulumi.keycloak.saml.ScriptProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"saml-client\")\n .name(\"saml-client\")\n .build());\n\n var samlScriptMapper = new ScriptProtocolMapper(\"samlScriptMapper\", ScriptProtocolMapperArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.id())\n .name(\"script-mapper\")\n .script(\"exports = 'foo';\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: saml-client\n name: saml-client\n samlScriptMapper:\n type: keycloak:saml:ScriptProtocolMapper\n name: saml_script_mapper\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n name: script-mapper\n script: exports = 'foo';\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nProtocol mappers can be imported using one of the following formats:\n\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\nbash\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n```sh\n$ pulumi import keycloak:saml/scriptProtocolMapper:ScriptProtocolMapper saml_script_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n\n", "properties": { "clientId": { "type": "string", @@ -13379,7 +13379,7 @@ } }, "keycloak:saml/userAttributeProtocolMapper:UserAttributeProtocolMapper": { - "description": "## # keycloak.saml.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers for\nSAML clients within Keycloak.\n\nSAML user attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n realmId: keycloak_realm.test.id,\n});\nconst samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", {\n clientId: samlClient.id,\n realmId: keycloak_realm.test.id,\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n userAttribute: \"displayName\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n realm_id=keycloak_realm[\"test\"][\"id\"])\nsaml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\",\n client_id=saml_client.id,\n realm_id=keycloak_realm[\"test\"][\"id\"],\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\",\n user_attribute=\"displayName\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n RealmId = keycloak_realm.Test.Id,\n });\n\n var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper(\"samlUserAttributeMapper\", new()\n {\n ClientId = samlClient.Id,\n RealmId = keycloak_realm.Test.Id,\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n UserAttribute = \"displayName\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserAttributeProtocolMapper(ctx, \"samlUserAttributeMapper\", \u0026saml.UserAttributeProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t\tUserAttribute: pulumi.String(\"displayName\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .realmId(keycloak_realm.test().id())\n .build());\n\n var samlUserAttributeMapper = new UserAttributeProtocolMapper(\"samlUserAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .realmId(keycloak_realm.test().id())\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .userAttribute(\"displayName\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n realmId: ${keycloak_realm.test.id}\n samlUserAttributeMapper:\n type: keycloak:saml:UserAttributeProtocolMapper\n properties:\n clientId: ${samlClient.id}\n realmId: ${keycloak_realm.test.id}\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n userAttribute: displayName\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.saml.UserAttributeProtocolMapper\n\nAllows for creating and managing user attribute protocol mappers for\nSAML clients within Keycloak.\n\nSAML user attribute protocol mappers allow you to map custom attributes defined\nfor a user within Keycloak to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: test.id,\n clientId: \"test-saml-client\",\n name: \"test-saml-client\",\n});\nconst samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\", {\n realmId: test.id,\n clientId: samlClient.id,\n name: \"displayname-user-attribute-mapper\",\n userAttribute: \"displayName\",\n samlAttributeName: \"displayName\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=test[\"id\"],\n client_id=\"test-saml-client\",\n name=\"test-saml-client\")\nsaml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\",\n realm_id=test[\"id\"],\n client_id=saml_client.id,\n name=\"displayname-user-attribute-mapper\",\n user_attribute=\"displayName\",\n saml_attribute_name=\"displayName\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = test.Id,\n ClientId = \"test-saml-client\",\n Name = \"test-saml-client\",\n });\n\n var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper(\"saml_user_attribute_mapper\", new()\n {\n RealmId = test.Id,\n ClientId = samlClient.Id,\n Name = \"displayname-user-attribute-mapper\",\n UserAttribute = \"displayName\",\n SamlAttributeName = \"displayName\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: pulumi.Any(test.Id),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tName: pulumi.String(\"test-saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserAttributeProtocolMapper(ctx, \"saml_user_attribute_mapper\", \u0026saml.UserAttributeProtocolMapperArgs{\n\t\t\tRealmId: pulumi.Any(test.Id),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"displayname-user-attribute-mapper\"),\n\t\t\tUserAttribute: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeName: pulumi.String(\"displayName\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapper;\nimport com.pulumi.keycloak.saml.UserAttributeProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(test.id())\n .clientId(\"test-saml-client\")\n .name(\"test-saml-client\")\n .build());\n\n var samlUserAttributeMapper = new UserAttributeProtocolMapper(\"samlUserAttributeMapper\", UserAttributeProtocolMapperArgs.builder() \n .realmId(test.id())\n .clientId(samlClient.id())\n .name(\"displayname-user-attribute-mapper\")\n .userAttribute(\"displayName\")\n .samlAttributeName(\"displayName\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${test.id}\n clientId: test-saml-client\n name: test-saml-client\n samlUserAttributeMapper:\n type: keycloak:saml:UserAttributeProtocolMapper\n name: saml_user_attribute_mapper\n properties:\n realmId: ${test.id}\n clientId: ${samlClient.id}\n name: displayname-user-attribute-mapper\n userAttribute: displayName\n samlAttributeName: displayName\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_attribute` - (Required) The custom user attribute to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_attribute_protocol_mapper.saml_user_attribute_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string" @@ -13483,7 +13483,7 @@ } }, "keycloak:saml/userPropertyProtocolMapper:UserPropertyProtocolMapper": { - "description": "## # keycloak.saml.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers for\nSAML clients within Keycloak.\n\nSAML user property protocol mappers allow you to map properties of the Keycloak\nuser model to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n enabled: true,\n realm: \"my-realm\",\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n clientId: \"test-saml-client\",\n realmId: keycloak_realm.test.id,\n});\nconst samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", {\n clientId: samlClient.id,\n realmId: keycloak_realm.test.id,\n samlAttributeName: \"email\",\n samlAttributeNameFormat: \"Unspecified\",\n userProperty: \"email\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n enabled=True,\n realm=\"my-realm\")\nsaml_client = keycloak.saml.Client(\"samlClient\",\n client_id=\"test-saml-client\",\n realm_id=keycloak_realm[\"test\"][\"id\"])\nsaml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\",\n client_id=saml_client.id,\n realm_id=keycloak_realm[\"test\"][\"id\"],\n saml_attribute_name=\"email\",\n saml_attribute_name_format=\"Unspecified\",\n user_property=\"email\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n Enabled = true,\n RealmName = \"my-realm\",\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n ClientId = \"test-saml-client\",\n RealmId = keycloak_realm.Test.Id,\n });\n\n var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper(\"samlUserPropertyMapper\", new()\n {\n ClientId = samlClient.Id,\n RealmId = keycloak_realm.Test.Id,\n SamlAttributeName = \"email\",\n SamlAttributeNameFormat = \"Unspecified\",\n UserProperty = \"email\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserPropertyProtocolMapper(ctx, \"samlUserPropertyMapper\", \u0026saml.UserPropertyProtocolMapperArgs{\n\t\t\tClientId: samlClient.ID(),\n\t\t\tRealmId: pulumi.Any(keycloak_realm.Test.Id),\n\t\t\tSamlAttributeName: pulumi.String(\"email\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .clientId(\"test-saml-client\")\n .realmId(keycloak_realm.test().id())\n .build());\n\n var samlUserPropertyMapper = new UserPropertyProtocolMapper(\"samlUserPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .clientId(samlClient.id())\n .realmId(keycloak_realm.test().id())\n .samlAttributeName(\"email\")\n .samlAttributeNameFormat(\"Unspecified\")\n .userProperty(\"email\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n samlClient:\n type: keycloak:saml:Client\n properties:\n clientId: test-saml-client\n realmId: ${keycloak_realm.test.id}\n samlUserPropertyMapper:\n type: keycloak:saml:UserPropertyProtocolMapper\n properties:\n clientId: ${samlClient.id}\n realmId: ${keycloak_realm.test.id}\n samlAttributeName: email\n samlAttributeNameFormat: Unspecified\n userProperty: email\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The property of the Keycloak user model to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", + "description": "## # keycloak.saml.UserPropertyProtocolMapper\n\nAllows for creating and managing user property protocol mappers for\nSAML clients within Keycloak.\n\nSAML user property protocol mappers allow you to map properties of the Keycloak\nuser model to an attribute in a SAML assertion. Protocol mappers\ncan be defined for a single client, or they can be defined for a client scope which\ncan be shared between multiple different clients.\n\n### Example Usage (Client)\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: test.id,\n clientId: \"test-saml-client\",\n name: \"test-saml-client\",\n});\nconst samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\", {\n realmId: test.id,\n clientId: samlClient.id,\n name: \"email-user-property-mapper\",\n userProperty: \"email\",\n samlAttributeName: \"email\",\n samlAttributeNameFormat: \"Unspecified\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"saml_client\",\n realm_id=test[\"id\"],\n client_id=\"test-saml-client\",\n name=\"test-saml-client\")\nsaml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\",\n realm_id=test[\"id\"],\n client_id=saml_client.id,\n name=\"email-user-property-mapper\",\n user_property=\"email\",\n saml_attribute_name=\"email\",\n saml_attribute_name_format=\"Unspecified\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = test.Id,\n ClientId = \"test-saml-client\",\n Name = \"test-saml-client\",\n });\n\n var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper(\"saml_user_property_mapper\", new()\n {\n RealmId = test.Id,\n ClientId = samlClient.Id,\n Name = \"email-user-property-mapper\",\n UserProperty = \"email\",\n SamlAttributeName = \"email\",\n SamlAttributeNameFormat = \"Unspecified\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: pulumi.Any(test.Id),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tName: pulumi.String(\"test-saml-client\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = saml.NewUserPropertyProtocolMapper(ctx, \"saml_user_property_mapper\", \u0026saml.UserPropertyProtocolMapperArgs{\n\t\t\tRealmId: pulumi.Any(test.Id),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tName: pulumi.String(\"email-user-property-mapper\"),\n\t\t\tUserProperty: pulumi.String(\"email\"),\n\t\t\tSamlAttributeName: pulumi.String(\"email\"),\n\t\t\tSamlAttributeNameFormat: pulumi.String(\"Unspecified\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapper;\nimport com.pulumi.keycloak.saml.UserPropertyProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(test.id())\n .clientId(\"test-saml-client\")\n .name(\"test-saml-client\")\n .build());\n\n var samlUserPropertyMapper = new UserPropertyProtocolMapper(\"samlUserPropertyMapper\", UserPropertyProtocolMapperArgs.builder() \n .realmId(test.id())\n .clientId(samlClient.id())\n .name(\"email-user-property-mapper\")\n .userProperty(\"email\")\n .samlAttributeName(\"email\")\n .samlAttributeNameFormat(\"Unspecified\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${test.id}\n clientId: test-saml-client\n name: test-saml-client\n samlUserPropertyMapper:\n type: keycloak:saml:UserPropertyProtocolMapper\n name: saml_user_property_mapper\n properties:\n realmId: ${test.id}\n clientId: ${samlClient.id}\n name: email-user-property-mapper\n userProperty: email\n samlAttributeName: email\n samlAttributeNameFormat: Unspecified\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this protocol mapper exists within.\n- `client_id` - (Required if `client_scope_id` is not specified) The SAML client this protocol mapper is attached to.\n- `client_scope_id` - (Required if `client_id` is not specified) The SAML client scope this protocol mapper is attached to.\n- `name` - (Required) The display name of this protocol mapper in the GUI.\n- `user_property` - (Required) The property of the Keycloak user model to map.\n- `friendly_name` - (Optional) An optional human-friendly name for this attribute.\n- `saml_attribute_name` - (Required) The name of the SAML attribute.\n- `saml_attribute_name_format` - (Required) The SAML attribute Name Format. Can be one of `Unspecified`, `Basic`, or `URI Reference`.\n\n### Import\n\nProtocol mappers can be imported using one of the following formats:\n- Client: `{{realm_id}}/client/{{client_keycloak_id}}/{{protocol_mapper_id}}`\n- Client Scope: `{{realm_id}}/client-scope/{{client_scope_keycloak_id}}/{{protocol_mapper_id}}`\n\nExample:\n\n```bash\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client/a7202154-8793-4656-b655-1dd18c181e14/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n$ terraform import keycloak_saml_user_property_protocol_mapper.saml_user_property_mapper my-realm/client-scope/b799ea7e-73ee-4a73-990a-1eafebe8e20a/71602afa-f7d1-4788-8c49-ef8fd00af0f4\n```\n", "properties": { "clientId": { "type": "string" @@ -13617,8 +13617,8 @@ "description": "A collection of values returned by getAuthenticationExecution.\n", "properties": { "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "parentFlowAlias": { "type": "string" @@ -13630,13 +13630,13 @@ "type": "string" } }, - "type": "object", "required": [ "parentFlowAlias", "providerId", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:index/getAuthenticationFlow:getAuthenticationFlow": { @@ -13666,23 +13666,23 @@ "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "realmId": { "type": "string" } }, - "type": "object", "required": [ "alias", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:index/getClientDescriptionConverter:getClientDescriptionConverter": { - "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClientClientDescriptionConverter = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"samlClientClient\", {\n realmId: realm.id,\n clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter =\u003e samlClientClientDescriptionConverter.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client_client_description_converter = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"samlClientClient\",\n realm_id=realm.id,\n client_id=saml_client_client_description_converter.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClientClientDescriptionConverter = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"samlClientClient\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClientClientDescriptionConverter.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClientClientDescriptionConverter := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"samlClientClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClientClientDescriptionConverter.ApplyT(func(samlClientClientDescriptionConverter keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClientClientDescriptionConverter.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -\u003e samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClientClientDescriptionConverter.clientId}\nvariables:\n samlClientClientDescriptionConverter:\n fn::invoke:\n Function: keycloak:getClientDescriptionConverter\n Arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source uses the [ClientDescriptionConverter](https://www.keycloak.org/docs-api/6.0/javadocs/org/keycloak/exportimport/ClientDescriptionConverter.html) API to convert a generic client description into a Keycloak\nclient. This data can then be used to manage the client within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = keycloak.getClientDescriptionConverterOutput({\n realmId: realm.id,\n body: `\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`,\n});\nconst samlClientClient = new keycloak.saml.Client(\"saml_client\", {\n realmId: realm.id,\n clientId: samlClient.apply(samlClient =\u003e samlClient.clientId),\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.get_client_description_converter_output(realm_id=realm.id,\n body=\"\"\"\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\"\"\")\nsaml_client_client = keycloak.saml.Client(\"saml_client\",\n realm_id=realm.id,\n client_id=saml_client.client_id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new()\n {\n RealmId = realm.Id,\n Body = @\"\t\u003cmd:EntityDescriptor xmlns:md=\"\"urn:oasis:names:tc:SAML:2.0:metadata\"\" validUntil=\"\"2021-04-17T12:41:46Z\"\" cacheDuration=\"\"PT604800S\"\" entityID=\"\"FakeEntityId\"\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"\"false\"\" WantAssertionsSigned=\"\"false\"\" protocolSupportEnumeration=\"\"urn:oasis:names:tc:SAML:2.0:protocol\"\"\u003e\n \u003cmd:KeyDescriptor use=\"\"signing\"\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"\"http://www.w3.org/2000/09/xmldsig#\"\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\" Location=\"\"https://localhost/acs/saml/\"\" index=\"\"1\"\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n\",\n });\n\n var samlClientClient = new Keycloak.Saml.Client(\"saml_client\", new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Apply(getClientDescriptionConverterResult =\u003e getClientDescriptionConverterResult.ClientId),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tBody: pulumi.String(`\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n`),\n\t\t}, nil)\n\t\t_, err = saml.NewClient(ctx, \"saml_client\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ApplyT(func(samlClient keycloak.GetClientDescriptionConverterResult) (*string, error) {\n\t\t\t\treturn \u0026samlClient.ClientId, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetClientDescriptionConverterArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder()\n .realmId(realm.id())\n .body(\"\"\"\n\t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n\t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n\t\t\t\t\u003cds:X509Data\u003e\n\t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n\t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n\t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n\t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n\t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n\t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n\t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n\t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n\t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n\t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n\t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n\t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n\t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n\t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n\t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n\t\t\t\t\u003c/ds:X509Data\u003e\n\t\t\t\u003c/ds:KeyInfo\u003e\n\t\t\u003c/md:KeyDescriptor\u003e\n\t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n\u003c/md:EntityDescriptor\u003e\n \"\"\")\n .build());\n\n var samlClientClient = new Client(\"samlClientClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult).applyValue(samlClient -\u003e samlClient.applyValue(getClientDescriptionConverterResult -\u003e getClientDescriptionConverterResult.clientId())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClientClient:\n type: keycloak:saml:Client\n name: saml_client\n properties:\n realmId: ${realm.id}\n clientId: ${samlClient.clientId}\nvariables:\n samlClient:\n fn::invoke:\n Function: keycloak:getClientDescriptionConverter\n Arguments:\n realmId: ${realm.id}\n body: |\n \t\u003cmd:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" validUntil=\"2021-04-17T12:41:46Z\" cacheDuration=\"PT604800S\" entityID=\"FakeEntityId\"\u003e\n \u003cmd:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\"\u003e\n \u003cmd:KeyDescriptor use=\"signing\"\u003e\n \t\t\t\u003cds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"\u003e\n \t\t\t\t\u003cds:X509Data\u003e\n \t\t\t\t\t\u003cds:X509Certificate\u003eMIICyDCCAjGgAwIBAgIBADANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UEBhMCdXMx\n \t\t\t\t\tCzAJBgNVBAgMAklBMSQwIgYDVQQKDBt0ZXJyYWZvcm0tcHJvdmlkZXIta2V5Y2xv\n \t\t\t\t\tYWsxHDAaBgNVBAMME21ycGFya2Vycy5naXRodWIuaW8xIDAeBgkqhkiG9w0BCQEW\n \t\t\t\t\tEW1pY2hhZWxAcGFya2VyLmdnMB4XDTE5MDEwODE0NDYzNloXDTI5MDEwNTE0NDYz\n \t\t\t\t\tNlowgYAxCzAJBgNVBAYTAnVzMQswCQYDVQQIDAJJQTEkMCIGA1UECgwbdGVycmFm\n \t\t\t\t\tb3JtLXByb3ZpZGVyLWtleWNsb2FrMRwwGgYDVQQDDBNtcnBhcmtlcnMuZ2l0aHVi\n \t\t\t\t\tLmlvMSAwHgYJKoZIhvcNAQkBFhFtaWNoYWVsQHBhcmtlci5nZzCBnzANBgkqhkiG\n \t\t\t\t\t9w0BAQEFAAOBjQAwgYkCgYEAxuZny7uyYxGVPtpie14gNQC4tT9sAvO2sVNDhuoe\n \t\t\t\t\tqIKLRpNwkHnwQmwe5OxSh9K0BPHp/DNuuVWUqvo4tniEYn3jBr7FwLYLTKojQIxj\n \t\t\t\t\t53S1UTT9EXq3eP5HsHMD0QnTuca2nlNYUDBm6ud2fQj0Jt5qLx86EbEC28N56IRv\n \t\t\t\t\tGX8CAwEAAaNQME4wHQYDVR0OBBYEFMLnbQh77j7vhGTpAhKpDhCrBsPZMB8GA1Ud\n \t\t\t\t\tIwQYMBaAFMLnbQh77j7vhGTpAhKpDhCrBsPZMAwGA1UdEwQFMAMBAf8wDQYJKoZI\n \t\t\t\t\thvcNAQENBQADgYEAB8wGrAQY0pAfwbnYSyBt4STbebeRTu1/q1ucfrtc3qsegcd5\n \t\t\t\t\tn01xTR+T2uZJwqHFPpFjr4IPORiHx3+4BWCweslPD53qBjKUPXcbMO1Revjef6Tj\n \t\t\t\t\tK3K0AuJ94fxgXVoT61Nzu/a6Lj6RhzU/Dao9mlSbJY+YSbm+ZBpsuRUQ84s=\u003c/ds:X509Certificate\u003e\n \t\t\t\t\u003c/ds:X509Data\u003e\n \t\t\t\u003c/ds:KeyInfo\u003e\n \t\t\u003c/md:KeyDescriptor\u003e\n \t\t\u003cmd:NameIDFormat\u003eurn:oasis:names:tc:SAML:1.1:nameid-format:unspecified\u003c/md:NameIDFormat\u003e\n \u003cmd:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost/acs/saml/\" index=\"1\"/\u003e\n \u003c/md:SPSSODescriptor\u003e\n \u003c/md:EntityDescriptor\u003e\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientDescriptionConverter.\n", "properties": { @@ -13705,34 +13705,34 @@ "description": "A collection of values returned by getClientDescriptionConverter.\n", "properties": { "access": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "adminUrl": { "type": "string" }, "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "authenticationFlowBindingOverrides": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "authorizationServicesEnabled": { "type": "boolean" }, "authorizationSettings": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "baseUrl": { "type": "string" @@ -13753,16 +13753,16 @@ "type": "string" }, "defaultClientScopes": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "defaultRoles": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "description": { "type": "string" @@ -13780,8 +13780,8 @@ "type": "boolean" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "implicitFlowEnabled": { "type": "boolean" @@ -13793,10 +13793,10 @@ "type": "integer" }, "optionalClientScopes": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "origin": { "type": "string" @@ -13805,10 +13805,10 @@ "type": "string" }, "protocolMappers": { - "type": "array", "items": { "$ref": "#/types/keycloak:index/getClientDescriptionConverterProtocolMapper:getClientDescriptionConverterProtocolMapper" - } + }, + "type": "array" }, "publicClient": { "type": "boolean" @@ -13817,16 +13817,16 @@ "type": "string" }, "redirectUris": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "registeredNodes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "registrationAccessToken": { "type": "string" @@ -13847,13 +13847,12 @@ "type": "boolean" }, "webOrigins": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" } }, - "type": "object", "required": [ "access", "adminUrl", @@ -13893,11 +13892,12 @@ "surrogateAuthRequired", "webOrigins", "id" - ] + ], + "type": "object" } }, "keycloak:index/getGroup:getGroup": { - "description": "## # keycloak.Group data source\n\nThis data source can be used to fetch properties of a Keycloak group for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.inputs.GetGroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .name(\"offline_access\")\n .realmId(realm.id())\n .build());\n\n final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder()\n .name(\"group\")\n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.applyValue(getGroupResult -\u003e getGroupResult).applyValue(group -\u003e group.applyValue(getGroupResult -\u003e getGroupResult.id())))\n .realmId(realm.id())\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n name: offline_access\n realmId: ${realm.id}\n group:\n fn::invoke:\n Function: keycloak:getGroup\n Arguments:\n name: group\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists within.\n- `name` - (Required) The name of the group\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the group, which can be used as an argument to\n other resources supported by this provider.\n", + "description": "## # keycloak.Group data source\n\nThis data source can be used to fetch properties of a Keycloak group for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.inputs.GetGroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder()\n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.applyValue(getGroupResult -\u003e getGroupResult).applyValue(group -\u003e group.applyValue(getGroupResult -\u003e getGroupResult.id())))\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n group:\n fn::invoke:\n Function: keycloak:getGroup\n Arguments:\n realmId: ${realm.id}\n name: group\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this group exists within.\n- `name` - (Required) The name of the group\n\n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the group, which can be used as an argument to\n other resources supported by this provider.\n", "inputs": { "description": "A collection of arguments for invoking getGroup.\n", "properties": { @@ -13918,14 +13918,14 @@ "description": "A collection of values returned by getGroup.\n", "properties": { "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "name": { "type": "string" @@ -13940,7 +13940,6 @@ "type": "string" } }, - "type": "object", "required": [ "attributes", "name", @@ -13948,11 +13947,12 @@ "path", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:index/getRealm:getRealm": { - "description": "## # keycloak.Realm data source\n\nThis data source can be used to fetch properties of a Keycloak realm for\nusage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\nconst group = new keycloak.Role(\"group\", {realmId: data.keycloak_realm.id});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\ngroup = keycloak.Role(\"group\", realm_id=data[\"keycloak_realm\"][\"id\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n var @group = new Keycloak.Role(\"group\", new()\n {\n RealmId = data.Keycloak_realm.Id,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.NewRole(ctx, \"group\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: pulumi.Any(data.Keycloak_realm.Id),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n var group = new Role(\"group\", RoleArgs.builder() \n .realmId(data.keycloak_realm().id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n group:\n type: keycloak:Role\n properties:\n realmId: ${data.keycloak_realm.id}\nvariables:\n realm: # use the data source\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: my-realm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The realm name.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.Realm` resource for details on the exported attributes.\n", + "description": "## # keycloak.Realm data source\n\nThis data source can be used to fetch properties of a Keycloak realm for\nusage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = keycloak.getRealm({\n realm: \"my-realm\",\n});\n// use the data source\nconst group = new keycloak.Role(\"group\", {\n realmId: id,\n name: \"group\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.get_realm(realm=\"my-realm\")\n# use the data source\ngroup = keycloak.Role(\"group\",\n realm_id=id,\n name=\"group\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"my-realm\",\n });\n\n // use the data source\n var @group = new Keycloak.Role(\"group\", new()\n {\n RealmId = id,\n Name = \"group\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"my-realm\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.NewRole(ctx, \"group\", \u0026keycloak.RoleArgs{\n\t\t\tRealmId: pulumi.Any(id),\n\t\t\tName: pulumi.String(\"group\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.Role;\nimport com.pulumi.keycloak.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"my-realm\")\n .build());\n\n // use the data source\n var group = new Role(\"group\", RoleArgs.builder() \n .realmId(id)\n .name(\"group\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n group:\n type: keycloak:Role\n properties:\n realmId: ${id}\n name: group\nvariables:\n realm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: my-realm\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm` - (Required) The realm name.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.Realm` resource for details on the exported attributes.\n", "inputs": { "description": "A collection of arguments for invoking getRealm.\n", "properties": { @@ -14044,10 +14044,10 @@ "type": "string" }, "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "browserFlow": { "type": "string" @@ -14062,16 +14062,16 @@ "type": "string" }, "defaultDefaultClientScopes": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "defaultOptionalClientScopes": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "defaultSignatureAlgorithm": { "type": "string" @@ -14101,17 +14101,17 @@ "type": "boolean" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "internalId": { "type": "string" }, "internationalizations": { - "type": "array", "items": { "$ref": "#/types/keycloak:index/getRealmInternationalization:getRealmInternationalization" - } + }, + "type": "array" }, "loginTheme": { "type": "string" @@ -14168,16 +14168,16 @@ "type": "boolean" }, "securityDefenses": { - "type": "array", "items": { "$ref": "#/types/keycloak:index/getRealmSecurityDefense:getRealmSecurityDefense" - } + }, + "type": "array" }, "smtpServers": { - "type": "array", "items": { "$ref": "#/types/keycloak:index/getRealmSmtpServer:getRealmSmtpServer" - } + }, + "type": "array" }, "sslRequired": { "type": "string" @@ -14207,7 +14207,6 @@ "$ref": "#/types/keycloak:index/getRealmWebAuthnPolicy:getRealmWebAuthnPolicy" } }, - "type": "object", "required": [ "accessCodeLifespan", "accessCodeLifespanLogin", @@ -14265,7 +14264,8 @@ "webAuthnPasswordlessPolicy", "webAuthnPolicy", "id" - ] + ], + "type": "object" } }, "keycloak:index/getRealmKeys:getRealmKeys": { @@ -14298,41 +14298,41 @@ "description": "A collection of values returned by getRealmKeys.\n", "properties": { "algorithms": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "keys": { - "type": "array", "items": { "$ref": "#/types/keycloak:index/getRealmKeysKey:getRealmKeysKey" - } + }, + "type": "array" }, "realmId": { "type": "string" }, "statuses": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" } }, - "type": "object", "required": [ "keys", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:index/getRole:getRole": { - "description": "## # keycloak.Role data source\n\nThis data source can be used to fetch properties of a Keycloak role for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .enabled(true)\n .realm(\"my-realm\")\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .name(\"offline_access\")\n .realmId(realm.id())\n .build());\n\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .groupId(group.id())\n .realmId(realm.id())\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n enabled: true\n realm: my-realm\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n groupRoles:\n type: keycloak:GroupRoles\n properties:\n groupId: ${group.id}\n realmId: ${realm.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n name: offline_access\n realmId: ${realm.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role is assumed to be a\n client role belonging to the client with the provided ID\n- `name` - (Required) The name of the role\n \n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the role, which can be used as an argument to\n other resources supported by this provider.\n- `description` - The description of the role.\n", + "description": "## # keycloak.Role data source\n\nThis data source can be used to fetch properties of a Keycloak role for\nusage with other resources, such as `keycloak.GroupRoles`.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.Group;\nimport com.pulumi.keycloak.GroupArgs;\nimport com.pulumi.keycloak.GroupRoles;\nimport com.pulumi.keycloak.GroupRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n // use the data source\n var group = new Group(\"group\", GroupArgs.builder() \n .realmId(realm.id())\n .name(\"group\")\n .build());\n\n var groupRoles = new GroupRoles(\"groupRoles\", GroupRolesArgs.builder() \n .realmId(realm.id())\n .groupId(group.id())\n .roles(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n # use the data source\n group:\n type: keycloak:Group\n properties:\n realmId: ${realm.id}\n name: group\n groupRoles:\n type: keycloak:GroupRoles\n name: group_roles\n properties:\n realmId: ${realm.id}\n groupId: ${group.id}\n roles:\n - ${offlineAccess.id}\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm this role exists within.\n- `client_id` - (Optional) When specified, this role is assumed to be a\n client role belonging to the client with the provided ID\n- `name` - (Required) The name of the role\n \n### Attributes Reference\n\nIn addition to the arguments listed above, the following computed attributes are exported:\n\n- `id` - The unique ID of the role, which can be used as an argument to\n other resources supported by this provider.\n- `description` - The description of the role.\n", "inputs": { "description": "A collection of arguments for invoking getRole.\n", "properties": { @@ -14356,26 +14356,26 @@ "description": "A collection of values returned by getRole.\n", "properties": { "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "clientId": { "type": "string" }, "compositeRoles": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "description": { "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "name": { "type": "string" @@ -14384,7 +14384,6 @@ "type": "string" } }, - "type": "object", "required": [ "attributes", "compositeRoles", @@ -14392,11 +14391,12 @@ "name", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:index/getUser:getUser": { - "description": "This data source can be used to fetch properties of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nexport const keycloakUserId = defaultAdminUser.then(defaultAdminUser =\u003e defaultAdminUser.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\npulumi.export(\"keycloakUserId\", default_admin_user.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserId\"] = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserId\", defaultAdminUser.Id)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n ctx.export(\"keycloakUserId\", defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\noutputs:\n keycloakUserId: ${defaultAdminUser.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch properties of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\n// use the keycloak_user data source to grab the admin user's ID\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nexport const keycloakUserId = defaultAdminUser.then(defaultAdminUser =\u003e defaultAdminUser.id);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\n# use the keycloak_user data source to grab the admin user's ID\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\npulumi.export(\"keycloakUserId\", default_admin_user.id)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n // use the keycloak_user data source to grab the admin user's ID\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserId\"] = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user data source to grab the admin user's ID\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserId\", defaultAdminUser.Id)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n // use the keycloak_user data source to grab the admin user's ID\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n ctx.export(\"keycloakUserId\", defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n # use the keycloak_user data source to grab the admin user's ID\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\noutputs:\n keycloakUserId: ${defaultAdminUser.id}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUser.\n", "properties": { @@ -14419,57 +14419,56 @@ "description": "A collection of values returned by getUser.\n", "properties": { "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" }, - "description": "(Computed) A map representing attributes for the user\n" + "description": "(Computed) A map representing attributes for the user\n", + "type": "object" }, "email": { - "type": "string", - "description": "(Computed) The user's email.\n" + "description": "(Computed) The user's email.\n", + "type": "string" }, "emailVerified": { - "type": "boolean", - "description": "(Computed) Whether the email address was validated or not. Default to `false`.\n" + "description": "(Computed) Whether the email address was validated or not. Default to `false`.\n", + "type": "boolean" }, "enabled": { - "type": "boolean", - "description": "(Computed) When false, this user cannot log in. Defaults to `true`.\n" + "description": "(Computed) When false, this user cannot log in. Defaults to `true`.\n", + "type": "boolean" }, "federatedIdentities": { - "type": "array", + "description": "(Computed) The user's federated identities, if applicable. This block has the following schema:\n", "items": { "type": "string" }, - "description": "(Computed) The user's federated identities, if applicable. This block has the following schema:\n" + "type": "array" }, "firstName": { - "type": "string", - "description": "(Computed) The user's first name.\n" + "description": "(Computed) The user's first name.\n", + "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "lastName": { - "type": "string", - "description": "(Computed) The user's last name.\n" + "description": "(Computed) The user's last name.\n", + "type": "string" }, "realmId": { "type": "string" }, "requiredActions": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "username": { "type": "string" } }, - "type": "object", "required": [ "attributes", "email", @@ -14482,11 +14481,12 @@ "requiredActions", "username", "id" - ] + ], + "type": "object" } }, "keycloak:index/getUserRealmRoles:getUserRealmRoles": { - "description": "This data source can be used to fetch the realm roles of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\nconst userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) =\u003e keycloak.getUserRealmRoles({\n realmId: masterRealm.id,\n userId: defaultAdminUser.id,\n}));\nexport const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles =\u003e userRealmRoles.roleNames);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\nuser_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id,\n user_id=default_admin_user.id)\npulumi.export(\"keycloakUserRoleNames\", user_realm_roles.role_names)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n UserId = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserRoleNames\"] = userRealmRoles.Apply(getUserRealmRolesResult =\u003e getUserRealmRolesResult.RoleNames),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tuserRealmRoles, err := keycloak.GetUserRealmRoles(ctx, \u0026keycloak.GetUserRealmRolesArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUserId: defaultAdminUser.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserRoleNames\", userRealmRoles.RoleNames)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport com.pulumi.keycloak.inputs.GetUserRealmRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .userId(defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n ctx.export(\"keycloakUserRoleNames\", userRealmRoles.applyValue(getUserRealmRolesResult -\u003e getUserRealmRolesResult.roleNames()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\n userRealmRoles:\n fn::invoke:\n Function: keycloak:getUserRealmRoles\n Arguments:\n realmId: ${masterRealm.id}\n userId: ${defaultAdminUser.id}\noutputs:\n keycloakUserRoleNames: ${userRealmRoles.roleNames}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch the realm roles of a user within Keycloak.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst masterRealm = keycloak.getRealm({\n realm: \"master\",\n});\n// use the keycloak_user data source to grab the admin user's ID\nconst defaultAdminUser = masterRealm.then(masterRealm =\u003e keycloak.getUser({\n realmId: masterRealm.id,\n username: \"keycloak\",\n}));\n// use the keycloak_user_realm_roles data source to list role names\nconst userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) =\u003e keycloak.getUserRealmRoles({\n realmId: masterRealm.id,\n userId: defaultAdminUser.id,\n}));\nexport const keycloakUserRoleNames = userRealmRoles.then(userRealmRoles =\u003e userRealmRoles.roleNames);\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nmaster_realm = keycloak.get_realm(realm=\"master\")\n# use the keycloak_user data source to grab the admin user's ID\ndefault_admin_user = keycloak.get_user(realm_id=master_realm.id,\n username=\"keycloak\")\n# use the keycloak_user_realm_roles data source to list role names\nuser_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id,\n user_id=default_admin_user.id)\npulumi.export(\"keycloakUserRoleNames\", user_realm_roles.role_names)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var masterRealm = Keycloak.GetRealm.Invoke(new()\n {\n Realm = \"master\",\n });\n\n // use the keycloak_user data source to grab the admin user's ID\n var defaultAdminUser = Keycloak.GetUser.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n Username = \"keycloak\",\n });\n\n // use the keycloak_user_realm_roles data source to list role names\n var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new()\n {\n RealmId = masterRealm.Apply(getRealmResult =\u003e getRealmResult.Id),\n UserId = defaultAdminUser.Apply(getUserResult =\u003e getUserResult.Id),\n });\n\n return new Dictionary\u003cstring, object?\u003e\n {\n [\"keycloakUserRoleNames\"] = userRealmRoles.Apply(getUserRealmRolesResult =\u003e getUserRealmRolesResult.RoleNames),\n };\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tmasterRealm, err := keycloak.LookupRealm(ctx, \u0026keycloak.LookupRealmArgs{\n\t\t\tRealm: \"master\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user data source to grab the admin user's ID\n\t\tdefaultAdminUser, err := keycloak.LookupUser(ctx, \u0026keycloak.LookupUserArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUsername: \"keycloak\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the keycloak_user_realm_roles data source to list role names\n\t\tuserRealmRoles, err := keycloak.GetUserRealmRoles(ctx, \u0026keycloak.GetUserRealmRolesArgs{\n\t\t\tRealmId: masterRealm.Id,\n\t\t\tUserId: defaultAdminUser.Id,\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tctx.Export(\"keycloakUserRoleNames\", userRealmRoles.RoleNames)\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRealmArgs;\nimport com.pulumi.keycloak.inputs.GetUserArgs;\nimport com.pulumi.keycloak.inputs.GetUserRealmRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var masterRealm = KeycloakFunctions.getRealm(GetRealmArgs.builder()\n .realm(\"master\")\n .build());\n\n // use the keycloak_user data source to grab the admin user's ID\n final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .username(\"keycloak\")\n .build());\n\n // use the keycloak_user_realm_roles data source to list role names\n final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder()\n .realmId(masterRealm.applyValue(getRealmResult -\u003e getRealmResult.id()))\n .userId(defaultAdminUser.applyValue(getUserResult -\u003e getUserResult.id()))\n .build());\n\n ctx.export(\"keycloakUserRoleNames\", userRealmRoles.applyValue(getUserRealmRolesResult -\u003e getUserRealmRolesResult.roleNames()));\n }\n}\n```\n```yaml\nvariables:\n masterRealm:\n fn::invoke:\n Function: keycloak:getRealm\n Arguments:\n realm: master\n # use the keycloak_user data source to grab the admin user's ID\n defaultAdminUser:\n fn::invoke:\n Function: keycloak:getUser\n Arguments:\n realmId: ${masterRealm.id}\n username: keycloak\n # use the keycloak_user_realm_roles data source to list role names\n userRealmRoles:\n fn::invoke:\n Function: keycloak:getUserRealmRoles\n Arguments:\n realmId: ${masterRealm.id}\n userId: ${defaultAdminUser.id}\noutputs:\n keycloakUserRoleNames: ${userRealmRoles.roleNames}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getUserRealmRoles.\n", "properties": { @@ -14509,34 +14509,34 @@ "description": "A collection of values returned by getUserRealmRoles.\n", "properties": { "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "realmId": { "type": "string" }, "roleNames": { - "type": "array", + "description": "(Computed) A list of realm roles that belong to this user.\n", "items": { "type": "string" }, - "description": "(Computed) A list of realm roles that belong to this user.\n" + "type": "array" }, "userId": { "type": "string" } }, - "type": "object", "required": [ "realmId", "roleNames", "userId", "id" - ] + ], + "type": "object" } }, "keycloak:openid/getClient:getClient": { - "description": "## # keycloak.openid.Client data source\n\nThis data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm id.\n- `client_id` - (Required) The client id.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.openid.Client` resource for details on the exported attributes.\n", + "description": "## # keycloak.openid.Client data source\n\nThis data source can be used to fetch properties of a Keycloak OpenID client for usage with other resources.\n\n### Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.openid.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\n// use the data source\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.openid.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\n# use the data source\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.OpenId.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n // use the data source\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := openid.LookupClient(ctx, \u0026openid.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = OpenidFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n // use the data source\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:openid:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n # use the data source\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Argument Reference\n\nThe following arguments are supported:\n\n- `realm_id` - (Required) The realm id.\n- `client_id` - (Required) The client id.\n\n### Attributes Reference\n\nSee the docs for the `keycloak.openid.Client` resource for details on the exported attributes.\n", "inputs": { "description": "A collection of arguments for invoking getClient.\n", "properties": { @@ -14587,16 +14587,16 @@ "type": "string" }, "authenticationFlowBindingOverrides": { - "type": "array", "items": { "$ref": "#/types/keycloak:openid/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride" - } + }, + "type": "array" }, "authorizations": { - "type": "array", "items": { "$ref": "#/types/keycloak:openid/getClientAuthorization:getClientAuthorization" - } + }, + "type": "array" }, "backchannelLogoutRevokeOfflineSessions": { "type": "boolean" @@ -14623,8 +14623,8 @@ "type": "string" }, "clientSecret": { - "type": "string", - "secret": true + "secret": true, + "type": "string" }, "clientSessionIdleTimeout": { "type": "string" @@ -14654,10 +14654,10 @@ "type": "boolean" }, "extraConfig": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "frontchannelLogoutEnabled": { "type": "boolean" @@ -14669,8 +14669,8 @@ "type": "boolean" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "implicitFlowEnabled": { "type": "boolean" @@ -14718,25 +14718,24 @@ "type": "boolean" }, "validPostLogoutRedirectUris": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "validRedirectUris": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "webOrigins": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" } }, - "type": "object", "required": [ "accessTokenLifespan", "accessType", @@ -14779,11 +14778,12 @@ "validRedirectUris", "webOrigins", "id" - ] + ], + "type": "object" } }, "keycloak:openid/getClientAuthorizationPolicy:getClientAuthorizationPolicy": { - "description": "This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default\npermission for this client called \"Default Permission\". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data\nsource to fetch information about this permission, so we can use it to create a new resource-based authorization permission.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientWithAuthz = new keycloak.openid.Client(\"clientWithAuthz\", {\n clientId: \"client-with-authz\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst defaultPermission = keycloak.openid.getClientAuthorizationPolicyOutput({\n realmId: realm.id,\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"Default Permission\",\n});\nconst resource = new keycloak.openid.ClientAuthorizationResource(\"resource\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n uris: [\"/endpoint/*\"],\n attributes: {\n foo: \"bar\",\n },\n});\nconst permission = new keycloak.openid.ClientAuthorizationPermission(\"permission\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n policies: [defaultPermission.apply(defaultPermission =\u003e defaultPermission.id)],\n resources: [resource.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_with_authz = keycloak.openid.Client(\"clientWithAuthz\",\n client_id=\"client-with-authz\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization=keycloak.openid.ClientAuthorizationArgs(\n policy_enforcement_mode=\"ENFORCING\",\n ))\ndefault_permission = keycloak.openid.get_client_authorization_policy_output(realm_id=realm.id,\n resource_server_id=client_with_authz.resource_server_id,\n name=\"Default Permission\")\nresource = keycloak.openid.ClientAuthorizationResource(\"resource\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n uris=[\"/endpoint/*\"],\n attributes={\n \"foo\": \"bar\",\n })\npermission = keycloak.openid.ClientAuthorizationPermission(\"permission\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n policies=[default_permission.id],\n resources=[resource.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientWithAuthz = new Keycloak.OpenId.Client(\"clientWithAuthz\", new()\n {\n ClientId = \"client-with-authz\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var defaultPermission = Keycloak.OpenId.GetClientAuthorizationPolicy.Invoke(new()\n {\n RealmId = realm.Id,\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"Default Permission\",\n });\n\n var resource = new Keycloak.OpenId.ClientAuthorizationResource(\"resource\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Uris = new[]\n {\n \"/endpoint/*\",\n },\n Attributes = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var permission = new Keycloak.OpenId.ClientAuthorizationPermission(\"permission\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Policies = new[]\n {\n defaultPermission.Apply(getClientAuthorizationPolicyResult =\u003e getClientAuthorizationPolicyResult.Id),\n },\n Resources = new[]\n {\n resource.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientWithAuthz, err := openid.NewClient(ctx, \"clientWithAuthz\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client-with-authz\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultPermission := openid.GetClientAuthorizationPolicyOutput(ctx, openid.GetClientAuthorizationPolicyOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"Default Permission\"),\n\t\t}, nil)\n\t\tresource, err := openid.NewClientAuthorizationResource(ctx, \"resource\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/endpoint/*\"),\n\t\t\t},\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationPermission(ctx, \"permission\", \u0026openid.ClientAuthorizationPermissionArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\tdefaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) {\n\t\t\t\t\treturn \u0026defaultPermission.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tresource.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientAuthorizationPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermission;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientWithAuthz = new Client(\"clientWithAuthz\", ClientArgs.builder() \n .clientId(\"client-with-authz\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n final var defaultPermission = OpenidFunctions.getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"Default Permission\")\n .build());\n\n var resource = new ClientAuthorizationResource(\"resource\", ClientAuthorizationResourceArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .uris(\"/endpoint/*\")\n .attributes(Map.of(\"foo\", \"bar\"))\n .build());\n\n var permission = new ClientAuthorizationPermission(\"permission\", ClientAuthorizationPermissionArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult).applyValue(defaultPermission -\u003e defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult.id())))\n .resources(resource.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientWithAuthz:\n type: keycloak:openid:Client\n properties:\n clientId: client-with-authz\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n resource:\n type: keycloak:openid:ClientAuthorizationResource\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n uris:\n - /endpoint/*\n attributes:\n foo: bar\n permission:\n type: keycloak:openid:ClientAuthorizationPermission\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n policies:\n - ${defaultPermission.id}\n resources:\n - ${resource.id}\nvariables:\n defaultPermission:\n fn::invoke:\n Function: keycloak:openid:getClientAuthorizationPolicy\n Arguments:\n realmId: ${realm.id}\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: Default Permission\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch policy and permission information for an OpenID client that has authorization enabled.\n\n## Example Usage\n\nIn this example, we'll create a new OpenID client with authorization enabled. This will cause Keycloak to create a default\npermission for this client called \"Default Permission\". We'll use the `keycloak.openid.getClientAuthorizationPolicy` data\nsource to fetch information about this permission, so we can use it to create a new resource-based authorization permission.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst clientWithAuthz = new keycloak.openid.Client(\"client_with_authz\", {\n clientId: \"client-with-authz\",\n name: \"client-with-authz\",\n realmId: realm.id,\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n authorization: {\n policyEnforcementMode: \"ENFORCING\",\n },\n});\nconst defaultPermission = keycloak.openid.getClientAuthorizationPolicyOutput({\n realmId: realm.id,\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"Default Permission\",\n});\nconst resource = new keycloak.openid.ClientAuthorizationResource(\"resource\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n name: \"authorization-resource\",\n realmId: realm.id,\n uris: [\"/endpoint/*\"],\n attributes: {\n foo: \"bar\",\n },\n});\nconst permission = new keycloak.openid.ClientAuthorizationPermission(\"permission\", {\n resourceServerId: clientWithAuthz.resourceServerId,\n realmId: realm.id,\n name: \"authorization-permission\",\n policies: [defaultPermission.apply(defaultPermission =\u003e defaultPermission.id)],\n resources: [resource.id],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient_with_authz = keycloak.openid.Client(\"client_with_authz\",\n client_id=\"client-with-authz\",\n name=\"client-with-authz\",\n realm_id=realm.id,\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True,\n authorization=keycloak.openid.ClientAuthorizationArgs(\n policy_enforcement_mode=\"ENFORCING\",\n ))\ndefault_permission = keycloak.openid.get_client_authorization_policy_output(realm_id=realm.id,\n resource_server_id=client_with_authz.resource_server_id,\n name=\"Default Permission\")\nresource = keycloak.openid.ClientAuthorizationResource(\"resource\",\n resource_server_id=client_with_authz.resource_server_id,\n name=\"authorization-resource\",\n realm_id=realm.id,\n uris=[\"/endpoint/*\"],\n attributes={\n \"foo\": \"bar\",\n })\npermission = keycloak.openid.ClientAuthorizationPermission(\"permission\",\n resource_server_id=client_with_authz.resource_server_id,\n realm_id=realm.id,\n name=\"authorization-permission\",\n policies=[default_permission.id],\n resources=[resource.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var clientWithAuthz = new Keycloak.OpenId.Client(\"client_with_authz\", new()\n {\n ClientId = \"client-with-authz\",\n Name = \"client-with-authz\",\n RealmId = realm.Id,\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n Authorization = new Keycloak.OpenId.Inputs.ClientAuthorizationArgs\n {\n PolicyEnforcementMode = \"ENFORCING\",\n },\n });\n\n var defaultPermission = Keycloak.OpenId.GetClientAuthorizationPolicy.Invoke(new()\n {\n RealmId = realm.Id,\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"Default Permission\",\n });\n\n var resource = new Keycloak.OpenId.ClientAuthorizationResource(\"resource\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n Name = \"authorization-resource\",\n RealmId = realm.Id,\n Uris = new[]\n {\n \"/endpoint/*\",\n },\n Attributes = \n {\n { \"foo\", \"bar\" },\n },\n });\n\n var permission = new Keycloak.OpenId.ClientAuthorizationPermission(\"permission\", new()\n {\n ResourceServerId = clientWithAuthz.ResourceServerId,\n RealmId = realm.Id,\n Name = \"authorization-permission\",\n Policies = new[]\n {\n defaultPermission.Apply(getClientAuthorizationPolicyResult =\u003e getClientAuthorizationPolicyResult.Id),\n },\n Resources = new[]\n {\n resource.Id,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclientWithAuthz, err := openid.NewClient(ctx, \"client_with_authz\", \u0026openid.ClientArgs{\n\t\t\tClientId: pulumi.String(\"client-with-authz\"),\n\t\t\tName: pulumi.String(\"client-with-authz\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t\tAuthorization: \u0026openid.ClientAuthorizationArgs{\n\t\t\t\tPolicyEnforcementMode: pulumi.String(\"ENFORCING\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdefaultPermission := openid.GetClientAuthorizationPolicyOutput(ctx, openid.GetClientAuthorizationPolicyOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"Default Permission\"),\n\t\t}, nil)\n\t\tresource, err := openid.NewClientAuthorizationResource(ctx, \"resource\", \u0026openid.ClientAuthorizationResourceArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tName: pulumi.String(\"authorization-resource\"),\n\t\t\tRealmId: realm.ID(),\n\t\t\tUris: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"/endpoint/*\"),\n\t\t\t},\n\t\t\tAttributes: pulumi.Map{\n\t\t\t\t\"foo\": pulumi.Any(\"bar\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = openid.NewClientAuthorizationPermission(ctx, \"permission\", \u0026openid.ClientAuthorizationPermissionArgs{\n\t\t\tResourceServerId: clientWithAuthz.ResourceServerId,\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"authorization-permission\"),\n\t\t\tPolicies: pulumi.StringArray{\n\t\t\t\tdefaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) {\n\t\t\t\t\treturn \u0026defaultPermission.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t\tResources: pulumi.StringArray{\n\t\t\t\tresource.ID(),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.inputs.ClientAuthorizationArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientAuthorizationPolicyArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResource;\nimport com.pulumi.keycloak.openid.ClientAuthorizationResourceArgs;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermission;\nimport com.pulumi.keycloak.openid.ClientAuthorizationPermissionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var clientWithAuthz = new Client(\"clientWithAuthz\", ClientArgs.builder() \n .clientId(\"client-with-authz\")\n .name(\"client-with-authz\")\n .realmId(realm.id())\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .authorization(ClientAuthorizationArgs.builder()\n .policyEnforcementMode(\"ENFORCING\")\n .build())\n .build());\n\n final var defaultPermission = OpenidFunctions.getClientAuthorizationPolicy(GetClientAuthorizationPolicyArgs.builder()\n .realmId(realm.id())\n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"Default Permission\")\n .build());\n\n var resource = new ClientAuthorizationResource(\"resource\", ClientAuthorizationResourceArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .name(\"authorization-resource\")\n .realmId(realm.id())\n .uris(\"/endpoint/*\")\n .attributes(Map.of(\"foo\", \"bar\"))\n .build());\n\n var permission = new ClientAuthorizationPermission(\"permission\", ClientAuthorizationPermissionArgs.builder() \n .resourceServerId(clientWithAuthz.resourceServerId())\n .realmId(realm.id())\n .name(\"authorization-permission\")\n .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult).applyValue(defaultPermission -\u003e defaultPermission.applyValue(getClientAuthorizationPolicyResult -\u003e getClientAuthorizationPolicyResult.id())))\n .resources(resource.id())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n clientWithAuthz:\n type: keycloak:openid:Client\n name: client_with_authz\n properties:\n clientId: client-with-authz\n name: client-with-authz\n realmId: ${realm.id}\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n authorization:\n policyEnforcementMode: ENFORCING\n resource:\n type: keycloak:openid:ClientAuthorizationResource\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: authorization-resource\n realmId: ${realm.id}\n uris:\n - /endpoint/*\n attributes:\n foo: bar\n permission:\n type: keycloak:openid:ClientAuthorizationPermission\n properties:\n resourceServerId: ${clientWithAuthz.resourceServerId}\n realmId: ${realm.id}\n name: authorization-permission\n policies:\n - ${defaultPermission.id}\n resources:\n - ${resource.id}\nvariables:\n defaultPermission:\n fn::invoke:\n Function: keycloak:openid:getClientAuthorizationPolicy\n Arguments:\n realmId: ${realm.id}\n resourceServerId: ${clientWithAuthz.resourceServerId}\n name: Default Permission\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientAuthorizationPolicy.\n", "properties": { @@ -14811,30 +14811,30 @@ "description": "A collection of values returned by getClientAuthorizationPolicy.\n", "properties": { "decisionStrategy": { - "type": "string", - "description": "(Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions.\n" + "description": "(Computed) Dictates how the policies associated with a given permission are evaluated and how a final decision is obtained. Could be one of `AFFIRMATIVE`, `CONSENSUS`, or `UNANIMOUS`. Applies to permissions.\n", + "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "logic": { - "type": "string", - "description": "(Computed) Dictates how the policy decision should be made. Can be either `POSITIVE` or `NEGATIVE`. Applies to policies.\n" + "description": "(Computed) Dictates how the policy decision should be made. Can be either `POSITIVE` or `NEGATIVE`. Applies to policies.\n", + "type": "string" }, "name": { "type": "string" }, "owner": { - "type": "string", - "description": "(Computed) The ID of the owning resource. Applies to resources.\n" + "description": "(Computed) The ID of the owning resource. Applies to resources.\n", + "type": "string" }, "policies": { - "type": "array", + "description": "(Computed) The IDs of the policies that must be applied to scopes/resources for this policy/permission. Applies to policies and permissions.\n", "items": { "type": "string" }, - "description": "(Computed) The IDs of the policies that must be applied to scopes/resources for this policy/permission. Applies to policies and permissions.\n" + "type": "array" }, "realmId": { "type": "string" @@ -14843,25 +14843,24 @@ "type": "string" }, "resources": { - "type": "array", + "description": "(Computed) The IDs of the resources that this permission applies to. Applies to resource-based permissions.\n", "items": { "type": "string" }, - "description": "(Computed) The IDs of the resources that this permission applies to. Applies to resource-based permissions.\n" + "type": "array" }, "scopes": { - "type": "array", + "description": "(Computed) The IDs of the scopes that this permission applies to. Applies to scope-based permissions.\n", "items": { "type": "string" }, - "description": "(Computed) The IDs of the scopes that this permission applies to. Applies to scope-based permissions.\n" + "type": "array" }, "type": { - "type": "string", - "description": "(Computed) The type of this policy / permission. For permissions, this could be `resource` or `scope`. For policies, this could be any type of authorization policy, such as `js`.\n" + "description": "(Computed) The type of this policy / permission. For permissions, this could be `resource` or `scope`. For policies, this could be any type of authorization policy, such as `js`.\n", + "type": "string" } }, - "type": "object", "required": [ "decisionStrategy", "logic", @@ -14874,11 +14873,12 @@ "scopes", "type", "id" - ] + ], + "type": "object" } }, "keycloak:openid/getClientScope:getClientScope": { - "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audienceMapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audienceMapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audienceMapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audienceMapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: pulumi.String(offlineAccess.Id),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n // use the data source\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch properties of a Keycloak OpenID client scope for usage with other resources.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst offlineAccess = keycloak.openid.getClientScope({\n realmId: \"my-realm\",\n name: \"offline_access\",\n});\n// use the data source\nconst audienceMapper = new keycloak.openid.AudienceProtocolMapper(\"audience_mapper\", {\n realmId: offlineAccess.then(offlineAccess =\u003e offlineAccess.realmId),\n clientScopeId: offlineAccess.then(offlineAccess =\u003e offlineAccess.id),\n name: \"audience-mapper\",\n includedCustomAudience: \"foo\",\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\noffline_access = keycloak.openid.get_client_scope(realm_id=\"my-realm\",\n name=\"offline_access\")\n# use the data source\naudience_mapper = keycloak.openid.AudienceProtocolMapper(\"audience_mapper\",\n realm_id=offline_access.realm_id,\n client_scope_id=offline_access.id,\n name=\"audience-mapper\",\n included_custom_audience=\"foo\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var offlineAccess = Keycloak.OpenId.GetClientScope.Invoke(new()\n {\n RealmId = \"my-realm\",\n Name = \"offline_access\",\n });\n\n // use the data source\n var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper(\"audience_mapper\", new()\n {\n RealmId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.RealmId),\n ClientScopeId = offlineAccess.Apply(getClientScopeResult =\u003e getClientScopeResult.Id),\n Name = \"audience-mapper\",\n IncludedCustomAudience = \"foo\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tofflineAccess, err := openid.LookupClientScope(ctx, \u0026openid.LookupClientScopeArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tName: \"offline_access\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = openid.NewAudienceProtocolMapper(ctx, \"audience_mapper\", \u0026openid.AudienceProtocolMapperArgs{\n\t\t\tRealmId: pulumi.String(offlineAccess.RealmId),\n\t\t\tClientScopeId: pulumi.String(offlineAccess.Id),\n\t\t\tName: pulumi.String(\"audience-mapper\"),\n\t\t\tIncludedCustomAudience: pulumi.String(\"foo\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientScopeArgs;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapper;\nimport com.pulumi.keycloak.openid.AudienceProtocolMapperArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var offlineAccess = OpenidFunctions.getClientScope(GetClientScopeArgs.builder()\n .realmId(\"my-realm\")\n .name(\"offline_access\")\n .build());\n\n // use the data source\n var audienceMapper = new AudienceProtocolMapper(\"audienceMapper\", AudienceProtocolMapperArgs.builder() \n .realmId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.realmId()))\n .clientScopeId(offlineAccess.applyValue(getClientScopeResult -\u003e getClientScopeResult.id()))\n .name(\"audience-mapper\")\n .includedCustomAudience(\"foo\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n # use the data source\n audienceMapper:\n type: keycloak:openid:AudienceProtocolMapper\n name: audience_mapper\n properties:\n realmId: ${offlineAccess.realmId}\n clientScopeId: ${offlineAccess.id}\n name: audience-mapper\n includedCustomAudience: foo\nvariables:\n offlineAccess:\n fn::invoke:\n Function: keycloak:openid:getClientScope\n Arguments:\n realmId: my-realm\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientScope.\n", "properties": { @@ -14910,8 +14910,8 @@ "type": "integer" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "includeInTokenScope": { "type": "boolean" @@ -14923,7 +14923,6 @@ "type": "string" } }, - "type": "object", "required": [ "consentScreenText", "description", @@ -14932,11 +14931,12 @@ "name", "realmId", "id" - ] + ], + "type": "object" } }, "keycloak:openid/getClientServiceAccountUser:getClientServiceAccountUser": { - "description": "This data source can be used to fetch information about the service account user that is associated with an OpenID client\nthat has service accounts enabled.\n\n## Example Usage\n\nIn this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user\nthat represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this\nuser, using the `keycloak.UserRoles` resource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({\n realmId: realm.id,\n clientId: client.id,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst serviceAccountUserRoles = new keycloak.UserRoles(\"serviceAccountUserRoles\", {\n realmId: realm.id,\n userId: serviceAccountUser.apply(serviceAccountUser =\u003e serviceAccountUser.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nservice_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,\n client_id=client.id)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\nservice_account_user_roles = keycloak.UserRoles(\"serviceAccountUserRoles\",\n realm_id=realm.id,\n user_id=service_account_user.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var serviceAccountUserRoles = new Keycloak.UserRoles(\"serviceAccountUserRoles\", new()\n {\n RealmId = realm.Id,\n UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult =\u003e getClientServiceAccountUserResult.Id),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t}, nil)\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewUserRoles(ctx, \"serviceAccountUserRoles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {\n\t\t\t\treturn \u0026serviceAccountUser.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var serviceAccountUserRoles = new UserRoles(\"serviceAccountUserRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult).applyValue(serviceAccountUser -\u003e serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult.id())))\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n serviceAccountUserRoles:\n type: keycloak:UserRoles\n properties:\n realmId: ${realm.id}\n userId: ${serviceAccountUser.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n serviceAccountUser:\n fn::invoke:\n Function: keycloak:openid:getClientServiceAccountUser\n Arguments:\n realmId: ${realm.id}\n clientId: ${client.id}\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch information about the service account user that is associated with an OpenID client\nthat has service accounts enabled.\n\n## Example Usage\n\nIn this example, we'll create an OpenID client with service accounts enabled. This causes Keycloak to create a special user\nthat represents the service account. We'll use this data source to grab this user's ID in order to assign some roles to this\nuser, using the `keycloak.UserRoles` resource.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst client = new keycloak.openid.Client(\"client\", {\n realmId: realm.id,\n clientId: \"client\",\n name: \"client\",\n accessType: \"CONFIDENTIAL\",\n serviceAccountsEnabled: true,\n});\nconst serviceAccountUser = keycloak.openid.getClientServiceAccountUserOutput({\n realmId: realm.id,\n clientId: client.id,\n});\nconst offlineAccess = keycloak.getRoleOutput({\n realmId: realm.id,\n name: \"offline_access\",\n});\nconst serviceAccountUserRoles = new keycloak.UserRoles(\"service_account_user_roles\", {\n realmId: realm.id,\n userId: serviceAccountUser.apply(serviceAccountUser =\u003e serviceAccountUser.id),\n roleIds: [offlineAccess.apply(offlineAccess =\u003e offlineAccess.id)],\n});\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nclient = keycloak.openid.Client(\"client\",\n realm_id=realm.id,\n client_id=\"client\",\n name=\"client\",\n access_type=\"CONFIDENTIAL\",\n service_accounts_enabled=True)\nservice_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id,\n client_id=client.id)\noffline_access = keycloak.get_role_output(realm_id=realm.id,\n name=\"offline_access\")\nservice_account_user_roles = keycloak.UserRoles(\"service_account_user_roles\",\n realm_id=realm.id,\n user_id=service_account_user.id,\n role_ids=[offline_access.id])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var client = new Keycloak.OpenId.Client(\"client\", new()\n {\n RealmId = realm.Id,\n ClientId = \"client\",\n Name = \"client\",\n AccessType = \"CONFIDENTIAL\",\n ServiceAccountsEnabled = true,\n });\n\n var serviceAccountUser = Keycloak.OpenId.GetClientServiceAccountUser.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = client.Id,\n });\n\n var offlineAccess = Keycloak.GetRole.Invoke(new()\n {\n RealmId = realm.Id,\n Name = \"offline_access\",\n });\n\n var serviceAccountUserRoles = new Keycloak.UserRoles(\"service_account_user_roles\", new()\n {\n RealmId = realm.Id,\n UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult =\u003e getClientServiceAccountUserResult.Id),\n RoleIds = new[]\n {\n offlineAccess.Apply(getRoleResult =\u003e getRoleResult.Id),\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/openid\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tclient, err := openid.NewClient(ctx, \"client\", \u0026openid.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"client\"),\n\t\t\tName: pulumi.String(\"client\"),\n\t\t\tAccessType: pulumi.String(\"CONFIDENTIAL\"),\n\t\t\tServiceAccountsEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tserviceAccountUser := openid.GetClientServiceAccountUserOutput(ctx, openid.GetClientServiceAccountUserOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: client.ID(),\n\t\t}, nil)\n\t\tofflineAccess := keycloak.LookupRoleOutput(ctx, keycloak.GetRoleOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tName: pulumi.String(\"offline_access\"),\n\t\t}, nil)\n\t\t_, err = keycloak.NewUserRoles(ctx, \"service_account_user_roles\", \u0026keycloak.UserRolesArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tUserId: serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) {\n\t\t\t\treturn \u0026serviceAccountUser.Id, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\tRoleIds: pulumi.StringArray{\n\t\t\t\tofflineAccess.ApplyT(func(offlineAccess keycloak.GetRoleResult) (*string, error) {\n\t\t\t\t\treturn \u0026offlineAccess.Id, nil\n\t\t\t\t}).(pulumi.StringPtrOutput),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.openid.Client;\nimport com.pulumi.keycloak.openid.ClientArgs;\nimport com.pulumi.keycloak.openid.OpenidFunctions;\nimport com.pulumi.keycloak.openid.inputs.GetClientServiceAccountUserArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport com.pulumi.keycloak.UserRoles;\nimport com.pulumi.keycloak.UserRolesArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var client = new Client(\"client\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"client\")\n .name(\"client\")\n .accessType(\"CONFIDENTIAL\")\n .serviceAccountsEnabled(true)\n .build());\n\n final var serviceAccountUser = OpenidFunctions.getClientServiceAccountUser(GetClientServiceAccountUserArgs.builder()\n .realmId(realm.id())\n .clientId(client.id())\n .build());\n\n final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(realm.id())\n .name(\"offline_access\")\n .build());\n\n var serviceAccountUserRoles = new UserRoles(\"serviceAccountUserRoles\", UserRolesArgs.builder() \n .realmId(realm.id())\n .userId(serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult).applyValue(serviceAccountUser -\u003e serviceAccountUser.applyValue(getClientServiceAccountUserResult -\u003e getClientServiceAccountUserResult.id())))\n .roleIds(offlineAccess.applyValue(getRoleResult -\u003e getRoleResult).applyValue(offlineAccess -\u003e offlineAccess.applyValue(getRoleResult -\u003e getRoleResult.id())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n client:\n type: keycloak:openid:Client\n properties:\n realmId: ${realm.id}\n clientId: client\n name: client\n accessType: CONFIDENTIAL\n serviceAccountsEnabled: true\n serviceAccountUserRoles:\n type: keycloak:UserRoles\n name: service_account_user_roles\n properties:\n realmId: ${realm.id}\n userId: ${serviceAccountUser.id}\n roleIds:\n - ${offlineAccess.id}\nvariables:\n serviceAccountUser:\n fn::invoke:\n Function: keycloak:openid:getClientServiceAccountUser\n Arguments:\n realmId: ${realm.id}\n clientId: ${client.id}\n offlineAccess:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: ${realm.id}\n name: offline_access\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClientServiceAccountUser.\n", "properties": { @@ -14959,10 +14959,10 @@ "description": "A collection of values returned by getClientServiceAccountUser.\n", "properties": { "attributes": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "clientId": { "type": "string" @@ -14977,17 +14977,17 @@ "type": "boolean" }, "federatedIdentities": { - "type": "array", "items": { "$ref": "#/types/keycloak:openid/getClientServiceAccountUserFederatedIdentity:getClientServiceAccountUserFederatedIdentity" - } + }, + "type": "array" }, "firstName": { "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "lastName": { "type": "string" @@ -14996,16 +14996,15 @@ "type": "string" }, "requiredActions": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" }, "username": { "type": "string" } }, - "type": "object", "required": [ "attributes", "clientId", @@ -15019,11 +15018,12 @@ "requiredActions", "username", "id" - ] + ], + "type": "object" } }, "keycloak:saml/getClient:getClient": { - "description": "This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.saml.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.saml.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.Saml.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := saml.LookupClient(ctx, \u0026saml.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:saml:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to fetch properties of a Keycloak client that uses the SAML protocol.\n\n## Example Usage\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realmManagement = keycloak.saml.getClient({\n realmId: \"my-realm\",\n clientId: \"realm-management\",\n});\n// use the data source\nconst admin = realmManagement.then(realmManagement =\u003e keycloak.getRole({\n realmId: \"my-realm\",\n clientId: realmManagement.id,\n name: \"realm-admin\",\n}));\n```\n```python\nimport pulumi\nimport pulumi_keycloak as keycloak\n\nrealm_management = keycloak.saml.get_client(realm_id=\"my-realm\",\n client_id=\"realm-management\")\n# use the data source\nadmin = keycloak.get_role(realm_id=\"my-realm\",\n client_id=realm_management.id,\n name=\"realm-admin\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realmManagement = Keycloak.Saml.GetClient.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = \"realm-management\",\n });\n\n // use the data source\n var admin = Keycloak.GetRole.Invoke(new()\n {\n RealmId = \"my-realm\",\n ClientId = realmManagement.Apply(getClientResult =\u003e getClientResult.Id),\n Name = \"realm-admin\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealmManagement, err := saml.LookupClient(ctx, \u0026saml.LookupClientArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: \"realm-management\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// use the data source\n\t\t_, err = keycloak.LookupRole(ctx, \u0026keycloak.LookupRoleArgs{\n\t\t\tRealmId: \"my-realm\",\n\t\t\tClientId: pulumi.StringRef(realmManagement.Id),\n\t\t\tName: \"realm-admin\",\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientArgs;\nimport com.pulumi.keycloak.KeycloakFunctions;\nimport com.pulumi.keycloak.inputs.GetRoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var realmManagement = SamlFunctions.getClient(GetClientArgs.builder()\n .realmId(\"my-realm\")\n .clientId(\"realm-management\")\n .build());\n\n // use the data source\n final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder()\n .realmId(\"my-realm\")\n .clientId(realmManagement.applyValue(getClientResult -\u003e getClientResult.id()))\n .name(\"realm-admin\")\n .build());\n\n }\n}\n```\n```yaml\nvariables:\n realmManagement:\n fn::invoke:\n Function: keycloak:saml:getClient\n Arguments:\n realmId: my-realm\n clientId: realm-management\n # use the data source\n admin:\n fn::invoke:\n Function: keycloak:getRole\n Arguments:\n realmId: my-realm\n clientId: ${realmManagement.id}\n name: realm-admin\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", "inputs": { "description": "A collection of arguments for invoking getClient.\n", "properties": { @@ -15052,10 +15052,10 @@ "type": "string" }, "authenticationFlowBindingOverrides": { - "type": "array", "items": { "$ref": "#/types/keycloak:saml/getClientAuthenticationFlowBindingOverride:getClientAuthenticationFlowBindingOverride" - } + }, + "type": "array" }, "baseUrl": { "type": "string" @@ -15085,10 +15085,10 @@ "type": "string" }, "extraConfig": { - "type": "object", "additionalProperties": { "$ref": "pulumi.json#/Any" - } + }, + "type": "object" }, "forceNameIdFormat": { "type": "boolean" @@ -15103,8 +15103,8 @@ "type": "boolean" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "idpInitiatedSsoRelayState": { "type": "string" @@ -15167,13 +15167,12 @@ "type": "string" }, "validRedirectUris": { - "type": "array", "items": { "type": "string" - } + }, + "type": "array" } }, - "type": "object", "required": [ "assertionConsumerPostUrl", "assertionConsumerRedirectUrl", @@ -15214,11 +15213,12 @@ "signingPrivateKeySha1", "validRedirectUris", "id" - ] + ], + "type": "object" } }, "keycloak:saml/getClientInstallationProvider:getClientInstallationProvider": { - "description": "This data source can be used to retrieve Installation Provider of a SAML Client.\n\n## Example Usage\n\nIn the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\nimport * as fs from \"fs\";\nimport * as keycloak from \"@pulumi/keycloak\";\n\nconst realm = new keycloak.Realm(\"realm\", {\n realm: \"my-realm\",\n enabled: true,\n});\nconst samlClient = new keycloak.saml.Client(\"samlClient\", {\n realmId: realm.id,\n clientId: \"test-saml-client\",\n signDocuments: false,\n signAssertions: true,\n includeAuthnStatement: true,\n signingCertificate: fs.readFileSync(\"saml-cert.pem\", \"utf8\"),\n signingPrivateKey: fs.readFileSync(\"saml-key.pem\", \"utf8\"),\n});\nconst samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({\n realmId: realm.id,\n clientId: samlClient.id,\n providerId: \"saml-idp-descriptor\",\n});\nconst _default = new aws.iam.SamlProvider(\"default\", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor =\u003e samlIdpDescriptor.value)});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\nimport pulumi_keycloak as keycloak\n\nrealm = keycloak.Realm(\"realm\",\n realm=\"my-realm\",\n enabled=True)\nsaml_client = keycloak.saml.Client(\"samlClient\",\n realm_id=realm.id,\n client_id=\"test-saml-client\",\n sign_documents=False,\n sign_assertions=True,\n include_authn_statement=True,\n signing_certificate=(lambda path: open(path).read())(\"saml-cert.pem\"),\n signing_private_key=(lambda path: open(path).read())(\"saml-key.pem\"))\nsaml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id,\n client_id=saml_client.id,\n provider_id=\"saml-idp-descriptor\")\ndefault = aws.iam.SamlProvider(\"default\", saml_metadata_document=saml_idp_descriptor.value)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.IO;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\nusing Keycloak = Pulumi.Keycloak;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var realm = new Keycloak.Realm(\"realm\", new()\n {\n RealmName = \"my-realm\",\n Enabled = true,\n });\n\n var samlClient = new Keycloak.Saml.Client(\"samlClient\", new()\n {\n RealmId = realm.Id,\n ClientId = \"test-saml-client\",\n SignDocuments = false,\n SignAssertions = true,\n IncludeAuthnStatement = true,\n SigningCertificate = File.ReadAllText(\"saml-cert.pem\"),\n SigningPrivateKey = File.ReadAllText(\"saml-key.pem\"),\n });\n\n var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new()\n {\n RealmId = realm.Id,\n ClientId = samlClient.Id,\n ProviderId = \"saml-idp-descriptor\",\n });\n\n var @default = new Aws.Iam.SamlProvider(\"default\", new()\n {\n SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult =\u003e getClientInstallationProviderResult.Value),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"os\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak\"\n\t\"github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc readFileOrPanic(path string) pulumi.StringPtrInput {\n\tdata, err := os.ReadFile(path)\n\tif err != nil {\n\t\tpanic(err.Error())\n\t}\n\treturn pulumi.String(string(data))\n}\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\trealm, err := keycloak.NewRealm(ctx, \"realm\", \u0026keycloak.RealmArgs{\n\t\t\tRealm: pulumi.String(\"my-realm\"),\n\t\t\tEnabled: pulumi.Bool(true),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlClient, err := saml.NewClient(ctx, \"samlClient\", \u0026saml.ClientArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: pulumi.String(\"test-saml-client\"),\n\t\t\tSignDocuments: pulumi.Bool(false),\n\t\t\tSignAssertions: pulumi.Bool(true),\n\t\t\tIncludeAuthnStatement: pulumi.Bool(true),\n\t\t\tSigningCertificate: readFileOrPanic(\"saml-cert.pem\"),\n\t\t\tSigningPrivateKey: readFileOrPanic(\"saml-key.pem\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsamlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{\n\t\t\tRealmId: realm.ID(),\n\t\t\tClientId: samlClient.ID(),\n\t\t\tProviderId: pulumi.String(\"saml-idp-descriptor\"),\n\t\t}, nil)\n\t\t_, err = iam.NewSamlProvider(ctx, \"default\", \u0026iam.SamlProviderArgs{\n\t\t\tSamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) {\n\t\t\t\treturn \u0026samlIdpDescriptor.Value, nil\n\t\t\t}).(pulumi.StringPtrOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.keycloak.Realm;\nimport com.pulumi.keycloak.RealmArgs;\nimport com.pulumi.keycloak.saml.Client;\nimport com.pulumi.keycloak.saml.ClientArgs;\nimport com.pulumi.keycloak.saml.SamlFunctions;\nimport com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs;\nimport com.pulumi.aws.iam.SamlProvider;\nimport com.pulumi.aws.iam.SamlProviderArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var realm = new Realm(\"realm\", RealmArgs.builder() \n .realm(\"my-realm\")\n .enabled(true)\n .build());\n\n var samlClient = new Client(\"samlClient\", ClientArgs.builder() \n .realmId(realm.id())\n .clientId(\"test-saml-client\")\n .signDocuments(false)\n .signAssertions(true)\n .includeAuthnStatement(true)\n .signingCertificate(Files.readString(Paths.get(\"saml-cert.pem\")))\n .signingPrivateKey(Files.readString(Paths.get(\"saml-key.pem\")))\n .build());\n\n final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder()\n .realmId(realm.id())\n .clientId(samlClient.id())\n .providerId(\"saml-idp-descriptor\")\n .build());\n\n var default_ = new SamlProvider(\"default\", SamlProviderArgs.builder() \n .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult).applyValue(samlIdpDescriptor -\u003e samlIdpDescriptor.applyValue(getClientInstallationProviderResult -\u003e getClientInstallationProviderResult.value())))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n realm:\n type: keycloak:Realm\n properties:\n realm: my-realm\n enabled: true\n samlClient:\n type: keycloak:saml:Client\n properties:\n realmId: ${realm.id}\n clientId: test-saml-client\n signDocuments: false\n signAssertions: true\n includeAuthnStatement: true\n signingCertificate:\n fn::readFile: saml-cert.pem\n signingPrivateKey:\n fn::readFile: saml-key.pem\n default:\n type: aws:iam:SamlProvider\n properties:\n samlMetadataDocument: ${samlIdpDescriptor.value}\nvariables:\n samlIdpDescriptor:\n fn::invoke:\n Function: keycloak:saml:getClientInstallationProvider\n Arguments:\n realmId: ${realm.id}\n clientId: ${samlClient.id}\n providerId: saml-idp-descriptor\n```\n\u003c!--End PulumiCodeChooser --\u003e\n", + "description": "This data source can be used to retrieve Installation Provider of a SAML Client.\n\n", "inputs": { "description": "A collection of arguments for invoking getClientInstallationProvider.\n", "properties": { @@ -15249,8 +15249,8 @@ "type": "string" }, "id": { - "type": "string", - "description": "The provider-assigned unique ID for this managed resource.\n" + "description": "The provider-assigned unique ID for this managed resource.\n", + "type": "string" }, "providerId": { "type": "string" @@ -15259,18 +15259,18 @@ "type": "string" }, "value": { - "type": "string", - "description": "(Computed) The returned document needed for SAML installation.\n" + "description": "(Computed) The returned document needed for SAML installation.\n", + "type": "string" } }, - "type": "object", "required": [ "clientId", "providerId", "realmId", "value", "id" - ] + ], + "type": "object" } } } diff --git a/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs b/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs index b251e0ce..ab83790e 100644 --- a/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs +++ b/sdk/dotnet/AttributeImporterIdentityProviderMapper.cs @@ -25,11 +25,12 @@ namespace Pulumi.Keycloak /// /// return await Deployment.RunAsync(() => /// { - /// var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper("testMapper", new() + /// var testMapper = new Keycloak.AttributeImporterIdentityProviderMapper("test_mapper", new() /// { - /// AttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - /// IdentityProviderAlias = "idp_alias", /// Realm = "my-realm", + /// Name = "my-mapper", + /// IdentityProviderAlias = "idp_alias", + /// AttributeName = "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", /// UserAttribute = "lastName", /// }); /// diff --git a/sdk/dotnet/AttributeToRoleIdentityMapper.cs b/sdk/dotnet/AttributeToRoleIdentityMapper.cs index 8a076557..0e666118 100644 --- a/sdk/dotnet/AttributeToRoleIdentityMapper.cs +++ b/sdk/dotnet/AttributeToRoleIdentityMapper.cs @@ -31,7 +31,7 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider("oidcIdentityProvider", new() + /// var oidc = new Keycloak.Oidc.IdentityProvider("oidc", new() /// { /// Realm = realm.Id, /// Alias = "oidc", @@ -42,16 +42,18 @@ namespace Pulumi.Keycloak /// DefaultScopes = "openid random profile", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper("oidcAttributeToRoleIdentityMapper", new() + /// var oidcAttributeToRoleIdentityMapper = new Keycloak.AttributeToRoleIdentityMapper("oidc", new() /// { /// Realm = realm.Id, - /// IdentityProviderAlias = oidcIdentityProvider.Alias, + /// Name = "role-attribute", + /// IdentityProviderAlias = oidc.Alias, /// Role = "my-realm-role", /// ClaimName = "my-claim", /// ClaimValue = "my-value", diff --git a/sdk/dotnet/Authentication/Bindings.cs b/sdk/dotnet/Authentication/Bindings.cs index 0a194766..ce7b7c40 100644 --- a/sdk/dotnet/Authentication/Bindings.cs +++ b/sdk/dotnet/Authentication/Bindings.cs @@ -48,7 +48,7 @@ namespace Pulumi.Keycloak.Authentication /// }); /// /// // first execution - /// var executionOne = new Keycloak.Authentication.Execution("executionOne", new() + /// var executionOne = new Keycloak.Authentication.Execution("execution_one", new() /// { /// RealmId = realm.Id, /// ParentFlowAlias = flow.Alias, @@ -57,7 +57,7 @@ namespace Pulumi.Keycloak.Authentication /// }); /// /// // second execution - /// var executionTwo = new Keycloak.Authentication.Execution("executionTwo", new() + /// var executionTwo = new Keycloak.Authentication.Execution("execution_two", new() /// { /// RealmId = realm.Id, /// ParentFlowAlias = flow.Alias, @@ -71,7 +71,7 @@ namespace Pulumi.Keycloak.Authentication /// }, /// }); /// - /// var browserAuthenticationBinding = new Keycloak.Authentication.Bindings("browserAuthenticationBinding", new() + /// var browserAuthenticationBinding = new Keycloak.Authentication.Bindings("browser_authentication_binding", new() /// { /// RealmId = realm.Id, /// BrowserFlow = flow.Alias, diff --git a/sdk/dotnet/Authentication/Execution.cs b/sdk/dotnet/Authentication/Execution.cs index 822fcc99..ea43dcbf 100644 --- a/sdk/dotnet/Authentication/Execution.cs +++ b/sdk/dotnet/Authentication/Execution.cs @@ -41,7 +41,7 @@ namespace Pulumi.Keycloak.Authentication /// }); /// /// // first execution - /// var executionOne = new Keycloak.Authentication.Execution("executionOne", new() + /// var executionOne = new Keycloak.Authentication.Execution("execution_one", new() /// { /// RealmId = realm.Id, /// ParentFlowAlias = flow.Alias, @@ -50,7 +50,7 @@ namespace Pulumi.Keycloak.Authentication /// }); /// /// // second execution - /// var executionTwo = new Keycloak.Authentication.Execution("executionTwo", new() + /// var executionTwo = new Keycloak.Authentication.Execution("execution_two", new() /// { /// RealmId = realm.Id, /// ParentFlowAlias = flow.Alias, diff --git a/sdk/dotnet/CustomIdentityProviderMapping.cs b/sdk/dotnet/CustomIdentityProviderMapping.cs index 9f9d617f..40ce5802 100644 --- a/sdk/dotnet/CustomIdentityProviderMapping.cs +++ b/sdk/dotnet/CustomIdentityProviderMapping.cs @@ -27,7 +27,7 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider("oidcIdentityProvider", new() + /// var oidc = new Keycloak.Oidc.IdentityProvider("oidc", new() /// { /// Realm = realm.Id, /// Alias = "oidc", @@ -38,10 +38,11 @@ namespace Pulumi.Keycloak /// DefaultScopes = "openid random profile", /// }); /// - /// var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping("oidcCustomIdentityProviderMapping", new() + /// var oidcCustomIdentityProviderMapping = new Keycloak.CustomIdentityProviderMapping("oidc", new() /// { /// Realm = realm.Id, - /// IdentityProviderAlias = oidcIdentityProvider.Alias, + /// Name = "email-attribute-importer", + /// IdentityProviderAlias = oidc.Alias, /// IdentityProviderMapper = "%s-user-attribute-idp-mapper", /// ExtraConfig = /// { diff --git a/sdk/dotnet/CustomUserFederation.cs b/sdk/dotnet/CustomUserFederation.cs index 69b5e7fc..9d32f352 100644 --- a/sdk/dotnet/CustomUserFederation.cs +++ b/sdk/dotnet/CustomUserFederation.cs @@ -31,15 +31,16 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var customUserFederation = new Keycloak.CustomUserFederation("customUserFederation", new() + /// var customUserFederation = new Keycloak.CustomUserFederation("custom_user_federation", new() /// { - /// Enabled = true, - /// ProviderId = "custom", + /// Name = "custom", /// RealmId = realm.Id, + /// ProviderId = "custom", + /// Enabled = true, /// }); /// /// }); diff --git a/sdk/dotnet/DefaultGroups.cs b/sdk/dotnet/DefaultGroups.cs index d306c71f..a39dac99 100644 --- a/sdk/dotnet/DefaultGroups.cs +++ b/sdk/dotnet/DefaultGroups.cs @@ -30,22 +30,23 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var @group = new Keycloak.Group("group", new() /// { /// RealmId = realm.Id, + /// Name = "my-group", /// }); /// /// var @default = new Keycloak.DefaultGroups("default", new() /// { + /// RealmId = realm.Id, /// GroupIds = new[] /// { /// @group.Id, /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/DefaultRoles.cs b/sdk/dotnet/DefaultRoles.cs index 46c64eb7..86156d5a 100644 --- a/sdk/dotnet/DefaultRoles.cs +++ b/sdk/dotnet/DefaultRoles.cs @@ -33,7 +33,7 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var defaultRoles = new Keycloak.DefaultRoles("defaultRoles", new() + /// var defaultRoles = new Keycloak.DefaultRoles("default_roles", new() /// { /// RealmId = realm.Id, /// RoleNames = new[] diff --git a/sdk/dotnet/GenericClientProtocolMapper.cs b/sdk/dotnet/GenericClientProtocolMapper.cs index 0f54b0fc..5e1c36b5 100644 --- a/sdk/dotnet/GenericClientProtocolMapper.cs +++ b/sdk/dotnet/GenericClientProtocolMapper.cs @@ -34,19 +34,23 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() + /// var samlClient = new Keycloak.Saml.Client("saml_client", new() /// { - /// ClientId = "test-client", /// RealmId = realm.Id, + /// ClientId = "test-client", /// }); /// - /// var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", new() + /// var samlHardcodeAttributeMapper = new Keycloak.GenericClientProtocolMapper("saml_hardcode_attribute_mapper", new() /// { + /// RealmId = realm.Id, /// ClientId = samlClient.Id, + /// Name = "tes-mapper", + /// Protocol = "saml", + /// ProtocolMapper = "saml-hardcode-attribute-mapper", /// Config = /// { /// { "attribute.name", "name" }, @@ -54,9 +58,6 @@ namespace Pulumi.Keycloak /// { "attribute.value", "value" }, /// { "friendly.name", "display name" }, /// }, - /// Protocol = "saml", - /// ProtocolMapper = "saml-hardcode-attribute-mapper", - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/GenericClientRoleMapper.cs b/sdk/dotnet/GenericClientRoleMapper.cs index f1803e13..b2b974a6 100644 --- a/sdk/dotnet/GenericClientRoleMapper.cs +++ b/sdk/dotnet/GenericClientRoleMapper.cs @@ -41,17 +41,19 @@ namespace Pulumi.Keycloak /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var clientRoleMapper = new Keycloak.GenericClientRoleMapper("clientRoleMapper", new() + /// var clientRoleMapper = new Keycloak.GenericClientRoleMapper("client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = client.Id, @@ -79,38 +81,42 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var clientA = new Keycloak.OpenId.Client("clientA", new() + /// var clientA = new Keycloak.OpenId.Client("client_a", new() /// { /// RealmId = realm.Id, /// ClientId = "client-a", + /// Name = "client-a", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// FullScopeAllowed = false, /// }); /// - /// var clientRoleA = new Keycloak.Role("clientRoleA", new() + /// var clientRoleA = new Keycloak.Role("client_role_a", new() /// { /// RealmId = realm.Id, /// ClientId = clientA.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientB = new Keycloak.OpenId.Client("clientB", new() + /// var clientB = new Keycloak.OpenId.Client("client_b", new() /// { /// RealmId = realm.Id, /// ClientId = "client-b", + /// Name = "client-b", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRoleB = new Keycloak.Role("clientRoleB", new() + /// var clientRoleB = new Keycloak.Role("client_role_b", new() /// { /// RealmId = realm.Id, /// ClientId = clientB.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("clientBRoleMapper", new() + /// var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("client_b_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = clientB.Id, @@ -138,18 +144,20 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "my-client-scope", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var clientRoleMapper = new Keycloak.GenericClientRoleMapper("clientRoleMapper", new() + /// var clientRoleMapper = new Keycloak.GenericClientRoleMapper("client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, @@ -181,23 +189,26 @@ namespace Pulumi.Keycloak /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { /// RealmId = realm.Id, /// ClientId = client.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "my-client-scope", /// }); /// - /// var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("clientBRoleMapper", new() + /// var clientBRoleMapper = new Keycloak.GenericClientRoleMapper("client_b_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, diff --git a/sdk/dotnet/GenericProtocolMapper.cs b/sdk/dotnet/GenericProtocolMapper.cs index 1bbdf3ea..8c43238b 100644 --- a/sdk/dotnet/GenericProtocolMapper.cs +++ b/sdk/dotnet/GenericProtocolMapper.cs @@ -36,16 +36,17 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() + /// var samlClient = new Keycloak.Saml.Client("saml_client", new() /// { /// RealmId = realm.Id, /// ClientId = "test-client", /// }); /// - /// var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper("samlHardcodeAttributeMapper", new() + /// var samlHardcodeAttributeMapper = new Keycloak.GenericProtocolMapper("saml_hardcode_attribute_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = samlClient.Id, + /// Name = "test-mapper", /// Protocol = "saml", /// ProtocolMapper = "saml-hardcode-attribute-mapper", /// Config = diff --git a/sdk/dotnet/GenericRoleMapper.cs b/sdk/dotnet/GenericRoleMapper.cs index 45bd491a..f64419cf 100644 --- a/sdk/dotnet/GenericRoleMapper.cs +++ b/sdk/dotnet/GenericRoleMapper.cs @@ -39,17 +39,19 @@ namespace Pulumi.Keycloak /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var clientRoleMapper = new Keycloak.GenericRoleMapper("clientRoleMapper", new() + /// var clientRoleMapper = new Keycloak.GenericRoleMapper("client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = client.Id, @@ -77,38 +79,42 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var clientA = new Keycloak.OpenId.Client("clientA", new() + /// var clientA = new Keycloak.OpenId.Client("client_a", new() /// { /// RealmId = realm.Id, /// ClientId = "client-a", + /// Name = "client-a", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// FullScopeAllowed = false, /// }); /// - /// var clientRoleA = new Keycloak.Role("clientRoleA", new() + /// var clientRoleA = new Keycloak.Role("client_role_a", new() /// { /// RealmId = realm.Id, /// ClientId = clientA.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientB = new Keycloak.OpenId.Client("clientB", new() + /// var clientB = new Keycloak.OpenId.Client("client_b", new() /// { /// RealmId = realm.Id, /// ClientId = "client-b", + /// Name = "client-b", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRoleB = new Keycloak.Role("clientRoleB", new() + /// var clientRoleB = new Keycloak.Role("client_role_b", new() /// { /// RealmId = realm.Id, /// ClientId = clientB.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientBRoleMapper = new Keycloak.GenericRoleMapper("clientBRoleMapper", new() + /// var clientBRoleMapper = new Keycloak.GenericRoleMapper("client_b_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = clientB.Id, @@ -136,18 +142,20 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "my-client-scope", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var clientRoleMapper = new Keycloak.GenericRoleMapper("clientRoleMapper", new() + /// var clientRoleMapper = new Keycloak.GenericRoleMapper("client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, @@ -179,23 +187,26 @@ namespace Pulumi.Keycloak /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { /// RealmId = realm.Id, /// ClientId = client.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "my-client-scope", /// }); /// - /// var clientBRoleMapper = new Keycloak.GenericRoleMapper("clientBRoleMapper", new() + /// var clientBRoleMapper = new Keycloak.GenericRoleMapper("client_b_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, diff --git a/sdk/dotnet/GetClientDescriptionConverter.cs b/sdk/dotnet/GetClientDescriptionConverter.cs index 5d89d57a..51a95954 100644 --- a/sdk/dotnet/GetClientDescriptionConverter.cs +++ b/sdk/dotnet/GetClientDescriptionConverter.cs @@ -32,7 +32,7 @@ public static class GetClientDescriptionConverter /// Enabled = true, /// }); /// - /// var samlClientClientDescriptionConverter = Keycloak.GetClientDescriptionConverter.Invoke(new() + /// var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new() /// { /// RealmId = realm.Id, /// Body = @" <md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" validUntil=""2021-04-17T12:41:46Z"" cacheDuration=""PT604800S"" entityID=""FakeEntityId""> @@ -65,10 +65,10 @@ public static class GetClientDescriptionConverter /// ", /// }); /// - /// var samlClientClient = new Keycloak.Saml.Client("samlClientClient", new() + /// var samlClientClient = new Keycloak.Saml.Client("saml_client", new() /// { /// RealmId = realm.Id, - /// ClientId = samlClientClientDescriptionConverter.Apply(getClientDescriptionConverterResult => getClientDescriptionConverterResult.ClientId), + /// ClientId = samlClient.Apply(getClientDescriptionConverterResult => getClientDescriptionConverterResult.ClientId), /// }); /// /// }); @@ -99,7 +99,7 @@ public static Task InvokeAsync(GetClientDes /// Enabled = true, /// }); /// - /// var samlClientClientDescriptionConverter = Keycloak.GetClientDescriptionConverter.Invoke(new() + /// var samlClient = Keycloak.GetClientDescriptionConverter.Invoke(new() /// { /// RealmId = realm.Id, /// Body = @" <md:EntityDescriptor xmlns:md=""urn:oasis:names:tc:SAML:2.0:metadata"" validUntil=""2021-04-17T12:41:46Z"" cacheDuration=""PT604800S"" entityID=""FakeEntityId""> @@ -132,10 +132,10 @@ public static Task InvokeAsync(GetClientDes /// ", /// }); /// - /// var samlClientClient = new Keycloak.Saml.Client("samlClientClient", new() + /// var samlClientClient = new Keycloak.Saml.Client("saml_client", new() /// { /// RealmId = realm.Id, - /// ClientId = samlClientClientDescriptionConverter.Apply(getClientDescriptionConverterResult => getClientDescriptionConverterResult.ClientId), + /// ClientId = samlClient.Apply(getClientDescriptionConverterResult => getClientDescriptionConverterResult.ClientId), /// }); /// /// }); diff --git a/sdk/dotnet/GetRealm.cs b/sdk/dotnet/GetRealm.cs index cc15d0c1..978204ef 100644 --- a/sdk/dotnet/GetRealm.cs +++ b/sdk/dotnet/GetRealm.cs @@ -33,9 +33,11 @@ public static class GetRealm /// Realm = "my-realm", /// }); /// + /// // use the data source /// var @group = new Keycloak.Role("group", new() /// { - /// RealmId = data.Keycloak_realm.Id, + /// RealmId = id, + /// Name = "group", /// }); /// /// }); @@ -77,9 +79,11 @@ public static Task InvokeAsync(GetRealmArgs args, InvokeOptions? /// Realm = "my-realm", /// }); /// + /// // use the data source /// var @group = new Keycloak.Role("group", new() /// { - /// RealmId = data.Keycloak_realm.Id, + /// RealmId = id, + /// Name = "group", /// }); /// /// }); diff --git a/sdk/dotnet/GetUser.cs b/sdk/dotnet/GetUser.cs index 7e4d5a5c..a2afc072 100644 --- a/sdk/dotnet/GetUser.cs +++ b/sdk/dotnet/GetUser.cs @@ -30,6 +30,7 @@ public static class GetUser /// Realm = "master", /// }); /// + /// // use the keycloak_user data source to grab the admin user's ID /// var defaultAdminUser = Keycloak.GetUser.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), @@ -66,6 +67,7 @@ public static Task InvokeAsync(GetUserArgs args, InvokeOptions? o /// Realm = "master", /// }); /// + /// // use the keycloak_user data source to grab the admin user's ID /// var defaultAdminUser = Keycloak.GetUser.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), diff --git a/sdk/dotnet/GetUserRealmRoles.cs b/sdk/dotnet/GetUserRealmRoles.cs index fcb8c531..6005ce24 100644 --- a/sdk/dotnet/GetUserRealmRoles.cs +++ b/sdk/dotnet/GetUserRealmRoles.cs @@ -30,12 +30,14 @@ public static class GetUserRealmRoles /// Realm = "master", /// }); /// + /// // use the keycloak_user data source to grab the admin user's ID /// var defaultAdminUser = Keycloak.GetUser.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), /// Username = "keycloak", /// }); /// + /// // use the keycloak_user_realm_roles data source to list role names /// var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), @@ -72,12 +74,14 @@ public static Task InvokeAsync(GetUserRealmRolesArgs ar /// Realm = "master", /// }); /// + /// // use the keycloak_user data source to grab the admin user's ID /// var defaultAdminUser = Keycloak.GetUser.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), /// Username = "keycloak", /// }); /// + /// // use the keycloak_user_realm_roles data source to list role names /// var userRealmRoles = Keycloak.GetUserRealmRoles.Invoke(new() /// { /// RealmId = masterRealm.Apply(getRealmResult => getRealmResult.Id), diff --git a/sdk/dotnet/Group.cs b/sdk/dotnet/Group.cs index 374880eb..618d1486 100644 --- a/sdk/dotnet/Group.cs +++ b/sdk/dotnet/Group.cs @@ -36,30 +36,33 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var parentGroup = new Keycloak.Group("parentGroup", new() + /// var parentGroup = new Keycloak.Group("parent_group", new() /// { /// RealmId = realm.Id, + /// Name = "parent-group", /// }); /// - /// var childGroup = new Keycloak.Group("childGroup", new() + /// var childGroup = new Keycloak.Group("child_group", new() /// { - /// ParentId = parentGroup.Id, /// RealmId = realm.Id, + /// ParentId = parentGroup.Id, + /// Name = "child-group", /// }); /// - /// var childGroupWithOptionalAttributes = new Keycloak.Group("childGroupWithOptionalAttributes", new() + /// var childGroupWithOptionalAttributes = new Keycloak.Group("child_group_with_optional_attributes", new() /// { + /// RealmId = realm.Id, + /// ParentId = parentGroup.Id, + /// Name = "child-group-with-optional-attributes", /// Attributes = /// { /// { "key1", "value1" }, /// { "key2", "value2" }, /// }, - /// ParentId = parentGroup.Id, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/GroupMemberships.cs b/sdk/dotnet/GroupMemberships.cs index ee63b3cc..030c3320 100644 --- a/sdk/dotnet/GroupMemberships.cs +++ b/sdk/dotnet/GroupMemberships.cs @@ -39,13 +39,14 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var @group = new Keycloak.Group("group", new() /// { /// RealmId = realm.Id, + /// Name = "my-group", /// }); /// /// var user = new Keycloak.User("user", new() @@ -54,14 +55,14 @@ namespace Pulumi.Keycloak /// Username = "my-user", /// }); /// - /// var groupMembers = new Keycloak.GroupMemberships("groupMembers", new() + /// var groupMembers = new Keycloak.GroupMemberships("group_members", new() /// { + /// RealmId = realm.Id, /// GroupId = @group.Id, /// Members = new[] /// { /// user.Username, /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/GroupRoles.cs b/sdk/dotnet/GroupRoles.cs index dd3a8129..5fed2ee2 100644 --- a/sdk/dotnet/GroupRoles.cs +++ b/sdk/dotnet/GroupRoles.cs @@ -37,40 +37,44 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { - /// Description = "My Realm Role", /// RealmId = realm.Id, + /// Name = "my-realm-role", + /// Description = "My Realm Role", /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// AccessType = "BEARER-ONLY", + /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { - /// ClientId = keycloak_client.Client.Id, - /// Description = "My Client Role", /// RealmId = realm.Id, + /// ClientId = clientKeycloakClient.Id, + /// Name = "my-client-role", + /// Description = "My Client Role", /// }); /// /// var @group = new Keycloak.Group("group", new() /// { /// RealmId = realm.Id, + /// Name = "my-group", /// }); /// - /// var groupRoles = new Keycloak.GroupRoles("groupRoles", new() + /// var groupRoles = new Keycloak.GroupRoles("group_roles", new() /// { - /// GroupId = @group.Id, /// RealmId = realm.Id, + /// GroupId = @group.Id, /// RoleIds = new[] /// { /// realmRole.Id, diff --git a/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs b/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs index bd88c461..c2e6c779 100644 --- a/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs +++ b/sdk/dotnet/HardcodedAttributeIdentityProviderMapper.cs @@ -31,7 +31,7 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider("oidcIdentityProvider", new() + /// var oidc = new Keycloak.Oidc.IdentityProvider("oidc", new() /// { /// Realm = realm.Id, /// Alias = "my-idp", @@ -41,10 +41,11 @@ namespace Pulumi.Keycloak /// TokenUrl = "https://tokenurl.com", /// }); /// - /// var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper("oidcHardcodedAttributeIdentityProviderMapper", new() + /// var oidcHardcodedAttributeIdentityProviderMapper = new Keycloak.HardcodedAttributeIdentityProviderMapper("oidc", new() /// { /// Realm = realm.Id, - /// IdentityProviderAlias = oidcIdentityProvider.Alias, + /// Name = "hardcodedUserSessionAttribute", + /// IdentityProviderAlias = oidc.Alias, /// AttributeName = "attribute", /// AttributeValue = "value", /// UserSession = true, diff --git a/sdk/dotnet/HardcodedRoleIdentityMapper.cs b/sdk/dotnet/HardcodedRoleIdentityMapper.cs index 639fc826..643bf25b 100644 --- a/sdk/dotnet/HardcodedRoleIdentityMapper.cs +++ b/sdk/dotnet/HardcodedRoleIdentityMapper.cs @@ -31,7 +31,7 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var oidcIdentityProvider = new Keycloak.Oidc.IdentityProvider("oidcIdentityProvider", new() + /// var oidc = new Keycloak.Oidc.IdentityProvider("oidc", new() /// { /// Realm = realm.Id, /// Alias = "my-idp", @@ -41,16 +41,18 @@ namespace Pulumi.Keycloak /// TokenUrl = "https://tokenurl.com", /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// - /// var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", new() + /// var oidcHardcodedRoleIdentityMapper = new Keycloak.HardcodedRoleIdentityMapper("oidc", new() /// { /// Realm = realm.Id, - /// IdentityProviderAlias = oidcIdentityProvider.Alias, + /// Name = "hardcodedRole", + /// IdentityProviderAlias = oidc.Alias, /// Role = "my-realm-role", /// ExtraConfig = /// { diff --git a/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs b/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs index 58a6b74d..09cbe9ab 100644 --- a/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs +++ b/sdk/dotnet/IdentityProviderTokenExchangeScopePermission.cs @@ -21,13 +21,13 @@ namespace Pulumi.Keycloak /// /// return await Deployment.RunAsync(() => /// { - /// var tokenExchangeRealm = new Keycloak.Realm("tokenExchangeRealm", new() + /// var tokenExchangeRealm = new Keycloak.Realm("token_exchange_realm", new() /// { /// RealmName = "token-exchange_destination_realm", /// Enabled = true, /// }); /// - /// var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider("tokenExchangeMyOidcIdp", new() + /// var tokenExchangeMyOidcIdp = new Keycloak.Oidc.IdentityProvider("token_exchange_my_oidc_idp", new() /// { /// Realm = tokenExchangeRealm.Id, /// Alias = "myIdp", @@ -38,9 +38,10 @@ namespace Pulumi.Keycloak /// DefaultScopes = "openid", /// }); /// - /// var token_exchangeWebappClient = new Keycloak.OpenId.Client("token-exchangeWebappClient", new() + /// var token_exchangeWebappClient = new Keycloak.OpenId.Client("token-exchange_webapp_client", new() /// { /// RealmId = tokenExchangeRealm.Id, + /// Name = "webapp_client", /// ClientId = "webapp_client", /// ClientSecret = "secret", /// Description = "a webapp client on the destination realm", @@ -53,7 +54,7 @@ namespace Pulumi.Keycloak /// }); /// /// //relevant part - /// var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", new() + /// var oidcIdpPermission = new Keycloak.IdentityProviderTokenExchangeScopePermission("oidc_idp_permission", new() /// { /// RealmId = tokenExchangeRealm.Id, /// ProviderAlias = tokenExchangeMyOidcIdp.Alias, diff --git a/sdk/dotnet/Ldap/CustomMapper.cs b/sdk/dotnet/Ldap/CustomMapper.cs index 048fec2b..adbb8153 100644 --- a/sdk/dotnet/Ldap/CustomMapper.cs +++ b/sdk/dotnet/Ldap/CustomMapper.cs @@ -35,8 +35,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "openldap", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -52,10 +53,11 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var customMapper = new Keycloak.Ldap.CustomMapper("customMapper", new() + /// var customMapper = new Keycloak.Ldap.CustomMapper("custom_mapper", new() /// { - /// RealmId = keycloak_ldap_user_federation.Openldap.Realm_id, - /// LdapUserFederationId = keycloak_ldap_user_federation.Openldap.Id, + /// Name = "custom-mapper", + /// RealmId = openldap.RealmId, + /// LdapUserFederationId = openldap.Id, /// ProviderId = "custom-provider-registered-in-keycloak", /// ProviderType = "com.example.custom.ldap.mappers.CustomMapper", /// Config = diff --git a/sdk/dotnet/Ldap/FullNameMapper.cs b/sdk/dotnet/Ldap/FullNameMapper.cs index 06e2b77c..bf0607af 100644 --- a/sdk/dotnet/Ldap/FullNameMapper.cs +++ b/sdk/dotnet/Ldap/FullNameMapper.cs @@ -31,32 +31,34 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { - /// BindCredential = "admin", - /// BindDn = "cn=admin,dc=example,dc=org", - /// ConnectionUrl = "ldap://openldap", - /// RdnLdapAttribute = "cn", + /// Name = "openldap", /// RealmId = realm.Id, + /// UsernameLdapAttribute = "cn", + /// RdnLdapAttribute = "cn", + /// UuidLdapAttribute = "entryDN", /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// UsernameLdapAttribute = "cn", + /// ConnectionUrl = "ldap://openldap", /// UsersDn = "dc=example,dc=org", - /// UuidLdapAttribute = "entryDN", + /// BindDn = "cn=admin,dc=example,dc=org", + /// BindCredential = "admin", /// }); /// - /// var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper("ldapFullNameMapper", new() + /// var ldapFullNameMapper = new Keycloak.Ldap.FullNameMapper("ldap_full_name_mapper", new() /// { - /// LdapFullNameAttribute = "cn", - /// LdapUserFederationId = ldapUserFederation.Id, /// RealmId = realm.Id, + /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "full-name-mapper", + /// LdapFullNameAttribute = "cn", /// }); /// /// }); diff --git a/sdk/dotnet/Ldap/GroupMapper.cs b/sdk/dotnet/Ldap/GroupMapper.cs index ec82608e..8182ab8e 100644 --- a/sdk/dotnet/Ldap/GroupMapper.cs +++ b/sdk/dotnet/Ldap/GroupMapper.cs @@ -32,41 +32,43 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { - /// BindCredential = "admin", - /// BindDn = "cn=admin,dc=example,dc=org", - /// ConnectionUrl = "ldap://openldap", - /// RdnLdapAttribute = "cn", + /// Name = "openldap", /// RealmId = realm.Id, + /// UsernameLdapAttribute = "cn", + /// RdnLdapAttribute = "cn", + /// UuidLdapAttribute = "entryDN", /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// UsernameLdapAttribute = "cn", + /// ConnectionUrl = "ldap://openldap", /// UsersDn = "dc=example,dc=org", - /// UuidLdapAttribute = "entryDN", + /// BindDn = "cn=admin,dc=example,dc=org", + /// BindCredential = "admin", /// }); /// - /// var ldapGroupMapper = new Keycloak.Ldap.GroupMapper("ldapGroupMapper", new() + /// var ldapGroupMapper = new Keycloak.Ldap.GroupMapper("ldap_group_mapper", new() /// { + /// RealmId = realm.Id, + /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "group-mapper", + /// LdapGroupsDn = "dc=example,dc=org", /// GroupNameLdapAttribute = "cn", /// GroupObjectClasses = new[] /// { /// "groupOfNames", /// }, - /// LdapGroupsDn = "dc=example,dc=org", - /// LdapUserFederationId = ldapUserFederation.Id, - /// MemberofLdapAttribute = "memberOf", /// MembershipAttributeType = "DN", /// MembershipLdapAttribute = "member", /// MembershipUserLdapAttribute = "cn", - /// RealmId = realm.Id, + /// MemberofLdapAttribute = "memberOf", /// }); /// /// }); diff --git a/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs b/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs index ceea4733..5288f6e9 100644 --- a/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedAttributeMapper.cs @@ -33,8 +33,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "openldap", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -51,10 +52,11 @@ namespace Pulumi.Keycloak.Ldap /// SyncRegistrations = true, /// }); /// - /// var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper("assignBarToFoo", new() + /// var assignBarToFoo = new Keycloak.Ldap.HardcodedAttributeMapper("assign_bar_to_foo", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "assign-foo-to-bar", /// AttributeName = "foo", /// AttributeValue = "bar", /// }); diff --git a/sdk/dotnet/Ldap/HardcodedGroupMapper.cs b/sdk/dotnet/Ldap/HardcodedGroupMapper.cs index 46ae3b04..fb57842e 100644 --- a/sdk/dotnet/Ldap/HardcodedGroupMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedGroupMapper.cs @@ -31,8 +31,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "openldap", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -48,15 +49,17 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var realmGroup = new Keycloak.Group("realmGroup", new() + /// var realmGroup = new Keycloak.Group("realm_group", new() /// { /// RealmId = realm.Id, + /// Name = "my-group", /// }); /// - /// var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper("assignGroupToUsers", new() + /// var assignGroupToUsers = new Keycloak.Ldap.HardcodedGroupMapper("assign_group_to_users", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "assign-group-to-users", /// Group = realmGroup.Name, /// }); /// diff --git a/sdk/dotnet/Ldap/HardcodedRoleMapper.cs b/sdk/dotnet/Ldap/HardcodedRoleMapper.cs index caa511c2..f26e3fde 100644 --- a/sdk/dotnet/Ldap/HardcodedRoleMapper.cs +++ b/sdk/dotnet/Ldap/HardcodedRoleMapper.cs @@ -31,8 +31,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "openldap", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -48,10 +49,11 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", new() + /// var assignAdminRoleToAllUsers = new Keycloak.Ldap.HardcodedRoleMapper("assign_admin_role_to_all_users", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "assign-admin-role-to-all-users", /// Role = "admin", /// }); /// diff --git a/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs b/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs index 88ca213e..3fc3dc3a 100644 --- a/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs +++ b/sdk/dotnet/Ldap/MsadLdsUserAccountControlMapper.cs @@ -35,8 +35,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "ad", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -53,10 +54,11 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper("msadLdsUserAccountControlMapper", new() + /// var msadLdsUserAccountControlMapper = new Keycloak.Ldap.MsadLdsUserAccountControlMapper("msad_lds_user_account_control_mapper", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "msad-lds-user-account-control-mapper", /// }); /// /// }); diff --git a/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs b/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs index 455c2ed1..f14c1796 100644 --- a/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs +++ b/sdk/dotnet/Ldap/MsadUserAccountControlMapper.cs @@ -33,32 +33,34 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { - /// BindCredential = "admin", - /// BindDn = "cn=admin,dc=example,dc=org", - /// ConnectionUrl = "ldap://my-ad-server", - /// RdnLdapAttribute = "cn", + /// Name = "ad", /// RealmId = realm.Id, + /// UsernameLdapAttribute = "cn", + /// RdnLdapAttribute = "cn", + /// UuidLdapAttribute = "objectGUID", /// UserObjectClasses = new[] /// { /// "person", /// "organizationalPerson", /// "user", /// }, - /// UsernameLdapAttribute = "cn", + /// ConnectionUrl = "ldap://my-ad-server", /// UsersDn = "dc=example,dc=org", - /// UuidLdapAttribute = "objectGUID", + /// BindDn = "cn=admin,dc=example,dc=org", + /// BindCredential = "admin", /// }); /// - /// var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", new() + /// var msadUserAccountControlMapper = new Keycloak.Ldap.MsadUserAccountControlMapper("msad_user_account_control_mapper", new() /// { - /// LdapUserFederationId = ldapUserFederation.Id, /// RealmId = realm.Id, + /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "msad-user-account-control-mapper", /// }); /// /// }); diff --git a/sdk/dotnet/Ldap/RoleMapper.cs b/sdk/dotnet/Ldap/RoleMapper.cs index edde865d..63b334c1 100644 --- a/sdk/dotnet/Ldap/RoleMapper.cs +++ b/sdk/dotnet/Ldap/RoleMapper.cs @@ -31,8 +31,9 @@ namespace Pulumi.Keycloak.Ldap /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { + /// Name = "openldap", /// RealmId = realm.Id, /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", @@ -48,10 +49,11 @@ namespace Pulumi.Keycloak.Ldap /// BindCredential = "admin", /// }); /// - /// var ldapRoleMapper = new Keycloak.Ldap.RoleMapper("ldapRoleMapper", new() + /// var ldapRoleMapper = new Keycloak.Ldap.RoleMapper("ldap_role_mapper", new() /// { /// RealmId = realm.Id, /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "role-mapper", /// LdapRolesDn = "dc=example,dc=org", /// RoleNameLdapAttribute = "cn", /// RoleObjectClasses = new[] diff --git a/sdk/dotnet/Ldap/UserAttributeMapper.cs b/sdk/dotnet/Ldap/UserAttributeMapper.cs index fe8ff3be..68428a2b 100644 --- a/sdk/dotnet/Ldap/UserAttributeMapper.cs +++ b/sdk/dotnet/Ldap/UserAttributeMapper.cs @@ -31,33 +31,35 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { - /// BindCredential = "admin", - /// BindDn = "cn=admin,dc=example,dc=org", - /// ConnectionUrl = "ldap://openldap", - /// RdnLdapAttribute = "cn", + /// Name = "openldap", /// RealmId = realm.Id, + /// UsernameLdapAttribute = "cn", + /// RdnLdapAttribute = "cn", + /// UuidLdapAttribute = "entryDN", /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// UsernameLdapAttribute = "cn", + /// ConnectionUrl = "ldap://openldap", /// UsersDn = "dc=example,dc=org", - /// UuidLdapAttribute = "entryDN", + /// BindDn = "cn=admin,dc=example,dc=org", + /// BindCredential = "admin", /// }); /// - /// var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper("ldapUserAttributeMapper", new() + /// var ldapUserAttributeMapper = new Keycloak.Ldap.UserAttributeMapper("ldap_user_attribute_mapper", new() /// { - /// LdapAttribute = "bar", - /// LdapUserFederationId = ldapUserFederation.Id, /// RealmId = realm.Id, + /// LdapUserFederationId = ldapUserFederation.Id, + /// Name = "user-attribute-mapper", /// UserModelAttribute = "foo", + /// LdapAttribute = "bar", /// }); /// /// }); diff --git a/sdk/dotnet/Ldap/UserFederation.cs b/sdk/dotnet/Ldap/UserFederation.cs index 6c817e32..51e2e194 100644 --- a/sdk/dotnet/Ldap/UserFederation.cs +++ b/sdk/dotnet/Ldap/UserFederation.cs @@ -32,28 +32,29 @@ namespace Pulumi.Keycloak.Ldap /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "test", + /// Enabled = true, /// }); /// - /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldapUserFederation", new() + /// var ldapUserFederation = new Keycloak.Ldap.UserFederation("ldap_user_federation", new() /// { - /// BindCredential = "admin", - /// BindDn = "cn=admin,dc=example,dc=org", - /// ConnectionTimeout = "5s", - /// ConnectionUrl = "ldap://openldap", + /// Name = "openldap", + /// RealmId = realm.Id, /// Enabled = true, + /// UsernameLdapAttribute = "cn", /// RdnLdapAttribute = "cn", - /// ReadTimeout = "10s", - /// RealmId = realm.Id, + /// UuidLdapAttribute = "entryDN", /// UserObjectClasses = new[] /// { /// "simpleSecurityObject", /// "organizationalRole", /// }, - /// UsernameLdapAttribute = "cn", + /// ConnectionUrl = "ldap://openldap", /// UsersDn = "dc=example,dc=org", - /// UuidLdapAttribute = "entryDN", + /// BindDn = "cn=admin,dc=example,dc=org", + /// BindCredential = "admin", + /// ConnectionTimeout = "5s", + /// ReadTimeout = "10s", /// }); /// /// }); diff --git a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs index ad2f2c2c..e92dd8bb 100644 --- a/sdk/dotnet/Oidc/GoogleIdentityProvider.cs +++ b/sdk/dotnet/Oidc/GoogleIdentityProvider.cs @@ -34,8 +34,8 @@ namespace Pulumi.Keycloak.Oidc /// var google = new Keycloak.Oidc.GoogleIdentityProvider("google", new() /// { /// Realm = realm.Id, - /// ClientId = @var.Google_identity_provider_client_id, - /// ClientSecret = @var.Google_identity_provider_client_secret, + /// ClientId = googleIdentityProviderClientId, + /// ClientSecret = googleIdentityProviderClientSecret, /// TrustEmail = true, /// HostedDomain = "example.com", /// SyncMode = "IMPORT", diff --git a/sdk/dotnet/Oidc/IdentityProvider.cs b/sdk/dotnet/Oidc/IdentityProvider.cs index fa4bc840..693e0622 100644 --- a/sdk/dotnet/Oidc/IdentityProvider.cs +++ b/sdk/dotnet/Oidc/IdentityProvider.cs @@ -31,7 +31,7 @@ namespace Pulumi.Keycloak.Oidc /// Enabled = true, /// }); /// - /// var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider("realmIdentityProvider", new() + /// var realmIdentityProvider = new Keycloak.Oidc.IdentityProvider("realm_identity_provider", new() /// { /// Realm = realm.Id, /// Alias = "my-idp", diff --git a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs index dfd59fef..59fe9b57 100644 --- a/sdk/dotnet/OpenId/AudienceProtocolMapper.cs +++ b/sdk/dotnet/OpenId/AudienceProtocolMapper.cs @@ -32,27 +32,29 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { + /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "audience-mapper", /// IncludedCustomAudience = "foo", - /// RealmId = realm.Id, /// }); /// /// }); @@ -72,20 +74,22 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { + /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// Name = "audience-mapper", /// IncludedCustomAudience = "foo", - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs b/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs index 5f2c72bd..ce4e5027 100644 --- a/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs +++ b/sdk/dotnet/OpenId/AudienceResolveProtocolMapper.cs @@ -35,10 +35,11 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] @@ -47,10 +48,11 @@ namespace Pulumi.Keycloak.OpenId /// }, /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper("audience_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "my-audience-resolve-mapper", /// }); /// /// }); @@ -74,12 +76,13 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, diff --git a/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs b/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs index f473562a..a50304b8 100644 --- a/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs +++ b/sdk/dotnet/OpenId/AudienceResolveProtocolMappter.cs @@ -35,10 +35,11 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] @@ -47,10 +48,11 @@ namespace Pulumi.Keycloak.OpenId /// }, /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceResolveProtocolMapper("audience_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "my-audience-resolve-mapper", /// }); /// /// }); @@ -74,12 +76,13 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, diff --git a/sdk/dotnet/OpenId/Client.cs b/sdk/dotnet/OpenId/Client.cs index 7dec4305..d37e9fd9 100644 --- a/sdk/dotnet/OpenId/Client.cs +++ b/sdk/dotnet/OpenId/Client.cs @@ -31,16 +31,17 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", diff --git a/sdk/dotnet/OpenId/ClientDefaultScopes.cs b/sdk/dotnet/OpenId/ClientDefaultScopes.cs index 31817c78..600fd635 100644 --- a/sdk/dotnet/OpenId/ClientDefaultScopes.cs +++ b/sdk/dotnet/OpenId/ClientDefaultScopes.cs @@ -23,24 +23,26 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// AccessType = "CONFIDENTIAL", - /// ClientId = "test-client", /// RealmId = realm.Id, + /// ClientId = "test-client", + /// AccessType = "CONFIDENTIAL", /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes("clientDefaultScopes", new() + /// var clientDefaultScopes = new Keycloak.OpenId.ClientDefaultScopes("client_default_scopes", new() /// { + /// RealmId = realm.Id, /// ClientId = client.Id, /// DefaultScopes = new[] /// { @@ -50,7 +52,6 @@ namespace Pulumi.Keycloak.OpenId /// "web-origins", /// clientScope.Name, /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/ClientOptionalScopes.cs b/sdk/dotnet/OpenId/ClientOptionalScopes.cs index 9a757604..a53d49a3 100644 --- a/sdk/dotnet/OpenId/ClientOptionalScopes.cs +++ b/sdk/dotnet/OpenId/ClientOptionalScopes.cs @@ -23,24 +23,26 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// AccessType = "CONFIDENTIAL", - /// ClientId = "test-client", /// RealmId = realm.Id, + /// ClientId = "test-client", + /// AccessType = "CONFIDENTIAL", /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes("clientOptionalScopes", new() + /// var clientOptionalScopes = new Keycloak.OpenId.ClientOptionalScopes("client_optional_scopes", new() /// { + /// RealmId = realm.Id, /// ClientId = client.Id, /// OptionalScopes = new[] /// { @@ -49,7 +51,6 @@ namespace Pulumi.Keycloak.OpenId /// "offline_access", /// clientScope.Name, /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/ClientPolicy.cs b/sdk/dotnet/OpenId/ClientPolicy.cs index efbc44fc..69edcf22 100644 --- a/sdk/dotnet/OpenId/ClientPolicy.cs +++ b/sdk/dotnet/OpenId/ClientPolicy.cs @@ -31,15 +31,16 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// ClientId = "openid_client", + /// Name = "openid_client", /// RealmId = realm.Id, /// AccessType = "CONFIDENTIAL", /// ServiceAccountsEnabled = true, /// }); /// - /// var myPermission = new Keycloak.OpenId.ClientPermissions("myPermission", new() + /// var myPermission = new Keycloak.OpenId.ClientPermissions("my_permission", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, @@ -51,10 +52,11 @@ namespace Pulumi.Keycloak.OpenId /// ClientId = "realm-management", /// }); /// - /// var tokenExchange = new Keycloak.OpenId.ClientPolicy("tokenExchange", new() + /// var tokenExchange = new Keycloak.OpenId.ClientPolicy("token_exchange", new() /// { /// ResourceServerId = realmManagement.Apply(getClientResult => getClientResult.Id), /// RealmId = realm.Id, + /// Name = "my-policy", /// Logic = "POSITIVE", /// DecisionStrategy = "UNANIMOUS", /// Clients = new[] diff --git a/sdk/dotnet/OpenId/ClientScope.cs b/sdk/dotnet/OpenId/ClientScope.cs index 3af42d89..1bca06f4 100644 --- a/sdk/dotnet/OpenId/ClientScope.cs +++ b/sdk/dotnet/OpenId/ClientScope.cs @@ -32,14 +32,15 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClientScope = new Keycloak.OpenId.ClientScope("openidClientScope", new() + /// var openidClientScope = new Keycloak.OpenId.ClientScope("openid_client_scope", new() /// { - /// Description = "When requested, this scope will map a user's group memberships to a claim", /// RealmId = realm.Id, + /// Name = "groups", + /// Description = "When requested, this scope will map a user's group memberships to a claim", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs b/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs index 7ab6383e..b6677df4 100644 --- a/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs +++ b/sdk/dotnet/OpenId/ClientServiceAccountRealmRole.cs @@ -33,18 +33,20 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { /// RealmId = realm.Id, + /// Name = "client", /// ServiceAccountsEnabled = true, /// }); /// - /// var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole("clientServiceAccountRole", new() + /// var clientServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRealmRole("client_service_account_role", new() /// { /// RealmId = realm.Id, /// ServiceAccountUserId = client.ServiceAccountUserId, diff --git a/sdk/dotnet/OpenId/ClientServiceAccountRole.cs b/sdk/dotnet/OpenId/ClientServiceAccountRole.cs index e6e2db03..50bf7749 100644 --- a/sdk/dotnet/OpenId/ClientServiceAccountRole.cs +++ b/sdk/dotnet/OpenId/ClientServiceAccountRole.cs @@ -37,12 +37,14 @@ namespace Pulumi.Keycloak.OpenId /// var client1 = new Keycloak.OpenId.Client("client1", new() /// { /// RealmId = realm.Id, + /// Name = "client1", /// }); /// - /// var client1Role = new Keycloak.Role("client1Role", new() + /// var client1Role = new Keycloak.Role("client1_role", new() /// { /// RealmId = realm.Id, /// ClientId = client1.Id, + /// Name = "my-client1-role", /// Description = "A role that client1 provides", /// }); /// @@ -50,10 +52,11 @@ namespace Pulumi.Keycloak.OpenId /// var client2 = new Keycloak.OpenId.Client("client2", new() /// { /// RealmId = realm.Id, + /// Name = "client2", /// ServiceAccountsEnabled = true, /// }); /// - /// var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole("client2ServiceAccountRole", new() + /// var client2ServiceAccountRole = new Keycloak.OpenId.ClientServiceAccountRole("client2_service_account_role", new() /// { /// RealmId = realm.Id, /// ServiceAccountUserId = client2.ServiceAccountUserId, diff --git a/sdk/dotnet/OpenId/FullNameProtocolMapper.cs b/sdk/dotnet/OpenId/FullNameProtocolMapper.cs index bed6bfa2..7328ef7f 100644 --- a/sdk/dotnet/OpenId/FullNameProtocolMapper.cs +++ b/sdk/dotnet/OpenId/FullNameProtocolMapper.cs @@ -33,26 +33,28 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("fullNameMapper", new() + /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("full_name_mapper", new() /// { - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "full-name-mapper", /// }); /// /// }); @@ -72,19 +74,21 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("fullNameMapper", new() + /// var fullNameMapper = new Keycloak.OpenId.FullNameProtocolMapper("full_name_mapper", new() /// { - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "full-name-mapper", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/GetClient.cs b/sdk/dotnet/OpenId/GetClient.cs index 3d9d244e..ecb9a037 100644 --- a/sdk/dotnet/OpenId/GetClient.cs +++ b/sdk/dotnet/OpenId/GetClient.cs @@ -33,6 +33,7 @@ public static class GetClient /// ClientId = "realm-management", /// }); /// + /// // use the data source /// var admin = Keycloak.GetRole.Invoke(new() /// { /// RealmId = "my-realm", @@ -80,6 +81,7 @@ public static Task InvokeAsync(GetClientArgs args, InvokeOption /// ClientId = "realm-management", /// }); /// + /// // use the data source /// var admin = Keycloak.GetRole.Invoke(new() /// { /// RealmId = "my-realm", diff --git a/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs b/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs index ec46c891..084d899b 100644 --- a/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs +++ b/sdk/dotnet/OpenId/GetClientAuthorizationPolicy.cs @@ -35,9 +35,10 @@ public static class GetClientAuthorizationPolicy /// Enabled = true, /// }); /// - /// var clientWithAuthz = new Keycloak.OpenId.Client("clientWithAuthz", new() + /// var clientWithAuthz = new Keycloak.OpenId.Client("client_with_authz", new() /// { /// ClientId = "client-with-authz", + /// Name = "client-with-authz", /// RealmId = realm.Id, /// AccessType = "CONFIDENTIAL", /// ServiceAccountsEnabled = true, @@ -57,6 +58,7 @@ public static class GetClientAuthorizationPolicy /// var resource = new Keycloak.OpenId.ClientAuthorizationResource("resource", new() /// { /// ResourceServerId = clientWithAuthz.ResourceServerId, + /// Name = "authorization-resource", /// RealmId = realm.Id, /// Uris = new[] /// { @@ -72,6 +74,7 @@ public static class GetClientAuthorizationPolicy /// { /// ResourceServerId = clientWithAuthz.ResourceServerId, /// RealmId = realm.Id, + /// Name = "authorization-permission", /// Policies = new[] /// { /// defaultPermission.Apply(getClientAuthorizationPolicyResult => getClientAuthorizationPolicyResult.Id), @@ -113,9 +116,10 @@ public static Task InvokeAsync(GetClientAuth /// Enabled = true, /// }); /// - /// var clientWithAuthz = new Keycloak.OpenId.Client("clientWithAuthz", new() + /// var clientWithAuthz = new Keycloak.OpenId.Client("client_with_authz", new() /// { /// ClientId = "client-with-authz", + /// Name = "client-with-authz", /// RealmId = realm.Id, /// AccessType = "CONFIDENTIAL", /// ServiceAccountsEnabled = true, @@ -135,6 +139,7 @@ public static Task InvokeAsync(GetClientAuth /// var resource = new Keycloak.OpenId.ClientAuthorizationResource("resource", new() /// { /// ResourceServerId = clientWithAuthz.ResourceServerId, + /// Name = "authorization-resource", /// RealmId = realm.Id, /// Uris = new[] /// { @@ -150,6 +155,7 @@ public static Task InvokeAsync(GetClientAuth /// { /// ResourceServerId = clientWithAuthz.ResourceServerId, /// RealmId = realm.Id, + /// Name = "authorization-permission", /// Policies = new[] /// { /// defaultPermission.Apply(getClientAuthorizationPolicyResult => getClientAuthorizationPolicyResult.Id), diff --git a/sdk/dotnet/OpenId/GetClientScope.cs b/sdk/dotnet/OpenId/GetClientScope.cs index 731f024b..c7fe0362 100644 --- a/sdk/dotnet/OpenId/GetClientScope.cs +++ b/sdk/dotnet/OpenId/GetClientScope.cs @@ -32,10 +32,11 @@ public static class GetClientScope /// }); /// /// // use the data source - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { /// RealmId = offlineAccess.Apply(getClientScopeResult => getClientScopeResult.RealmId), /// ClientScopeId = offlineAccess.Apply(getClientScopeResult => getClientScopeResult.Id), + /// Name = "audience-mapper", /// IncludedCustomAudience = "foo", /// }); /// @@ -67,10 +68,11 @@ public static Task InvokeAsync(GetClientScopeArgs args, In /// }); /// /// // use the data source - /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audienceMapper", new() + /// var audienceMapper = new Keycloak.OpenId.AudienceProtocolMapper("audience_mapper", new() /// { /// RealmId = offlineAccess.Apply(getClientScopeResult => getClientScopeResult.RealmId), /// ClientScopeId = offlineAccess.Apply(getClientScopeResult => getClientScopeResult.Id), + /// Name = "audience-mapper", /// IncludedCustomAudience = "foo", /// }); /// diff --git a/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs b/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs index 0b1f3b2d..ad64a6d1 100644 --- a/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs +++ b/sdk/dotnet/OpenId/GetClientServiceAccountUser.cs @@ -40,6 +40,7 @@ public static class GetClientServiceAccountUser /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// AccessType = "CONFIDENTIAL", /// ServiceAccountsEnabled = true, /// }); @@ -56,7 +57,7 @@ public static class GetClientServiceAccountUser /// Name = "offline_access", /// }); /// - /// var serviceAccountUserRoles = new Keycloak.UserRoles("serviceAccountUserRoles", new() + /// var serviceAccountUserRoles = new Keycloak.UserRoles("service_account_user_roles", new() /// { /// RealmId = realm.Id, /// UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult => getClientServiceAccountUserResult.Id), @@ -102,6 +103,7 @@ public static Task InvokeAsync(GetClientServi /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// AccessType = "CONFIDENTIAL", /// ServiceAccountsEnabled = true, /// }); @@ -118,7 +120,7 @@ public static Task InvokeAsync(GetClientServi /// Name = "offline_access", /// }); /// - /// var serviceAccountUserRoles = new Keycloak.UserRoles("serviceAccountUserRoles", new() + /// var serviceAccountUserRoles = new Keycloak.UserRoles("service_account_user_roles", new() /// { /// RealmId = realm.Id, /// UserId = serviceAccountUser.Apply(getClientServiceAccountUserResult => getClientServiceAccountUserResult.Id), diff --git a/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs b/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs index 9aef40b1..23a525d1 100644 --- a/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs +++ b/sdk/dotnet/OpenId/GroupMembershipProtocolMapper.cs @@ -33,27 +33,29 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new() + /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("group_membership_mapper", new() /// { - /// ClaimName = "groups", - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "group-membership-mapper", + /// ClaimName = "groups", /// }); /// /// }); @@ -73,20 +75,22 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("groupMembershipMapper", new() + /// var groupMembershipMapper = new Keycloak.OpenId.GroupMembershipProtocolMapper("group_membership_mapper", new() /// { - /// ClaimName = "groups", - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "group-membership-mapper", + /// ClaimName = "groups", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs b/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs index f7c60a59..4819156f 100644 --- a/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs +++ b/sdk/dotnet/OpenId/HardcodedClaimProtocolMapper.cs @@ -33,28 +33,30 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcodedClaimMapper", new() + /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", new() /// { + /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "hardcoded-claim-mapper", /// ClaimName = "foo", /// ClaimValue = "bar", - /// ClientId = openidClient.Id, - /// RealmId = realm.Id, /// }); /// /// }); @@ -74,21 +76,23 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcodedClaimMapper", new() + /// var hardcodedClaimMapper = new Keycloak.OpenId.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", new() /// { + /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "hardcoded-claim-mapper", /// ClaimName = "foo", /// ClaimValue = "bar", - /// ClientScopeId = clientScope.Id, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs b/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs index a6af817f..c469708a 100644 --- a/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/HardcodedRoleProtocolMapper.cs @@ -33,31 +33,34 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var role = new Keycloak.Role("role", new() /// { /// RealmId = realm.Id, + /// Name = "my-role", /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcodedRoleMapper", new() + /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcoded_role_mapper", new() /// { - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "hardcoded-role-mapper", /// RoleId = role.Id, /// }); /// @@ -78,24 +81,27 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var role = new Keycloak.Role("role", new() /// { /// RealmId = realm.Id, + /// Name = "my-role", /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcodedRoleMapper", new() + /// var hardcodedRoleMapper = new Keycloak.OpenId.HardcodedRoleProtocolMapper("hardcoded_role_mapper", new() /// { - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "hardcoded-role-mapper", /// RoleId = role.Id, /// }); /// diff --git a/sdk/dotnet/OpenId/ScriptProtocolMapper.cs b/sdk/dotnet/OpenId/ScriptProtocolMapper.cs index 3b74b601..b3c23e14 100644 --- a/sdk/dotnet/OpenId/ScriptProtocolMapper.cs +++ b/sdk/dotnet/OpenId/ScriptProtocolMapper.cs @@ -38,10 +38,11 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] @@ -50,10 +51,11 @@ namespace Pulumi.Keycloak.OpenId /// }, /// }); /// - /// var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper("scriptMapper", new() + /// var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper("script_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "script-mapper", /// ClaimName = "foo", /// Script = "exports = 'foo';", /// }); @@ -79,15 +81,17 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "client-scope", /// }); /// - /// var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper("scriptMapper", new() + /// var scriptMapper = new Keycloak.OpenId.ScriptProtocolMapper("script_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// Name = "script-mapper", /// ClaimName = "foo", /// Script = "exports = 'foo';", /// }); diff --git a/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs b/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs index 964413f0..2a96e35f 100644 --- a/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserAttributeProtocolMapper.cs @@ -33,28 +33,30 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new() + /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("user_attribute_mapper", new() /// { - /// ClaimName = "bar", - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "test-mapper", /// UserAttribute = "foo", + /// ClaimName = "bar", /// }); /// /// }); @@ -74,21 +76,23 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("userAttributeMapper", new() + /// var userAttributeMapper = new Keycloak.OpenId.UserAttributeProtocolMapper("user_attribute_mapper", new() /// { - /// ClaimName = "bar", - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "test-mapper", /// UserAttribute = "foo", + /// ClaimName = "bar", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs b/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs index 25301628..18070cc0 100644 --- a/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserClientRoleProtocolMapper.cs @@ -36,10 +36,11 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] @@ -48,10 +49,11 @@ namespace Pulumi.Keycloak.OpenId /// }, /// }); /// - /// var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("userClientRoleMapper", new() + /// var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("user_client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "user-client-role-mapper", /// ClaimName = "foo", /// }); /// @@ -76,15 +78,17 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "client-scope", /// }); /// - /// var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("userClientRoleMapper", new() + /// var userClientRoleMapper = new Keycloak.OpenId.UserClientRoleProtocolMapper("user_client_role_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// Name = "user-client-role-mapper", /// ClaimName = "foo", /// }); /// diff --git a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs index 7b60da8a..b8afc56d 100644 --- a/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserPropertyProtocolMapper.cs @@ -33,28 +33,30 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("userPropertyMapper", new() + /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("user_property_mapper", new() /// { - /// ClaimName = "email", - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "test-mapper", /// UserProperty = "email", + /// ClaimName = "email", /// }); /// /// }); @@ -74,21 +76,23 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("userPropertyMapper", new() + /// var userPropertyMapper = new Keycloak.OpenId.UserPropertyProtocolMapper("user_property_mapper", new() /// { - /// ClaimName = "email", - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "test-mapper", /// UserProperty = "email", + /// ClaimName = "email", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs b/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs index 8f0c3753..76d9ca9c 100644 --- a/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserRealmRoleProtocolMapper.cs @@ -33,27 +33,29 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { - /// AccessType = "CONFIDENTIAL", + /// RealmId = realm.Id, /// ClientId = "test-client", + /// Name = "test client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] /// { /// "http://localhost:8080/openid-callback", /// }, /// }); /// - /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new() + /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("user_realm_role_mapper", new() /// { - /// ClaimName = "foo", - /// ClientId = openidClient.Id, /// RealmId = realm.Id, + /// ClientId = openidClient.Id, + /// Name = "user-realm-role-mapper", + /// ClaimName = "foo", /// }); /// /// }); @@ -73,20 +75,22 @@ namespace Pulumi.Keycloak.OpenId /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "test-client-scope", /// }); /// - /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("userRealmRoleMapper", new() + /// var userRealmRoleMapper = new Keycloak.OpenId.UserRealmRoleProtocolMapper("user_realm_role_mapper", new() /// { - /// ClaimName = "foo", - /// ClientScopeId = clientScope.Id, /// RealmId = realm.Id, + /// ClientScopeId = clientScope.Id, + /// Name = "user-realm-role-mapper", + /// ClaimName = "foo", /// }); /// /// }); diff --git a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs index 7a659062..93d95bb0 100644 --- a/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs +++ b/sdk/dotnet/OpenId/UserSessionNoteProtocolMapper.cs @@ -36,10 +36,11 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var openidClient = new Keycloak.OpenId.Client("openidClient", new() + /// var openidClient = new Keycloak.OpenId.Client("openid_client", new() /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "CONFIDENTIAL", /// ValidRedirectUris = new[] @@ -48,10 +49,11 @@ namespace Pulumi.Keycloak.OpenId /// }, /// }); /// - /// var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("userSessionNoteMapper", new() + /// var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("user_session_note_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = openidClient.Id, + /// Name = "user-session-note-mapper", /// ClaimName = "foo", /// ClaimValueType = "String", /// SessionNote = "bar", @@ -78,15 +80,17 @@ namespace Pulumi.Keycloak.OpenId /// Enabled = true, /// }); /// - /// var clientScope = new Keycloak.OpenId.ClientScope("clientScope", new() + /// var clientScope = new Keycloak.OpenId.ClientScope("client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "client-scope", /// }); /// - /// var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("userSessionNoteMapper", new() + /// var userSessionNoteMapper = new Keycloak.OpenId.UserSessionNoteProtocolMapper("user_session_note_mapper", new() /// { /// RealmId = realm.Id, /// ClientScopeId = clientScope.Id, + /// Name = "user-session-note-mapper", /// ClaimName = "foo", /// ClaimValueType = "String", /// SessionNote = "bar", diff --git a/sdk/dotnet/RealmEvents.cs b/sdk/dotnet/RealmEvents.cs index a801a642..785758ec 100644 --- a/sdk/dotnet/RealmEvents.cs +++ b/sdk/dotnet/RealmEvents.cs @@ -30,22 +30,22 @@ namespace Pulumi.Keycloak /// RealmName = "test", /// }); /// - /// var realmEvents = new Keycloak.RealmEvents("realmEvents", new() + /// var realmEvents = new Keycloak.RealmEvents("realm_events", new() /// { - /// AdminEventsDetailsEnabled = true, + /// RealmId = realm.Id, + /// EventsEnabled = true, + /// EventsExpiration = 3600, /// AdminEventsEnabled = true, + /// AdminEventsDetailsEnabled = true, /// EnabledEventTypes = new[] /// { /// "LOGIN", /// "LOGOUT", /// }, - /// EventsEnabled = true, - /// EventsExpiration = 3600, /// EventsListeners = new[] /// { /// "jboss-logging", /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/RealmKeystoreAesGenerated.cs b/sdk/dotnet/RealmKeystoreAesGenerated.cs index 640f3cec..3a484871 100644 --- a/sdk/dotnet/RealmKeystoreAesGenerated.cs +++ b/sdk/dotnet/RealmKeystoreAesGenerated.cs @@ -30,8 +30,9 @@ namespace Pulumi.Keycloak /// RealmName = "my-realm", /// }); /// - /// var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated("keystoreAesGenerated", new() + /// var keystoreAesGenerated = new Keycloak.RealmKeystoreAesGenerated("keystore_aes_generated", new() /// { + /// Name = "my-aes-generated-key", /// RealmId = realm.Id, /// Enabled = true, /// Active = true, diff --git a/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs b/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs index 482a52a9..8fcfddb7 100644 --- a/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreEcdsaGenerated.cs @@ -30,8 +30,9 @@ namespace Pulumi.Keycloak /// RealmName = "my-realm", /// }); /// - /// var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated("keystoreEcdsaGenerated", new() + /// var keystoreEcdsaGenerated = new Keycloak.RealmKeystoreEcdsaGenerated("keystore_ecdsa_generated", new() /// { + /// Name = "my-ecdsa-generated-key", /// RealmId = realm.Id, /// Enabled = true, /// Active = true, diff --git a/sdk/dotnet/RealmKeystoreHmacGenerated.cs b/sdk/dotnet/RealmKeystoreHmacGenerated.cs index 1952cfac..9a846c68 100644 --- a/sdk/dotnet/RealmKeystoreHmacGenerated.cs +++ b/sdk/dotnet/RealmKeystoreHmacGenerated.cs @@ -30,8 +30,9 @@ namespace Pulumi.Keycloak /// RealmName = "my-realm", /// }); /// - /// var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated("keystoreHmacGenerated", new() + /// var keystoreHmacGenerated = new Keycloak.RealmKeystoreHmacGenerated("keystore_hmac_generated", new() /// { + /// Name = "my-hmac-generated-key", /// RealmId = realm.Id, /// Enabled = true, /// Active = true, diff --git a/sdk/dotnet/RealmKeystoreJavaGenerated.cs b/sdk/dotnet/RealmKeystoreJavaGenerated.cs index 181d0a13..bd709980 100644 --- a/sdk/dotnet/RealmKeystoreJavaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreJavaGenerated.cs @@ -30,8 +30,9 @@ namespace Pulumi.Keycloak /// RealmName = "my-realm", /// }); /// - /// var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated("javaKeystore", new() + /// var javaKeystore = new Keycloak.RealmKeystoreJavaGenerated("java_keystore", new() /// { + /// Name = "my-java-keystore", /// RealmId = realm.Id, /// Enabled = true, /// Active = true, diff --git a/sdk/dotnet/RealmKeystoreRsaGenerated.cs b/sdk/dotnet/RealmKeystoreRsaGenerated.cs index 9cfa671a..c64eebc6 100644 --- a/sdk/dotnet/RealmKeystoreRsaGenerated.cs +++ b/sdk/dotnet/RealmKeystoreRsaGenerated.cs @@ -30,8 +30,9 @@ namespace Pulumi.Keycloak /// RealmName = "my-realm", /// }); /// - /// var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated("keystoreRsaGenerated", new() + /// var keystoreRsaGenerated = new Keycloak.RealmKeystoreRsaGenerated("keystore_rsa_generated", new() /// { + /// Name = "my-rsa-generated-key", /// RealmId = realm.Id, /// Enabled = true, /// Active = true, diff --git a/sdk/dotnet/RealmUserProfile.cs b/sdk/dotnet/RealmUserProfile.cs index aac6ab4d..77f03d4d 100644 --- a/sdk/dotnet/RealmUserProfile.cs +++ b/sdk/dotnet/RealmUserProfile.cs @@ -44,7 +44,7 @@ namespace Pulumi.Keycloak /// /// var userprofile = new Keycloak.RealmUserProfile("userprofile", new() /// { - /// RealmId = keycloak_realm.My_realm.Id, + /// RealmId = myRealm.Id, /// Attributes = new[] /// { /// new Keycloak.Inputs.RealmUserProfileAttributeArgs diff --git a/sdk/dotnet/RequiredAction.cs b/sdk/dotnet/RequiredAction.cs index c8fadff6..4149b4b2 100644 --- a/sdk/dotnet/RequiredAction.cs +++ b/sdk/dotnet/RequiredAction.cs @@ -31,11 +31,12 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var requiredAction = new Keycloak.RequiredAction("requiredAction", new() + /// var requiredAction = new Keycloak.RequiredAction("required_action", new() /// { /// RealmId = realm.RealmName, /// Alias = "webauthn-register", /// Enabled = true, + /// Name = "Webauthn Register", /// }); /// /// }); diff --git a/sdk/dotnet/Role.cs b/sdk/dotnet/Role.cs index 2a518958..db02968e 100644 --- a/sdk/dotnet/Role.cs +++ b/sdk/dotnet/Role.cs @@ -30,14 +30,15 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { - /// Description = "My Realm Role", /// RealmId = realm.Id, + /// Name = "my-realm-role", + /// Description = "My Realm Role", /// }); /// /// }); @@ -57,23 +58,25 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// AccessType = "BEARER-ONLY", + /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { - /// ClientId = keycloak_client.Client.Id, - /// Description = "My Client Role", /// RealmId = realm.Id, + /// ClientId = clientKeycloakClient.Id, + /// Name = "my-client-role", + /// Description = "My Client Role", /// }); /// /// }); @@ -93,47 +96,57 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var createRole = new Keycloak.Role("createRole", new() + /// // realm roles + /// var createRole = new Keycloak.Role("create_role", new() /// { /// RealmId = realm.Id, + /// Name = "create", /// }); /// - /// var readRole = new Keycloak.Role("readRole", new() + /// var readRole = new Keycloak.Role("read_role", new() /// { /// RealmId = realm.Id, + /// Name = "read", /// }); /// - /// var updateRole = new Keycloak.Role("updateRole", new() + /// var updateRole = new Keycloak.Role("update_role", new() /// { /// RealmId = realm.Id, + /// Name = "update", /// }); /// - /// var deleteRole = new Keycloak.Role("deleteRole", new() + /// var deleteRole = new Keycloak.Role("delete_role", new() /// { /// RealmId = realm.Id, + /// Name = "delete", /// }); /// + /// // client role /// var client = new Keycloak.OpenId.Client("client", new() /// { - /// AccessType = "BEARER-ONLY", + /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, - /// RealmId = realm.Id, + /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { - /// ClientId = keycloak_client.Client.Id, - /// Description = "My Client Role", /// RealmId = realm.Id, + /// ClientId = clientKeycloakClient.Id, + /// Name = "my-client-role", + /// Description = "My Client Role", /// }); /// - /// var adminRole = new Keycloak.Role("adminRole", new() + /// var adminRole = new Keycloak.Role("admin_role", new() /// { + /// RealmId = realm.Id, + /// Name = "admin", /// CompositeRoles = new[] /// { /// "{keycloak_role.create_role.id}", @@ -142,7 +155,6 @@ namespace Pulumi.Keycloak /// "{keycloak_role.delete_role.id}", /// "{keycloak_role.client_role.id}", /// }, - /// RealmId = realm.Id, /// }); /// /// }); diff --git a/sdk/dotnet/Saml/Client.cs b/sdk/dotnet/Saml/Client.cs index b6c4be2e..85a7200c 100644 --- a/sdk/dotnet/Saml/Client.cs +++ b/sdk/dotnet/Saml/Client.cs @@ -18,69 +18,6 @@ namespace Pulumi.Keycloak.Saml /// clients are applications that redirect users to Keycloak for authentication /// in order to take advantage of Keycloak's user sessions for SSO. /// - /// ### Example Usage - /// - /// <!--Start PulumiCodeChooser --> - /// ```csharp - /// using System.Collections.Generic; - /// using System.IO; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// Enabled = true, - /// RealmName = "my-realm", - /// }); - /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() - /// { - /// ClientId = "test-saml-client", - /// IncludeAuthnStatement = true, - /// RealmId = realm.Id, - /// SignAssertions = true, - /// SignDocuments = false, - /// SigningCertificate = File.ReadAllText("saml-cert.pem"), - /// SigningPrivateKey = File.ReadAllText("saml-key.pem"), - /// }); - /// - /// }); - /// ``` - /// <!--End PulumiCodeChooser --> - /// - /// ### Argument Reference - /// - /// The following arguments are supported: - /// - /// - `realm_id` - (Required) The realm this client is attached to. - /// - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. - /// - `name` - (Optional) The display name of this client in the GUI. - /// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - /// - `description` - (Optional) The description of this client in the GUI. - /// - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. - /// - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. - /// - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. - /// - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. - /// - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. - /// - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. - /// - `name_id_format` - (Optional) Sets the Name ID format for the subject. - /// - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. - /// - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - /// - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. - /// - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. - /// - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. - /// - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. - /// - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. - /// - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - /// - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). - /// - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). - /// - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. - /// - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. - /// - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token - /// /// ### Import /// /// Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak diff --git a/sdk/dotnet/Saml/ClientDefaultScope.cs b/sdk/dotnet/Saml/ClientDefaultScope.cs index 241d38f3..b5feff43 100644 --- a/sdk/dotnet/Saml/ClientDefaultScope.cs +++ b/sdk/dotnet/Saml/ClientDefaultScope.cs @@ -11,59 +11,6 @@ namespace Pulumi.Keycloak.Saml { /// /// ## Example Usage - /// - /// <!--Start PulumiCodeChooser --> - /// ```csharp - /// using System.Collections.Generic; - /// using System.IO; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() - /// { - /// RealmId = realm.Id, - /// ClientId = "saml-client", - /// SignDocuments = false, - /// SignAssertions = true, - /// IncludeAuthnStatement = true, - /// SigningCertificate = File.ReadAllText("saml-cert.pem"), - /// SigningPrivateKey = File.ReadAllText("saml-key.pem"), - /// }); - /// - /// var clientScope = new Keycloak.Saml.ClientScope("clientScope", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var clientDefaultScopes = new Keycloak.Saml.ClientDefaultScope("clientDefaultScopes", new() - /// { - /// RealmId = realm.Id, - /// ClientId = keycloak_saml_client.Client.Id, - /// DefaultScopes = new[] - /// { - /// "role_list", - /// clientScope.Name, - /// }, - /// }); - /// - /// }); - /// ``` - /// <!--End PulumiCodeChooser --> - /// - /// ## Import - /// - /// This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - /// - /// on the server. /// [KeycloakResourceType("keycloak:saml/clientDefaultScope:ClientDefaultScope")] public partial class ClientDefaultScope : global::Pulumi.CustomResource diff --git a/sdk/dotnet/Saml/ClientScope.cs b/sdk/dotnet/Saml/ClientScope.cs index c0b76597..6f420fa5 100644 --- a/sdk/dotnet/Saml/ClientScope.cs +++ b/sdk/dotnet/Saml/ClientScope.cs @@ -31,9 +31,10 @@ namespace Pulumi.Keycloak.Saml /// Enabled = true, /// }); /// - /// var samlClientScope = new Keycloak.Saml.ClientScope("samlClientScope", new() + /// var samlClientScope = new Keycloak.Saml.ClientScope("saml_client_scope", new() /// { /// RealmId = realm.Id, + /// Name = "groups", /// Description = "This scope will map a user's group memberships to SAML assertion", /// GuiOrder = 1, /// }); diff --git a/sdk/dotnet/Saml/GetClient.cs b/sdk/dotnet/Saml/GetClient.cs index 6024ee50..af965cae 100644 --- a/sdk/dotnet/Saml/GetClient.cs +++ b/sdk/dotnet/Saml/GetClient.cs @@ -31,6 +31,7 @@ public static class GetClient /// ClientId = "realm-management", /// }); /// + /// // use the data source /// var admin = Keycloak.GetRole.Invoke(new() /// { /// RealmId = "my-realm", @@ -65,6 +66,7 @@ public static Task InvokeAsync(GetClientArgs args, InvokeOption /// ClientId = "realm-management", /// }); /// + /// // use the data source /// var admin = Keycloak.GetRole.Invoke(new() /// { /// RealmId = "my-realm", diff --git a/sdk/dotnet/Saml/GetClientInstallationProvider.cs b/sdk/dotnet/Saml/GetClientInstallationProvider.cs index bc3053c3..918b984e 100644 --- a/sdk/dotnet/Saml/GetClientInstallationProvider.cs +++ b/sdk/dotnet/Saml/GetClientInstallationProvider.cs @@ -13,108 +13,12 @@ public static class GetClientInstallationProvider { /// /// This data source can be used to retrieve Installation Provider of a SAML Client. - /// - /// ## Example Usage - /// - /// In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - /// - /// <!--Start PulumiCodeChooser --> - /// ```csharp - /// using System.Collections.Generic; - /// using System.IO; - /// using System.Linq; - /// using Pulumi; - /// using Aws = Pulumi.Aws; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() - /// { - /// RealmId = realm.Id, - /// ClientId = "test-saml-client", - /// SignDocuments = false, - /// SignAssertions = true, - /// IncludeAuthnStatement = true, - /// SigningCertificate = File.ReadAllText("saml-cert.pem"), - /// SigningPrivateKey = File.ReadAllText("saml-key.pem"), - /// }); - /// - /// var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new() - /// { - /// RealmId = realm.Id, - /// ClientId = samlClient.Id, - /// ProviderId = "saml-idp-descriptor", - /// }); - /// - /// var @default = new Aws.Iam.SamlProvider("default", new() - /// { - /// SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value), - /// }); - /// - /// }); - /// ``` - /// <!--End PulumiCodeChooser --> /// public static Task InvokeAsync(GetClientInstallationProviderArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.InvokeAsync("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", args ?? new GetClientInstallationProviderArgs(), options.WithDefaults()); /// /// This data source can be used to retrieve Installation Provider of a SAML Client. - /// - /// ## Example Usage - /// - /// In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - /// - /// <!--Start PulumiCodeChooser --> - /// ```csharp - /// using System.Collections.Generic; - /// using System.IO; - /// using System.Linq; - /// using Pulumi; - /// using Aws = Pulumi.Aws; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() - /// { - /// RealmId = realm.Id, - /// ClientId = "test-saml-client", - /// SignDocuments = false, - /// SignAssertions = true, - /// IncludeAuthnStatement = true, - /// SigningCertificate = File.ReadAllText("saml-cert.pem"), - /// SigningPrivateKey = File.ReadAllText("saml-key.pem"), - /// }); - /// - /// var samlIdpDescriptor = Keycloak.Saml.GetClientInstallationProvider.Invoke(new() - /// { - /// RealmId = realm.Id, - /// ClientId = samlClient.Id, - /// ProviderId = "saml-idp-descriptor", - /// }); - /// - /// var @default = new Aws.Iam.SamlProvider("default", new() - /// { - /// SamlMetadataDocument = samlIdpDescriptor.Apply(getClientInstallationProviderResult => getClientInstallationProviderResult.Value), - /// }); - /// - /// }); - /// ``` - /// <!--End PulumiCodeChooser --> /// public static Output Invoke(GetClientInstallationProviderInvokeArgs args, InvokeOptions? options = null) => global::Pulumi.Deployment.Instance.Invoke("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", args ?? new GetClientInstallationProviderInvokeArgs(), options.WithDefaults()); diff --git a/sdk/dotnet/Saml/IdentityProvider.cs b/sdk/dotnet/Saml/IdentityProvider.cs index 4870d763..4a02bf5e 100644 --- a/sdk/dotnet/Saml/IdentityProvider.cs +++ b/sdk/dotnet/Saml/IdentityProvider.cs @@ -27,19 +27,19 @@ namespace Pulumi.Keycloak.Saml /// /// return await Deployment.RunAsync(() => /// { - /// var realmIdentityProvider = new Keycloak.Saml.IdentityProvider("realmIdentityProvider", new() + /// var realmIdentityProvider = new Keycloak.Saml.IdentityProvider("realm_identity_provider", new() /// { + /// Realm = "my-realm", /// Alias = "my-idp", + /// SingleSignOnServiceUrl = "https://domain.com/adfs/ls/", + /// SingleLogoutServiceUrl = "https://domain.com/adfs/ls/?wa=wsignout1.0", /// BackchannelSupported = true, - /// ForceAuthn = true, - /// PostBindingAuthnRequest = true, - /// PostBindingLogout = true, /// PostBindingResponse = true, - /// Realm = "my-realm", - /// SingleLogoutServiceUrl = "https://domain.com/adfs/ls/?wa=wsignout1.0", - /// SingleSignOnServiceUrl = "https://domain.com/adfs/ls/", + /// PostBindingLogout = true, + /// PostBindingAuthnRequest = true, /// StoreToken = false, /// TrustEmail = true, + /// ForceAuthn = true, /// }); /// /// }); diff --git a/sdk/dotnet/Saml/ScriptProtocolMapper.cs b/sdk/dotnet/Saml/ScriptProtocolMapper.cs index 28dd219b..6b5a2640 100644 --- a/sdk/dotnet/Saml/ScriptProtocolMapper.cs +++ b/sdk/dotnet/Saml/ScriptProtocolMapper.cs @@ -34,16 +34,18 @@ namespace Pulumi.Keycloak.Saml /// Enabled = true, /// }); /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() + /// var samlClient = new Keycloak.Saml.Client("saml_client", new() /// { /// RealmId = realm.Id, /// ClientId = "saml-client", + /// Name = "saml-client", /// }); /// - /// var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper("samlScriptMapper", new() + /// var samlScriptMapper = new Keycloak.Saml.ScriptProtocolMapper("saml_script_mapper", new() /// { /// RealmId = realm.Id, /// ClientId = samlClient.Id, + /// Name = "script-mapper", /// Script = "exports = 'foo';", /// SamlAttributeName = "displayName", /// SamlAttributeNameFormat = "Unspecified", diff --git a/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs b/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs index b3013cba..f2da3cc0 100644 --- a/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs +++ b/sdk/dotnet/Saml/UserAttributeProtocolMapper.cs @@ -33,23 +33,25 @@ namespace Pulumi.Keycloak.Saml /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() + /// var samlClient = new Keycloak.Saml.Client("saml_client", new() /// { + /// RealmId = test.Id, /// ClientId = "test-saml-client", - /// RealmId = keycloak_realm.Test.Id, + /// Name = "test-saml-client", /// }); /// - /// var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper("samlUserAttributeMapper", new() + /// var samlUserAttributeMapper = new Keycloak.Saml.UserAttributeProtocolMapper("saml_user_attribute_mapper", new() /// { + /// RealmId = test.Id, /// ClientId = samlClient.Id, - /// RealmId = keycloak_realm.Test.Id, + /// Name = "displayname-user-attribute-mapper", + /// UserAttribute = "displayName", /// SamlAttributeName = "displayName", /// SamlAttributeNameFormat = "Unspecified", - /// UserAttribute = "displayName", /// }); /// /// }); diff --git a/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs b/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs index 49902191..8626fdfa 100644 --- a/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs +++ b/sdk/dotnet/Saml/UserPropertyProtocolMapper.cs @@ -33,23 +33,25 @@ namespace Pulumi.Keycloak.Saml /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// - /// var samlClient = new Keycloak.Saml.Client("samlClient", new() + /// var samlClient = new Keycloak.Saml.Client("saml_client", new() /// { + /// RealmId = test.Id, /// ClientId = "test-saml-client", - /// RealmId = keycloak_realm.Test.Id, + /// Name = "test-saml-client", /// }); /// - /// var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper("samlUserPropertyMapper", new() + /// var samlUserPropertyMapper = new Keycloak.Saml.UserPropertyProtocolMapper("saml_user_property_mapper", new() /// { + /// RealmId = test.Id, /// ClientId = samlClient.Id, - /// RealmId = keycloak_realm.Test.Id, + /// Name = "email-user-property-mapper", + /// UserProperty = "email", /// SamlAttributeName = "email", /// SamlAttributeNameFormat = "Unspecified", - /// UserProperty = "email", /// }); /// /// }); diff --git a/sdk/dotnet/User.cs b/sdk/dotnet/User.cs index 24a6e235..8c1f92e8 100644 --- a/sdk/dotnet/User.cs +++ b/sdk/dotnet/User.cs @@ -31,33 +31,33 @@ namespace Pulumi.Keycloak /// { /// var realm = new Keycloak.Realm("realm", new() /// { - /// Enabled = true, /// RealmName = "my-realm", + /// Enabled = true, /// }); /// /// var user = new Keycloak.User("user", new() /// { - /// Email = "bob@domain.com", + /// RealmId = realm.Id, + /// Username = "bob", /// Enabled = true, + /// Email = "bob@domain.com", /// FirstName = "Bob", /// LastName = "Bobson", - /// RealmId = realm.Id, - /// Username = "bob", /// }); /// - /// var userWithInitialPassword = new Keycloak.User("userWithInitialPassword", new() + /// var userWithInitialPassword = new Keycloak.User("user_with_initial_password", new() /// { - /// Email = "alice@domain.com", + /// RealmId = realm.Id, + /// Username = "alice", /// Enabled = true, + /// Email = "alice@domain.com", /// FirstName = "Alice", + /// LastName = "Aliceberg", /// InitialPassword = new Keycloak.Inputs.UserInitialPasswordArgs /// { - /// Temporary = true, /// Value = "some password", + /// Temporary = true, /// }, - /// LastName = "Aliceberg", - /// RealmId = realm.Id, - /// Username = "alice", /// }); /// /// }); diff --git a/sdk/dotnet/UserGroups.cs b/sdk/dotnet/UserGroups.cs index c3bb5b91..b3ee053d 100644 --- a/sdk/dotnet/UserGroups.cs +++ b/sdk/dotnet/UserGroups.cs @@ -36,6 +36,7 @@ namespace Pulumi.Keycloak /// var @group = new Keycloak.Group("group", new() /// { /// RealmId = realm.Id, + /// Name = "foo", /// }); /// /// var user = new Keycloak.User("user", new() @@ -44,7 +45,7 @@ namespace Pulumi.Keycloak /// Username = "my-user", /// }); /// - /// var userGroups = new Keycloak.UserGroups("userGroups", new() + /// var userGroups = new Keycloak.UserGroups("user_groups", new() /// { /// RealmId = realm.Id, /// UserId = user.Id, @@ -57,70 +58,6 @@ namespace Pulumi.Keycloak /// }); /// ``` /// <!--End PulumiCodeChooser --> - /// - /// ### Non Exhaustive Groups) - /// <!--Start PulumiCodeChooser --> - /// ```csharp - /// using System.Collections.Generic; - /// using System.Linq; - /// using Pulumi; - /// using Keycloak = Pulumi.Keycloak; - /// - /// return await Deployment.RunAsync(() => - /// { - /// var realm = new Keycloak.Realm("realm", new() - /// { - /// RealmName = "my-realm", - /// Enabled = true, - /// }); - /// - /// var groupFoo = new Keycloak.Group("groupFoo", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var groupBar = new Keycloak.Group("groupBar", new() - /// { - /// RealmId = realm.Id, - /// }); - /// - /// var user = new Keycloak.User("user", new() - /// { - /// RealmId = realm.Id, - /// Username = "my-user", - /// }); - /// - /// var userGroupsAssociation1UserGroups = new Keycloak.UserGroups("userGroupsAssociation1UserGroups", new() - /// { - /// RealmId = realm.Id, - /// UserId = user.Id, - /// Exhaustive = false, - /// GroupIds = new[] - /// { - /// groupFoo.Id, - /// }, - /// }); - /// - /// var userGroupsAssociation1Index_userGroupsUserGroups = new Keycloak.UserGroups("userGroupsAssociation1Index/userGroupsUserGroups", new() - /// { - /// RealmId = realm.Id, - /// UserId = user.Id, - /// Exhaustive = false, - /// GroupIds = new[] - /// { - /// groupBar.Id, - /// }, - /// }); - /// - /// }); - /// ``` - /// <!--End PulumiCodeChooser --> - /// - /// ## Import - /// - /// This resource does not support import. Instead of importing, feel free to create this resource - /// - /// as if it did not already exist on the server. /// [KeycloakResourceType("keycloak:index/userGroups:UserGroups")] public partial class UserGroups : global::Pulumi.CustomResource diff --git a/sdk/dotnet/UserRoles.cs b/sdk/dotnet/UserRoles.cs index e16ec1c4..3091edb1 100644 --- a/sdk/dotnet/UserRoles.cs +++ b/sdk/dotnet/UserRoles.cs @@ -38,9 +38,10 @@ namespace Pulumi.Keycloak /// Enabled = true, /// }); /// - /// var realmRole = new Keycloak.Role("realmRole", new() + /// var realmRole = new Keycloak.Role("realm_role", new() /// { /// RealmId = realm.Id, + /// Name = "my-realm-role", /// Description = "My Realm Role", /// }); /// @@ -48,14 +49,16 @@ namespace Pulumi.Keycloak /// { /// RealmId = realm.Id, /// ClientId = "client", + /// Name = "client", /// Enabled = true, /// AccessType = "BEARER-ONLY", /// }); /// - /// var clientRole = new Keycloak.Role("clientRole", new() + /// var clientRole = new Keycloak.Role("client_role", new() /// { /// RealmId = realm.Id, - /// ClientId = keycloak_client.Client.Id, + /// ClientId = clientKeycloakClient.Id, + /// Name = "my-client-role", /// Description = "My Client Role", /// }); /// @@ -69,7 +72,7 @@ namespace Pulumi.Keycloak /// LastName = "Bobson", /// }); /// - /// var userRoles = new Keycloak.UserRoles("userRoles", new() + /// var userRoles = new Keycloak.UserRoles("user_roles", new() /// { /// RealmId = realm.Id, /// UserId = user.Id, diff --git a/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs b/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs index 921a373d..895de8e4 100644 --- a/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs +++ b/sdk/dotnet/UserTemplateImporterIdentityProviderMapper.cs @@ -46,9 +46,10 @@ namespace Pulumi.Keycloak /// DefaultScopes = "openid random profile", /// }); /// - /// var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper("usernameImporter", new() + /// var usernameImporter = new Keycloak.UserTemplateImporterIdentityProviderMapper("username_importer", new() /// { /// Realm = realm.Id, + /// Name = "username-template-importer", /// IdentityProviderAlias = oidc.Alias, /// Template = "${ALIAS}.${CLAIM.email}", /// ExtraConfig = diff --git a/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go b/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go index aaa4e112..d393ea01 100644 --- a/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go +++ b/sdk/go/keycloak/attributeImporterIdentityProviderMapper.go @@ -31,10 +31,11 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, "testMapper", &keycloak.AttributeImporterIdentityProviderMapperArgs{ -// AttributeName: pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"), -// IdentityProviderAlias: pulumi.String("idp_alias"), +// _, err := keycloak.NewAttributeImporterIdentityProviderMapper(ctx, "test_mapper", &keycloak.AttributeImporterIdentityProviderMapperArgs{ // Realm: pulumi.String("my-realm"), +// Name: pulumi.String("my-mapper"), +// IdentityProviderAlias: pulumi.String("idp_alias"), +// AttributeName: pulumi.String("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"), // UserAttribute: pulumi.String("lastName"), // }) // if err != nil { diff --git a/sdk/go/keycloak/attributeToRoleIdentityMapper.go b/sdk/go/keycloak/attributeToRoleIdentityMapper.go index 3fded273..f2641348 100644 --- a/sdk/go/keycloak/attributeToRoleIdentityMapper.go +++ b/sdk/go/keycloak/attributeToRoleIdentityMapper.go @@ -39,7 +39,7 @@ import ( // if err != nil { // return err // } -// oidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, "oidcIdentityProvider", &oidc.IdentityProviderArgs{ +// oidc, err := oidc.NewIdentityProvider(ctx, "oidc", &oidc.IdentityProviderArgs{ // Realm: realm.ID(), // Alias: pulumi.String("oidc"), // AuthorizationUrl: pulumi.String("https://example.com/auth"), @@ -51,16 +51,18 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, "oidcAttributeToRoleIdentityMapper", &keycloak.AttributeToRoleIdentityMapperArgs{ +// _, err = keycloak.NewAttributeToRoleIdentityMapper(ctx, "oidc", &keycloak.AttributeToRoleIdentityMapperArgs{ // Realm: realm.ID(), -// IdentityProviderAlias: oidcIdentityProvider.Alias, +// Name: pulumi.String("role-attribute"), +// IdentityProviderAlias: oidc.Alias, // Role: pulumi.String("my-realm-role"), // ClaimName: pulumi.String("my-claim"), // ClaimValue: pulumi.String("my-value"), diff --git a/sdk/go/keycloak/authentication/bindings.go b/sdk/go/keycloak/authentication/bindings.go index a9392634..36e6f8e7 100644 --- a/sdk/go/keycloak/authentication/bindings.go +++ b/sdk/go/keycloak/authentication/bindings.go @@ -57,7 +57,7 @@ import ( // return err // } // // first execution -// executionOne, err := authentication.NewExecution(ctx, "executionOne", &authentication.ExecutionArgs{ +// executionOne, err := authentication.NewExecution(ctx, "execution_one", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("auth-cookie"), @@ -67,7 +67,7 @@ import ( // return err // } // // second execution -// _, err = authentication.NewExecution(ctx, "executionTwo", &authentication.ExecutionArgs{ +// _, err = authentication.NewExecution(ctx, "execution_two", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("identity-provider-redirector"), @@ -78,7 +78,7 @@ import ( // if err != nil { // return err // } -// _, err = authentication.NewBindings(ctx, "browserAuthenticationBinding", &authentication.BindingsArgs{ +// _, err = authentication.NewBindings(ctx, "browser_authentication_binding", &authentication.BindingsArgs{ // RealmId: realm.ID(), // BrowserFlow: flow.Alias, // }) diff --git a/sdk/go/keycloak/authentication/execution.go b/sdk/go/keycloak/authentication/execution.go index 696e5dcb..cac66185 100644 --- a/sdk/go/keycloak/authentication/execution.go +++ b/sdk/go/keycloak/authentication/execution.go @@ -50,7 +50,7 @@ import ( // return err // } // // first execution -// executionOne, err := authentication.NewExecution(ctx, "executionOne", &authentication.ExecutionArgs{ +// executionOne, err := authentication.NewExecution(ctx, "execution_one", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("auth-cookie"), @@ -60,7 +60,7 @@ import ( // return err // } // // second execution -// _, err = authentication.NewExecution(ctx, "executionTwo", &authentication.ExecutionArgs{ +// _, err = authentication.NewExecution(ctx, "execution_two", &authentication.ExecutionArgs{ // RealmId: realm.ID(), // ParentFlowAlias: flow.Alias, // Authenticator: pulumi.String("identity-provider-redirector"), diff --git a/sdk/go/keycloak/customIdentityProviderMapping.go b/sdk/go/keycloak/customIdentityProviderMapping.go index eb68760e..4fd3b38e 100644 --- a/sdk/go/keycloak/customIdentityProviderMapping.go +++ b/sdk/go/keycloak/customIdentityProviderMapping.go @@ -35,7 +35,7 @@ import ( // if err != nil { // return err // } -// oidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, "oidcIdentityProvider", &oidc.IdentityProviderArgs{ +// oidc, err := oidc.NewIdentityProvider(ctx, "oidc", &oidc.IdentityProviderArgs{ // Realm: realm.ID(), // Alias: pulumi.String("oidc"), // AuthorizationUrl: pulumi.String("https://example.com/auth"), @@ -47,9 +47,10 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewCustomIdentityProviderMapping(ctx, "oidcCustomIdentityProviderMapping", &keycloak.CustomIdentityProviderMappingArgs{ +// _, err = keycloak.NewCustomIdentityProviderMapping(ctx, "oidc", &keycloak.CustomIdentityProviderMappingArgs{ // Realm: realm.ID(), -// IdentityProviderAlias: oidcIdentityProvider.Alias, +// Name: pulumi.String("email-attribute-importer"), +// IdentityProviderAlias: oidc.Alias, // IdentityProviderMapper: pulumi.String("%s-user-attribute-idp-mapper"), // ExtraConfig: pulumi.Map{ // "syncMode": pulumi.Any("INHERIT"), diff --git a/sdk/go/keycloak/customUserFederation.go b/sdk/go/keycloak/customUserFederation.go index d0ee1061..4a26d0eb 100644 --- a/sdk/go/keycloak/customUserFederation.go +++ b/sdk/go/keycloak/customUserFederation.go @@ -36,16 +36,17 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = keycloak.NewCustomUserFederation(ctx, "customUserFederation", &keycloak.CustomUserFederationArgs{ -// Enabled: pulumi.Bool(true), -// ProviderId: pulumi.String("custom"), +// _, err = keycloak.NewCustomUserFederation(ctx, "custom_user_federation", &keycloak.CustomUserFederationArgs{ +// Name: pulumi.String("custom"), // RealmId: realm.ID(), +// ProviderId: pulumi.String("custom"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/defaultGroups.go b/sdk/go/keycloak/defaultGroups.go index 68120a8e..88ed5538 100644 --- a/sdk/go/keycloak/defaultGroups.go +++ b/sdk/go/keycloak/defaultGroups.go @@ -35,23 +35,24 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-group"), // }) // if err != nil { // return err // } // _, err = keycloak.NewDefaultGroups(ctx, "default", &keycloak.DefaultGroupsArgs{ +// RealmId: realm.ID(), // GroupIds: pulumi.StringArray{ // group.ID(), // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/defaultRoles.go b/sdk/go/keycloak/defaultRoles.go index 32cd7ffc..bb598034 100644 --- a/sdk/go/keycloak/defaultRoles.go +++ b/sdk/go/keycloak/defaultRoles.go @@ -40,7 +40,7 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewDefaultRoles(ctx, "defaultRoles", &keycloak.DefaultRolesArgs{ +// _, err = keycloak.NewDefaultRoles(ctx, "default_roles", &keycloak.DefaultRolesArgs{ // RealmId: realm.ID(), // DefaultRoles: pulumi.StringArray{ // pulumi.String("uma_authorization"), diff --git a/sdk/go/keycloak/genericClientProtocolMapper.go b/sdk/go/keycloak/genericClientProtocolMapper.go index e06abf2c..71668fdf 100644 --- a/sdk/go/keycloak/genericClientProtocolMapper.go +++ b/sdk/go/keycloak/genericClientProtocolMapper.go @@ -40,30 +40,31 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// ClientId: pulumi.String("test-client"), +// samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ // RealmId: realm.ID(), +// ClientId: pulumi.String("test-client"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericClientProtocolMapper(ctx, "samlHardcodeAttributeMapper", &keycloak.GenericClientProtocolMapperArgs{ -// ClientId: samlClient.ID(), +// _, err = keycloak.NewGenericClientProtocolMapper(ctx, "saml_hardcode_attribute_mapper", &keycloak.GenericClientProtocolMapperArgs{ +// RealmId: realm.ID(), +// ClientId: samlClient.ID(), +// Name: pulumi.String("tes-mapper"), +// Protocol: pulumi.String("saml"), +// ProtocolMapper: pulumi.String("saml-hardcode-attribute-mapper"), // Config: pulumi.Map{ // "attribute.name": pulumi.Any("name"), // "attribute.nameformat": pulumi.Any("Basic"), // "attribute.value": pulumi.Any("value"), // "friendly.name": pulumi.Any("display name"), // }, -// Protocol: pulumi.String("saml"), -// ProtocolMapper: pulumi.String("saml-hardcode-attribute-mapper"), -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/genericClientRoleMapper.go b/sdk/go/keycloak/genericClientRoleMapper.go index 9da848f7..936dcdf4 100644 --- a/sdk/go/keycloak/genericClientRoleMapper.go +++ b/sdk/go/keycloak/genericClientRoleMapper.go @@ -48,20 +48,22 @@ import ( // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericClientRoleMapper(ctx, "clientRoleMapper", &keycloak.GenericClientRoleMapperArgs{ +// _, err = keycloak.NewGenericClientRoleMapper(ctx, "client_role_mapper", &keycloak.GenericClientRoleMapperArgs{ // RealmId: realm.ID(), // ClientId: client.ID(), // RoleId: realmRole.ID(), @@ -99,9 +101,10 @@ import ( // if err != nil { // return err // } -// clientA, err := openid.NewClient(ctx, "clientA", &openid.ClientArgs{ +// clientA, err := openid.NewClient(ctx, "client_a", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client-a"), +// Name: pulumi.String("client-a"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // FullScopeAllowed: pulumi.Bool(false), @@ -109,32 +112,35 @@ import ( // if err != nil { // return err // } -// clientRoleA, err := keycloak.NewRole(ctx, "clientRoleA", &keycloak.RoleArgs{ +// clientRoleA, err := keycloak.NewRole(ctx, "client_role_a", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: clientA.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// clientB, err := openid.NewClient(ctx, "clientB", &openid.ClientArgs{ +// clientB, err := openid.NewClient(ctx, "client_b", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client-b"), +// Name: pulumi.String("client-b"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "clientRoleB", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "client_role_b", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: clientB.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericClientRoleMapper(ctx, "clientBRoleMapper", &keycloak.GenericClientRoleMapperArgs{ +// _, err = keycloak.NewGenericClientRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericClientRoleMapperArgs{ // RealmId: realm.ID(), // ClientId: clientB.ID(), // RoleId: clientRoleA.ID(), @@ -172,20 +178,22 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-client-scope"), // }) // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericClientRoleMapper(ctx, "clientRoleMapper", &keycloak.GenericClientRoleMapperArgs{ +// _, err = keycloak.NewGenericClientRoleMapper(ctx, "client_role_mapper", &keycloak.GenericClientRoleMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // RoleId: realmRole.ID(), @@ -226,27 +234,30 @@ import ( // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ +// clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: client.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-client-scope"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericClientRoleMapper(ctx, "clientBRoleMapper", &keycloak.GenericClientRoleMapperArgs{ +// _, err = keycloak.NewGenericClientRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericClientRoleMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // RoleId: clientRole.ID(), diff --git a/sdk/go/keycloak/genericProtocolMapper.go b/sdk/go/keycloak/genericProtocolMapper.go index 06d00e20..720ac742 100644 --- a/sdk/go/keycloak/genericProtocolMapper.go +++ b/sdk/go/keycloak/genericProtocolMapper.go @@ -44,16 +44,17 @@ import ( // if err != nil { // return err // } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ +// samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericProtocolMapper(ctx, "samlHardcodeAttributeMapper", &keycloak.GenericProtocolMapperArgs{ +// _, err = keycloak.NewGenericProtocolMapper(ctx, "saml_hardcode_attribute_mapper", &keycloak.GenericProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: samlClient.ID(), +// Name: pulumi.String("test-mapper"), // Protocol: pulumi.String("saml"), // ProtocolMapper: pulumi.String("saml-hardcode-attribute-mapper"), // Config: pulumi.Map{ diff --git a/sdk/go/keycloak/genericRoleMapper.go b/sdk/go/keycloak/genericRoleMapper.go index e8b2afb1..0e1542d9 100644 --- a/sdk/go/keycloak/genericRoleMapper.go +++ b/sdk/go/keycloak/genericRoleMapper.go @@ -46,20 +46,22 @@ import ( // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericRoleMapper(ctx, "clientRoleMapper", &keycloak.GenericRoleMapperArgs{ +// _, err = keycloak.NewGenericRoleMapper(ctx, "client_role_mapper", &keycloak.GenericRoleMapperArgs{ // RealmId: realm.ID(), // ClientId: client.ID(), // RoleId: realmRole.ID(), @@ -97,9 +99,10 @@ import ( // if err != nil { // return err // } -// clientA, err := openid.NewClient(ctx, "clientA", &openid.ClientArgs{ +// clientA, err := openid.NewClient(ctx, "client_a", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client-a"), +// Name: pulumi.String("client-a"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // FullScopeAllowed: pulumi.Bool(false), @@ -107,32 +110,35 @@ import ( // if err != nil { // return err // } -// clientRoleA, err := keycloak.NewRole(ctx, "clientRoleA", &keycloak.RoleArgs{ +// clientRoleA, err := keycloak.NewRole(ctx, "client_role_a", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: clientA.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// clientB, err := openid.NewClient(ctx, "clientB", &openid.ClientArgs{ +// clientB, err := openid.NewClient(ctx, "client_b", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client-b"), +// Name: pulumi.String("client-b"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "clientRoleB", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "client_role_b", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: clientB.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericRoleMapper(ctx, "clientBRoleMapper", &keycloak.GenericRoleMapperArgs{ +// _, err = keycloak.NewGenericRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericRoleMapperArgs{ // RealmId: realm.ID(), // ClientId: clientB.ID(), // RoleId: clientRoleA.ID(), @@ -170,20 +176,22 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-client-scope"), // }) // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericRoleMapper(ctx, "clientRoleMapper", &keycloak.GenericRoleMapperArgs{ +// _, err = keycloak.NewGenericRoleMapper(ctx, "client_role_mapper", &keycloak.GenericRoleMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // RoleId: realmRole.ID(), @@ -224,27 +232,30 @@ import ( // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ +// clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: client.ID(), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-client-scope"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGenericRoleMapper(ctx, "clientBRoleMapper", &keycloak.GenericRoleMapperArgs{ +// _, err = keycloak.NewGenericRoleMapper(ctx, "client_b_role_mapper", &keycloak.GenericRoleMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // RoleId: clientRole.ID(), diff --git a/sdk/go/keycloak/getClientDescriptionConverter.go b/sdk/go/keycloak/getClientDescriptionConverter.go index f840bf7c..f4f61775 100644 --- a/sdk/go/keycloak/getClientDescriptionConverter.go +++ b/sdk/go/keycloak/getClientDescriptionConverter.go @@ -37,7 +37,7 @@ import ( // if err != nil { // return err // } -// samlClientClientDescriptionConverter := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{ +// samlClient := keycloak.GetClientDescriptionConverterOutput(ctx, keycloak.GetClientDescriptionConverterOutputArgs{ // RealmId: realm.ID(), // Body: pulumi.String(` // @@ -70,10 +70,10 @@ import ( // `), // // }, nil) -// _, err = saml.NewClient(ctx, "samlClientClient", &saml.ClientArgs{ +// _, err = saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ // RealmId: realm.ID(), -// ClientId: samlClientClientDescriptionConverter.ApplyT(func(samlClientClientDescriptionConverter keycloak.GetClientDescriptionConverterResult) (*string, error) { -// return &samlClientClientDescriptionConverter.ClientId, nil +// ClientId: samlClient.ApplyT(func(samlClient keycloak.GetClientDescriptionConverterResult) (*string, error) { +// return &samlClient.ClientId, nil // }).(pulumi.StringPtrOutput), // }) // if err != nil { diff --git a/sdk/go/keycloak/getRealm.go b/sdk/go/keycloak/getRealm.go index 2680c87d..80bbc4a3 100644 --- a/sdk/go/keycloak/getRealm.go +++ b/sdk/go/keycloak/getRealm.go @@ -37,8 +37,10 @@ import ( // if err != nil { // return err // } +// // use the data source // _, err = keycloak.NewRole(ctx, "group", &keycloak.RoleArgs{ -// RealmId: pulumi.Any(data.Keycloak_realm.Id), +// RealmId: pulumi.Any(id), +// Name: pulumi.String("group"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/getUser.go b/sdk/go/keycloak/getUser.go index 773c1fc8..cc26f3c5 100644 --- a/sdk/go/keycloak/getUser.go +++ b/sdk/go/keycloak/getUser.go @@ -34,6 +34,7 @@ import ( // if err != nil { // return err // } +// // use the keycloak_user data source to grab the admin user's ID // defaultAdminUser, err := keycloak.LookupUser(ctx, &keycloak.LookupUserArgs{ // RealmId: masterRealm.Id, // Username: "keycloak", diff --git a/sdk/go/keycloak/getUserRealmRoles.go b/sdk/go/keycloak/getUserRealmRoles.go index 9d671371..8796d71e 100644 --- a/sdk/go/keycloak/getUserRealmRoles.go +++ b/sdk/go/keycloak/getUserRealmRoles.go @@ -34,6 +34,7 @@ import ( // if err != nil { // return err // } +// // use the keycloak_user data source to grab the admin user's ID // defaultAdminUser, err := keycloak.LookupUser(ctx, &keycloak.LookupUserArgs{ // RealmId: masterRealm.Id, // Username: "keycloak", @@ -41,6 +42,7 @@ import ( // if err != nil { // return err // } +// // use the keycloak_user_realm_roles data source to list role names // userRealmRoles, err := keycloak.GetUserRealmRoles(ctx, &keycloak.GetUserRealmRolesArgs{ // RealmId: masterRealm.Id, // UserId: defaultAdminUser.Id, diff --git a/sdk/go/keycloak/group.go b/sdk/go/keycloak/group.go index 300bb141..6ed7ffa4 100644 --- a/sdk/go/keycloak/group.go +++ b/sdk/go/keycloak/group.go @@ -41,32 +41,35 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// parentGroup, err := keycloak.NewGroup(ctx, "parentGroup", &keycloak.GroupArgs{ +// parentGroup, err := keycloak.NewGroup(ctx, "parent_group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("parent-group"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGroup(ctx, "childGroup", &keycloak.GroupArgs{ -// ParentId: parentGroup.ID(), +// _, err = keycloak.NewGroup(ctx, "child_group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// ParentId: parentGroup.ID(), +// Name: pulumi.String("child-group"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGroup(ctx, "childGroupWithOptionalAttributes", &keycloak.GroupArgs{ +// _, err = keycloak.NewGroup(ctx, "child_group_with_optional_attributes", &keycloak.GroupArgs{ +// RealmId: realm.ID(), +// ParentId: parentGroup.ID(), +// Name: pulumi.String("child-group-with-optional-attributes"), // Attributes: pulumi.Map{ // "key1": pulumi.Any("value1"), // "key2": pulumi.Any("value2"), // }, -// ParentId: parentGroup.ID(), -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/groupMemberships.go b/sdk/go/keycloak/groupMemberships.go index e6afb21a..ed5fcbcd 100644 --- a/sdk/go/keycloak/groupMemberships.go +++ b/sdk/go/keycloak/groupMemberships.go @@ -44,14 +44,15 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-group"), // }) // if err != nil { // return err @@ -63,12 +64,12 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewGroupMemberships(ctx, "groupMembers", &keycloak.GroupMembershipsArgs{ +// _, err = keycloak.NewGroupMemberships(ctx, "group_members", &keycloak.GroupMembershipsArgs{ +// RealmId: realm.ID(), // GroupId: group.ID(), // Members: pulumi.StringArray{ // user.Username, // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/groupRoles.go b/sdk/go/keycloak/groupRoles.go index f0197936..ec1009f5 100644 --- a/sdk/go/keycloak/groupRoles.go +++ b/sdk/go/keycloak/groupRoles.go @@ -43,45 +43,49 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ -// Description: pulumi.String("My Realm Role"), +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), +// Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } // _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ -// AccessType: pulumi.String("BEARER-ONLY"), +// RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// ClientId: pulumi.Any(keycloak_client.Client.Id), -// Description: pulumi.String("My Client Role"), +// clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// ClientId: pulumi.Any(clientKeycloakClient.Id), +// Name: pulumi.String("my-client-role"), +// Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } // group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-group"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewGroupRoles(ctx, "groupRoles", &keycloak.GroupRolesArgs{ -// GroupId: group.ID(), +// _, err = keycloak.NewGroupRoles(ctx, "group_roles", &keycloak.GroupRolesArgs{ // RealmId: realm.ID(), +// GroupId: group.ID(), // RoleIds: pulumi.StringArray{ // realmRole.ID(), // clientRole.ID(), diff --git a/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go b/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go index f41b881c..0287aa8d 100644 --- a/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go +++ b/sdk/go/keycloak/hardcodedAttributeIdentityProviderMapper.go @@ -39,7 +39,7 @@ import ( // if err != nil { // return err // } -// oidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, "oidcIdentityProvider", &oidc.IdentityProviderArgs{ +// oidc, err := oidc.NewIdentityProvider(ctx, "oidc", &oidc.IdentityProviderArgs{ // Realm: realm.ID(), // Alias: pulumi.String("my-idp"), // AuthorizationUrl: pulumi.String("https://authorizationurl.com"), @@ -50,9 +50,10 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, "oidcHardcodedAttributeIdentityProviderMapper", &keycloak.HardcodedAttributeIdentityProviderMapperArgs{ +// _, err = keycloak.NewHardcodedAttributeIdentityProviderMapper(ctx, "oidc", &keycloak.HardcodedAttributeIdentityProviderMapperArgs{ // Realm: realm.ID(), -// IdentityProviderAlias: oidcIdentityProvider.Alias, +// Name: pulumi.String("hardcodedUserSessionAttribute"), +// IdentityProviderAlias: oidc.Alias, // AttributeName: pulumi.String("attribute"), // AttributeValue: pulumi.String("value"), // UserSession: pulumi.Bool(true), diff --git a/sdk/go/keycloak/hardcodedRoleIdentityMapper.go b/sdk/go/keycloak/hardcodedRoleIdentityMapper.go index 5a40ccd3..f29930a2 100644 --- a/sdk/go/keycloak/hardcodedRoleIdentityMapper.go +++ b/sdk/go/keycloak/hardcodedRoleIdentityMapper.go @@ -39,7 +39,7 @@ import ( // if err != nil { // return err // } -// oidcIdentityProvider, err := oidc.NewIdentityProvider(ctx, "oidcIdentityProvider", &oidc.IdentityProviderArgs{ +// oidc, err := oidc.NewIdentityProvider(ctx, "oidc", &oidc.IdentityProviderArgs{ // Realm: realm.ID(), // Alias: pulumi.String("my-idp"), // AuthorizationUrl: pulumi.String("https://authorizationurl.com"), @@ -50,16 +50,18 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, "oidcHardcodedRoleIdentityMapper", &keycloak.HardcodedRoleIdentityMapperArgs{ +// _, err = keycloak.NewHardcodedRoleIdentityMapper(ctx, "oidc", &keycloak.HardcodedRoleIdentityMapperArgs{ // Realm: realm.ID(), -// IdentityProviderAlias: oidcIdentityProvider.Alias, +// Name: pulumi.String("hardcodedRole"), +// IdentityProviderAlias: oidc.Alias, // Role: pulumi.String("my-realm-role"), // ExtraConfig: pulumi.Map{ // "syncMode": pulumi.Any("INHERIT"), diff --git a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go index a9b9f7f4..0474b10d 100644 --- a/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go +++ b/sdk/go/keycloak/identityProviderTokenExchangeScopePermission.go @@ -29,14 +29,14 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// tokenExchangeRealm, err := keycloak.NewRealm(ctx, "tokenExchangeRealm", &keycloak.RealmArgs{ +// tokenExchangeRealm, err := keycloak.NewRealm(ctx, "token_exchange_realm", &keycloak.RealmArgs{ // Realm: pulumi.String("token-exchange_destination_realm"), // Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// tokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, "tokenExchangeMyOidcIdp", &oidc.IdentityProviderArgs{ +// tokenExchangeMyOidcIdp, err := oidc.NewIdentityProvider(ctx, "token_exchange_my_oidc_idp", &oidc.IdentityProviderArgs{ // Realm: tokenExchangeRealm.ID(), // Alias: pulumi.String("myIdp"), // AuthorizationUrl: pulumi.String("http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth"), @@ -48,8 +48,9 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewClient(ctx, "token-exchangeWebappClient", &openid.ClientArgs{ +// _, err = openid.NewClient(ctx, "token-exchange_webapp_client", &openid.ClientArgs{ // RealmId: tokenExchangeRealm.ID(), +// Name: pulumi.String("webapp_client"), // ClientId: pulumi.String("webapp_client"), // ClientSecret: pulumi.String("secret"), // Description: pulumi.String("a webapp client on the destination realm"), @@ -63,7 +64,7 @@ import ( // return err // } // // relevant part -// _, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, "oidcIdpPermission", &keycloak.IdentityProviderTokenExchangeScopePermissionArgs{ +// _, err = keycloak.NewIdentityProviderTokenExchangeScopePermission(ctx, "oidc_idp_permission", &keycloak.IdentityProviderTokenExchangeScopePermissionArgs{ // RealmId: tokenExchangeRealm.ID(), // ProviderAlias: tokenExchangeMyOidcIdp.Alias, // PolicyType: pulumi.String("client"), diff --git a/sdk/go/keycloak/ldap/customMapper.go b/sdk/go/keycloak/ldap/customMapper.go index 16da1394..7ff665d1 100644 --- a/sdk/go/keycloak/ldap/customMapper.go +++ b/sdk/go/keycloak/ldap/customMapper.go @@ -43,7 +43,8 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// _, err = ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -60,9 +61,10 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewCustomMapper(ctx, "customMapper", &ldap.CustomMapperArgs{ -// RealmId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Realm_id), -// LdapUserFederationId: pulumi.Any(keycloak_ldap_user_federation.Openldap.Id), +// _, err = ldap.NewCustomMapper(ctx, "custom_mapper", &ldap.CustomMapperArgs{ +// Name: pulumi.String("custom-mapper"), +// RealmId: pulumi.Any(openldap.RealmId), +// LdapUserFederationId: pulumi.Any(openldap.Id), // ProviderId: pulumi.String("custom-provider-registered-in-keycloak"), // ProviderType: pulumi.String("com.example.custom.ldap.mappers.CustomMapper"), // Config: pulumi.Map{ diff --git a/sdk/go/keycloak/ldap/fullNameMapper.go b/sdk/go/keycloak/ldap/fullNameMapper.go index 46fb63f3..9fa9a23d 100644 --- a/sdk/go/keycloak/ldap/fullNameMapper.go +++ b/sdk/go/keycloak/ldap/fullNameMapper.go @@ -37,33 +37,35 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// BindCredential: pulumi.String("admin"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// ConnectionUrl: pulumi.String("ldap://openldap"), -// RdnLdapAttribute: pulumi.String("cn"), -// RealmId: realm.ID(), +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), +// RealmId: realm.ID(), +// UsernameLdapAttribute: pulumi.String("cn"), +// RdnLdapAttribute: pulumi.String("cn"), +// UuidLdapAttribute: pulumi.String("entryDN"), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// UsernameLdapAttribute: pulumi.String("cn"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// BindCredential: pulumi.String("admin"), // }) // if err != nil { // return err // } -// _, err = ldap.NewFullNameMapper(ctx, "ldapFullNameMapper", &ldap.FullNameMapperArgs{ -// LdapFullNameAttribute: pulumi.String("cn"), -// LdapUserFederationId: ldapUserFederation.ID(), +// _, err = ldap.NewFullNameMapper(ctx, "ldap_full_name_mapper", &ldap.FullNameMapperArgs{ // RealmId: realm.ID(), +// LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("full-name-mapper"), +// LdapFullNameAttribute: pulumi.String("cn"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/ldap/groupMapper.go b/sdk/go/keycloak/ldap/groupMapper.go index d7c308a3..e843abee 100644 --- a/sdk/go/keycloak/ldap/groupMapper.go +++ b/sdk/go/keycloak/ldap/groupMapper.go @@ -38,41 +38,43 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// BindCredential: pulumi.String("admin"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// ConnectionUrl: pulumi.String("ldap://openldap"), -// RdnLdapAttribute: pulumi.String("cn"), -// RealmId: realm.ID(), +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), +// RealmId: realm.ID(), +// UsernameLdapAttribute: pulumi.String("cn"), +// RdnLdapAttribute: pulumi.String("cn"), +// UuidLdapAttribute: pulumi.String("entryDN"), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// UsernameLdapAttribute: pulumi.String("cn"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// BindCredential: pulumi.String("admin"), // }) // if err != nil { // return err // } -// _, err = ldap.NewGroupMapper(ctx, "ldapGroupMapper", &ldap.GroupMapperArgs{ +// _, err = ldap.NewGroupMapper(ctx, "ldap_group_mapper", &ldap.GroupMapperArgs{ +// RealmId: realm.ID(), +// LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("group-mapper"), +// LdapGroupsDn: pulumi.String("dc=example,dc=org"), // GroupNameLdapAttribute: pulumi.String("cn"), // GroupObjectClasses: pulumi.StringArray{ // pulumi.String("groupOfNames"), // }, -// LdapGroupsDn: pulumi.String("dc=example,dc=org"), -// LdapUserFederationId: ldapUserFederation.ID(), -// MemberofLdapAttribute: pulumi.String("memberOf"), // MembershipAttributeType: pulumi.String("DN"), // MembershipLdapAttribute: pulumi.String("member"), // MembershipUserLdapAttribute: pulumi.String("cn"), -// RealmId: realm.ID(), +// MemberofLdapAttribute: pulumi.String("memberOf"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go b/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go index b44161d3..f196f934 100644 --- a/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedAttributeMapper.go @@ -41,7 +41,8 @@ import ( // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -59,9 +60,10 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewHardcodedAttributeMapper(ctx, "assignBarToFoo", &ldap.HardcodedAttributeMapperArgs{ +// _, err = ldap.NewHardcodedAttributeMapper(ctx, "assign_bar_to_foo", &ldap.HardcodedAttributeMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("assign-foo-to-bar"), // AttributeName: pulumi.String("foo"), // AttributeValue: pulumi.String("bar"), // }) diff --git a/sdk/go/keycloak/ldap/hardcodedGroupMapper.go b/sdk/go/keycloak/ldap/hardcodedGroupMapper.go index d670a74b..f7663a83 100644 --- a/sdk/go/keycloak/ldap/hardcodedGroupMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedGroupMapper.go @@ -39,7 +39,8 @@ import ( // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -56,15 +57,17 @@ import ( // if err != nil { // return err // } -// realmGroup, err := keycloak.NewGroup(ctx, "realmGroup", &keycloak.GroupArgs{ +// realmGroup, err := keycloak.NewGroup(ctx, "realm_group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-group"), // }) // if err != nil { // return err // } -// _, err = ldap.NewHardcodedGroupMapper(ctx, "assignGroupToUsers", &ldap.HardcodedGroupMapperArgs{ +// _, err = ldap.NewHardcodedGroupMapper(ctx, "assign_group_to_users", &ldap.HardcodedGroupMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("assign-group-to-users"), // Group: realmGroup.Name, // }) // if err != nil { diff --git a/sdk/go/keycloak/ldap/hardcodedRoleMapper.go b/sdk/go/keycloak/ldap/hardcodedRoleMapper.go index 3c328733..416305be 100644 --- a/sdk/go/keycloak/ldap/hardcodedRoleMapper.go +++ b/sdk/go/keycloak/ldap/hardcodedRoleMapper.go @@ -39,7 +39,8 @@ import ( // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -56,9 +57,10 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewHardcodedRoleMapper(ctx, "assignAdminRoleToAllUsers", &ldap.HardcodedRoleMapperArgs{ +// _, err = ldap.NewHardcodedRoleMapper(ctx, "assign_admin_role_to_all_users", &ldap.HardcodedRoleMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("assign-admin-role-to-all-users"), // Role: pulumi.String("admin"), // }) // if err != nil { diff --git a/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go b/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go index e8ea16df..e9f53ce3 100644 --- a/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go +++ b/sdk/go/keycloak/ldap/msadLdsUserAccountControlMapper.go @@ -43,7 +43,8 @@ import ( // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("ad"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -61,9 +62,10 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, "msadLdsUserAccountControlMapper", &ldap.MsadLdsUserAccountControlMapperArgs{ +// _, err = ldap.NewMsadLdsUserAccountControlMapper(ctx, "msad_lds_user_account_control_mapper", &ldap.MsadLdsUserAccountControlMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("msad-lds-user-account-control-mapper"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go b/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go index 7ec9f59c..3f7b6db3 100644 --- a/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go +++ b/sdk/go/keycloak/ldap/msadUserAccountControlMapper.go @@ -39,33 +39,35 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// BindCredential: pulumi.String("admin"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// ConnectionUrl: pulumi.String("ldap://my-ad-server"), -// RdnLdapAttribute: pulumi.String("cn"), -// RealmId: realm.ID(), +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("ad"), +// RealmId: realm.ID(), +// UsernameLdapAttribute: pulumi.String("cn"), +// RdnLdapAttribute: pulumi.String("cn"), +// UuidLdapAttribute: pulumi.String("objectGUID"), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("person"), // pulumi.String("organizationalPerson"), // pulumi.String("user"), // }, -// UsernameLdapAttribute: pulumi.String("cn"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// UuidLdapAttribute: pulumi.String("objectGUID"), +// ConnectionUrl: pulumi.String("ldap://my-ad-server"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// BindCredential: pulumi.String("admin"), // }) // if err != nil { // return err // } -// _, err = ldap.NewMsadUserAccountControlMapper(ctx, "msadUserAccountControlMapper", &ldap.MsadUserAccountControlMapperArgs{ -// LdapUserFederationId: ldapUserFederation.ID(), +// _, err = ldap.NewMsadUserAccountControlMapper(ctx, "msad_user_account_control_mapper", &ldap.MsadUserAccountControlMapperArgs{ // RealmId: realm.ID(), +// LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("msad-user-account-control-mapper"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/ldap/roleMapper.go b/sdk/go/keycloak/ldap/roleMapper.go index 443c5252..0712b02f 100644 --- a/sdk/go/keycloak/ldap/roleMapper.go +++ b/sdk/go/keycloak/ldap/roleMapper.go @@ -39,7 +39,8 @@ import ( // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), // RealmId: realm.ID(), // UsernameLdapAttribute: pulumi.String("cn"), // RdnLdapAttribute: pulumi.String("cn"), @@ -56,9 +57,10 @@ import ( // if err != nil { // return err // } -// _, err = ldap.NewRoleMapper(ctx, "ldapRoleMapper", &ldap.RoleMapperArgs{ +// _, err = ldap.NewRoleMapper(ctx, "ldap_role_mapper", &ldap.RoleMapperArgs{ // RealmId: realm.ID(), // LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("role-mapper"), // LdapRolesDn: pulumi.String("dc=example,dc=org"), // RoleNameLdapAttribute: pulumi.String("cn"), // RoleObjectClasses: pulumi.StringArray{ diff --git a/sdk/go/keycloak/ldap/userAttributeMapper.go b/sdk/go/keycloak/ldap/userAttributeMapper.go index 94875048..70989c27 100644 --- a/sdk/go/keycloak/ldap/userAttributeMapper.go +++ b/sdk/go/keycloak/ldap/userAttributeMapper.go @@ -37,34 +37,36 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// BindCredential: pulumi.String("admin"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// ConnectionUrl: pulumi.String("ldap://openldap"), -// RdnLdapAttribute: pulumi.String("cn"), -// RealmId: realm.ID(), +// ldapUserFederation, err := ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), +// RealmId: realm.ID(), +// UsernameLdapAttribute: pulumi.String("cn"), +// RdnLdapAttribute: pulumi.String("cn"), +// UuidLdapAttribute: pulumi.String("entryDN"), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// UsernameLdapAttribute: pulumi.String("cn"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// BindCredential: pulumi.String("admin"), // }) // if err != nil { // return err // } -// _, err = ldap.NewUserAttributeMapper(ctx, "ldapUserAttributeMapper", &ldap.UserAttributeMapperArgs{ -// LdapAttribute: pulumi.String("bar"), -// LdapUserFederationId: ldapUserFederation.ID(), +// _, err = ldap.NewUserAttributeMapper(ctx, "ldap_user_attribute_mapper", &ldap.UserAttributeMapperArgs{ // RealmId: realm.ID(), +// LdapUserFederationId: ldapUserFederation.ID(), +// Name: pulumi.String("user-attribute-mapper"), // UserModelAttribute: pulumi.String("foo"), +// LdapAttribute: pulumi.String("bar"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/ldap/userFederation.go b/sdk/go/keycloak/ldap/userFederation.go index 278cd170..84e9deb3 100644 --- a/sdk/go/keycloak/ldap/userFederation.go +++ b/sdk/go/keycloak/ldap/userFederation.go @@ -38,28 +38,29 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("test"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = ldap.NewUserFederation(ctx, "ldapUserFederation", &ldap.UserFederationArgs{ -// BindCredential: pulumi.String("admin"), -// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), -// ConnectionTimeout: pulumi.String("5s"), -// ConnectionUrl: pulumi.String("ldap://openldap"), -// Enabled: pulumi.Bool(true), -// RdnLdapAttribute: pulumi.String("cn"), -// ReadTimeout: pulumi.String("10s"), -// RealmId: realm.ID(), +// _, err = ldap.NewUserFederation(ctx, "ldap_user_federation", &ldap.UserFederationArgs{ +// Name: pulumi.String("openldap"), +// RealmId: realm.ID(), +// Enabled: pulumi.Bool(true), +// UsernameLdapAttribute: pulumi.String("cn"), +// RdnLdapAttribute: pulumi.String("cn"), +// UuidLdapAttribute: pulumi.String("entryDN"), // UserObjectClasses: pulumi.StringArray{ // pulumi.String("simpleSecurityObject"), // pulumi.String("organizationalRole"), // }, -// UsernameLdapAttribute: pulumi.String("cn"), -// UsersDn: pulumi.String("dc=example,dc=org"), -// UuidLdapAttribute: pulumi.String("entryDN"), +// ConnectionUrl: pulumi.String("ldap://openldap"), +// UsersDn: pulumi.String("dc=example,dc=org"), +// BindDn: pulumi.String("cn=admin,dc=example,dc=org"), +// BindCredential: pulumi.String("admin"), +// ConnectionTimeout: pulumi.String("5s"), +// ReadTimeout: pulumi.String("10s"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/oidc/googleIdentityProvider.go b/sdk/go/keycloak/oidc/googleIdentityProvider.go index 7aa82676..ce337428 100644 --- a/sdk/go/keycloak/oidc/googleIdentityProvider.go +++ b/sdk/go/keycloak/oidc/googleIdentityProvider.go @@ -41,8 +41,8 @@ import ( // } // _, err = oidc.NewGoogleIdentityProvider(ctx, "google", &oidc.GoogleIdentityProviderArgs{ // Realm: realm.ID(), -// ClientId: pulumi.Any(_var.Google_identity_provider_client_id), -// ClientSecret: pulumi.Any(_var.Google_identity_provider_client_secret), +// ClientId: pulumi.Any(googleIdentityProviderClientId), +// ClientSecret: pulumi.Any(googleIdentityProviderClientSecret), // TrustEmail: pulumi.Bool(true), // HostedDomain: pulumi.String("example.com"), // SyncMode: pulumi.String("IMPORT"), diff --git a/sdk/go/keycloak/oidc/identityProvider.go b/sdk/go/keycloak/oidc/identityProvider.go index 938de47f..befdddd6 100644 --- a/sdk/go/keycloak/oidc/identityProvider.go +++ b/sdk/go/keycloak/oidc/identityProvider.go @@ -39,7 +39,7 @@ import ( // if err != nil { // return err // } -// _, err = oidc.NewIdentityProvider(ctx, "realmIdentityProvider", &oidc.IdentityProviderArgs{ +// _, err = oidc.NewIdentityProvider(ctx, "realm_identity_provider", &oidc.IdentityProviderArgs{ // Realm: realm.ID(), // Alias: pulumi.String("my-idp"), // AuthorizationUrl: pulumi.String("https://authorizationurl.com"), diff --git a/sdk/go/keycloak/openid/audienceProtocolMapper.go b/sdk/go/keycloak/openid/audienceProtocolMapper.go index e72d9612..6e25180d 100644 --- a/sdk/go/keycloak/openid/audienceProtocolMapper.go +++ b/sdk/go/keycloak/openid/audienceProtocolMapper.go @@ -38,17 +38,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -56,10 +57,11 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ +// _, err = openid.NewAudienceProtocolMapper(ctx, "audience_mapper", &openid.AudienceProtocolMapperArgs{ +// RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("audience-mapper"), // IncludedCustomAudience: pulumi.String("foo"), -// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -88,22 +90,24 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ +// _, err = openid.NewAudienceProtocolMapper(ctx, "audience_mapper", &openid.AudienceProtocolMapperArgs{ +// RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// Name: pulumi.String("audience-mapper"), // IncludedCustomAudience: pulumi.String("foo"), -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go b/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go index f5745dea..6becd32a 100644 --- a/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go +++ b/sdk/go/keycloak/openid/audienceResolveProtocolMapper.go @@ -43,9 +43,10 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ @@ -55,9 +56,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewAudienceResolveProtocolMapper(ctx, "audienceMapper", &openid.AudienceResolveProtocolMapperArgs{ +// _, err = openid.NewAudienceResolveProtocolMapper(ctx, "audience_mapper", &openid.AudienceResolveProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("my-audience-resolve-mapper"), // }) // if err != nil { // return err @@ -92,13 +94,14 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ +// _, err = openid.NewAudienceProtocolMapper(ctx, "audience_mapper", &openid.AudienceProtocolMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // }) diff --git a/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go b/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go index 9ae43d98..14fda39b 100644 --- a/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go +++ b/sdk/go/keycloak/openid/audienceResolveProtocolMappter.go @@ -43,9 +43,10 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ @@ -55,9 +56,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewAudienceResolveProtocolMapper(ctx, "audienceMapper", &openid.AudienceResolveProtocolMapperArgs{ +// _, err = openid.NewAudienceResolveProtocolMapper(ctx, "audience_mapper", &openid.AudienceResolveProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("my-audience-resolve-mapper"), // }) // if err != nil { // return err @@ -92,13 +94,14 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ +// _, err = openid.NewAudienceProtocolMapper(ctx, "audience_mapper", &openid.AudienceProtocolMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), // }) diff --git a/sdk/go/keycloak/openid/client.go b/sdk/go/keycloak/openid/client.go index d3d42c45..ba486a93 100644 --- a/sdk/go/keycloak/openid/client.go +++ b/sdk/go/keycloak/openid/client.go @@ -37,17 +37,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// _, err = openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, diff --git a/sdk/go/keycloak/openid/clientDefaultScopes.go b/sdk/go/keycloak/openid/clientDefaultScopes.go index 120bc90f..368cf5e3 100644 --- a/sdk/go/keycloak/openid/clientDefaultScopes.go +++ b/sdk/go/keycloak/openid/clientDefaultScopes.go @@ -29,27 +29,29 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), -// ClientId: pulumi.String("test-client"), // RealmId: realm.ID(), +// ClientId: pulumi.String("test-client"), +// AccessType: pulumi.String("CONFIDENTIAL"), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewClientDefaultScopes(ctx, "clientDefaultScopes", &openid.ClientDefaultScopesArgs{ +// _, err = openid.NewClientDefaultScopes(ctx, "client_default_scopes", &openid.ClientDefaultScopesArgs{ +// RealmId: realm.ID(), // ClientId: client.ID(), // DefaultScopes: pulumi.StringArray{ // pulumi.String("profile"), @@ -58,7 +60,6 @@ import ( // pulumi.String("web-origins"), // clientScope.Name, // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/clientOptionalScopes.go b/sdk/go/keycloak/openid/clientOptionalScopes.go index a98b3232..5dcbba19 100644 --- a/sdk/go/keycloak/openid/clientOptionalScopes.go +++ b/sdk/go/keycloak/openid/clientOptionalScopes.go @@ -29,27 +29,29 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), -// ClientId: pulumi.String("test-client"), // RealmId: realm.ID(), +// ClientId: pulumi.String("test-client"), +// AccessType: pulumi.String("CONFIDENTIAL"), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewClientOptionalScopes(ctx, "clientOptionalScopes", &openid.ClientOptionalScopesArgs{ +// _, err = openid.NewClientOptionalScopes(ctx, "client_optional_scopes", &openid.ClientOptionalScopesArgs{ +// RealmId: realm.ID(), // ClientId: client.ID(), // OptionalScopes: pulumi.StringArray{ // pulumi.String("address"), @@ -57,7 +59,6 @@ import ( // pulumi.String("offline_access"), // clientScope.Name, // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/clientPolicy.go b/sdk/go/keycloak/openid/clientPolicy.go index 6397bd36..ee064c79 100644 --- a/sdk/go/keycloak/openid/clientPolicy.go +++ b/sdk/go/keycloak/openid/clientPolicy.go @@ -39,8 +39,9 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // ClientId: pulumi.String("openid_client"), +// Name: pulumi.String("openid_client"), // RealmId: realm.ID(), // AccessType: pulumi.String("CONFIDENTIAL"), // ServiceAccountsEnabled: pulumi.Bool(true), @@ -48,7 +49,7 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewClientPermissions(ctx, "myPermission", &openid.ClientPermissionsArgs{ +// _, err = openid.NewClientPermissions(ctx, "my_permission", &openid.ClientPermissionsArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), // }) @@ -62,9 +63,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewClientPolicy(ctx, "tokenExchange", &openid.ClientPolicyArgs{ +// _, err = openid.NewClientPolicy(ctx, "token_exchange", &openid.ClientPolicyArgs{ // ResourceServerId: pulumi.String(realmManagement.Id), // RealmId: realm.ID(), +// Name: pulumi.String("my-policy"), // Logic: pulumi.String("POSITIVE"), // DecisionStrategy: pulumi.String("UNANIMOUS"), // Clients: pulumi.StringArray{ diff --git a/sdk/go/keycloak/openid/clientScope.go b/sdk/go/keycloak/openid/clientScope.go index c71d8d0b..d315d234 100644 --- a/sdk/go/keycloak/openid/clientScope.go +++ b/sdk/go/keycloak/openid/clientScope.go @@ -38,15 +38,16 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = openid.NewClientScope(ctx, "openidClientScope", &openid.ClientScopeArgs{ -// Description: pulumi.String("When requested, this scope will map a user's group memberships to a claim"), +// _, err = openid.NewClientScope(ctx, "openid_client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("groups"), +// Description: pulumi.String("When requested, this scope will map a user's group memberships to a claim"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go b/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go index 1512098c..ef3d5db7 100644 --- a/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go +++ b/sdk/go/keycloak/openid/clientServiceAccountRealmRole.go @@ -41,20 +41,22 @@ import ( // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // }) // if err != nil { // return err // } // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client"), // ServiceAccountsEnabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = openid.NewClientServiceAccountRealmRole(ctx, "clientServiceAccountRole", &openid.ClientServiceAccountRealmRoleArgs{ +// _, err = openid.NewClientServiceAccountRealmRole(ctx, "client_service_account_role", &openid.ClientServiceAccountRealmRoleArgs{ // RealmId: realm.ID(), // ServiceAccountUserId: client.ServiceAccountUserId, // Role: realmRole.Name, diff --git a/sdk/go/keycloak/openid/clientServiceAccountRole.go b/sdk/go/keycloak/openid/clientServiceAccountRole.go index 73ae4c42..e6d522e2 100644 --- a/sdk/go/keycloak/openid/clientServiceAccountRole.go +++ b/sdk/go/keycloak/openid/clientServiceAccountRole.go @@ -44,13 +44,15 @@ import ( // // client1 provides a role to other clients // client1, err := openid.NewClient(ctx, "client1", &openid.ClientArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client1"), // }) // if err != nil { // return err // } -// client1Role, err := keycloak.NewRole(ctx, "client1Role", &keycloak.RoleArgs{ +// client1Role, err := keycloak.NewRole(ctx, "client1_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), // ClientId: client1.ID(), +// Name: pulumi.String("my-client1-role"), // Description: pulumi.String("A role that client1 provides"), // }) // if err != nil { @@ -59,12 +61,13 @@ import ( // // client2 is assigned the role of client1 // client2, err := openid.NewClient(ctx, "client2", &openid.ClientArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client2"), // ServiceAccountsEnabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = openid.NewClientServiceAccountRole(ctx, "client2ServiceAccountRole", &openid.ClientServiceAccountRoleArgs{ +// _, err = openid.NewClientServiceAccountRole(ctx, "client2_service_account_role", &openid.ClientServiceAccountRoleArgs{ // RealmId: realm.ID(), // ServiceAccountUserId: client2.ServiceAccountUserId, // ClientId: client1.ID(), diff --git a/sdk/go/keycloak/openid/fullNameProtocolMapper.go b/sdk/go/keycloak/openid/fullNameProtocolMapper.go index 68d61669..b79671db 100644 --- a/sdk/go/keycloak/openid/fullNameProtocolMapper.go +++ b/sdk/go/keycloak/openid/fullNameProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,9 +58,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewFullNameProtocolMapper(ctx, "fullNameMapper", &openid.FullNameProtocolMapperArgs{ -// ClientId: openidClient.ID(), +// _, err = openid.NewFullNameProtocolMapper(ctx, "full_name_mapper", &openid.FullNameProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("full-name-mapper"), // }) // if err != nil { // return err @@ -88,21 +90,23 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewFullNameProtocolMapper(ctx, "fullNameMapper", &openid.FullNameProtocolMapperArgs{ -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewFullNameProtocolMapper(ctx, "full_name_mapper", &openid.FullNameProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("full-name-mapper"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/getClient.go b/sdk/go/keycloak/openid/getClient.go index 9c15e546..83faac13 100644 --- a/sdk/go/keycloak/openid/getClient.go +++ b/sdk/go/keycloak/openid/getClient.go @@ -38,6 +38,7 @@ import ( // if err != nil { // return err // } +// // use the data source // _, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{ // RealmId: "my-realm", // ClientId: pulumi.StringRef(realmManagement.Id), diff --git a/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go b/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go index 7e73f383..2f29a06e 100644 --- a/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go +++ b/sdk/go/keycloak/openid/getClientAuthorizationPolicy.go @@ -40,8 +40,9 @@ import ( // if err != nil { // return err // } -// clientWithAuthz, err := openid.NewClient(ctx, "clientWithAuthz", &openid.ClientArgs{ +// clientWithAuthz, err := openid.NewClient(ctx, "client_with_authz", &openid.ClientArgs{ // ClientId: pulumi.String("client-with-authz"), +// Name: pulumi.String("client-with-authz"), // RealmId: realm.ID(), // AccessType: pulumi.String("CONFIDENTIAL"), // ServiceAccountsEnabled: pulumi.Bool(true), @@ -59,6 +60,7 @@ import ( // }, nil) // resource, err := openid.NewClientAuthorizationResource(ctx, "resource", &openid.ClientAuthorizationResourceArgs{ // ResourceServerId: clientWithAuthz.ResourceServerId, +// Name: pulumi.String("authorization-resource"), // RealmId: realm.ID(), // Uris: pulumi.StringArray{ // pulumi.String("/endpoint/*"), @@ -73,6 +75,7 @@ import ( // _, err = openid.NewClientAuthorizationPermission(ctx, "permission", &openid.ClientAuthorizationPermissionArgs{ // ResourceServerId: clientWithAuthz.ResourceServerId, // RealmId: realm.ID(), +// Name: pulumi.String("authorization-permission"), // Policies: pulumi.StringArray{ // defaultPermission.ApplyT(func(defaultPermission openid.GetClientAuthorizationPolicyResult) (*string, error) { // return &defaultPermission.Id, nil diff --git a/sdk/go/keycloak/openid/getClientScope.go b/sdk/go/keycloak/openid/getClientScope.go index aff5f52a..1e18098c 100644 --- a/sdk/go/keycloak/openid/getClientScope.go +++ b/sdk/go/keycloak/openid/getClientScope.go @@ -36,9 +36,10 @@ import ( // return err // } // // use the data source -// _, err = openid.NewAudienceProtocolMapper(ctx, "audienceMapper", &openid.AudienceProtocolMapperArgs{ +// _, err = openid.NewAudienceProtocolMapper(ctx, "audience_mapper", &openid.AudienceProtocolMapperArgs{ // RealmId: pulumi.String(offlineAccess.RealmId), // ClientScopeId: pulumi.String(offlineAccess.Id), +// Name: pulumi.String("audience-mapper"), // IncludedCustomAudience: pulumi.String("foo"), // }) // if err != nil { diff --git a/sdk/go/keycloak/openid/getClientServiceAccountUser.go b/sdk/go/keycloak/openid/getClientServiceAccountUser.go index 5823d164..9166e101 100644 --- a/sdk/go/keycloak/openid/getClientServiceAccountUser.go +++ b/sdk/go/keycloak/openid/getClientServiceAccountUser.go @@ -44,6 +44,7 @@ import ( // client, err := openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // AccessType: pulumi.String("CONFIDENTIAL"), // ServiceAccountsEnabled: pulumi.Bool(true), // }) @@ -58,7 +59,7 @@ import ( // RealmId: realm.ID(), // Name: pulumi.String("offline_access"), // }, nil) -// _, err = keycloak.NewUserRoles(ctx, "serviceAccountUserRoles", &keycloak.UserRolesArgs{ +// _, err = keycloak.NewUserRoles(ctx, "service_account_user_roles", &keycloak.UserRolesArgs{ // RealmId: realm.ID(), // UserId: serviceAccountUser.ApplyT(func(serviceAccountUser openid.GetClientServiceAccountUserResult) (*string, error) { // return &serviceAccountUser.Id, nil diff --git a/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go b/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go index e1666c56..79366ed6 100644 --- a/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go +++ b/sdk/go/keycloak/openid/groupMembershipProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,10 +58,11 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewGroupMembershipProtocolMapper(ctx, "groupMembershipMapper", &openid.GroupMembershipProtocolMapperArgs{ -// ClaimName: pulumi.String("groups"), -// ClientId: openidClient.ID(), +// _, err = openid.NewGroupMembershipProtocolMapper(ctx, "group_membership_mapper", &openid.GroupMembershipProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("group-membership-mapper"), +// ClaimName: pulumi.String("groups"), // }) // if err != nil { // return err @@ -89,22 +91,24 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewGroupMembershipProtocolMapper(ctx, "groupMembershipMapper", &openid.GroupMembershipProtocolMapperArgs{ -// ClaimName: pulumi.String("groups"), -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewGroupMembershipProtocolMapper(ctx, "group_membership_mapper", &openid.GroupMembershipProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("group-membership-mapper"), +// ClaimName: pulumi.String("groups"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go b/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go index 152d5d3f..03240a41 100644 --- a/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go +++ b/sdk/go/keycloak/openid/hardcodedClaimProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,11 +58,12 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcodedClaimMapper", &openid.HardcodedClaimProtocolMapperArgs{ +// _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcoded_claim_mapper", &openid.HardcodedClaimProtocolMapperArgs{ +// RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("hardcoded-claim-mapper"), // ClaimName: pulumi.String("foo"), // ClaimValue: pulumi.String("bar"), -// ClientId: openidClient.ID(), -// RealmId: realm.ID(), // }) // if err != nil { // return err @@ -90,23 +92,25 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcodedClaimMapper", &openid.HardcodedClaimProtocolMapperArgs{ +// _, err = openid.NewHardcodedClaimProtocolMapper(ctx, "hardcoded_claim_mapper", &openid.HardcodedClaimProtocolMapperArgs{ +// RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("hardcoded-claim-mapper"), // ClaimName: pulumi.String("foo"), // ClaimValue: pulumi.String("bar"), -// ClientScopeId: clientScope.ID(), -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go b/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go index c4887523..3fa48c50 100644 --- a/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/hardcodedRoleProtocolMapper.go @@ -39,23 +39,25 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // role, err := keycloak.NewRole(ctx, "role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-role"), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -63,9 +65,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcodedRoleMapper", &openid.HardcodedRoleProtocolMapperArgs{ -// ClientId: openidClient.ID(), +// _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcoded_role_mapper", &openid.HardcodedRoleProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("hardcoded-role-mapper"), // RoleId: role.ID(), // }) // if err != nil { @@ -95,27 +98,30 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // role, err := keycloak.NewRole(ctx, "role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-role"), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcodedRoleMapper", &openid.HardcodedRoleProtocolMapperArgs{ -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewHardcodedRoleProtocolMapper(ctx, "hardcoded_role_mapper", &openid.HardcodedRoleProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("hardcoded-role-mapper"), // RoleId: role.ID(), // }) // if err != nil { diff --git a/sdk/go/keycloak/openid/scriptProtocolMapper.go b/sdk/go/keycloak/openid/scriptProtocolMapper.go index 5dcb75c1..ab45a5dc 100644 --- a/sdk/go/keycloak/openid/scriptProtocolMapper.go +++ b/sdk/go/keycloak/openid/scriptProtocolMapper.go @@ -46,9 +46,10 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ @@ -58,9 +59,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewScriptProtocolMapper(ctx, "scriptMapper", &openid.ScriptProtocolMapperArgs{ +// _, err = openid.NewScriptProtocolMapper(ctx, "script_mapper", &openid.ScriptProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("script-mapper"), // ClaimName: pulumi.String("foo"), // Script: pulumi.String("exports = 'foo';"), // }) @@ -97,15 +99,17 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewScriptProtocolMapper(ctx, "scriptMapper", &openid.ScriptProtocolMapperArgs{ +// _, err = openid.NewScriptProtocolMapper(ctx, "script_mapper", &openid.ScriptProtocolMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// Name: pulumi.String("script-mapper"), // ClaimName: pulumi.String("foo"), // Script: pulumi.String("exports = 'foo';"), // }) diff --git a/sdk/go/keycloak/openid/userAttributeProtocolMapper.go b/sdk/go/keycloak/openid/userAttributeProtocolMapper.go index 060dd550..dc82f126 100644 --- a/sdk/go/keycloak/openid/userAttributeProtocolMapper.go +++ b/sdk/go/keycloak/openid/userAttributeProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,11 +58,12 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewUserAttributeProtocolMapper(ctx, "userAttributeMapper", &openid.UserAttributeProtocolMapperArgs{ -// ClaimName: pulumi.String("bar"), -// ClientId: openidClient.ID(), +// _, err = openid.NewUserAttributeProtocolMapper(ctx, "user_attribute_mapper", &openid.UserAttributeProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("test-mapper"), // UserAttribute: pulumi.String("foo"), +// ClaimName: pulumi.String("bar"), // }) // if err != nil { // return err @@ -90,23 +92,25 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewUserAttributeProtocolMapper(ctx, "userAttributeMapper", &openid.UserAttributeProtocolMapperArgs{ -// ClaimName: pulumi.String("bar"), -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewUserAttributeProtocolMapper(ctx, "user_attribute_mapper", &openid.UserAttributeProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("test-mapper"), // UserAttribute: pulumi.String("foo"), +// ClaimName: pulumi.String("bar"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go b/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go index d7e8592b..5f8ec25b 100644 --- a/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/userClientRoleProtocolMapper.go @@ -44,9 +44,10 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ @@ -56,9 +57,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewUserClientRoleProtocolMapper(ctx, "userClientRoleMapper", &openid.UserClientRoleProtocolMapperArgs{ +// _, err = openid.NewUserClientRoleProtocolMapper(ctx, "user_client_role_mapper", &openid.UserClientRoleProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("user-client-role-mapper"), // ClaimName: pulumi.String("foo"), // }) // if err != nil { @@ -94,15 +96,17 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewUserClientRoleProtocolMapper(ctx, "userClientRoleMapper", &openid.UserClientRoleProtocolMapperArgs{ +// _, err = openid.NewUserClientRoleProtocolMapper(ctx, "user_client_role_mapper", &openid.UserClientRoleProtocolMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// Name: pulumi.String("user-client-role-mapper"), // ClaimName: pulumi.String("foo"), // }) // if err != nil { diff --git a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go index 8758e800..1e13bbdc 100644 --- a/sdk/go/keycloak/openid/userPropertyProtocolMapper.go +++ b/sdk/go/keycloak/openid/userPropertyProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,11 +58,12 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewUserPropertyProtocolMapper(ctx, "userPropertyMapper", &openid.UserPropertyProtocolMapperArgs{ -// ClaimName: pulumi.String("email"), -// ClientId: openidClient.ID(), +// _, err = openid.NewUserPropertyProtocolMapper(ctx, "user_property_mapper", &openid.UserPropertyProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("test-mapper"), // UserProperty: pulumi.String("email"), +// ClaimName: pulumi.String("email"), // }) // if err != nil { // return err @@ -90,23 +92,25 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewUserPropertyProtocolMapper(ctx, "userPropertyMapper", &openid.UserPropertyProtocolMapperArgs{ -// ClaimName: pulumi.String("email"), -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewUserPropertyProtocolMapper(ctx, "user_property_mapper", &openid.UserPropertyProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("test-mapper"), // UserProperty: pulumi.String("email"), +// ClaimName: pulumi.String("email"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go b/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go index 43f23d66..a3aa92bf 100644 --- a/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go +++ b/sdk/go/keycloak/openid/userRealmRoleProtocolMapper.go @@ -39,17 +39,18 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ -// AccessType: pulumi.String("CONFIDENTIAL"), +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ +// RealmId: realm.ID(), // ClientId: pulumi.String("test-client"), +// Name: pulumi.String("test client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ // pulumi.String("http://localhost:8080/openid-callback"), // }, @@ -57,10 +58,11 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "userRealmRoleMapper", &openid.UserRealmRoleProtocolMapperArgs{ -// ClaimName: pulumi.String("foo"), -// ClientId: openidClient.ID(), +// _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "user_realm_role_mapper", &openid.UserRealmRoleProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientId: openidClient.ID(), +// Name: pulumi.String("user-realm-role-mapper"), +// ClaimName: pulumi.String("foo"), // }) // if err != nil { // return err @@ -89,22 +91,24 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("test-client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "userRealmRoleMapper", &openid.UserRealmRoleProtocolMapperArgs{ -// ClaimName: pulumi.String("foo"), -// ClientScopeId: clientScope.ID(), +// _, err = openid.NewUserRealmRoleProtocolMapper(ctx, "user_realm_role_mapper", &openid.UserRealmRoleProtocolMapperArgs{ // RealmId: realm.ID(), +// ClientScopeId: clientScope.ID(), +// Name: pulumi.String("user-realm-role-mapper"), +// ClaimName: pulumi.String("foo"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go index 8d974550..e19497d0 100644 --- a/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go +++ b/sdk/go/keycloak/openid/userSessionNoteProtocolMapper.go @@ -44,9 +44,10 @@ import ( // if err != nil { // return err // } -// openidClient, err := openid.NewClient(ctx, "openidClient", &openid.ClientArgs{ +// openidClient, err := openid.NewClient(ctx, "openid_client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("CONFIDENTIAL"), // ValidRedirectUris: pulumi.StringArray{ @@ -56,9 +57,10 @@ import ( // if err != nil { // return err // } -// _, err = openid.NewUserSessionNoteProtocolMapper(ctx, "userSessionNoteMapper", &openid.UserSessionNoteProtocolMapperArgs{ +// _, err = openid.NewUserSessionNoteProtocolMapper(ctx, "user_session_note_mapper", &openid.UserSessionNoteProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: openidClient.ID(), +// Name: pulumi.String("user-session-note-mapper"), // ClaimName: pulumi.String("foo"), // ClaimValueType: pulumi.String("String"), // SessionNote: pulumi.String("bar"), @@ -96,15 +98,17 @@ import ( // if err != nil { // return err // } -// clientScope, err := openid.NewClientScope(ctx, "clientScope", &openid.ClientScopeArgs{ +// clientScope, err := openid.NewClientScope(ctx, "client_scope", &openid.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("client-scope"), // }) // if err != nil { // return err // } -// _, err = openid.NewUserSessionNoteProtocolMapper(ctx, "userSessionNoteMapper", &openid.UserSessionNoteProtocolMapperArgs{ +// _, err = openid.NewUserSessionNoteProtocolMapper(ctx, "user_session_note_mapper", &openid.UserSessionNoteProtocolMapperArgs{ // RealmId: realm.ID(), // ClientScopeId: clientScope.ID(), +// Name: pulumi.String("user-session-note-mapper"), // ClaimName: pulumi.String("foo"), // ClaimValueType: pulumi.String("String"), // SessionNote: pulumi.String("bar"), diff --git a/sdk/go/keycloak/realmEvents.go b/sdk/go/keycloak/realmEvents.go index 744eae09..cbae4afe 100644 --- a/sdk/go/keycloak/realmEvents.go +++ b/sdk/go/keycloak/realmEvents.go @@ -37,19 +37,19 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmEvents(ctx, "realmEvents", &keycloak.RealmEventsArgs{ -// AdminEventsDetailsEnabled: pulumi.Bool(true), +// _, err = keycloak.NewRealmEvents(ctx, "realm_events", &keycloak.RealmEventsArgs{ +// RealmId: realm.ID(), +// EventsEnabled: pulumi.Bool(true), +// EventsExpiration: pulumi.Int(3600), // AdminEventsEnabled: pulumi.Bool(true), +// AdminEventsDetailsEnabled: pulumi.Bool(true), // EnabledEventTypes: pulumi.StringArray{ // pulumi.String("LOGIN"), // pulumi.String("LOGOUT"), // }, -// EventsEnabled: pulumi.Bool(true), -// EventsExpiration: pulumi.Int(3600), // EventsListeners: pulumi.StringArray{ // pulumi.String("jboss-logging"), // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/realmKeystoreAesGenerated.go b/sdk/go/keycloak/realmKeystoreAesGenerated.go index e9d9e36b..c1357ab9 100644 --- a/sdk/go/keycloak/realmKeystoreAesGenerated.go +++ b/sdk/go/keycloak/realmKeystoreAesGenerated.go @@ -37,7 +37,8 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmKeystoreAesGenerated(ctx, "keystoreAesGenerated", &keycloak.RealmKeystoreAesGeneratedArgs{ +// _, err = keycloak.NewRealmKeystoreAesGenerated(ctx, "keystore_aes_generated", &keycloak.RealmKeystoreAesGeneratedArgs{ +// Name: pulumi.String("my-aes-generated-key"), // RealmId: realm.ID(), // Enabled: pulumi.Bool(true), // Active: pulumi.Bool(true), diff --git a/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go b/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go index dabb4117..2aaccbac 100644 --- a/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreEcdsaGenerated.go @@ -37,7 +37,8 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, "keystoreEcdsaGenerated", &keycloak.RealmKeystoreEcdsaGeneratedArgs{ +// _, err = keycloak.NewRealmKeystoreEcdsaGenerated(ctx, "keystore_ecdsa_generated", &keycloak.RealmKeystoreEcdsaGeneratedArgs{ +// Name: pulumi.String("my-ecdsa-generated-key"), // RealmId: realm.ID(), // Enabled: pulumi.Bool(true), // Active: pulumi.Bool(true), diff --git a/sdk/go/keycloak/realmKeystoreHmacGenerated.go b/sdk/go/keycloak/realmKeystoreHmacGenerated.go index c959134e..e969c844 100644 --- a/sdk/go/keycloak/realmKeystoreHmacGenerated.go +++ b/sdk/go/keycloak/realmKeystoreHmacGenerated.go @@ -37,7 +37,8 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, "keystoreHmacGenerated", &keycloak.RealmKeystoreHmacGeneratedArgs{ +// _, err = keycloak.NewRealmKeystoreHmacGenerated(ctx, "keystore_hmac_generated", &keycloak.RealmKeystoreHmacGeneratedArgs{ +// Name: pulumi.String("my-hmac-generated-key"), // RealmId: realm.ID(), // Enabled: pulumi.Bool(true), // Active: pulumi.Bool(true), diff --git a/sdk/go/keycloak/realmKeystoreJavaGenerated.go b/sdk/go/keycloak/realmKeystoreJavaGenerated.go index 586652ab..a5d25266 100644 --- a/sdk/go/keycloak/realmKeystoreJavaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreJavaGenerated.go @@ -37,7 +37,8 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, "javaKeystore", &keycloak.RealmKeystoreJavaGeneratedArgs{ +// _, err = keycloak.NewRealmKeystoreJavaGenerated(ctx, "java_keystore", &keycloak.RealmKeystoreJavaGeneratedArgs{ +// Name: pulumi.String("my-java-keystore"), // RealmId: realm.ID(), // Enabled: pulumi.Bool(true), // Active: pulumi.Bool(true), diff --git a/sdk/go/keycloak/realmKeystoreRsaGenerated.go b/sdk/go/keycloak/realmKeystoreRsaGenerated.go index 7ce1d2b1..8f78fb05 100644 --- a/sdk/go/keycloak/realmKeystoreRsaGenerated.go +++ b/sdk/go/keycloak/realmKeystoreRsaGenerated.go @@ -37,7 +37,8 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, "keystoreRsaGenerated", &keycloak.RealmKeystoreRsaGeneratedArgs{ +// _, err = keycloak.NewRealmKeystoreRsaGenerated(ctx, "keystore_rsa_generated", &keycloak.RealmKeystoreRsaGeneratedArgs{ +// Name: pulumi.String("my-rsa-generated-key"), // RealmId: realm.ID(), // Enabled: pulumi.Bool(true), // Active: pulumi.Bool(true), diff --git a/sdk/go/keycloak/realmUserProfile.go b/sdk/go/keycloak/realmUserProfile.go index ea596868..0d18f1d9 100644 --- a/sdk/go/keycloak/realmUserProfile.go +++ b/sdk/go/keycloak/realmUserProfile.go @@ -71,7 +71,7 @@ import ( // } // json2 := string(tmpJSON2) // _, err = keycloak.NewRealmUserProfile(ctx, "userprofile", &keycloak.RealmUserProfileArgs{ -// RealmId: pulumi.Any(keycloak_realm.My_realm.Id), +// RealmId: pulumi.Any(myRealm.Id), // Attributes: keycloak.RealmUserProfileAttributeArray{ // &keycloak.RealmUserProfileAttributeArgs{ // Name: pulumi.String("field1"), diff --git a/sdk/go/keycloak/requiredAction.go b/sdk/go/keycloak/requiredAction.go index cc6c4ceb..22244fc3 100644 --- a/sdk/go/keycloak/requiredAction.go +++ b/sdk/go/keycloak/requiredAction.go @@ -38,10 +38,11 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewRequiredAction(ctx, "requiredAction", &keycloak.RequiredActionArgs{ +// _, err = keycloak.NewRequiredAction(ctx, "required_action", &keycloak.RequiredActionArgs{ // RealmId: realm.Realm, // Alias: pulumi.String("webauthn-register"), // Enabled: pulumi.Bool(true), +// Name: pulumi.String("Webauthn Register"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/role.go b/sdk/go/keycloak/role.go index decb232e..4ec73e07 100644 --- a/sdk/go/keycloak/role.go +++ b/sdk/go/keycloak/role.go @@ -35,15 +35,16 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ -// Description: pulumi.String("My Realm Role"), +// _, err = keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), +// Description: pulumi.String("My Realm Role"), // }) // if err != nil { // return err @@ -72,25 +73,27 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ -// AccessType: pulumi.String("BEARER-ONLY"), +// RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// ClientId: pulumi.Any(keycloak_client.Client.Id), -// Description: pulumi.String("My Client Role"), +// _, err = keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// ClientId: pulumi.Any(clientKeycloakClient.Id), +// Name: pulumi.String("my-client-role"), +// Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err @@ -119,54 +122,64 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "createRole", &keycloak.RoleArgs{ +// // realm roles +// _, err = keycloak.NewRole(ctx, "create_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("create"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "readRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "read_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("read"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "updateRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "update_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("update"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "deleteRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "delete_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("delete"), // }) // if err != nil { // return err // } +// // client role // _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ -// AccessType: pulumi.String("BEARER-ONLY"), +// RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), -// RealmId: realm.ID(), +// AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ -// ClientId: pulumi.Any(keycloak_client.Client.Id), -// Description: pulumi.String("My Client Role"), +// _, err = keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// ClientId: pulumi.Any(clientKeycloakClient.Id), +// Name: pulumi.String("my-client-role"), +// Description: pulumi.String("My Client Role"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewRole(ctx, "adminRole", &keycloak.RoleArgs{ +// _, err = keycloak.NewRole(ctx, "admin_role", &keycloak.RoleArgs{ +// RealmId: realm.ID(), +// Name: pulumi.String("admin"), // CompositeRoles: pulumi.StringArray{ // pulumi.String("{keycloak_role.create_role.id}"), // pulumi.String("{keycloak_role.read_role.id}"), @@ -174,7 +187,6 @@ import ( // pulumi.String("{keycloak_role.delete_role.id}"), // pulumi.String("{keycloak_role.client_role.id}"), // }, -// RealmId: realm.ID(), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/saml/client.go b/sdk/go/keycloak/saml/client.go index f57eb0eb..dda833a4 100644 --- a/sdk/go/keycloak/saml/client.go +++ b/sdk/go/keycloak/saml/client.go @@ -20,88 +20,6 @@ import ( // clients are applications that redirect users to Keycloak for authentication // in order to take advantage of Keycloak's user sessions for SSO. // -// ### Example Usage -// -// -// ```go -// package main -// -// import ( -// -// "os" -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func readFileOrPanic(path string) pulumi.StringPtrInput { -// data, err := os.ReadFile(path) -// if err != nil { -// panic(err.Error()) -// } -// return pulumi.String(string(data)) -// } -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), -// Realm: pulumi.String("my-realm"), -// }) -// if err != nil { -// return err -// } -// _, err = saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// ClientId: pulumi.String("test-saml-client"), -// IncludeAuthnStatement: pulumi.Bool(true), -// RealmId: realm.ID(), -// SignAssertions: pulumi.Bool(true), -// SignDocuments: pulumi.Bool(false), -// SigningCertificate: readFileOrPanic("saml-cert.pem"), -// SigningPrivateKey: readFileOrPanic("saml-key.pem"), -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// -// -// ### Argument Reference -// -// The following arguments are supported: -// -// - `realmId` - (Required) The realm this client is attached to. -// - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. -// - `name` - (Optional) The display name of this client in the GUI. -// - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. -// - `description` - (Optional) The description of this client in the GUI. -// - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. -// - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. -// - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. -// - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. -// - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. -// - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. -// - `nameIdFormat` - (Optional) Sets the Name ID format for the subject. -// - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs. -// - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. -// - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. -// - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests. -// - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. -// - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. -// - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. -// - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. -// - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). -// - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). -// - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service. -// - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service. -// - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token -// // ### Import // // Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak diff --git a/sdk/go/keycloak/saml/clientDefaultScope.go b/sdk/go/keycloak/saml/clientDefaultScope.go index 50071397..a52f09df 100644 --- a/sdk/go/keycloak/saml/clientDefaultScope.go +++ b/sdk/go/keycloak/saml/clientDefaultScope.go @@ -13,79 +13,6 @@ import ( ) // ## Example Usage -// -// -// ```go -// package main -// -// import ( -// -// "os" -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func readFileOrPanic(path string) pulumi.StringPtrInput { -// data, err := os.ReadFile(path) -// if err != nil { -// panic(err.Error()) -// } -// return pulumi.String(string(data)) -// } -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// _, err = saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("saml-client"), -// SignDocuments: pulumi.Bool(false), -// SignAssertions: pulumi.Bool(true), -// IncludeAuthnStatement: pulumi.Bool(true), -// SigningCertificate: readFileOrPanic("saml-cert.pem"), -// SigningPrivateKey: readFileOrPanic("saml-key.pem"), -// }) -// if err != nil { -// return err -// } -// clientScope, err := saml.NewClientScope(ctx, "clientScope", &saml.ClientScopeArgs{ -// RealmId: realm.ID(), -// }) -// if err != nil { -// return err -// } -// _, err = saml.NewClientDefaultScope(ctx, "clientDefaultScopes", &saml.ClientDefaultScopeArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.Any(keycloak_saml_client.Client.Id), -// DefaultScopes: pulumi.StringArray{ -// pulumi.String("role_list"), -// clientScope.Name, -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// -// -// ## Import -// -// This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist -// -// on the server. type ClientDefaultScope struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/saml/clientScope.go b/sdk/go/keycloak/saml/clientScope.go index 3ec73f97..a60239a0 100644 --- a/sdk/go/keycloak/saml/clientScope.go +++ b/sdk/go/keycloak/saml/clientScope.go @@ -39,8 +39,9 @@ import ( // if err != nil { // return err // } -// _, err = saml.NewClientScope(ctx, "samlClientScope", &saml.ClientScopeArgs{ +// _, err = saml.NewClientScope(ctx, "saml_client_scope", &saml.ClientScopeArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("groups"), // Description: pulumi.String("This scope will map a user's group memberships to SAML assertion"), // GuiOrder: pulumi.Int(1), // }) diff --git a/sdk/go/keycloak/saml/getClient.go b/sdk/go/keycloak/saml/getClient.go index a5776a57..5226a766 100644 --- a/sdk/go/keycloak/saml/getClient.go +++ b/sdk/go/keycloak/saml/getClient.go @@ -36,6 +36,7 @@ import ( // if err != nil { // return err // } +// // use the data source // _, err = keycloak.LookupRole(ctx, &keycloak.LookupRoleArgs{ // RealmId: "my-realm", // ClientId: pulumi.StringRef(realmManagement.Id), diff --git a/sdk/go/keycloak/saml/getClientInstallationProvider.go b/sdk/go/keycloak/saml/getClientInstallationProvider.go index 0ef52869..6cb9b1d8 100644 --- a/sdk/go/keycloak/saml/getClientInstallationProvider.go +++ b/sdk/go/keycloak/saml/getClientInstallationProvider.go @@ -12,74 +12,6 @@ import ( ) // This data source can be used to retrieve Installation Provider of a SAML Client. -// -// ## Example Usage -// -// In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. -// -// -// ```go -// package main -// -// import ( -// -// "os" -// -// "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak/saml" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func readFileOrPanic(path string) pulumi.StringPtrInput { -// data, err := os.ReadFile(path) -// if err != nil { -// panic(err.Error()) -// } -// return pulumi.String(string(data)) -// } -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ -// RealmId: realm.ID(), -// ClientId: pulumi.String("test-saml-client"), -// SignDocuments: pulumi.Bool(false), -// SignAssertions: pulumi.Bool(true), -// IncludeAuthnStatement: pulumi.Bool(true), -// SigningCertificate: readFileOrPanic("saml-cert.pem"), -// SigningPrivateKey: readFileOrPanic("saml-key.pem"), -// }) -// if err != nil { -// return err -// } -// samlIdpDescriptor := saml.GetClientInstallationProviderOutput(ctx, saml.GetClientInstallationProviderOutputArgs{ -// RealmId: realm.ID(), -// ClientId: samlClient.ID(), -// ProviderId: pulumi.String("saml-idp-descriptor"), -// }, nil) -// _, err = iam.NewSamlProvider(ctx, "default", &iam.SamlProviderArgs{ -// SamlMetadataDocument: samlIdpDescriptor.ApplyT(func(samlIdpDescriptor saml.GetClientInstallationProviderResult) (*string, error) { -// return &samlIdpDescriptor.Value, nil -// }).(pulumi.StringPtrOutput), -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// func GetClientInstallationProvider(ctx *pulumi.Context, args *GetClientInstallationProviderArgs, opts ...pulumi.InvokeOption) (*GetClientInstallationProviderResult, error) { opts = internal.PkgInvokeDefaultOpts(opts) var rv GetClientInstallationProviderResult diff --git a/sdk/go/keycloak/saml/identityProvider.go b/sdk/go/keycloak/saml/identityProvider.go index a80ce1d5..08fe8ce9 100644 --- a/sdk/go/keycloak/saml/identityProvider.go +++ b/sdk/go/keycloak/saml/identityProvider.go @@ -33,18 +33,18 @@ import ( // // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { -// _, err := saml.NewIdentityProvider(ctx, "realmIdentityProvider", &saml.IdentityProviderArgs{ +// _, err := saml.NewIdentityProvider(ctx, "realm_identity_provider", &saml.IdentityProviderArgs{ +// Realm: pulumi.String("my-realm"), // Alias: pulumi.String("my-idp"), +// SingleSignOnServiceUrl: pulumi.String("https://domain.com/adfs/ls/"), +// SingleLogoutServiceUrl: pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"), // BackchannelSupported: pulumi.Bool(true), -// ForceAuthn: pulumi.Bool(true), -// PostBindingAuthnRequest: pulumi.Bool(true), -// PostBindingLogout: pulumi.Bool(true), // PostBindingResponse: pulumi.Bool(true), -// Realm: pulumi.String("my-realm"), -// SingleLogoutServiceUrl: pulumi.String("https://domain.com/adfs/ls/?wa=wsignout1.0"), -// SingleSignOnServiceUrl: pulumi.String("https://domain.com/adfs/ls/"), +// PostBindingLogout: pulumi.Bool(true), +// PostBindingAuthnRequest: pulumi.Bool(true), // StoreToken: pulumi.Bool(false), // TrustEmail: pulumi.Bool(true), +// ForceAuthn: pulumi.Bool(true), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/saml/scriptProtocolMapper.go b/sdk/go/keycloak/saml/scriptProtocolMapper.go index 4ab2891c..eb6e085d 100644 --- a/sdk/go/keycloak/saml/scriptProtocolMapper.go +++ b/sdk/go/keycloak/saml/scriptProtocolMapper.go @@ -42,16 +42,18 @@ import ( // if err != nil { // return err // } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ +// samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("saml-client"), +// Name: pulumi.String("saml-client"), // }) // if err != nil { // return err // } -// _, err = saml.NewScriptProtocolMapper(ctx, "samlScriptMapper", &saml.ScriptProtocolMapperArgs{ +// _, err = saml.NewScriptProtocolMapper(ctx, "saml_script_mapper", &saml.ScriptProtocolMapperArgs{ // RealmId: realm.ID(), // ClientId: samlClient.ID(), +// Name: pulumi.String("script-mapper"), // Script: pulumi.String("exports = 'foo';"), // SamlAttributeName: pulumi.String("displayName"), // SamlAttributeNameFormat: pulumi.String("Unspecified"), diff --git a/sdk/go/keycloak/saml/userAttributeProtocolMapper.go b/sdk/go/keycloak/saml/userAttributeProtocolMapper.go index 58039c9c..a3169e2c 100644 --- a/sdk/go/keycloak/saml/userAttributeProtocolMapper.go +++ b/sdk/go/keycloak/saml/userAttributeProtocolMapper.go @@ -39,25 +39,27 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ +// samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ +// RealmId: pulumi.Any(test.Id), // ClientId: pulumi.String("test-saml-client"), -// RealmId: pulumi.Any(keycloak_realm.Test.Id), +// Name: pulumi.String("test-saml-client"), // }) // if err != nil { // return err // } -// _, err = saml.NewUserAttributeProtocolMapper(ctx, "samlUserAttributeMapper", &saml.UserAttributeProtocolMapperArgs{ +// _, err = saml.NewUserAttributeProtocolMapper(ctx, "saml_user_attribute_mapper", &saml.UserAttributeProtocolMapperArgs{ +// RealmId: pulumi.Any(test.Id), // ClientId: samlClient.ID(), -// RealmId: pulumi.Any(keycloak_realm.Test.Id), +// Name: pulumi.String("displayname-user-attribute-mapper"), +// UserAttribute: pulumi.String("displayName"), // SamlAttributeName: pulumi.String("displayName"), // SamlAttributeNameFormat: pulumi.String("Unspecified"), -// UserAttribute: pulumi.String("displayName"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/saml/userPropertyProtocolMapper.go b/sdk/go/keycloak/saml/userPropertyProtocolMapper.go index 99fb0792..a492329a 100644 --- a/sdk/go/keycloak/saml/userPropertyProtocolMapper.go +++ b/sdk/go/keycloak/saml/userPropertyProtocolMapper.go @@ -39,25 +39,27 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // _, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } -// samlClient, err := saml.NewClient(ctx, "samlClient", &saml.ClientArgs{ +// samlClient, err := saml.NewClient(ctx, "saml_client", &saml.ClientArgs{ +// RealmId: pulumi.Any(test.Id), // ClientId: pulumi.String("test-saml-client"), -// RealmId: pulumi.Any(keycloak_realm.Test.Id), +// Name: pulumi.String("test-saml-client"), // }) // if err != nil { // return err // } -// _, err = saml.NewUserPropertyProtocolMapper(ctx, "samlUserPropertyMapper", &saml.UserPropertyProtocolMapperArgs{ +// _, err = saml.NewUserPropertyProtocolMapper(ctx, "saml_user_property_mapper", &saml.UserPropertyProtocolMapperArgs{ +// RealmId: pulumi.Any(test.Id), // ClientId: samlClient.ID(), -// RealmId: pulumi.Any(keycloak_realm.Test.Id), +// Name: pulumi.String("email-user-property-mapper"), +// UserProperty: pulumi.String("email"), // SamlAttributeName: pulumi.String("email"), // SamlAttributeNameFormat: pulumi.String("Unspecified"), -// UserProperty: pulumi.String("email"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/user.go b/sdk/go/keycloak/user.go index e06d96d8..874c94fa 100644 --- a/sdk/go/keycloak/user.go +++ b/sdk/go/keycloak/user.go @@ -36,34 +36,34 @@ import ( // func main() { // pulumi.Run(func(ctx *pulumi.Context) error { // realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Enabled: pulumi.Bool(true), // Realm: pulumi.String("my-realm"), +// Enabled: pulumi.Bool(true), // }) // if err != nil { // return err // } // _, err = keycloak.NewUser(ctx, "user", &keycloak.UserArgs{ -// Email: pulumi.String("bob@domain.com"), +// RealmId: realm.ID(), +// Username: pulumi.String("bob"), // Enabled: pulumi.Bool(true), +// Email: pulumi.String("bob@domain.com"), // FirstName: pulumi.String("Bob"), // LastName: pulumi.String("Bobson"), -// RealmId: realm.ID(), -// Username: pulumi.String("bob"), // }) // if err != nil { // return err // } -// _, err = keycloak.NewUser(ctx, "userWithInitialPassword", &keycloak.UserArgs{ -// Email: pulumi.String("alice@domain.com"), +// _, err = keycloak.NewUser(ctx, "user_with_initial_password", &keycloak.UserArgs{ +// RealmId: realm.ID(), +// Username: pulumi.String("alice"), // Enabled: pulumi.Bool(true), +// Email: pulumi.String("alice@domain.com"), // FirstName: pulumi.String("Alice"), +// LastName: pulumi.String("Aliceberg"), // InitialPassword: &keycloak.UserInitialPasswordArgs{ -// Temporary: pulumi.Bool(true), // Value: pulumi.String("some password"), +// Temporary: pulumi.Bool(true), // }, -// LastName: pulumi.String("Aliceberg"), -// RealmId: realm.ID(), -// Username: pulumi.String("alice"), // }) // if err != nil { // return err diff --git a/sdk/go/keycloak/userGroups.go b/sdk/go/keycloak/userGroups.go index 15bad5e5..1a624598 100644 --- a/sdk/go/keycloak/userGroups.go +++ b/sdk/go/keycloak/userGroups.go @@ -42,6 +42,7 @@ import ( // } // group, err := keycloak.NewGroup(ctx, "group", &keycloak.GroupArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("foo"), // }) // if err != nil { // return err @@ -53,7 +54,7 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewUserGroups(ctx, "userGroups", &keycloak.UserGroupsArgs{ +// _, err = keycloak.NewUserGroups(ctx, "user_groups", &keycloak.UserGroupsArgs{ // RealmId: realm.ID(), // UserId: user.ID(), // GroupIds: pulumi.StringArray{ @@ -69,81 +70,6 @@ import ( // // ``` // -// -// ### Non Exhaustive Groups) -// -// ```go -// package main -// -// import ( -// -// "github.com/pulumi/pulumi-keycloak/sdk/v5/go/keycloak" -// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" -// -// ) -// -// func main() { -// pulumi.Run(func(ctx *pulumi.Context) error { -// realm, err := keycloak.NewRealm(ctx, "realm", &keycloak.RealmArgs{ -// Realm: pulumi.String("my-realm"), -// Enabled: pulumi.Bool(true), -// }) -// if err != nil { -// return err -// } -// groupFoo, err := keycloak.NewGroup(ctx, "groupFoo", &keycloak.GroupArgs{ -// RealmId: realm.ID(), -// }) -// if err != nil { -// return err -// } -// groupBar, err := keycloak.NewGroup(ctx, "groupBar", &keycloak.GroupArgs{ -// RealmId: realm.ID(), -// }) -// if err != nil { -// return err -// } -// user, err := keycloak.NewUser(ctx, "user", &keycloak.UserArgs{ -// RealmId: realm.ID(), -// Username: pulumi.String("my-user"), -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewUserGroups(ctx, "userGroupsAssociation1UserGroups", &keycloak.UserGroupsArgs{ -// RealmId: realm.ID(), -// UserId: user.ID(), -// Exhaustive: pulumi.Bool(false), -// GroupIds: pulumi.StringArray{ -// groupFoo.ID(), -// }, -// }) -// if err != nil { -// return err -// } -// _, err = keycloak.NewUserGroups(ctx, "userGroupsAssociation1Index/userGroupsUserGroups", &keycloak.UserGroupsArgs{ -// RealmId: realm.ID(), -// UserId: user.ID(), -// Exhaustive: pulumi.Bool(false), -// GroupIds: pulumi.StringArray{ -// groupBar.ID(), -// }, -// }) -// if err != nil { -// return err -// } -// return nil -// }) -// } -// -// ``` -// -// -// ## Import -// -// This resource does not support import. Instead of importing, feel free to create this resource -// -// as if it did not already exist on the server. type UserGroups struct { pulumi.CustomResourceState diff --git a/sdk/go/keycloak/userRoles.go b/sdk/go/keycloak/userRoles.go index e95c64a2..42ed67dd 100644 --- a/sdk/go/keycloak/userRoles.go +++ b/sdk/go/keycloak/userRoles.go @@ -46,8 +46,9 @@ import ( // if err != nil { // return err // } -// realmRole, err := keycloak.NewRole(ctx, "realmRole", &keycloak.RoleArgs{ +// realmRole, err := keycloak.NewRole(ctx, "realm_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), +// Name: pulumi.String("my-realm-role"), // Description: pulumi.String("My Realm Role"), // }) // if err != nil { @@ -56,15 +57,17 @@ import ( // _, err = openid.NewClient(ctx, "client", &openid.ClientArgs{ // RealmId: realm.ID(), // ClientId: pulumi.String("client"), +// Name: pulumi.String("client"), // Enabled: pulumi.Bool(true), // AccessType: pulumi.String("BEARER-ONLY"), // }) // if err != nil { // return err // } -// clientRole, err := keycloak.NewRole(ctx, "clientRole", &keycloak.RoleArgs{ +// clientRole, err := keycloak.NewRole(ctx, "client_role", &keycloak.RoleArgs{ // RealmId: realm.ID(), -// ClientId: pulumi.Any(keycloak_client.Client.Id), +// ClientId: pulumi.Any(clientKeycloakClient.Id), +// Name: pulumi.String("my-client-role"), // Description: pulumi.String("My Client Role"), // }) // if err != nil { @@ -81,7 +84,7 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewUserRoles(ctx, "userRoles", &keycloak.UserRolesArgs{ +// _, err = keycloak.NewUserRoles(ctx, "user_roles", &keycloak.UserRolesArgs{ // RealmId: realm.ID(), // UserId: user.ID(), // RoleIds: pulumi.StringArray{ diff --git a/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go b/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go index 5bf71dbc..b79ade99 100644 --- a/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go +++ b/sdk/go/keycloak/userTemplateImporterIdentityProviderMapper.go @@ -55,8 +55,9 @@ import ( // if err != nil { // return err // } -// _, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, "usernameImporter", &keycloak.UserTemplateImporterIdentityProviderMapperArgs{ +// _, err = keycloak.NewUserTemplateImporterIdentityProviderMapper(ctx, "username_importer", &keycloak.UserTemplateImporterIdentityProviderMapperArgs{ // Realm: realm.ID(), +// Name: pulumi.String("username-template-importer"), // IdentityProviderAlias: oidc.Alias, // Template: pulumi.String("${ALIAS}.${CLAIM.email}"), // ExtraConfig: pulumi.Map{ diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java index c3225bb9..0423588b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeImporterIdentityProviderMapper.java @@ -46,9 +46,10 @@ * * public static void stack(Context ctx) { * var testMapper = new AttributeImporterIdentityProviderMapper("testMapper", AttributeImporterIdentityProviderMapperArgs.builder() - * .attributeName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname") - * .identityProviderAlias("idp_alias") * .realm("my-realm") + * .name("my-mapper") + * .identityProviderAlias("idp_alias") + * .attributeName("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname") * .userAttribute("lastName") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java index a5c980e4..6a5762cc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/AttributeToRoleIdentityMapper.java @@ -56,7 +56,7 @@ * .enabled(true) * .build()); * - * var oidcIdentityProvider = new IdentityProvider("oidcIdentityProvider", IdentityProviderArgs.builder() + * var oidc = new IdentityProvider("oidc", IdentityProviderArgs.builder() * .realm(realm.id()) * .alias("oidc") * .authorizationUrl("https://example.com/auth") @@ -68,12 +68,14 @@ * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * * var oidcAttributeToRoleIdentityMapper = new AttributeToRoleIdentityMapper("oidcAttributeToRoleIdentityMapper", AttributeToRoleIdentityMapperArgs.builder() * .realm(realm.id()) - * .identityProviderAlias(oidcIdentityProvider.alias()) + * .name("role-attribute") + * .identityProviderAlias(oidc.alias()) * .role("my-realm-role") * .claimName("my-claim") * .claimValue("my-value") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java index 3337a40c..3ff21a16 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomIdentityProviderMapping.java @@ -50,7 +50,7 @@ * .enabled(true) * .build()); * - * var oidcIdentityProvider = new IdentityProvider("oidcIdentityProvider", IdentityProviderArgs.builder() + * var oidc = new IdentityProvider("oidc", IdentityProviderArgs.builder() * .realm(realm.id()) * .alias("oidc") * .authorizationUrl("https://example.com/auth") @@ -62,7 +62,8 @@ * * var oidcCustomIdentityProviderMapping = new CustomIdentityProviderMapping("oidcCustomIdentityProviderMapping", CustomIdentityProviderMappingArgs.builder() * .realm(realm.id()) - * .identityProviderAlias(oidcIdentityProvider.alias()) + * .name("email-attribute-importer") + * .identityProviderAlias(oidc.alias()) * .identityProviderMapper("%s-user-attribute-idp-mapper") * .extraConfig(Map.ofEntries( * Map.entry("syncMode", "INHERIT"), diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java index 0b155d4f..f662e282 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/CustomUserFederation.java @@ -54,14 +54,15 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var customUserFederation = new CustomUserFederation("customUserFederation", CustomUserFederationArgs.builder() - * .enabled(true) - * .providerId("custom") + * .name("custom") * .realmId(realm.id()) + * .providerId("custom") + * .enabled(true) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java index 87db6d9d..565f6a4b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/DefaultGroups.java @@ -51,17 +51,18 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("my-group") * .build()); * * var default_ = new DefaultGroups("default", DefaultGroupsArgs.builder() - * .groupIds(group.id()) * .realmId(realm.id()) + * .groupIds(group.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java index 5634fb0c..96d131e6 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientProtocolMapper.java @@ -57,26 +57,27 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() - * .clientId("test-client") * .realmId(realm.id()) + * .clientId("test-client") * .build()); * * var samlHardcodeAttributeMapper = new GenericClientProtocolMapper("samlHardcodeAttributeMapper", GenericClientProtocolMapperArgs.builder() + * .realmId(realm.id()) * .clientId(samlClient.id()) + * .name("tes-mapper") + * .protocol("saml") + * .protocolMapper("saml-hardcode-attribute-mapper") * .config(Map.ofEntries( * Map.entry("attribute.name", "name"), * Map.entry("attribute.nameformat", "Basic"), * Map.entry("attribute.value", "value"), * Map.entry("friendly.name", "display name") * )) - * .protocol("saml") - * .protocolMapper("saml-hardcode-attribute-mapper") - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java index 15381c49..259e0f72 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericClientRoleMapper.java @@ -63,12 +63,14 @@ * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * @@ -121,6 +123,7 @@ * var clientA = new Client("clientA", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client-a") + * .name("client-a") * .enabled(true) * .accessType("BEARER-ONLY") * .fullScopeAllowed(false) @@ -129,12 +132,14 @@ * var clientRoleA = new Role("clientRoleA", RoleArgs.builder() * .realmId(realm.id()) * .clientId(clientA.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * * var clientB = new Client("clientB", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client-b") + * .name("client-b") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); @@ -142,6 +147,7 @@ * var clientRoleB = new Role("clientRoleB", RoleArgs.builder() * .realmId(realm.id()) * .clientId(clientB.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * @@ -193,10 +199,12 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("my-client-scope") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * @@ -251,6 +259,7 @@ * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); @@ -258,11 +267,13 @@ * var clientRole = new Role("clientRole", RoleArgs.builder() * .realmId(realm.id()) * .clientId(client.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("my-client-scope") * .build()); * * var clientBRoleMapper = new GenericClientRoleMapper("clientBRoleMapper", GenericClientRoleMapperArgs.builder() diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java index 8be02f5f..c22d6155 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericProtocolMapper.java @@ -67,6 +67,7 @@ * var samlHardcodeAttributeMapper = new GenericProtocolMapper("samlHardcodeAttributeMapper", GenericProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(samlClient.id()) + * .name("test-mapper") * .protocol("saml") * .protocolMapper("saml-hardcode-attribute-mapper") * .config(Map.ofEntries( diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java index 6292c73a..92fda4cc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GenericRoleMapper.java @@ -61,12 +61,14 @@ * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * @@ -119,6 +121,7 @@ * var clientA = new Client("clientA", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client-a") + * .name("client-a") * .enabled(true) * .accessType("BEARER-ONLY") * .fullScopeAllowed(false) @@ -127,12 +130,14 @@ * var clientRoleA = new Role("clientRoleA", RoleArgs.builder() * .realmId(realm.id()) * .clientId(clientA.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * * var clientB = new Client("clientB", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client-b") + * .name("client-b") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); @@ -140,6 +145,7 @@ * var clientRoleB = new Role("clientRoleB", RoleArgs.builder() * .realmId(realm.id()) * .clientId(clientB.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * @@ -191,10 +197,12 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("my-client-scope") * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * @@ -249,6 +257,7 @@ * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); @@ -256,11 +265,13 @@ * var clientRole = new Role("clientRole", RoleArgs.builder() * .realmId(realm.id()) * .clientId(client.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("my-client-scope") * .build()); * * var clientBRoleMapper = new GenericRoleMapper("clientBRoleMapper", GenericRoleMapperArgs.builder() diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java index 88c64659..df67c4be 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Group.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Group.java @@ -57,26 +57,29 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var parentGroup = new Group("parentGroup", GroupArgs.builder() * .realmId(realm.id()) + * .name("parent-group") * .build()); * * var childGroup = new Group("childGroup", GroupArgs.builder() - * .parentId(parentGroup.id()) * .realmId(realm.id()) + * .parentId(parentGroup.id()) + * .name("child-group") * .build()); * * var childGroupWithOptionalAttributes = new Group("childGroupWithOptionalAttributes", GroupArgs.builder() + * .realmId(realm.id()) + * .parentId(parentGroup.id()) + * .name("child-group-with-optional-attributes") * .attributes(Map.ofEntries( * Map.entry("key1", "value1"), * Map.entry("key2", "value2") * )) - * .parentId(parentGroup.id()) - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java index 65a6dcaa..65a64e45 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupMemberships.java @@ -63,12 +63,13 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("my-group") * .build()); * * var user = new User("user", UserArgs.builder() @@ -77,9 +78,9 @@ * .build()); * * var groupMembers = new GroupMemberships("groupMembers", GroupMembershipsArgs.builder() + * .realmId(realm.id()) * .groupId(group.id()) * .members(user.username()) - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java index 347a3c88..03b5c23c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/GroupRoles.java @@ -64,35 +64,39 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() - * .description("My Realm Role") * .realmId(realm.id()) + * .name("my-realm-role") + * .description("My Realm Role") * .build()); * * var client = new Client("client", ClientArgs.builder() - * .accessType("BEARER-ONLY") + * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("BEARER-ONLY") * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .clientId(keycloak_client.client().id()) - * .description("My Client Role") * .realmId(realm.id()) + * .clientId(clientKeycloakClient.id()) + * .name("my-client-role") + * .description("My Client Role") * .build()); * * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("my-group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.id()) * .realmId(realm.id()) + * .groupId(group.id()) * .roleIds( * realmRole.id(), * clientRole.id()) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java index 80619eee..9bcebe3b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedAttributeIdentityProviderMapper.java @@ -55,7 +55,7 @@ * .enabled(true) * .build()); * - * var oidcIdentityProvider = new IdentityProvider("oidcIdentityProvider", IdentityProviderArgs.builder() + * var oidc = new IdentityProvider("oidc", IdentityProviderArgs.builder() * .realm(realm.id()) * .alias("my-idp") * .authorizationUrl("https://authorizationurl.com") @@ -66,7 +66,8 @@ * * var oidcHardcodedAttributeIdentityProviderMapper = new HardcodedAttributeIdentityProviderMapper("oidcHardcodedAttributeIdentityProviderMapper", HardcodedAttributeIdentityProviderMapperArgs.builder() * .realm(realm.id()) - * .identityProviderAlias(oidcIdentityProvider.alias()) + * .name("hardcodedUserSessionAttribute") + * .identityProviderAlias(oidc.alias()) * .attributeName("attribute") * .attributeValue("value") * .userSession(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java index 04db04dc..f9f23d32 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/HardcodedRoleIdentityMapper.java @@ -56,7 +56,7 @@ * .enabled(true) * .build()); * - * var oidcIdentityProvider = new IdentityProvider("oidcIdentityProvider", IdentityProviderArgs.builder() + * var oidc = new IdentityProvider("oidc", IdentityProviderArgs.builder() * .realm(realm.id()) * .alias("my-idp") * .authorizationUrl("https://authorizationurl.com") @@ -67,12 +67,14 @@ * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * * var oidcHardcodedRoleIdentityMapper = new HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", HardcodedRoleIdentityMapperArgs.builder() * .realm(realm.id()) - * .identityProviderAlias(oidcIdentityProvider.alias()) + * .name("hardcodedRole") + * .identityProviderAlias(oidc.alias()) * .role("my-realm-role") * .extraConfig(Map.of("syncMode", "INHERIT")) * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java b/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java index 8828e6d0..9267ddab 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/IdentityProviderTokenExchangeScopePermission.java @@ -63,6 +63,7 @@ * * var token_exchangeWebappClient = new Client("token-exchangeWebappClient", ClientArgs.builder() * .realmId(tokenExchangeRealm.id()) + * .name("webapp_client") * .clientId("webapp_client") * .clientSecret("secret") * .description("a webapp client on the destination realm") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java index 79de6db0..ff78b269 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/KeycloakFunctions.java @@ -463,7 +463,7 @@ public static CompletableFuture getAuthenticationFl * .enabled(true) * .build()); * - * final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() + * final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() * .realmId(realm.id()) * .body(""" * <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId"> @@ -498,7 +498,7 @@ public static CompletableFuture getAuthenticationFl * * var samlClientClient = new Client("samlClientClient", ClientArgs.builder() * .realmId(realm.id()) - * .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -> samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) + * .clientId(samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClient -> samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) * .build()); * * } @@ -547,7 +547,7 @@ public static Output getClientDescriptionCo * .enabled(true) * .build()); * - * final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() + * final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() * .realmId(realm.id()) * .body(""" * <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId"> @@ -582,7 +582,7 @@ public static Output getClientDescriptionCo * * var samlClientClient = new Client("samlClientClient", ClientArgs.builder() * .realmId(realm.id()) - * .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -> samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) + * .clientId(samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClient -> samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) * .build()); * * } @@ -631,7 +631,7 @@ public static CompletableFuture getClientDe * .enabled(true) * .build()); * - * final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() + * final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() * .realmId(realm.id()) * .body(""" * <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId"> @@ -666,7 +666,7 @@ public static CompletableFuture getClientDe * * var samlClientClient = new Client("samlClientClient", ClientArgs.builder() * .realmId(realm.id()) - * .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -> samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) + * .clientId(samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClient -> samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) * .build()); * * } @@ -715,7 +715,7 @@ public static Output getClientDescriptionCo * .enabled(true) * .build()); * - * final var samlClientClientDescriptionConverter = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() + * final var samlClient = KeycloakFunctions.getClientDescriptionConverter(GetClientDescriptionConverterArgs.builder() * .realmId(realm.id()) * .body(""" * <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" validUntil="2021-04-17T12:41:46Z" cacheDuration="PT604800S" entityID="FakeEntityId"> @@ -750,7 +750,7 @@ public static Output getClientDescriptionCo * * var samlClientClient = new Client("samlClientClient", ClientArgs.builder() * .realmId(realm.id()) - * .clientId(samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClientClientDescriptionConverter -> samlClientClientDescriptionConverter.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) + * .clientId(samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult).applyValue(samlClient -> samlClient.applyValue(getClientDescriptionConverterResult -> getClientDescriptionConverterResult.clientId()))) * .build()); * * } @@ -798,23 +798,23 @@ public static CompletableFuture getClientDe * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .name("group") * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .realmId(realm.id()) + * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -877,23 +877,23 @@ public static Output getGroup(GetGroupArgs args) { * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .name("group") * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .realmId(realm.id()) + * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -956,23 +956,23 @@ public static CompletableFuture getGroupPlain(GetGroupPlainArgs * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .name("group") * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .realmId(realm.id()) + * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1035,23 +1035,23 @@ public static Output getGroup(GetGroupArgs args, InvokeOptions o * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * * final var group = KeycloakFunctions.getGroup(GetGroupArgs.builder() - * .name("group") * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .realmId(realm.id()) + * .groupId(group.applyValue(getGroupResult -> getGroupResult).applyValue(group -> group.applyValue(getGroupResult -> getGroupResult.id()))) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1114,8 +1114,10 @@ public static CompletableFuture getGroupPlain(GetGroupPlainArgs * .realm("my-realm") * .build()); * + * // use the data source * var group = new Role("group", RoleArgs.builder() - * .realmId(data.keycloak_realm().id()) + * .realmId(id) + * .name("group") * .build()); * * } @@ -1173,8 +1175,10 @@ public static Output getRealm(GetRealmArgs args) { * .realm("my-realm") * .build()); * + * // use the data source * var group = new Role("group", RoleArgs.builder() - * .realmId(data.keycloak_realm().id()) + * .realmId(id) + * .name("group") * .build()); * * } @@ -1232,8 +1236,10 @@ public static CompletableFuture getRealmPlain(GetRealmPlainArgs * .realm("my-realm") * .build()); * + * // use the data source * var group = new Role("group", RoleArgs.builder() - * .realmId(data.keycloak_realm().id()) + * .realmId(id) + * .name("group") * .build()); * * } @@ -1291,8 +1297,10 @@ public static Output getRealm(GetRealmArgs args, InvokeOptions o * .realm("my-realm") * .build()); * + * // use the data source * var group = new Role("group", RoleArgs.builder() - * .realmId(data.keycloak_realm().id()) + * .realmId(id) + * .name("group") * .build()); * * } @@ -1411,22 +1419,24 @@ public static CompletableFuture getRealmKeysPlain(GetRealmKe * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * + * // use the data source * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.id()) * .realmId(realm.id()) + * .groupId(group.id()) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1493,22 +1503,24 @@ public static Output getRole(GetRoleArgs args) { * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * + * // use the data source * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.id()) * .realmId(realm.id()) + * .groupId(group.id()) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1575,22 +1587,24 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * + * // use the data source * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.id()) * .realmId(realm.id()) + * .groupId(group.id()) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1657,22 +1671,24 @@ public static Output getRole(GetRoleArgs args, InvokeOptions opti * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * final var offlineAccess = KeycloakFunctions.getRole(GetRoleArgs.builder() - * .name("offline_access") * .realmId(realm.id()) + * .name("offline_access") * .build()); * + * // use the data source * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("group") * .build()); * * var groupRoles = new GroupRoles("groupRoles", GroupRolesArgs.builder() - * .groupId(group.id()) * .realmId(realm.id()) + * .groupId(group.id()) * .roles(offlineAccess.applyValue(getRoleResult -> getRoleResult).applyValue(offlineAccess -> offlineAccess.applyValue(getRoleResult -> getRoleResult.id()))) * .build()); * @@ -1734,6 +1750,7 @@ public static CompletableFuture getRolePlain(GetRolePlainArgs arg * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") @@ -1781,6 +1798,7 @@ public static Output getUser(GetUserArgs args) { * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") @@ -1828,6 +1846,7 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") @@ -1875,6 +1894,7 @@ public static Output getUser(GetUserArgs args, InvokeOptions opti * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") @@ -1923,11 +1943,13 @@ public static CompletableFuture getUserPlain(GetUserPlainArgs arg * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") * .build()); * + * // use the keycloak_user_realm_roles data source to list role names * final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .userId(defaultAdminUser.applyValue(getUserResult -> getUserResult.id())) @@ -1976,11 +1998,13 @@ public static Output getUserRealmRoles(GetUserRealmRole * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") * .build()); * + * // use the keycloak_user_realm_roles data source to list role names * final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .userId(defaultAdminUser.applyValue(getUserResult -> getUserResult.id())) @@ -2029,11 +2053,13 @@ public static CompletableFuture getUserRealmRolesPlain( * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") * .build()); * + * // use the keycloak_user_realm_roles data source to list role names * final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .userId(defaultAdminUser.applyValue(getUserResult -> getUserResult.id())) @@ -2082,11 +2108,13 @@ public static Output getUserRealmRoles(GetUserRealmRole * .realm("master") * .build()); * + * // use the keycloak_user data source to grab the admin user's ID * final var defaultAdminUser = KeycloakFunctions.getUser(GetUserArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .username("keycloak") * .build()); * + * // use the keycloak_user_realm_roles data source to list role names * final var userRealmRoles = KeycloakFunctions.getUserRealmRoles(GetUserRealmRolesArgs.builder() * .realmId(masterRealm.applyValue(getRealmResult -> getRealmResult.id())) * .userId(defaultAdminUser.applyValue(getUserResult -> getUserResult.id())) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java index f689166f..769382bd 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmEvents.java @@ -53,15 +53,15 @@ * .build()); * * var realmEvents = new RealmEvents("realmEvents", RealmEventsArgs.builder() - * .adminEventsDetailsEnabled(true) + * .realmId(realm.id()) + * .eventsEnabled(true) + * .eventsExpiration(3600) * .adminEventsEnabled(true) + * .adminEventsDetailsEnabled(true) * .enabledEventTypes( * "LOGIN", * "LOGOUT") - * .eventsEnabled(true) - * .eventsExpiration(3600) * .eventsListeners("jboss-logging") - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java index dd243abb..85523128 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreAesGenerated.java @@ -52,6 +52,7 @@ * .build()); * * var keystoreAesGenerated = new RealmKeystoreAesGenerated("keystoreAesGenerated", RealmKeystoreAesGeneratedArgs.builder() + * .name("my-aes-generated-key") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java index 276f92ef..a1945a38 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreEcdsaGenerated.java @@ -52,6 +52,7 @@ * .build()); * * var keystoreEcdsaGenerated = new RealmKeystoreEcdsaGenerated("keystoreEcdsaGenerated", RealmKeystoreEcdsaGeneratedArgs.builder() + * .name("my-ecdsa-generated-key") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java index 2f923785..c883d8e1 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreHmacGenerated.java @@ -52,6 +52,7 @@ * .build()); * * var keystoreHmacGenerated = new RealmKeystoreHmacGenerated("keystoreHmacGenerated", RealmKeystoreHmacGeneratedArgs.builder() + * .name("my-hmac-generated-key") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java index 33bd2147..732aa3cc 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreJavaGenerated.java @@ -52,6 +52,7 @@ * .build()); * * var javaKeystore = new RealmKeystoreJavaGenerated("javaKeystore", RealmKeystoreJavaGeneratedArgs.builder() + * .name("my-java-keystore") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java index 78100344..9adb104c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsa.java @@ -52,6 +52,7 @@ * .build()); * * var keystoreRsa = new RealmKeystoreRsa("keystoreRsa", RealmKeystoreRsaArgs.builder() + * .name("my-rsa-key") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java index 62c25796..50fc653d 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmKeystoreRsaGenerated.java @@ -52,6 +52,7 @@ * .build()); * * var keystoreRsaGenerated = new RealmKeystoreRsaGenerated("keystoreRsaGenerated", RealmKeystoreRsaGeneratedArgs.builder() + * .name("my-rsa-generated-key") * .realmId(realm.id()) * .enabled(true) * .active(true) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java index 960c7351..7805e8c8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RealmUserProfile.java @@ -65,7 +65,7 @@ * .build()); * * var userprofile = new RealmUserProfile("userprofile", RealmUserProfileArgs.builder() - * .realmId(keycloak_realm.my_realm().id()) + * .realmId(myRealm.id()) * .attributes( * RealmUserProfileAttributeArgs.builder() * .name("field1") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java b/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java index 00b26985..5c311d7f 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/RequiredAction.java @@ -56,6 +56,7 @@ * .realmId(realm.realm()) * .alias("webauthn-register") * .enabled(true) + * .name("Webauthn Register") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java index 68d518ba..cbd668a8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/Role.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/Role.java @@ -52,13 +52,14 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var realmRole = new Role("realmRole", RoleArgs.builder() - * .description("My Realm Role") * .realmId(realm.id()) + * .name("my-realm-role") + * .description("My Realm Role") * .build()); * * } @@ -95,21 +96,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var client = new Client("client", ClientArgs.builder() - * .accessType("BEARER-ONLY") + * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("BEARER-ONLY") * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .clientId(keycloak_client.client().id()) - * .description("My Client Role") * .realmId(realm.id()) + * .clientId(clientKeycloakClient.id()) + * .name("my-client-role") + * .description("My Client Role") * .build()); * * } @@ -146,47 +149,56 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * + * // realm roles * var createRole = new Role("createRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("create") * .build()); * * var readRole = new Role("readRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("read") * .build()); * * var updateRole = new Role("updateRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("update") * .build()); * * var deleteRole = new Role("deleteRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("delete") * .build()); * + * // client role * var client = new Client("client", ClientArgs.builder() - * .accessType("BEARER-ONLY") + * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("BEARER-ONLY") * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() - * .clientId(keycloak_client.client().id()) - * .description("My Client Role") * .realmId(realm.id()) + * .clientId(clientKeycloakClient.id()) + * .name("my-client-role") + * .description("My Client Role") * .build()); * * var adminRole = new Role("adminRole", RoleArgs.builder() + * .realmId(realm.id()) + * .name("admin") * .compositeRoles( * "{keycloak_role.create_role.id}", * "{keycloak_role.read_role.id}", * "{keycloak_role.update_role.id}", * "{keycloak_role.delete_role.id}", * "{keycloak_role.client_role.id}") - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/User.java b/sdk/java/src/main/java/com/pulumi/keycloak/User.java index e5b9bb20..0a5d20e0 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/User.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/User.java @@ -57,30 +57,30 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var user = new User("user", UserArgs.builder() - * .email("bob@domain.com") + * .realmId(realm.id()) + * .username("bob") * .enabled(true) + * .email("bob@domain.com") * .firstName("Bob") * .lastName("Bobson") - * .realmId(realm.id()) - * .username("bob") * .build()); * * var userWithInitialPassword = new User("userWithInitialPassword", UserArgs.builder() - * .email("alice@domain.com") + * .realmId(realm.id()) + * .username("alice") * .enabled(true) + * .email("alice@domain.com") * .firstName("Alice") + * .lastName("Aliceberg") * .initialPassword(UserInitialPasswordArgs.builder() - * .temporary(true) * .value("some password") + * .temporary(true) * .build()) - * .lastName("Aliceberg") - * .realmId(realm.id()) - * .username("alice") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java index 3e59a266..d88ebb48 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserGroups.java @@ -60,6 +60,7 @@ * * var group = new Group("group", GroupArgs.builder() * .realmId(realm.id()) + * .name("foo") * .build()); * * var user = new User("user", UserArgs.builder() @@ -78,78 +79,6 @@ * ``` * <!--End PulumiCodeChooser --> * - * ### Non Exhaustive Groups) - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.Group; - * import com.pulumi.keycloak.GroupArgs; - * import com.pulumi.keycloak.User; - * import com.pulumi.keycloak.UserArgs; - * import com.pulumi.keycloak.UserGroups; - * import com.pulumi.keycloak.UserGroupsArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var groupFoo = new Group("groupFoo", GroupArgs.builder() - * .realmId(realm.id()) - * .build()); - * - * var groupBar = new Group("groupBar", GroupArgs.builder() - * .realmId(realm.id()) - * .build()); - * - * var user = new User("user", UserArgs.builder() - * .realmId(realm.id()) - * .username("my-user") - * .build()); - * - * var userGroupsAssociation1UserGroups = new UserGroups("userGroupsAssociation1UserGroups", UserGroupsArgs.builder() - * .realmId(realm.id()) - * .userId(user.id()) - * .exhaustive(false) - * .groupIds(groupFoo.id()) - * .build()); - * - * var userGroupsAssociation1Index_userGroupsUserGroups = new UserGroups("userGroupsAssociation1Index/userGroupsUserGroups", UserGroupsArgs.builder() - * .realmId(realm.id()) - * .userId(user.id()) - * .exhaustive(false) - * .groupIds(groupBar.id()) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * - * ## Import - * - * This resource does not support import. Instead of importing, feel free to create this resource - * - * as if it did not already exist on the server. - * */ @ResourceType(type="keycloak:index/userGroups:UserGroups") public class UserGroups extends com.pulumi.resources.CustomResource { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java index 1a01d82d..317827ee 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserRoles.java @@ -67,19 +67,22 @@ * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .description("My Realm Role") * .build()); * * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("BEARER-ONLY") * .build()); * * var clientRole = new Role("clientRole", RoleArgs.builder() * .realmId(realm.id()) - * .clientId(keycloak_client.client().id()) + * .clientId(clientKeycloakClient.id()) + * .name("my-client-role") * .description("My Client Role") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java index cd013129..775c898a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UserTemplateImporterIdentityProviderMapper.java @@ -70,6 +70,7 @@ * * var usernameImporter = new UserTemplateImporterIdentityProviderMapper("usernameImporter", UserTemplateImporterIdentityProviderMapperArgs.builder() * .realm(realm.id()) + * .name("username-template-importer") * .identityProviderAlias(oidc.alias()) * .template("${ALIAS}.${CLAIM.email}") * .extraConfig(Map.of("syncMode", "INHERIT")) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java b/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java index a7a9c637..3bc8188b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/UsersPermissions.java @@ -94,7 +94,7 @@ * .build()); * * // creating a user to use with the keycloak_openid_client_user_policy resource - * var testUser = new User("testUser", UserArgs.builder() + * var test = new User("test", UserArgs.builder() * .realmId(realm.id()) * .username("test-user") * .email("test-user@fakedomain.com") @@ -105,7 +105,8 @@ * var testClientUserPolicy = new ClientUserPolicy("testClientUserPolicy", ClientUserPolicyArgs.builder() * .realmId(realm.id()) * .resourceServerId(realmManagement.applyValue(getClientResult -> getClientResult).applyValue(realmManagement -> realmManagement.applyValue(getClientResult -> getClientResult.id()))) - * .users(testUser.id()) + * .name("client_user_policy_test") + * .users(test.id()) * .logic("POSITIVE") * .decisionStrategy("UNANIMOUS") * .build(), CustomResourceOptions.builder() diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java index 3e8d77da..4a8fe5e5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/CustomMapper.java @@ -59,6 +59,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("openldap") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -73,8 +74,9 @@ * .build()); * * var customMapper = new CustomMapper("customMapper", CustomMapperArgs.builder() - * .realmId(keycloak_ldap_user_federation.openldap().realm_id()) - * .ldapUserFederationId(keycloak_ldap_user_federation.openldap().id()) + * .name("custom-mapper") + * .realmId(openldap.realmId()) + * .ldapUserFederationId(openldap.id()) * .providerId("custom-provider-registered-in-keycloak") * .providerType("com.example.custom.ldap.mappers.CustomMapper") * .config(Map.ofEntries( diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java index e62d41f3..262c93b2 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/FullNameMapper.java @@ -53,28 +53,30 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .bindCredential("admin") - * .bindDn("cn=admin,dc=example,dc=org") - * .connectionUrl("ldap://openldap") - * .rdnLdapAttribute("cn") + * .name("openldap") * .realmId(realm.id()) + * .usernameLdapAttribute("cn") + * .rdnLdapAttribute("cn") + * .uuidLdapAttribute("entryDN") * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .usernameLdapAttribute("cn") + * .connectionUrl("ldap://openldap") * .usersDn("dc=example,dc=org") - * .uuidLdapAttribute("entryDN") + * .bindDn("cn=admin,dc=example,dc=org") + * .bindCredential("admin") * .build()); * * var ldapFullNameMapper = new FullNameMapper("ldapFullNameMapper", FullNameMapperArgs.builder() - * .ldapFullNameAttribute("cn") - * .ldapUserFederationId(ldapUserFederation.id()) * .realmId(realm.id()) + * .ldapUserFederationId(ldapUserFederation.id()) + * .name("full-name-mapper") + * .ldapFullNameAttribute("cn") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java index a99077a7..8377bd58 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/GroupMapper.java @@ -55,34 +55,36 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .bindCredential("admin") - * .bindDn("cn=admin,dc=example,dc=org") - * .connectionUrl("ldap://openldap") - * .rdnLdapAttribute("cn") + * .name("openldap") * .realmId(realm.id()) + * .usernameLdapAttribute("cn") + * .rdnLdapAttribute("cn") + * .uuidLdapAttribute("entryDN") * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .usernameLdapAttribute("cn") + * .connectionUrl("ldap://openldap") * .usersDn("dc=example,dc=org") - * .uuidLdapAttribute("entryDN") + * .bindDn("cn=admin,dc=example,dc=org") + * .bindCredential("admin") * .build()); * * var ldapGroupMapper = new GroupMapper("ldapGroupMapper", GroupMapperArgs.builder() + * .realmId(realm.id()) + * .ldapUserFederationId(ldapUserFederation.id()) + * .name("group-mapper") + * .ldapGroupsDn("dc=example,dc=org") * .groupNameLdapAttribute("cn") * .groupObjectClasses("groupOfNames") - * .ldapGroupsDn("dc=example,dc=org") - * .ldapUserFederationId(ldapUserFederation.id()) - * .memberofLdapAttribute("memberOf") * .membershipAttributeType("DN") * .membershipLdapAttribute("member") * .membershipUserLdapAttribute("cn") - * .realmId(realm.id()) + * .memberofLdapAttribute("memberOf") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java index 98b528d6..f955ae42 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedAttributeMapper.java @@ -54,6 +54,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("openldap") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -71,6 +72,7 @@ * var assignBarToFoo = new HardcodedAttributeMapper("assignBarToFoo", HardcodedAttributeMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .name("assign-foo-to-bar") * .attributeName("foo") * .attributeValue("bar") * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java index 402ba298..79fbe6cf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedGroupMapper.java @@ -54,6 +54,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("openldap") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -69,11 +70,13 @@ * * var realmGroup = new Group("realmGroup", GroupArgs.builder() * .realmId(realm.id()) + * .name("my-group") * .build()); * * var assignGroupToUsers = new HardcodedGroupMapper("assignGroupToUsers", HardcodedGroupMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .name("assign-group-to-users") * .group(realmGroup.name()) * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java index 01a430c1..6e666b13 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/HardcodedRoleMapper.java @@ -52,6 +52,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("openldap") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -68,6 +69,7 @@ * var assignAdminRoleToAllUsers = new HardcodedRoleMapper("assignAdminRoleToAllUsers", HardcodedRoleMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .name("assign-admin-role-to-all-users") * .role("admin") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java index 488f9012..c8ca1858 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadLdsUserAccountControlMapper.java @@ -56,6 +56,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("ad") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -73,6 +74,7 @@ * var msadLdsUserAccountControlMapper = new MsadLdsUserAccountControlMapper("msadLdsUserAccountControlMapper", MsadLdsUserAccountControlMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .name("msad-lds-user-account-control-mapper") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java index e7f3d6a4..05a0e890 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/MsadUserAccountControlMapper.java @@ -55,28 +55,30 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .bindCredential("admin") - * .bindDn("cn=admin,dc=example,dc=org") - * .connectionUrl("ldap://my-ad-server") - * .rdnLdapAttribute("cn") + * .name("ad") * .realmId(realm.id()) + * .usernameLdapAttribute("cn") + * .rdnLdapAttribute("cn") + * .uuidLdapAttribute("objectGUID") * .userObjectClasses( * "person", * "organizationalPerson", * "user") - * .usernameLdapAttribute("cn") + * .connectionUrl("ldap://my-ad-server") * .usersDn("dc=example,dc=org") - * .uuidLdapAttribute("objectGUID") + * .bindDn("cn=admin,dc=example,dc=org") + * .bindCredential("admin") * .build()); * * var msadUserAccountControlMapper = new MsadUserAccountControlMapper("msadUserAccountControlMapper", MsadUserAccountControlMapperArgs.builder() - * .ldapUserFederationId(ldapUserFederation.id()) * .realmId(realm.id()) + * .ldapUserFederationId(ldapUserFederation.id()) + * .name("msad-user-account-control-mapper") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java index 946ec5f7..8910a0d8 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/RoleMapper.java @@ -55,6 +55,7 @@ * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() + * .name("openldap") * .realmId(realm.id()) * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") @@ -71,6 +72,7 @@ * var ldapRoleMapper = new RoleMapper("ldapRoleMapper", RoleMapperArgs.builder() * .realmId(realm.id()) * .ldapUserFederationId(ldapUserFederation.id()) + * .name("role-mapper") * .ldapRolesDn("dc=example,dc=org") * .roleNameLdapAttribute("cn") * .roleObjectClasses("groupOfNames") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java index c0711077..7256f821 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserAttributeMapper.java @@ -53,29 +53,31 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .bindCredential("admin") - * .bindDn("cn=admin,dc=example,dc=org") - * .connectionUrl("ldap://openldap") - * .rdnLdapAttribute("cn") + * .name("openldap") * .realmId(realm.id()) + * .usernameLdapAttribute("cn") + * .rdnLdapAttribute("cn") + * .uuidLdapAttribute("entryDN") * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .usernameLdapAttribute("cn") + * .connectionUrl("ldap://openldap") * .usersDn("dc=example,dc=org") - * .uuidLdapAttribute("entryDN") + * .bindDn("cn=admin,dc=example,dc=org") + * .bindCredential("admin") * .build()); * * var ldapUserAttributeMapper = new UserAttributeMapper("ldapUserAttributeMapper", UserAttributeMapperArgs.builder() - * .ldapAttribute("bar") - * .ldapUserFederationId(ldapUserFederation.id()) * .realmId(realm.id()) + * .ldapUserFederationId(ldapUserFederation.id()) + * .name("user-attribute-mapper") * .userModelAttribute("foo") + * .ldapAttribute("bar") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java index 42fd10e1..baadf644 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/ldap/UserFederation.java @@ -56,25 +56,26 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("test") + * .enabled(true) * .build()); * * var ldapUserFederation = new UserFederation("ldapUserFederation", UserFederationArgs.builder() - * .bindCredential("admin") - * .bindDn("cn=admin,dc=example,dc=org") - * .connectionTimeout("5s") - * .connectionUrl("ldap://openldap") + * .name("openldap") + * .realmId(realm.id()) * .enabled(true) + * .usernameLdapAttribute("cn") * .rdnLdapAttribute("cn") - * .readTimeout("10s") - * .realmId(realm.id()) + * .uuidLdapAttribute("entryDN") * .userObjectClasses( * "simpleSecurityObject", * "organizationalRole") - * .usernameLdapAttribute("cn") + * .connectionUrl("ldap://openldap") * .usersDn("dc=example,dc=org") - * .uuidLdapAttribute("entryDN") + * .bindDn("cn=admin,dc=example,dc=org") + * .bindCredential("admin") + * .connectionTimeout("5s") + * .readTimeout("10s") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java index fd5df89a..9fc39b05 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/oidc/GoogleIdentityProvider.java @@ -56,8 +56,8 @@ * * var google = new GoogleIdentityProvider("google", GoogleIdentityProviderArgs.builder() * .realm(realm.id()) - * .clientId(var_.google_identity_provider_client_id()) - * .clientSecret(var_.google_identity_provider_client_secret()) + * .clientId(googleIdentityProviderClientId) + * .clientSecret(googleIdentityProviderClientSecret) * .trustEmail(true) * .hostedDomain("example.com") * .syncMode("IMPORT") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java index eb82380b..360030fb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceProtocolMapper.java @@ -54,22 +54,24 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() + * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("audience-mapper") * .includedCustomAudience("foo") - * .realmId(realm.id()) * .build()); * * } @@ -106,18 +108,20 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() + * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .name("audience-mapper") * .includedCustomAudience("foo") - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java index 54391a86..f355ed90 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMapper.java @@ -61,6 +61,7 @@ * var openidClient = new Client("openidClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") @@ -69,6 +70,7 @@ * var audienceMapper = new AudienceResolveProtocolMapper("audienceMapper", AudienceResolveProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("my-audience-resolve-mapper") * .build()); * * } @@ -111,6 +113,7 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java index f5bd5d3a..c8d33612 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/AudienceResolveProtocolMappter.java @@ -59,6 +59,7 @@ * var openidClient = new Client("openidClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") @@ -67,6 +68,7 @@ * var audienceMapper = new AudienceResolveProtocolMapper("audienceMapper", AudienceResolveProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("my-audience-resolve-mapper") * .build()); * * } @@ -109,6 +111,7 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java index 86fa5d32..1d9ef1fe 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/Client.java @@ -56,15 +56,16 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java index 8bb35ce0..b4cfcddf 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientDefaultScopes.java @@ -46,21 +46,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var client = new Client("client", ClientArgs.builder() - * .accessType("CONFIDENTIAL") - * .clientId("test-client") * .realmId(realm.id()) + * .clientId("test-client") + * .accessType("CONFIDENTIAL") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var clientDefaultScopes = new ClientDefaultScopes("clientDefaultScopes", ClientDefaultScopesArgs.builder() + * .realmId(realm.id()) * .clientId(client.id()) * .defaultScopes( * "profile", @@ -68,7 +70,6 @@ * "roles", * "web-origins", * clientScope.name()) - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java index 213d904a..f1788c0b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientOptionalScopes.java @@ -46,28 +46,29 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var client = new Client("client", ClientArgs.builder() - * .accessType("CONFIDENTIAL") - * .clientId("test-client") * .realmId(realm.id()) + * .clientId("test-client") + * .accessType("CONFIDENTIAL") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var clientOptionalScopes = new ClientOptionalScopes("clientOptionalScopes", ClientOptionalScopesArgs.builder() + * .realmId(realm.id()) * .clientId(client.id()) * .optionalScopes( * "address", * "phone", * "offline_access", * clientScope.name()) - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java index 1d117471..b37736b5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientPolicy.java @@ -59,6 +59,7 @@ * * var openidClient = new Client("openidClient", ClientArgs.builder() * .clientId("openid_client") + * .name("openid_client") * .realmId(realm.id()) * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) @@ -77,6 +78,7 @@ * var tokenExchange = new ClientPolicy("tokenExchange", ClientPolicyArgs.builder() * .resourceServerId(realmManagement.applyValue(getClientResult -> getClientResult.id())) * .realmId(realm.id()) + * .name("my-policy") * .logic("POSITIVE") * .decisionStrategy("UNANIMOUS") * .clients(openidClient.id()) diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java index 4ea4392a..220fd84c 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientScope.java @@ -53,13 +53,14 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClientScope = new ClientScope("openidClientScope", ClientScopeArgs.builder() - * .description("When requested, this scope will map a user's group memberships to a claim") * .realmId(realm.id()) + * .name("groups") + * .description("When requested, this scope will map a user's group memberships to a claim") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java index e38f2a9c..a0f6167b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRealmRole.java @@ -57,10 +57,12 @@ * * var realmRole = new Role("realmRole", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-realm-role") * .build()); * * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) + * .name("client") * .serviceAccountsEnabled(true) * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java index b2928dab..b9056a3b 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ClientServiceAccountRole.java @@ -58,17 +58,20 @@ * // client1 provides a role to other clients * var client1 = new Client("client1", ClientArgs.builder() * .realmId(realm.id()) + * .name("client1") * .build()); * * var client1Role = new Role("client1Role", RoleArgs.builder() * .realmId(realm.id()) * .clientId(client1.id()) + * .name("my-client1-role") * .description("A role that client1 provides") * .build()); * * // client2 is assigned the role of client1 * var client2 = new Client("client2", ClientArgs.builder() * .realmId(realm.id()) + * .name("client2") * .serviceAccountsEnabled(true) * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java index 3b16dd95..d0a07fb5 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/FullNameProtocolMapper.java @@ -55,21 +55,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var fullNameMapper = new FullNameProtocolMapper("fullNameMapper", FullNameProtocolMapperArgs.builder() - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("full-name-mapper") * .build()); * * } @@ -106,17 +108,19 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var fullNameMapper = new FullNameProtocolMapper("fullNameMapper", FullNameProtocolMapperArgs.builder() - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("full-name-mapper") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java index a9c9b3a3..8d8ffb43 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/GroupMembershipProtocolMapper.java @@ -55,22 +55,24 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var groupMembershipMapper = new GroupMembershipProtocolMapper("groupMembershipMapper", GroupMembershipProtocolMapperArgs.builder() - * .claimName("groups") - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("group-membership-mapper") + * .claimName("groups") * .build()); * * } @@ -107,18 +109,20 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var groupMembershipMapper = new GroupMembershipProtocolMapper("groupMembershipMapper", GroupMembershipProtocolMapperArgs.builder() - * .claimName("groups") - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("group-membership-mapper") + * .claimName("groups") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java index 1acbbbbd..d8b55116 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedClaimProtocolMapper.java @@ -55,23 +55,25 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var hardcodedClaimMapper = new HardcodedClaimProtocolMapper("hardcodedClaimMapper", HardcodedClaimProtocolMapperArgs.builder() + * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("hardcoded-claim-mapper") * .claimName("foo") * .claimValue("bar") - * .clientId(openidClient.id()) - * .realmId(realm.id()) * .build()); * * } @@ -108,19 +110,21 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var hardcodedClaimMapper = new HardcodedClaimProtocolMapper("hardcodedClaimMapper", HardcodedClaimProtocolMapperArgs.builder() + * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("hardcoded-claim-mapper") * .claimName("foo") * .claimValue("bar") - * .clientScopeId(clientScope.id()) - * .realmId(realm.id()) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java index 4e4d9e2c..769c9c9e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/HardcodedRoleProtocolMapper.java @@ -56,25 +56,28 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var role = new Role("role", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-role") * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder() - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("hardcoded-role-mapper") * .roleId(role.id()) * .build()); * @@ -114,21 +117,24 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var role = new Role("role", RoleArgs.builder() * .realmId(realm.id()) + * .name("my-role") * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var hardcodedRoleMapper = new HardcodedRoleProtocolMapper("hardcodedRoleMapper", HardcodedRoleProtocolMapperArgs.builder() - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("hardcoded-role-mapper") * .roleId(role.id()) * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java index 7fb59191..9c10d1b6 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/OpenidFunctions.java @@ -59,6 +59,7 @@ public final class OpenidFunctions { * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -121,6 +122,7 @@ public static Output getClient(GetClientArgs args) { * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -183,6 +185,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -245,6 +248,7 @@ public static Output getClient(GetClientArgs args, InvokeOption * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -318,6 +322,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * * var clientWithAuthz = new Client("clientWithAuthz", ClientArgs.builder() * .clientId("client-with-authz") + * .name("client-with-authz") * .realmId(realm.id()) * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) @@ -334,6 +339,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * * var resource = new ClientAuthorizationResource("resource", ClientAuthorizationResourceArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) + * .name("authorization-resource") * .realmId(realm.id()) * .uris("/endpoint/*") * .attributes(Map.of("foo", "bar")) @@ -342,6 +348,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * var permission = new ClientAuthorizationPermission("permission", ClientAuthorizationPermissionArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) * .realmId(realm.id()) + * .name("authorization-permission") * .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult).applyValue(defaultPermission -> defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult.id()))) * .resources(resource.id()) * .build()); @@ -402,6 +409,7 @@ public static Output getClientAuthorizationP * * var clientWithAuthz = new Client("clientWithAuthz", ClientArgs.builder() * .clientId("client-with-authz") + * .name("client-with-authz") * .realmId(realm.id()) * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) @@ -418,6 +426,7 @@ public static Output getClientAuthorizationP * * var resource = new ClientAuthorizationResource("resource", ClientAuthorizationResourceArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) + * .name("authorization-resource") * .realmId(realm.id()) * .uris("/endpoint/*") * .attributes(Map.of("foo", "bar")) @@ -426,6 +435,7 @@ public static Output getClientAuthorizationP * var permission = new ClientAuthorizationPermission("permission", ClientAuthorizationPermissionArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) * .realmId(realm.id()) + * .name("authorization-permission") * .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult).applyValue(defaultPermission -> defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult.id()))) * .resources(resource.id()) * .build()); @@ -486,6 +496,7 @@ public static CompletableFuture getClientAut * * var clientWithAuthz = new Client("clientWithAuthz", ClientArgs.builder() * .clientId("client-with-authz") + * .name("client-with-authz") * .realmId(realm.id()) * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) @@ -502,6 +513,7 @@ public static CompletableFuture getClientAut * * var resource = new ClientAuthorizationResource("resource", ClientAuthorizationResourceArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) + * .name("authorization-resource") * .realmId(realm.id()) * .uris("/endpoint/*") * .attributes(Map.of("foo", "bar")) @@ -510,6 +522,7 @@ public static CompletableFuture getClientAut * var permission = new ClientAuthorizationPermission("permission", ClientAuthorizationPermissionArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) * .realmId(realm.id()) + * .name("authorization-permission") * .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult).applyValue(defaultPermission -> defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult.id()))) * .resources(resource.id()) * .build()); @@ -570,6 +583,7 @@ public static Output getClientAuthorizationP * * var clientWithAuthz = new Client("clientWithAuthz", ClientArgs.builder() * .clientId("client-with-authz") + * .name("client-with-authz") * .realmId(realm.id()) * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) @@ -586,6 +600,7 @@ public static Output getClientAuthorizationP * * var resource = new ClientAuthorizationResource("resource", ClientAuthorizationResourceArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) + * .name("authorization-resource") * .realmId(realm.id()) * .uris("/endpoint/*") * .attributes(Map.of("foo", "bar")) @@ -594,6 +609,7 @@ public static Output getClientAuthorizationP * var permission = new ClientAuthorizationPermission("permission", ClientAuthorizationPermissionArgs.builder() * .resourceServerId(clientWithAuthz.resourceServerId()) * .realmId(realm.id()) + * .name("authorization-permission") * .policies(defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult).applyValue(defaultPermission -> defaultPermission.applyValue(getClientAuthorizationPolicyResult -> getClientAuthorizationPolicyResult.id()))) * .resources(resource.id()) * .build()); @@ -645,6 +661,7 @@ public static CompletableFuture getClientAut * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() * .realmId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.realmId())) * .clientScopeId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.id())) + * .name("audience-mapper") * .includedCustomAudience("foo") * .build()); * @@ -695,6 +712,7 @@ public static Output getClientScope(GetClientScopeArgs arg * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() * .realmId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.realmId())) * .clientScopeId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.id())) + * .name("audience-mapper") * .includedCustomAudience("foo") * .build()); * @@ -745,6 +763,7 @@ public static CompletableFuture getClientScopePlain(GetCli * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() * .realmId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.realmId())) * .clientScopeId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.id())) + * .name("audience-mapper") * .includedCustomAudience("foo") * .build()); * @@ -795,6 +814,7 @@ public static Output getClientScope(GetClientScopeArgs arg * var audienceMapper = new AudienceProtocolMapper("audienceMapper", AudienceProtocolMapperArgs.builder() * .realmId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.realmId())) * .clientScopeId(offlineAccess.applyValue(getClientScopeResult -> getClientScopeResult.id())) + * .name("audience-mapper") * .includedCustomAudience("foo") * .build()); * @@ -855,6 +875,7 @@ public static CompletableFuture getClientScopePlain(GetCli * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) * .build()); @@ -932,6 +953,7 @@ public static Output getClientServiceAccountU * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) * .build()); @@ -1009,6 +1031,7 @@ public static CompletableFuture getClientServ * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) * .build()); @@ -1086,6 +1109,7 @@ public static Output getClientServiceAccountU * var client = new Client("client", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .accessType("CONFIDENTIAL") * .serviceAccountsEnabled(true) * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java index a17589ac..e7d14cd9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/ScriptProtocolMapper.java @@ -63,6 +63,7 @@ * var openidClient = new Client("openidClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") @@ -71,6 +72,7 @@ * var scriptMapper = new ScriptProtocolMapper("scriptMapper", ScriptProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("script-mapper") * .claimName("foo") * .script("exports = 'foo';") * .build()); @@ -115,11 +117,13 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("client-scope") * .build()); * * var scriptMapper = new ScriptProtocolMapper("scriptMapper", ScriptProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .name("script-mapper") * .claimName("foo") * .script("exports = 'foo';") * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java index 7d4d55ec..eceb137a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserAttributeProtocolMapper.java @@ -55,23 +55,25 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder() - * .claimName("bar") - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("test-mapper") * .userAttribute("foo") + * .claimName("bar") * .build()); * * } @@ -108,19 +110,21 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var userAttributeMapper = new UserAttributeProtocolMapper("userAttributeMapper", UserAttributeProtocolMapperArgs.builder() - * .claimName("bar") - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("test-mapper") * .userAttribute("foo") + * .claimName("bar") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java index b683218a..d92a918e 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserClientRoleProtocolMapper.java @@ -61,6 +61,7 @@ * var openidClient = new Client("openidClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") @@ -69,6 +70,7 @@ * var userClientRoleMapper = new UserClientRoleProtocolMapper("userClientRoleMapper", UserClientRoleProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("user-client-role-mapper") * .claimName("foo") * .build()); * @@ -112,11 +114,13 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("client-scope") * .build()); * * var userClientRoleMapper = new UserClientRoleProtocolMapper("userClientRoleMapper", UserClientRoleProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .name("user-client-role-mapper") * .claimName("foo") * .build()); * diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java index 17c9d422..dcb63bd4 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserPropertyProtocolMapper.java @@ -55,23 +55,25 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userPropertyMapper = new UserPropertyProtocolMapper("userPropertyMapper", UserPropertyProtocolMapperArgs.builder() - * .claimName("email") - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("test-mapper") * .userProperty("email") + * .claimName("email") * .build()); * * } @@ -108,19 +110,21 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var userPropertyMapper = new UserPropertyProtocolMapper("userPropertyMapper", UserPropertyProtocolMapperArgs.builder() - * .claimName("email") - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("test-mapper") * .userProperty("email") + * .claimName("email") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java index 4c96295e..f7a08b50 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserRealmRoleProtocolMapper.java @@ -55,22 +55,24 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var openidClient = new Client("openidClient", ClientArgs.builder() - * .accessType("CONFIDENTIAL") + * .realmId(realm.id()) * .clientId("test-client") + * .name("test client") * .enabled(true) - * .realmId(realm.id()) + * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") * .build()); * * var userRealmRoleMapper = new UserRealmRoleProtocolMapper("userRealmRoleMapper", UserRealmRoleProtocolMapperArgs.builder() - * .claimName("foo") - * .clientId(openidClient.id()) * .realmId(realm.id()) + * .clientId(openidClient.id()) + * .name("user-realm-role-mapper") + * .claimName("foo") * .build()); * * } @@ -107,18 +109,20 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("test-client-scope") * .build()); * * var userRealmRoleMapper = new UserRealmRoleProtocolMapper("userRealmRoleMapper", UserRealmRoleProtocolMapperArgs.builder() - * .claimName("foo") - * .clientScopeId(clientScope.id()) * .realmId(realm.id()) + * .clientScopeId(clientScope.id()) + * .name("user-realm-role-mapper") + * .claimName("foo") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java index 0e1e8dec..5aa15dff 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/openid/UserSessionNoteProtocolMapper.java @@ -61,6 +61,7 @@ * var openidClient = new Client("openidClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("client") + * .name("client") * .enabled(true) * .accessType("CONFIDENTIAL") * .validRedirectUris("http://localhost:8080/openid-callback") @@ -69,6 +70,7 @@ * var userSessionNoteMapper = new UserSessionNoteProtocolMapper("userSessionNoteMapper", UserSessionNoteProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(openidClient.id()) + * .name("user-session-note-mapper") * .claimName("foo") * .claimValueType("String") * .sessionNote("bar") @@ -114,11 +116,13 @@ * * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("client-scope") * .build()); * * var userSessionNoteMapper = new UserSessionNoteProtocolMapper("userSessionNoteMapper", UserSessionNoteProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientScopeId(clientScope.id()) + * .name("user-session-note-mapper") * .claimName("foo") * .claimValueType("String") * .sessionNote("bar") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java index 5494472c..2e23d501 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/Client.java @@ -28,82 +28,6 @@ * clients are applications that redirect users to Keycloak for authentication * in order to take advantage of Keycloak's user sessions for SSO. * - * ### Example Usage - * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) - * .realm("my-realm") - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .clientId("test-saml-client") - * .includeAuthnStatement(true) - * .realmId(realm.id()) - * .signAssertions(true) - * .signDocuments(false) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * - * ### Argument Reference - * - * The following arguments are supported: - * - * - `realm_id` - (Required) The realm this client is attached to. - * - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - `name` - (Optional) The display name of this client in the GUI. - * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - `description` - (Optional) The description of this client in the GUI. - * - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. - * - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. - * - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. - * - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. - * - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. - * - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. - * - `name_id_format` - (Optional) Sets the Name ID format for the subject. - * - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. - * - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. - * - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. - * - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. - * - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). - * - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. - * - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. - * - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token - * * ### Import * * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java index 1bbabccf..9e5b1052 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientDefaultScope.java @@ -17,72 +17,6 @@ /** * ## Example Usage * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import com.pulumi.keycloak.saml.ClientScope; - * import com.pulumi.keycloak.saml.ClientScopeArgs; - * import com.pulumi.keycloak.saml.ClientDefaultScope; - * import com.pulumi.keycloak.saml.ClientDefaultScopeArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("saml-client") - * .signDocuments(false) - * .signAssertions(true) - * .includeAuthnStatement(true) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * var clientScope = new ClientScope("clientScope", ClientScopeArgs.builder() - * .realmId(realm.id()) - * .build()); - * - * var clientDefaultScopes = new ClientDefaultScope("clientDefaultScopes", ClientDefaultScopeArgs.builder() - * .realmId(realm.id()) - * .clientId(keycloak_saml_client.client().id()) - * .defaultScopes( - * "role_list", - * clientScope.name()) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * - * ## Import - * - * This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - * - * on the server. - * */ @ResourceType(type="keycloak:saml/clientDefaultScope:ClientDefaultScope") public class ClientDefaultScope extends com.pulumi.resources.CustomResource { diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java index 8f89698b..d64733c9 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ClientScope.java @@ -53,6 +53,7 @@ * * var samlClientScope = new ClientScope("samlClientScope", ClientScopeArgs.builder() * .realmId(realm.id()) + * .name("groups") * .description("This scope will map a user's group memberships to SAML assertion") * .guiOrder(1) * .build()); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java index 66e2e7b9..3980d0fb 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/IdentityProvider.java @@ -50,17 +50,17 @@ * * public static void stack(Context ctx) { * var realmIdentityProvider = new IdentityProvider("realmIdentityProvider", IdentityProviderArgs.builder() + * .realm("my-realm") * .alias("my-idp") + * .singleSignOnServiceUrl("https://domain.com/adfs/ls/") + * .singleLogoutServiceUrl("https://domain.com/adfs/ls/?wa=wsignout1.0") * .backchannelSupported(true) - * .forceAuthn(true) - * .postBindingAuthnRequest(true) - * .postBindingLogout(true) * .postBindingResponse(true) - * .realm("my-realm") - * .singleLogoutServiceUrl("https://domain.com/adfs/ls/?wa=wsignout1.0") - * .singleSignOnServiceUrl("https://domain.com/adfs/ls/") + * .postBindingLogout(true) + * .postBindingAuthnRequest(true) * .storeToken(false) * .trustEmail(true) + * .forceAuthn(true) * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java index a4a5ebd3..bacf1799 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/SamlFunctions.java @@ -51,6 +51,7 @@ public final class SamlFunctions { * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -100,6 +101,7 @@ public static Output getClient(GetClientArgs args) { * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -149,6 +151,7 @@ public static CompletableFuture getClientPlain(GetClientPlainAr * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -198,6 +201,7 @@ public static Output getClient(GetClientArgs args, InvokeOption * .clientId("realm-management") * .build()); * + * // use the data source * final var admin = KeycloakFunctions.getRole(GetRoleArgs.builder() * .realmId("my-realm") * .clientId(realmManagement.applyValue(getClientResult -> getClientResult.id())) @@ -216,68 +220,6 @@ public static CompletableFuture getClientPlain(GetClientPlainAr /** * This data source can be used to retrieve Installation Provider of a SAML Client. * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import com.pulumi.keycloak.saml.SamlFunctions; - * import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs; - * import com.pulumi.aws.iam.SamlProvider; - * import com.pulumi.aws.iam.SamlProviderArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-saml-client") - * .signDocuments(false) - * .signAssertions(true) - * .includeAuthnStatement(true) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder() - * .realmId(realm.id()) - * .clientId(samlClient.id()) - * .providerId("saml-idp-descriptor") - * .build()); - * - * var default_ = new SamlProvider("default", SamlProviderArgs.builder() - * .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value()))) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * */ public static Output getClientInstallationProvider(GetClientInstallationProviderArgs args) { return getClientInstallationProvider(args, InvokeOptions.Empty); @@ -285,68 +227,6 @@ public static Output getClientInstallationP /** * This data source can be used to retrieve Installation Provider of a SAML Client. * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import com.pulumi.keycloak.saml.SamlFunctions; - * import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs; - * import com.pulumi.aws.iam.SamlProvider; - * import com.pulumi.aws.iam.SamlProviderArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-saml-client") - * .signDocuments(false) - * .signAssertions(true) - * .includeAuthnStatement(true) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder() - * .realmId(realm.id()) - * .clientId(samlClient.id()) - * .providerId("saml-idp-descriptor") - * .build()); - * - * var default_ = new SamlProvider("default", SamlProviderArgs.builder() - * .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value()))) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * */ public static CompletableFuture getClientInstallationProviderPlain(GetClientInstallationProviderPlainArgs args) { return getClientInstallationProviderPlain(args, InvokeOptions.Empty); @@ -354,68 +234,6 @@ public static CompletableFuture getClientIn /** * This data source can be used to retrieve Installation Provider of a SAML Client. * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import com.pulumi.keycloak.saml.SamlFunctions; - * import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs; - * import com.pulumi.aws.iam.SamlProvider; - * import com.pulumi.aws.iam.SamlProviderArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-saml-client") - * .signDocuments(false) - * .signAssertions(true) - * .includeAuthnStatement(true) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder() - * .realmId(realm.id()) - * .clientId(samlClient.id()) - * .providerId("saml-idp-descriptor") - * .build()); - * - * var default_ = new SamlProvider("default", SamlProviderArgs.builder() - * .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value()))) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * */ public static Output getClientInstallationProvider(GetClientInstallationProviderArgs args, InvokeOptions options) { return Deployment.getInstance().invoke("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", TypeShape.of(GetClientInstallationProviderResult.class), args, Utilities.withVersion(options)); @@ -423,68 +241,6 @@ public static Output getClientInstallationP /** * This data source can be used to retrieve Installation Provider of a SAML Client. * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * <!--Start PulumiCodeChooser --> - * ```java - * package generated_program; - * - * import com.pulumi.Context; - * import com.pulumi.Pulumi; - * import com.pulumi.core.Output; - * import com.pulumi.keycloak.Realm; - * import com.pulumi.keycloak.RealmArgs; - * import com.pulumi.keycloak.saml.Client; - * import com.pulumi.keycloak.saml.ClientArgs; - * import com.pulumi.keycloak.saml.SamlFunctions; - * import com.pulumi.keycloak.saml.inputs.GetClientInstallationProviderArgs; - * import com.pulumi.aws.iam.SamlProvider; - * import com.pulumi.aws.iam.SamlProviderArgs; - * import java.util.List; - * import java.util.ArrayList; - * import java.util.Map; - * import java.io.File; - * import java.nio.file.Files; - * import java.nio.file.Paths; - * - * public class App { - * public static void main(String[] args) { - * Pulumi.run(App::stack); - * } - * - * public static void stack(Context ctx) { - * var realm = new Realm("realm", RealmArgs.builder() - * .realm("my-realm") - * .enabled(true) - * .build()); - * - * var samlClient = new Client("samlClient", ClientArgs.builder() - * .realmId(realm.id()) - * .clientId("test-saml-client") - * .signDocuments(false) - * .signAssertions(true) - * .includeAuthnStatement(true) - * .signingCertificate(Files.readString(Paths.get("saml-cert.pem"))) - * .signingPrivateKey(Files.readString(Paths.get("saml-key.pem"))) - * .build()); - * - * final var samlIdpDescriptor = SamlFunctions.getClientInstallationProvider(GetClientInstallationProviderArgs.builder() - * .realmId(realm.id()) - * .clientId(samlClient.id()) - * .providerId("saml-idp-descriptor") - * .build()); - * - * var default_ = new SamlProvider("default", SamlProviderArgs.builder() - * .samlMetadataDocument(samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult).applyValue(samlIdpDescriptor -> samlIdpDescriptor.applyValue(getClientInstallationProviderResult -> getClientInstallationProviderResult.value()))) - * .build()); - * - * } - * } - * ``` - * <!--End PulumiCodeChooser --> - * */ public static CompletableFuture getClientInstallationProviderPlain(GetClientInstallationProviderPlainArgs args, InvokeOptions options) { return Deployment.getInstance().invokeAsync("keycloak:saml/getClientInstallationProvider:getClientInstallationProvider", TypeShape.of(GetClientInstallationProviderResult.class), args, Utilities.withVersion(options)); diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java index 9f63f879..e5a4a3dd 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/ScriptProtocolMapper.java @@ -59,11 +59,13 @@ * var samlClient = new Client("samlClient", ClientArgs.builder() * .realmId(realm.id()) * .clientId("saml-client") + * .name("saml-client") * .build()); * * var samlScriptMapper = new ScriptProtocolMapper("samlScriptMapper", ScriptProtocolMapperArgs.builder() * .realmId(realm.id()) * .clientId(samlClient.id()) + * .name("script-mapper") * .script("exports = 'foo';") * .samlAttributeName("displayName") * .samlAttributeNameFormat("Unspecified") diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java index 0c081e8f..4b5f678a 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserAttributeProtocolMapper.java @@ -54,21 +54,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() + * .realmId(test.id()) * .clientId("test-saml-client") - * .realmId(keycloak_realm.test().id()) + * .name("test-saml-client") * .build()); * * var samlUserAttributeMapper = new UserAttributeProtocolMapper("samlUserAttributeMapper", UserAttributeProtocolMapperArgs.builder() + * .realmId(test.id()) * .clientId(samlClient.id()) - * .realmId(keycloak_realm.test().id()) + * .name("displayname-user-attribute-mapper") + * .userAttribute("displayName") * .samlAttributeName("displayName") * .samlAttributeNameFormat("Unspecified") - * .userAttribute("displayName") * .build()); * * } diff --git a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java index a331c193..4adb50f7 100644 --- a/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java +++ b/sdk/java/src/main/java/com/pulumi/keycloak/saml/UserPropertyProtocolMapper.java @@ -54,21 +54,23 @@ * * public static void stack(Context ctx) { * var realm = new Realm("realm", RealmArgs.builder() - * .enabled(true) * .realm("my-realm") + * .enabled(true) * .build()); * * var samlClient = new Client("samlClient", ClientArgs.builder() + * .realmId(test.id()) * .clientId("test-saml-client") - * .realmId(keycloak_realm.test().id()) + * .name("test-saml-client") * .build()); * * var samlUserPropertyMapper = new UserPropertyProtocolMapper("samlUserPropertyMapper", UserPropertyProtocolMapperArgs.builder() + * .realmId(test.id()) * .clientId(samlClient.id()) - * .realmId(keycloak_realm.test().id()) + * .name("email-user-property-mapper") + * .userProperty("email") * .samlAttributeName("email") * .samlAttributeNameFormat("Unspecified") - * .userProperty("email") * .build()); * * } diff --git a/sdk/nodejs/attributeImporterIdentityProviderMapper.ts b/sdk/nodejs/attributeImporterIdentityProviderMapper.ts index b1daa6c8..5907a21e 100644 --- a/sdk/nodejs/attributeImporterIdentityProviderMapper.ts +++ b/sdk/nodejs/attributeImporterIdentityProviderMapper.ts @@ -16,10 +16,11 @@ import * as utilities from "./utilities"; * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const testMapper = new keycloak.AttributeImporterIdentityProviderMapper("testMapper", { - * attributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - * identityProviderAlias: "idp_alias", + * const testMapper = new keycloak.AttributeImporterIdentityProviderMapper("test_mapper", { * realm: "my-realm", + * name: "my-mapper", + * identityProviderAlias: "idp_alias", + * attributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", * userAttribute: "lastName", * }); * ``` diff --git a/sdk/nodejs/attributeToRoleIdentityMapper.ts b/sdk/nodejs/attributeToRoleIdentityMapper.ts index d34a7be6..c95b9c49 100644 --- a/sdk/nodejs/attributeToRoleIdentityMapper.ts +++ b/sdk/nodejs/attributeToRoleIdentityMapper.ts @@ -20,7 +20,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const oidcIdentityProvider = new keycloak.oidc.IdentityProvider("oidcIdentityProvider", { + * const oidc = new keycloak.oidc.IdentityProvider("oidc", { * realm: realm.id, * alias: "oidc", * authorizationUrl: "https://example.com/auth", @@ -29,13 +29,15 @@ import * as utilities from "./utilities"; * clientSecret: "example_token", * defaultScopes: "openid random profile", * }); - * const realmRole = new keycloak.Role("realmRole", { + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper("oidcAttributeToRoleIdentityMapper", { + * const oidcAttributeToRoleIdentityMapper = new keycloak.AttributeToRoleIdentityMapper("oidc", { * realm: realm.id, - * identityProviderAlias: oidcIdentityProvider.alias, + * name: "role-attribute", + * identityProviderAlias: oidc.alias, * role: "my-realm-role", * claimName: "my-claim", * claimValue: "my-value", diff --git a/sdk/nodejs/authentication/bindings.ts b/sdk/nodejs/authentication/bindings.ts index 9e37c416..eaace457 100644 --- a/sdk/nodejs/authentication/bindings.ts +++ b/sdk/nodejs/authentication/bindings.ts @@ -35,14 +35,14 @@ import * as utilities from "../utilities"; * alias: "my-flow-alias", * }); * // first execution - * const executionOne = new keycloak.authentication.Execution("executionOne", { + * const executionOne = new keycloak.authentication.Execution("execution_one", { * realmId: realm.id, * parentFlowAlias: flow.alias, * authenticator: "auth-cookie", * requirement: "ALTERNATIVE", * }); * // second execution - * const executionTwo = new keycloak.authentication.Execution("executionTwo", { + * const executionTwo = new keycloak.authentication.Execution("execution_two", { * realmId: realm.id, * parentFlowAlias: flow.alias, * authenticator: "identity-provider-redirector", @@ -50,7 +50,7 @@ import * as utilities from "../utilities"; * }, { * dependsOn: [executionOne], * }); - * const browserAuthenticationBinding = new keycloak.authentication.Bindings("browserAuthenticationBinding", { + * const browserAuthenticationBinding = new keycloak.authentication.Bindings("browser_authentication_binding", { * realmId: realm.id, * browserFlow: flow.alias, * }); diff --git a/sdk/nodejs/authentication/execution.ts b/sdk/nodejs/authentication/execution.ts index cf9f1376..7c05f280 100644 --- a/sdk/nodejs/authentication/execution.ts +++ b/sdk/nodejs/authentication/execution.ts @@ -28,14 +28,14 @@ import * as utilities from "../utilities"; * alias: "my-flow-alias", * }); * // first execution - * const executionOne = new keycloak.authentication.Execution("executionOne", { + * const executionOne = new keycloak.authentication.Execution("execution_one", { * realmId: realm.id, * parentFlowAlias: flow.alias, * authenticator: "auth-cookie", * requirement: "ALTERNATIVE", * }); * // second execution - * const executionTwo = new keycloak.authentication.Execution("executionTwo", { + * const executionTwo = new keycloak.authentication.Execution("execution_two", { * realmId: realm.id, * parentFlowAlias: flow.alias, * authenticator: "identity-provider-redirector", diff --git a/sdk/nodejs/customIdentityProviderMapping.ts b/sdk/nodejs/customIdentityProviderMapping.ts index ab6efa5d..9f3b0270 100644 --- a/sdk/nodejs/customIdentityProviderMapping.ts +++ b/sdk/nodejs/customIdentityProviderMapping.ts @@ -16,7 +16,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const oidcIdentityProvider = new keycloak.oidc.IdentityProvider("oidcIdentityProvider", { + * const oidc = new keycloak.oidc.IdentityProvider("oidc", { * realm: realm.id, * alias: "oidc", * authorizationUrl: "https://example.com/auth", @@ -25,9 +25,10 @@ import * as utilities from "./utilities"; * clientSecret: "example_token", * defaultScopes: "openid random profile", * }); - * const oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping("oidcCustomIdentityProviderMapping", { + * const oidcCustomIdentityProviderMapping = new keycloak.CustomIdentityProviderMapping("oidc", { * realm: realm.id, - * identityProviderAlias: oidcIdentityProvider.alias, + * name: "email-attribute-importer", + * identityProviderAlias: oidc.alias, * identityProviderMapper: "%s-user-attribute-idp-mapper", * extraConfig: { * syncMode: "INHERIT", diff --git a/sdk/nodejs/customUserFederation.ts b/sdk/nodejs/customUserFederation.ts index 2a4a75c0..92ead8d0 100644 --- a/sdk/nodejs/customUserFederation.ts +++ b/sdk/nodejs/customUserFederation.ts @@ -21,13 +21,14 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", - * }); - * const customUserFederation = new keycloak.CustomUserFederation("customUserFederation", { * enabled: true, - * providerId: "custom", + * }); + * const customUserFederation = new keycloak.CustomUserFederation("custom_user_federation", { + * name: "custom", * realmId: realm.id, + * providerId: "custom", + * enabled: true, * }); * ``` * diff --git a/sdk/nodejs/defaultGroups.ts b/sdk/nodejs/defaultGroups.ts index aacabc01..dc725811 100644 --- a/sdk/nodejs/defaultGroups.ts +++ b/sdk/nodejs/defaultGroups.ts @@ -20,13 +20,16 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, + * }); + * const group = new keycloak.Group("group", { + * realmId: realm.id, + * name: "my-group", * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); * const _default = new keycloak.DefaultGroups("default", { - * groupIds: [group.id], * realmId: realm.id, + * groupIds: [group.id], * }); * ``` * diff --git a/sdk/nodejs/defaultRoles.ts b/sdk/nodejs/defaultRoles.ts index 6babcab4..a534f7d1 100644 --- a/sdk/nodejs/defaultRoles.ts +++ b/sdk/nodejs/defaultRoles.ts @@ -22,7 +22,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const defaultRoles = new keycloak.DefaultRoles("defaultRoles", { + * const defaultRoles = new keycloak.DefaultRoles("default_roles", { * realmId: realm.id, * defaultRoles: ["uma_authorization"], * }); diff --git a/sdk/nodejs/genericClientProtocolMapper.ts b/sdk/nodejs/genericClientProtocolMapper.ts index 35fdfdc3..a6c7de79 100644 --- a/sdk/nodejs/genericClientProtocolMapper.ts +++ b/sdk/nodejs/genericClientProtocolMapper.ts @@ -24,24 +24,25 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const samlClient = new keycloak.saml.Client("samlClient", { - * clientId: "test-client", + * const samlClient = new keycloak.saml.Client("saml_client", { * realmId: realm.id, + * clientId: "test-client", * }); - * const samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", { + * const samlHardcodeAttributeMapper = new keycloak.GenericClientProtocolMapper("saml_hardcode_attribute_mapper", { + * realmId: realm.id, * clientId: samlClient.id, + * name: "tes-mapper", + * protocol: "saml", + * protocolMapper: "saml-hardcode-attribute-mapper", * config: { * "attribute.name": "name", * "attribute.nameformat": "Basic", * "attribute.value": "value", * "friendly.name": "display name", * }, - * protocol: "saml", - * protocolMapper: "saml-hardcode-attribute-mapper", - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/genericClientRoleMapper.ts b/sdk/nodejs/genericClientRoleMapper.ts index ef6d79c2..b5c80deb 100644 --- a/sdk/nodejs/genericClientRoleMapper.ts +++ b/sdk/nodejs/genericClientRoleMapper.ts @@ -29,14 +29,16 @@ import * as utilities from "./utilities"; * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const realmRole = new keycloak.Role("realmRole", { + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const clientRoleMapper = new keycloak.GenericClientRoleMapper("clientRoleMapper", { + * const clientRoleMapper = new keycloak.GenericClientRoleMapper("client_role_mapper", { * realmId: realm.id, * clientId: client.id, * roleId: realmRole.id, @@ -55,30 +57,34 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientA = new keycloak.openid.Client("clientA", { + * const clientA = new keycloak.openid.Client("client_a", { * realmId: realm.id, * clientId: "client-a", + * name: "client-a", * enabled: true, * accessType: "BEARER-ONLY", * fullScopeAllowed: false, * }); - * const clientRoleA = new keycloak.Role("clientRoleA", { + * const clientRoleA = new keycloak.Role("client_role_a", { * realmId: realm.id, * clientId: clientA.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientB = new keycloak.openid.Client("clientB", { + * const clientB = new keycloak.openid.Client("client_b", { * realmId: realm.id, * clientId: "client-b", + * name: "client-b", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const clientRoleB = new keycloak.Role("clientRoleB", { + * const clientRoleB = new keycloak.Role("client_role_b", { * realmId: realm.id, * clientId: clientB.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientBRoleMapper = new keycloak.GenericClientRoleMapper("clientBRoleMapper", { + * const clientBRoleMapper = new keycloak.GenericClientRoleMapper("client_b_role_mapper", { * realmId: realm.id, * clientId: clientB.id, * roleId: clientRoleA.id, @@ -97,12 +103,16 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const realmRole = new keycloak.Role("realmRole", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "my-client-scope", + * }); + * const realmRole = new keycloak.Role("realm_role", { + * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const clientRoleMapper = new keycloak.GenericClientRoleMapper("clientRoleMapper", { + * const clientRoleMapper = new keycloak.GenericClientRoleMapper("client_role_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * roleId: realmRole.id, @@ -124,16 +134,21 @@ import * as utilities from "./utilities"; * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { + * const clientRole = new keycloak.Role("client_role", { * realmId: realm.id, * clientId: client.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const clientBRoleMapper = new keycloak.GenericClientRoleMapper("clientBRoleMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "my-client-scope", + * }); + * const clientBRoleMapper = new keycloak.GenericClientRoleMapper("client_b_role_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * roleId: clientRole.id, diff --git a/sdk/nodejs/genericProtocolMapper.ts b/sdk/nodejs/genericProtocolMapper.ts index 1253aa7f..88936ac5 100644 --- a/sdk/nodejs/genericProtocolMapper.ts +++ b/sdk/nodejs/genericProtocolMapper.ts @@ -25,13 +25,14 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const samlClient = new keycloak.saml.Client("samlClient", { + * const samlClient = new keycloak.saml.Client("saml_client", { * realmId: realm.id, * clientId: "test-client", * }); - * const samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper("samlHardcodeAttributeMapper", { + * const samlHardcodeAttributeMapper = new keycloak.GenericProtocolMapper("saml_hardcode_attribute_mapper", { * realmId: realm.id, * clientId: samlClient.id, + * name: "test-mapper", * protocol: "saml", * protocolMapper: "saml-hardcode-attribute-mapper", * config: { diff --git a/sdk/nodejs/genericRoleMapper.ts b/sdk/nodejs/genericRoleMapper.ts index b83a95df..a9d91973 100644 --- a/sdk/nodejs/genericRoleMapper.ts +++ b/sdk/nodejs/genericRoleMapper.ts @@ -27,14 +27,16 @@ import * as utilities from "./utilities"; * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const realmRole = new keycloak.Role("realmRole", { + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const clientRoleMapper = new keycloak.GenericRoleMapper("clientRoleMapper", { + * const clientRoleMapper = new keycloak.GenericRoleMapper("client_role_mapper", { * realmId: realm.id, * clientId: client.id, * roleId: realmRole.id, @@ -53,30 +55,34 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientA = new keycloak.openid.Client("clientA", { + * const clientA = new keycloak.openid.Client("client_a", { * realmId: realm.id, * clientId: "client-a", + * name: "client-a", * enabled: true, * accessType: "BEARER-ONLY", * fullScopeAllowed: false, * }); - * const clientRoleA = new keycloak.Role("clientRoleA", { + * const clientRoleA = new keycloak.Role("client_role_a", { * realmId: realm.id, * clientId: clientA.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientB = new keycloak.openid.Client("clientB", { + * const clientB = new keycloak.openid.Client("client_b", { * realmId: realm.id, * clientId: "client-b", + * name: "client-b", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const clientRoleB = new keycloak.Role("clientRoleB", { + * const clientRoleB = new keycloak.Role("client_role_b", { * realmId: realm.id, * clientId: clientB.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientBRoleMapper = new keycloak.GenericRoleMapper("clientBRoleMapper", { + * const clientBRoleMapper = new keycloak.GenericRoleMapper("client_b_role_mapper", { * realmId: realm.id, * clientId: clientB.id, * roleId: clientRoleA.id, @@ -95,12 +101,16 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const realmRole = new keycloak.Role("realmRole", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "my-client-scope", + * }); + * const realmRole = new keycloak.Role("realm_role", { + * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const clientRoleMapper = new keycloak.GenericRoleMapper("clientRoleMapper", { + * const clientRoleMapper = new keycloak.GenericRoleMapper("client_role_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * roleId: realmRole.id, @@ -122,16 +132,21 @@ import * as utilities from "./utilities"; * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { + * const clientRole = new keycloak.Role("client_role", { * realmId: realm.id, * clientId: client.id, + * name: "my-client-role", * description: "My Client Role", * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const clientBRoleMapper = new keycloak.GenericRoleMapper("clientBRoleMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "my-client-scope", + * }); + * const clientBRoleMapper = new keycloak.GenericRoleMapper("client_b_role_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * roleId: clientRole.id, diff --git a/sdk/nodejs/getClientDescriptionConverter.ts b/sdk/nodejs/getClientDescriptionConverter.ts index cb502c82..4079fcce 100644 --- a/sdk/nodejs/getClientDescriptionConverter.ts +++ b/sdk/nodejs/getClientDescriptionConverter.ts @@ -21,7 +21,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const samlClientClientDescriptionConverter = keycloak.getClientDescriptionConverterOutput({ + * const samlClient = keycloak.getClientDescriptionConverterOutput({ * realmId: realm.id, * body: ` * @@ -52,9 +52,9 @@ import * as utilities from "./utilities"; * * `, * }); - * const samlClientClient = new keycloak.saml.Client("samlClientClient", { + * const samlClientClient = new keycloak.saml.Client("saml_client", { * realmId: realm.id, - * clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.clientId), + * clientId: samlClient.apply(samlClient => samlClient.clientId), * }); * ``` * @@ -143,7 +143,7 @@ export interface GetClientDescriptionConverterResult { * realm: "my-realm", * enabled: true, * }); - * const samlClientClientDescriptionConverter = keycloak.getClientDescriptionConverterOutput({ + * const samlClient = keycloak.getClientDescriptionConverterOutput({ * realmId: realm.id, * body: ` * @@ -174,9 +174,9 @@ export interface GetClientDescriptionConverterResult { * * `, * }); - * const samlClientClient = new keycloak.saml.Client("samlClientClient", { + * const samlClientClient = new keycloak.saml.Client("saml_client", { * realmId: realm.id, - * clientId: samlClientClientDescriptionConverter.apply(samlClientClientDescriptionConverter => samlClientClientDescriptionConverter.clientId), + * clientId: samlClient.apply(samlClient => samlClient.clientId), * }); * ``` * diff --git a/sdk/nodejs/getRealm.ts b/sdk/nodejs/getRealm.ts index e6cc223f..45e4e9db 100644 --- a/sdk/nodejs/getRealm.ts +++ b/sdk/nodejs/getRealm.ts @@ -22,7 +22,11 @@ import * as utilities from "./utilities"; * const realm = keycloak.getRealm({ * realm: "my-realm", * }); - * const group = new keycloak.Role("group", {realmId: data.keycloak_realm.id}); + * // use the data source + * const group = new keycloak.Role("group", { + * realmId: id, + * name: "group", + * }); * ``` * * @@ -152,7 +156,11 @@ export interface GetRealmResult { * const realm = keycloak.getRealm({ * realm: "my-realm", * }); - * const group = new keycloak.Role("group", {realmId: data.keycloak_realm.id}); + * // use the data source + * const group = new keycloak.Role("group", { + * realmId: id, + * name: "group", + * }); * ``` * * diff --git a/sdk/nodejs/getUser.ts b/sdk/nodejs/getUser.ts index 489799b5..db8ed330 100644 --- a/sdk/nodejs/getUser.ts +++ b/sdk/nodejs/getUser.ts @@ -17,6 +17,7 @@ import * as utilities from "./utilities"; * const masterRealm = keycloak.getRealm({ * realm: "master", * }); + * // use the keycloak_user data source to grab the admin user's ID * const defaultAdminUser = masterRealm.then(masterRealm => keycloak.getUser({ * realmId: masterRealm.id, * username: "keycloak", @@ -101,6 +102,7 @@ export interface GetUserResult { * const masterRealm = keycloak.getRealm({ * realm: "master", * }); + * // use the keycloak_user data source to grab the admin user's ID * const defaultAdminUser = masterRealm.then(masterRealm => keycloak.getUser({ * realmId: masterRealm.id, * username: "keycloak", diff --git a/sdk/nodejs/getUserRealmRoles.ts b/sdk/nodejs/getUserRealmRoles.ts index d4dda739..12e38e84 100644 --- a/sdk/nodejs/getUserRealmRoles.ts +++ b/sdk/nodejs/getUserRealmRoles.ts @@ -17,10 +17,12 @@ import * as utilities from "./utilities"; * const masterRealm = keycloak.getRealm({ * realm: "master", * }); + * // use the keycloak_user data source to grab the admin user's ID * const defaultAdminUser = masterRealm.then(masterRealm => keycloak.getUser({ * realmId: masterRealm.id, * username: "keycloak", * })); + * // use the keycloak_user_realm_roles data source to list role names * const userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) => keycloak.getUserRealmRoles({ * realmId: masterRealm.id, * userId: defaultAdminUser.id, @@ -80,10 +82,12 @@ export interface GetUserRealmRolesResult { * const masterRealm = keycloak.getRealm({ * realm: "master", * }); + * // use the keycloak_user data source to grab the admin user's ID * const defaultAdminUser = masterRealm.then(masterRealm => keycloak.getUser({ * realmId: masterRealm.id, * username: "keycloak", * })); + * // use the keycloak_user_realm_roles data source to list role names * const userRealmRoles = Promise.all([masterRealm, defaultAdminUser]).then(([masterRealm, defaultAdminUser]) => keycloak.getUserRealmRoles({ * realmId: masterRealm.id, * userId: defaultAdminUser.id, diff --git a/sdk/nodejs/group.ts b/sdk/nodejs/group.ts index ae9f6e0f..1b74b810 100644 --- a/sdk/nodejs/group.ts +++ b/sdk/nodejs/group.ts @@ -26,21 +26,26 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const parentGroup = new keycloak.Group("parentGroup", {realmId: realm.id}); - * const childGroup = new keycloak.Group("childGroup", { - * parentId: parentGroup.id, + * const parentGroup = new keycloak.Group("parent_group", { + * realmId: realm.id, + * name: "parent-group", + * }); + * const childGroup = new keycloak.Group("child_group", { * realmId: realm.id, + * parentId: parentGroup.id, + * name: "child-group", * }); - * const childGroupWithOptionalAttributes = new keycloak.Group("childGroupWithOptionalAttributes", { + * const childGroupWithOptionalAttributes = new keycloak.Group("child_group_with_optional_attributes", { + * realmId: realm.id, + * parentId: parentGroup.id, + * name: "child-group-with-optional-attributes", * attributes: { * key1: "value1", * key2: "value2", * }, - * parentId: parentGroup.id, - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/groupMemberships.ts b/sdk/nodejs/groupMemberships.ts index 78f7df23..c31c8e4a 100644 --- a/sdk/nodejs/groupMemberships.ts +++ b/sdk/nodejs/groupMemberships.ts @@ -29,18 +29,21 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, + * }); + * const group = new keycloak.Group("group", { + * realmId: realm.id, + * name: "my-group", * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); * const user = new keycloak.User("user", { * realmId: realm.id, * username: "my-user", * }); - * const groupMembers = new keycloak.GroupMemberships("groupMembers", { + * const groupMembers = new keycloak.GroupMemberships("group_members", { + * realmId: realm.id, * groupId: group.id, * members: [user.username], - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/groupRoles.ts b/sdk/nodejs/groupRoles.ts index 33bbf748..c98aefb2 100644 --- a/sdk/nodejs/groupRoles.ts +++ b/sdk/nodejs/groupRoles.ts @@ -27,28 +27,34 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const realmRole = new keycloak.Role("realmRole", { - * description: "My Realm Role", + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", + * description: "My Realm Role", * }); * const client = new keycloak.openid.Client("client", { - * accessType: "BEARER-ONLY", + * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, - * realmId: realm.id, + * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { - * clientId: keycloak_client.client.id, + * const clientRole = new keycloak.Role("client_role", { + * realmId: realm.id, + * clientId: clientKeycloakClient.id, + * name: "my-client-role", * description: "My Client Role", + * }); + * const group = new keycloak.Group("group", { * realmId: realm.id, + * name: "my-group", * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); - * const groupRoles = new keycloak.GroupRoles("groupRoles", { - * groupId: group.id, + * const groupRoles = new keycloak.GroupRoles("group_roles", { * realmId: realm.id, + * groupId: group.id, * roleIds: [ * realmRole.id, * clientRole.id, diff --git a/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts b/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts index 8dee28ba..2dc464ce 100644 --- a/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts +++ b/sdk/nodejs/hardcodedAttributeIdentityProviderMapper.ts @@ -20,7 +20,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const oidcIdentityProvider = new keycloak.oidc.IdentityProvider("oidcIdentityProvider", { + * const oidc = new keycloak.oidc.IdentityProvider("oidc", { * realm: realm.id, * alias: "my-idp", * authorizationUrl: "https://authorizationurl.com", @@ -28,9 +28,10 @@ import * as utilities from "./utilities"; * clientSecret: "clientSecret", * tokenUrl: "https://tokenurl.com", * }); - * const oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper("oidcHardcodedAttributeIdentityProviderMapper", { + * const oidcHardcodedAttributeIdentityProviderMapper = new keycloak.HardcodedAttributeIdentityProviderMapper("oidc", { * realm: realm.id, - * identityProviderAlias: oidcIdentityProvider.alias, + * name: "hardcodedUserSessionAttribute", + * identityProviderAlias: oidc.alias, * attributeName: "attribute", * attributeValue: "value", * userSession: true, diff --git a/sdk/nodejs/hardcodedRoleIdentityMapper.ts b/sdk/nodejs/hardcodedRoleIdentityMapper.ts index 5269fe3b..6a54db54 100644 --- a/sdk/nodejs/hardcodedRoleIdentityMapper.ts +++ b/sdk/nodejs/hardcodedRoleIdentityMapper.ts @@ -20,7 +20,7 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const oidcIdentityProvider = new keycloak.oidc.IdentityProvider("oidcIdentityProvider", { + * const oidc = new keycloak.oidc.IdentityProvider("oidc", { * realm: realm.id, * alias: "my-idp", * authorizationUrl: "https://authorizationurl.com", @@ -28,13 +28,15 @@ import * as utilities from "./utilities"; * clientSecret: "clientSecret", * tokenUrl: "https://tokenurl.com", * }); - * const realmRole = new keycloak.Role("realmRole", { + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); - * const oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", { + * const oidcHardcodedRoleIdentityMapper = new keycloak.HardcodedRoleIdentityMapper("oidc", { * realm: realm.id, - * identityProviderAlias: oidcIdentityProvider.alias, + * name: "hardcodedRole", + * identityProviderAlias: oidc.alias, * role: "my-realm-role", * extraConfig: { * syncMode: "INHERIT", diff --git a/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts b/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts index 472c471a..ec846656 100644 --- a/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts +++ b/sdk/nodejs/identityProviderTokenExchangeScopePermission.ts @@ -12,11 +12,11 @@ import * as utilities from "./utilities"; * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const tokenExchangeRealm = new keycloak.Realm("tokenExchangeRealm", { + * const tokenExchangeRealm = new keycloak.Realm("token_exchange_realm", { * realm: "token-exchange_destination_realm", * enabled: true, * }); - * const tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider("tokenExchangeMyOidcIdp", { + * const tokenExchangeMyOidcIdp = new keycloak.oidc.IdentityProvider("token_exchange_my_oidc_idp", { * realm: tokenExchangeRealm.id, * alias: "myIdp", * authorizationUrl: "http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth", @@ -25,8 +25,9 @@ import * as utilities from "./utilities"; * clientSecret: "secret", * defaultScopes: "openid", * }); - * const token_exchangeWebappClient = new keycloak.openid.Client("token-exchangeWebappClient", { + * const token_exchangeWebappClient = new keycloak.openid.Client("token-exchange_webapp_client", { * realmId: tokenExchangeRealm.id, + * name: "webapp_client", * clientId: "webapp_client", * clientSecret: "secret", * description: "a webapp client on the destination realm", @@ -35,7 +36,7 @@ import * as utilities from "./utilities"; * validRedirectUris: ["http://localhost:8080/*"], * }); * //relevant part - * const oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", { + * const oidcIdpPermission = new keycloak.IdentityProviderTokenExchangeScopePermission("oidc_idp_permission", { * realmId: tokenExchangeRealm.id, * providerAlias: tokenExchangeMyOidcIdp.alias, * policyType: "client", diff --git a/sdk/nodejs/ldap/customMapper.ts b/sdk/nodejs/ldap/customMapper.ts index 0ab0f023..5d56547c 100644 --- a/sdk/nodejs/ldap/customMapper.ts +++ b/sdk/nodejs/ldap/customMapper.ts @@ -24,7 +24,8 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -38,9 +39,10 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const customMapper = new keycloak.ldap.CustomMapper("customMapper", { - * realmId: keycloak_ldap_user_federation.openldap.realm_id, - * ldapUserFederationId: keycloak_ldap_user_federation.openldap.id, + * const customMapper = new keycloak.ldap.CustomMapper("custom_mapper", { + * name: "custom-mapper", + * realmId: openldap.realmId, + * ldapUserFederationId: openldap.id, * providerId: "custom-provider-registered-in-keycloak", * providerType: "com.example.custom.ldap.mappers.CustomMapper", * config: { diff --git a/sdk/nodejs/ldap/fullNameMapper.ts b/sdk/nodejs/ldap/fullNameMapper.ts index 0f620245..e85043f7 100644 --- a/sdk/nodejs/ldap/fullNameMapper.ts +++ b/sdk/nodejs/ldap/fullNameMapper.ts @@ -21,27 +21,29 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", + * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * bindCredential: "admin", - * bindDn: "cn=admin,dc=example,dc=org", - * connectionUrl: "ldap://openldap", - * rdnLdapAttribute: "cn", + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, + * usernameLdapAttribute: "cn", + * rdnLdapAttribute: "cn", + * uuidLdapAttribute: "entryDN", * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * usernameLdapAttribute: "cn", + * connectionUrl: "ldap://openldap", * usersDn: "dc=example,dc=org", - * uuidLdapAttribute: "entryDN", + * bindDn: "cn=admin,dc=example,dc=org", + * bindCredential: "admin", * }); - * const ldapFullNameMapper = new keycloak.ldap.FullNameMapper("ldapFullNameMapper", { - * ldapFullNameAttribute: "cn", - * ldapUserFederationId: ldapUserFederation.id, + * const ldapFullNameMapper = new keycloak.ldap.FullNameMapper("ldap_full_name_mapper", { * realmId: realm.id, + * ldapUserFederationId: ldapUserFederation.id, + * name: "full-name-mapper", + * ldapFullNameAttribute: "cn", * }); * ``` * diff --git a/sdk/nodejs/ldap/groupMapper.ts b/sdk/nodejs/ldap/groupMapper.ts index 1f0cefdb..43fedb1e 100644 --- a/sdk/nodejs/ldap/groupMapper.ts +++ b/sdk/nodejs/ldap/groupMapper.ts @@ -22,33 +22,35 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", + * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * bindCredential: "admin", - * bindDn: "cn=admin,dc=example,dc=org", - * connectionUrl: "ldap://openldap", - * rdnLdapAttribute: "cn", + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, + * usernameLdapAttribute: "cn", + * rdnLdapAttribute: "cn", + * uuidLdapAttribute: "entryDN", * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * usernameLdapAttribute: "cn", + * connectionUrl: "ldap://openldap", * usersDn: "dc=example,dc=org", - * uuidLdapAttribute: "entryDN", + * bindDn: "cn=admin,dc=example,dc=org", + * bindCredential: "admin", * }); - * const ldapGroupMapper = new keycloak.ldap.GroupMapper("ldapGroupMapper", { + * const ldapGroupMapper = new keycloak.ldap.GroupMapper("ldap_group_mapper", { + * realmId: realm.id, + * ldapUserFederationId: ldapUserFederation.id, + * name: "group-mapper", + * ldapGroupsDn: "dc=example,dc=org", * groupNameLdapAttribute: "cn", * groupObjectClasses: ["groupOfNames"], - * ldapGroupsDn: "dc=example,dc=org", - * ldapUserFederationId: ldapUserFederation.id, - * memberofLdapAttribute: "memberOf", * membershipAttributeType: "DN", * membershipLdapAttribute: "member", * membershipUserLdapAttribute: "cn", - * realmId: realm.id, + * memberofLdapAttribute: "memberOf", * }); * ``` * diff --git a/sdk/nodejs/ldap/hardcodedAttributeMapper.ts b/sdk/nodejs/ldap/hardcodedAttributeMapper.ts index 230784fe..7638b86f 100644 --- a/sdk/nodejs/ldap/hardcodedAttributeMapper.ts +++ b/sdk/nodejs/ldap/hardcodedAttributeMapper.ts @@ -22,7 +22,8 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -37,9 +38,10 @@ import * as utilities from "../utilities"; * bindCredential: "admin", * syncRegistrations: true, * }); - * const assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper("assignBarToFoo", { + * const assignBarToFoo = new keycloak.ldap.HardcodedAttributeMapper("assign_bar_to_foo", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * name: "assign-foo-to-bar", * attributeName: "foo", * attributeValue: "bar", * }); diff --git a/sdk/nodejs/ldap/hardcodedGroupMapper.ts b/sdk/nodejs/ldap/hardcodedGroupMapper.ts index 2e3b02d7..e37a0966 100644 --- a/sdk/nodejs/ldap/hardcodedGroupMapper.ts +++ b/sdk/nodejs/ldap/hardcodedGroupMapper.ts @@ -20,7 +20,8 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -34,10 +35,14 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const realmGroup = new keycloak.Group("realmGroup", {realmId: realm.id}); - * const assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper("assignGroupToUsers", { + * const realmGroup = new keycloak.Group("realm_group", { + * realmId: realm.id, + * name: "my-group", + * }); + * const assignGroupToUsers = new keycloak.ldap.HardcodedGroupMapper("assign_group_to_users", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * name: "assign-group-to-users", * group: realmGroup.name, * }); * ``` diff --git a/sdk/nodejs/ldap/hardcodedRoleMapper.ts b/sdk/nodejs/ldap/hardcodedRoleMapper.ts index e64b02d1..c3c0ba01 100644 --- a/sdk/nodejs/ldap/hardcodedRoleMapper.ts +++ b/sdk/nodejs/ldap/hardcodedRoleMapper.ts @@ -20,7 +20,8 @@ import * as utilities from "../utilities"; * realm: "test", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -34,9 +35,10 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", { + * const assignAdminRoleToAllUsers = new keycloak.ldap.HardcodedRoleMapper("assign_admin_role_to_all_users", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * name: "assign-admin-role-to-all-users", * role: "admin", * }); * ``` diff --git a/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts b/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts index 21460192..51d0402b 100644 --- a/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts +++ b/sdk/nodejs/ldap/msadLdsUserAccountControlMapper.ts @@ -24,7 +24,8 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "ad", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -39,9 +40,10 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper("msadLdsUserAccountControlMapper", { + * const msadLdsUserAccountControlMapper = new keycloak.ldap.MsadLdsUserAccountControlMapper("msad_lds_user_account_control_mapper", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * name: "msad-lds-user-account-control-mapper", * }); * ``` * diff --git a/sdk/nodejs/ldap/msadUserAccountControlMapper.ts b/sdk/nodejs/ldap/msadUserAccountControlMapper.ts index 8ebced78..f1c6c1a0 100644 --- a/sdk/nodejs/ldap/msadUserAccountControlMapper.ts +++ b/sdk/nodejs/ldap/msadUserAccountControlMapper.ts @@ -23,27 +23,29 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", + * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * bindCredential: "admin", - * bindDn: "cn=admin,dc=example,dc=org", - * connectionUrl: "ldap://my-ad-server", - * rdnLdapAttribute: "cn", + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "ad", * realmId: realm.id, + * usernameLdapAttribute: "cn", + * rdnLdapAttribute: "cn", + * uuidLdapAttribute: "objectGUID", * userObjectClasses: [ * "person", * "organizationalPerson", * "user", * ], - * usernameLdapAttribute: "cn", + * connectionUrl: "ldap://my-ad-server", * usersDn: "dc=example,dc=org", - * uuidLdapAttribute: "objectGUID", + * bindDn: "cn=admin,dc=example,dc=org", + * bindCredential: "admin", * }); - * const msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", { - * ldapUserFederationId: ldapUserFederation.id, + * const msadUserAccountControlMapper = new keycloak.ldap.MsadUserAccountControlMapper("msad_user_account_control_mapper", { * realmId: realm.id, + * ldapUserFederationId: ldapUserFederation.id, + * name: "msad-user-account-control-mapper", * }); * ``` * diff --git a/sdk/nodejs/ldap/roleMapper.ts b/sdk/nodejs/ldap/roleMapper.ts index af3dc513..c7645d6e 100644 --- a/sdk/nodejs/ldap/roleMapper.ts +++ b/sdk/nodejs/ldap/roleMapper.ts @@ -20,7 +20,8 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", @@ -34,9 +35,10 @@ import * as utilities from "../utilities"; * bindDn: "cn=admin,dc=example,dc=org", * bindCredential: "admin", * }); - * const ldapRoleMapper = new keycloak.ldap.RoleMapper("ldapRoleMapper", { + * const ldapRoleMapper = new keycloak.ldap.RoleMapper("ldap_role_mapper", { * realmId: realm.id, * ldapUserFederationId: ldapUserFederation.id, + * name: "role-mapper", * ldapRolesDn: "dc=example,dc=org", * roleNameLdapAttribute: "cn", * roleObjectClasses: ["groupOfNames"], diff --git a/sdk/nodejs/ldap/userAttributeMapper.ts b/sdk/nodejs/ldap/userAttributeMapper.ts index 1ae78caf..4f729a2b 100644 --- a/sdk/nodejs/ldap/userAttributeMapper.ts +++ b/sdk/nodejs/ldap/userAttributeMapper.ts @@ -21,28 +21,30 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", + * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * bindCredential: "admin", - * bindDn: "cn=admin,dc=example,dc=org", - * connectionUrl: "ldap://openldap", - * rdnLdapAttribute: "cn", + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", * realmId: realm.id, + * usernameLdapAttribute: "cn", + * rdnLdapAttribute: "cn", + * uuidLdapAttribute: "entryDN", * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * usernameLdapAttribute: "cn", + * connectionUrl: "ldap://openldap", * usersDn: "dc=example,dc=org", - * uuidLdapAttribute: "entryDN", + * bindDn: "cn=admin,dc=example,dc=org", + * bindCredential: "admin", * }); - * const ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", { - * ldapAttribute: "bar", - * ldapUserFederationId: ldapUserFederation.id, + * const ldapUserAttributeMapper = new keycloak.ldap.UserAttributeMapper("ldap_user_attribute_mapper", { * realmId: realm.id, + * ldapUserFederationId: ldapUserFederation.id, + * name: "user-attribute-mapper", * userModelAttribute: "foo", + * ldapAttribute: "bar", * }); * ``` * diff --git a/sdk/nodejs/ldap/userFederation.ts b/sdk/nodejs/ldap/userFederation.ts index dabbe5a8..f9eddda0 100644 --- a/sdk/nodejs/ldap/userFederation.ts +++ b/sdk/nodejs/ldap/userFederation.ts @@ -24,25 +24,26 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "test", + * enabled: true, * }); - * const ldapUserFederation = new keycloak.ldap.UserFederation("ldapUserFederation", { - * bindCredential: "admin", - * bindDn: "cn=admin,dc=example,dc=org", - * connectionTimeout: "5s", - * connectionUrl: "ldap://openldap", + * const ldapUserFederation = new keycloak.ldap.UserFederation("ldap_user_federation", { + * name: "openldap", + * realmId: realm.id, * enabled: true, + * usernameLdapAttribute: "cn", * rdnLdapAttribute: "cn", - * readTimeout: "10s", - * realmId: realm.id, + * uuidLdapAttribute: "entryDN", * userObjectClasses: [ * "simpleSecurityObject", * "organizationalRole", * ], - * usernameLdapAttribute: "cn", + * connectionUrl: "ldap://openldap", * usersDn: "dc=example,dc=org", - * uuidLdapAttribute: "entryDN", + * bindDn: "cn=admin,dc=example,dc=org", + * bindCredential: "admin", + * connectionTimeout: "5s", + * readTimeout: "10s", * }); * ``` * diff --git a/sdk/nodejs/oidc/googleIdentityProvider.ts b/sdk/nodejs/oidc/googleIdentityProvider.ts index 1608720e..3371c00c 100644 --- a/sdk/nodejs/oidc/googleIdentityProvider.ts +++ b/sdk/nodejs/oidc/googleIdentityProvider.ts @@ -22,8 +22,8 @@ import * as utilities from "../utilities"; * }); * const google = new keycloak.oidc.GoogleIdentityProvider("google", { * realm: realm.id, - * clientId: _var.google_identity_provider_client_id, - * clientSecret: _var.google_identity_provider_client_secret, + * clientId: googleIdentityProviderClientId, + * clientSecret: googleIdentityProviderClientSecret, * trustEmail: true, * hostedDomain: "example.com", * syncMode: "IMPORT", diff --git a/sdk/nodejs/oidc/identityProvider.ts b/sdk/nodejs/oidc/identityProvider.ts index 34613295..0e891030 100644 --- a/sdk/nodejs/oidc/identityProvider.ts +++ b/sdk/nodejs/oidc/identityProvider.ts @@ -20,7 +20,7 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const realmIdentityProvider = new keycloak.oidc.IdentityProvider("realmIdentityProvider", { + * const realmIdentityProvider = new keycloak.oidc.IdentityProvider("realm_identity_provider", { * realm: realm.id, * alias: "my-idp", * authorizationUrl: "https://authorizationurl.com", diff --git a/sdk/nodejs/openid/audienceProtocolMapper.ts b/sdk/nodejs/openid/audienceProtocolMapper.ts index 320b52d8..f5657a1e 100644 --- a/sdk/nodejs/openid/audienceProtocolMapper.ts +++ b/sdk/nodejs/openid/audienceProtocolMapper.ts @@ -22,20 +22,22 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { + * realmId: realm.id, * clientId: openidClient.id, + * name: "audience-mapper", * includedCustomAudience: "foo", - * realmId: realm.id, * }); * ``` * @@ -48,14 +50,18 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "test-client-scope", + * }); + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { + * realmId: realm.id, * clientScopeId: clientScope.id, + * name: "audience-mapper", * includedCustomAudience: "foo", - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/openid/audienceResolveProtocolMapper.ts b/sdk/nodejs/openid/audienceResolveProtocolMapper.ts index a5d42a45..86754869 100644 --- a/sdk/nodejs/openid/audienceResolveProtocolMapper.ts +++ b/sdk/nodejs/openid/audienceResolveProtocolMapper.ts @@ -24,16 +24,18 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", { + * const audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", { * realmId: realm.id, * clientId: openidClient.id, + * name: "my-audience-resolve-mapper", * }); * ``` * @@ -49,8 +51,11 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "test-client-scope", + * }); + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * }); diff --git a/sdk/nodejs/openid/audienceResolveProtocolMappter.ts b/sdk/nodejs/openid/audienceResolveProtocolMappter.ts index 2720652d..3ad4dcf2 100644 --- a/sdk/nodejs/openid/audienceResolveProtocolMappter.ts +++ b/sdk/nodejs/openid/audienceResolveProtocolMappter.ts @@ -24,16 +24,18 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", { + * const audienceMapper = new keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", { * realmId: realm.id, * clientId: openidClient.id, + * name: "my-audience-resolve-mapper", * }); * ``` * @@ -49,8 +51,11 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "test-client-scope", + * }); + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, * }); diff --git a/sdk/nodejs/openid/client.ts b/sdk/nodejs/openid/client.ts index a915d4bc..ea0fd363 100644 --- a/sdk/nodejs/openid/client.ts +++ b/sdk/nodejs/openid/client.ts @@ -23,14 +23,15 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); * ``` diff --git a/sdk/nodejs/openid/clientDefaultScopes.ts b/sdk/nodejs/openid/clientDefaultScopes.ts index 1fc20c52..6ed22a72 100644 --- a/sdk/nodejs/openid/clientDefaultScopes.ts +++ b/sdk/nodejs/openid/clientDefaultScopes.ts @@ -13,16 +13,20 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); * const client = new keycloak.openid.Client("client", { - * accessType: "CONFIDENTIAL", + * realmId: realm.id, * clientId: "test-client", + * accessType: "CONFIDENTIAL", + * }); + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const clientDefaultScopes = new keycloak.openid.ClientDefaultScopes("clientDefaultScopes", { + * const clientDefaultScopes = new keycloak.openid.ClientDefaultScopes("client_default_scopes", { + * realmId: realm.id, * clientId: client.id, * defaultScopes: [ * "profile", @@ -31,7 +35,6 @@ import * as utilities from "../utilities"; * "web-origins", * clientScope.name, * ], - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/openid/clientOptionalScopes.ts b/sdk/nodejs/openid/clientOptionalScopes.ts index f17665e2..0fe0417b 100644 --- a/sdk/nodejs/openid/clientOptionalScopes.ts +++ b/sdk/nodejs/openid/clientOptionalScopes.ts @@ -13,16 +13,20 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); * const client = new keycloak.openid.Client("client", { - * accessType: "CONFIDENTIAL", + * realmId: realm.id, * clientId: "test-client", + * accessType: "CONFIDENTIAL", + * }); + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const clientOptionalScopes = new keycloak.openid.ClientOptionalScopes("clientOptionalScopes", { + * const clientOptionalScopes = new keycloak.openid.ClientOptionalScopes("client_optional_scopes", { + * realmId: realm.id, * clientId: client.id, * optionalScopes: [ * "address", @@ -30,7 +34,6 @@ import * as utilities from "../utilities"; * "offline_access", * clientScope.name, * ], - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/openid/clientPolicy.ts b/sdk/nodejs/openid/clientPolicy.ts index 74d8565f..eaa5cd6a 100644 --- a/sdk/nodejs/openid/clientPolicy.ts +++ b/sdk/nodejs/openid/clientPolicy.ts @@ -20,13 +20,14 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * clientId: "openid_client", + * name: "openid_client", * realmId: realm.id, * accessType: "CONFIDENTIAL", * serviceAccountsEnabled: true, * }); - * const myPermission = new keycloak.openid.ClientPermissions("myPermission", { + * const myPermission = new keycloak.openid.ClientPermissions("my_permission", { * realmId: realm.id, * clientId: openidClient.id, * }); @@ -34,9 +35,10 @@ import * as utilities from "../utilities"; * realmId: "my-realm", * clientId: "realm-management", * }); - * const tokenExchange = new keycloak.openid.ClientPolicy("tokenExchange", { + * const tokenExchange = new keycloak.openid.ClientPolicy("token_exchange", { * resourceServerId: realmManagement.then(realmManagement => realmManagement.id), * realmId: realm.id, + * name: "my-policy", * logic: "POSITIVE", * decisionStrategy: "UNANIMOUS", * clients: [openidClient.id], diff --git a/sdk/nodejs/openid/clientScope.ts b/sdk/nodejs/openid/clientScope.ts index 9c9ad04f..3ad90bb4 100644 --- a/sdk/nodejs/openid/clientScope.ts +++ b/sdk/nodejs/openid/clientScope.ts @@ -22,12 +22,13 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClientScope = new keycloak.openid.ClientScope("openidClientScope", { - * description: "When requested, this scope will map a user's group memberships to a claim", + * const openidClientScope = new keycloak.openid.ClientScope("openid_client_scope", { * realmId: realm.id, + * name: "groups", + * description: "When requested, this scope will map a user's group memberships to a claim", * }); * ``` * diff --git a/sdk/nodejs/openid/clientServiceAccountRealmRole.ts b/sdk/nodejs/openid/clientServiceAccountRealmRole.ts index 0def98e9..04b51796 100644 --- a/sdk/nodejs/openid/clientServiceAccountRealmRole.ts +++ b/sdk/nodejs/openid/clientServiceAccountRealmRole.ts @@ -22,12 +22,16 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const realmRole = new keycloak.Role("realmRole", {realmId: realm.id}); + * const realmRole = new keycloak.Role("realm_role", { + * realmId: realm.id, + * name: "my-realm-role", + * }); * const client = new keycloak.openid.Client("client", { * realmId: realm.id, + * name: "client", * serviceAccountsEnabled: true, * }); - * const clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole("clientServiceAccountRole", { + * const clientServiceAccountRole = new keycloak.openid.ClientServiceAccountRealmRole("client_service_account_role", { * realmId: realm.id, * serviceAccountUserId: client.serviceAccountUserId, * role: realmRole.name, diff --git a/sdk/nodejs/openid/clientServiceAccountRole.ts b/sdk/nodejs/openid/clientServiceAccountRole.ts index 617c4b06..71d67ba8 100644 --- a/sdk/nodejs/openid/clientServiceAccountRole.ts +++ b/sdk/nodejs/openid/clientServiceAccountRole.ts @@ -23,18 +23,23 @@ import * as utilities from "../utilities"; * enabled: true, * }); * // client1 provides a role to other clients - * const client1 = new keycloak.openid.Client("client1", {realmId: realm.id}); - * const client1Role = new keycloak.Role("client1Role", { + * const client1 = new keycloak.openid.Client("client1", { + * realmId: realm.id, + * name: "client1", + * }); + * const client1Role = new keycloak.Role("client1_role", { * realmId: realm.id, * clientId: client1.id, + * name: "my-client1-role", * description: "A role that client1 provides", * }); * // client2 is assigned the role of client1 * const client2 = new keycloak.openid.Client("client2", { * realmId: realm.id, + * name: "client2", * serviceAccountsEnabled: true, * }); - * const client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole("client2ServiceAccountRole", { + * const client2ServiceAccountRole = new keycloak.openid.ClientServiceAccountRole("client2_service_account_role", { * realmId: realm.id, * serviceAccountUserId: client2.serviceAccountUserId, * clientId: client1.id, diff --git a/sdk/nodejs/openid/fullNameProtocolMapper.ts b/sdk/nodejs/openid/fullNameProtocolMapper.ts index 14da0ca4..b8827cb1 100644 --- a/sdk/nodejs/openid/fullNameProtocolMapper.ts +++ b/sdk/nodejs/openid/fullNameProtocolMapper.ts @@ -23,19 +23,21 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", { - * clientId: openidClient.id, + * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("full_name_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "full-name-mapper", * }); * ``` * @@ -48,13 +50,17 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("fullNameMapper", { - * clientScopeId: clientScope.id, + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", + * }); + * const fullNameMapper = new keycloak.openid.FullNameProtocolMapper("full_name_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "full-name-mapper", * }); * ``` * diff --git a/sdk/nodejs/openid/getClient.ts b/sdk/nodejs/openid/getClient.ts index c0f2e899..a7dc079f 100644 --- a/sdk/nodejs/openid/getClient.ts +++ b/sdk/nodejs/openid/getClient.ts @@ -22,6 +22,7 @@ import * as utilities from "../utilities"; * realmId: "my-realm", * clientId: "realm-management", * }); + * // use the data source * const admin = realmManagement.then(realmManagement => keycloak.getRole({ * realmId: "my-realm", * clientId: realmManagement.id, @@ -140,6 +141,7 @@ export interface GetClientResult { * realmId: "my-realm", * clientId: "realm-management", * }); + * // use the data source * const admin = realmManagement.then(realmManagement => keycloak.getRole({ * realmId: "my-realm", * clientId: realmManagement.id, diff --git a/sdk/nodejs/openid/getClientAuthorizationPolicy.ts b/sdk/nodejs/openid/getClientAuthorizationPolicy.ts index 142a4fe4..1e93553f 100644 --- a/sdk/nodejs/openid/getClientAuthorizationPolicy.ts +++ b/sdk/nodejs/openid/getClientAuthorizationPolicy.ts @@ -22,8 +22,9 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientWithAuthz = new keycloak.openid.Client("clientWithAuthz", { + * const clientWithAuthz = new keycloak.openid.Client("client_with_authz", { * clientId: "client-with-authz", + * name: "client-with-authz", * realmId: realm.id, * accessType: "CONFIDENTIAL", * serviceAccountsEnabled: true, @@ -38,6 +39,7 @@ import * as utilities from "../utilities"; * }); * const resource = new keycloak.openid.ClientAuthorizationResource("resource", { * resourceServerId: clientWithAuthz.resourceServerId, + * name: "authorization-resource", * realmId: realm.id, * uris: ["/endpoint/*"], * attributes: { @@ -47,6 +49,7 @@ import * as utilities from "../utilities"; * const permission = new keycloak.openid.ClientAuthorizationPermission("permission", { * resourceServerId: clientWithAuthz.resourceServerId, * realmId: realm.id, + * name: "authorization-permission", * policies: [defaultPermission.apply(defaultPermission => defaultPermission.id)], * resources: [resource.id], * }); @@ -139,8 +142,9 @@ export interface GetClientAuthorizationPolicyResult { * realm: "my-realm", * enabled: true, * }); - * const clientWithAuthz = new keycloak.openid.Client("clientWithAuthz", { + * const clientWithAuthz = new keycloak.openid.Client("client_with_authz", { * clientId: "client-with-authz", + * name: "client-with-authz", * realmId: realm.id, * accessType: "CONFIDENTIAL", * serviceAccountsEnabled: true, @@ -155,6 +159,7 @@ export interface GetClientAuthorizationPolicyResult { * }); * const resource = new keycloak.openid.ClientAuthorizationResource("resource", { * resourceServerId: clientWithAuthz.resourceServerId, + * name: "authorization-resource", * realmId: realm.id, * uris: ["/endpoint/*"], * attributes: { @@ -164,6 +169,7 @@ export interface GetClientAuthorizationPolicyResult { * const permission = new keycloak.openid.ClientAuthorizationPermission("permission", { * resourceServerId: clientWithAuthz.resourceServerId, * realmId: realm.id, + * name: "authorization-permission", * policies: [defaultPermission.apply(defaultPermission => defaultPermission.id)], * resources: [resource.id], * }); diff --git a/sdk/nodejs/openid/getClientScope.ts b/sdk/nodejs/openid/getClientScope.ts index c849d58f..9f725170 100644 --- a/sdk/nodejs/openid/getClientScope.ts +++ b/sdk/nodejs/openid/getClientScope.ts @@ -19,9 +19,10 @@ import * as utilities from "../utilities"; * name: "offline_access", * }); * // use the data source - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { * realmId: offlineAccess.then(offlineAccess => offlineAccess.realmId), * clientScopeId: offlineAccess.then(offlineAccess => offlineAccess.id), + * name: "audience-mapper", * includedCustomAudience: "foo", * }); * ``` @@ -80,9 +81,10 @@ export interface GetClientScopeResult { * name: "offline_access", * }); * // use the data source - * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audienceMapper", { + * const audienceMapper = new keycloak.openid.AudienceProtocolMapper("audience_mapper", { * realmId: offlineAccess.then(offlineAccess => offlineAccess.realmId), * clientScopeId: offlineAccess.then(offlineAccess => offlineAccess.id), + * name: "audience-mapper", * includedCustomAudience: "foo", * }); * ``` diff --git a/sdk/nodejs/openid/getClientServiceAccountUser.ts b/sdk/nodejs/openid/getClientServiceAccountUser.ts index 25aa774b..ca2fe842 100644 --- a/sdk/nodejs/openid/getClientServiceAccountUser.ts +++ b/sdk/nodejs/openid/getClientServiceAccountUser.ts @@ -28,6 +28,7 @@ import * as utilities from "../utilities"; * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * accessType: "CONFIDENTIAL", * serviceAccountsEnabled: true, * }); @@ -39,7 +40,7 @@ import * as utilities from "../utilities"; * realmId: realm.id, * name: "offline_access", * }); - * const serviceAccountUserRoles = new keycloak.UserRoles("serviceAccountUserRoles", { + * const serviceAccountUserRoles = new keycloak.UserRoles("service_account_user_roles", { * realmId: realm.id, * userId: serviceAccountUser.apply(serviceAccountUser => serviceAccountUser.id), * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], @@ -112,6 +113,7 @@ export interface GetClientServiceAccountUserResult { * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * accessType: "CONFIDENTIAL", * serviceAccountsEnabled: true, * }); @@ -123,7 +125,7 @@ export interface GetClientServiceAccountUserResult { * realmId: realm.id, * name: "offline_access", * }); - * const serviceAccountUserRoles = new keycloak.UserRoles("serviceAccountUserRoles", { + * const serviceAccountUserRoles = new keycloak.UserRoles("service_account_user_roles", { * realmId: realm.id, * userId: serviceAccountUser.apply(serviceAccountUser => serviceAccountUser.id), * roleIds: [offlineAccess.apply(offlineAccess => offlineAccess.id)], diff --git a/sdk/nodejs/openid/groupMembershipProtocolMapper.ts b/sdk/nodejs/openid/groupMembershipProtocolMapper.ts index cdd67c0f..24b88e88 100644 --- a/sdk/nodejs/openid/groupMembershipProtocolMapper.ts +++ b/sdk/nodejs/openid/groupMembershipProtocolMapper.ts @@ -23,20 +23,22 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", { - * claimName: "groups", - * clientId: openidClient.id, + * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "group-membership-mapper", + * claimName: "groups", * }); * ``` * @@ -49,14 +51,18 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", { - * claimName: "groups", - * clientScopeId: clientScope.id, + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", + * }); + * const groupMembershipMapper = new keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "group-membership-mapper", + * claimName: "groups", * }); * ``` * diff --git a/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts b/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts index 89bb3ca4..adac0a2e 100644 --- a/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts +++ b/sdk/nodejs/openid/hardcodedClaimProtocolMapper.ts @@ -23,21 +23,23 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", { + * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", { + * realmId: realm.id, + * clientId: openidClient.id, + * name: "hardcoded-claim-mapper", * claimName: "foo", * claimValue: "bar", - * clientId: openidClient.id, - * realmId: realm.id, * }); * ``` * @@ -50,15 +52,19 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, + * }); + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "test-client-scope", * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", { + * const hardcodedClaimMapper = new keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "hardcoded-claim-mapper", * claimName: "foo", * claimValue: "bar", - * clientScopeId: clientScope.id, - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts b/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts index 7746272c..6354c3a0 100644 --- a/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/hardcodedRoleProtocolMapper.ts @@ -23,20 +23,25 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const role = new keycloak.Role("role", {realmId: realm.id}); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const role = new keycloak.Role("role", { + * realmId: realm.id, + * name: "my-role", + * }); + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", { - * clientId: openidClient.id, + * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "hardcoded-role-mapper", * roleId: role.id, * }); * ``` @@ -50,14 +55,21 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const role = new keycloak.Role("role", {realmId: realm.id}); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", { - * clientScopeId: clientScope.id, + * const role = new keycloak.Role("role", { * realmId: realm.id, + * name: "my-role", + * }); + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "test-client-scope", + * }); + * const hardcodedRoleMapper = new keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "hardcoded-role-mapper", * roleId: role.id, * }); * ``` diff --git a/sdk/nodejs/openid/scriptProtocolMapper.ts b/sdk/nodejs/openid/scriptProtocolMapper.ts index 34bddbd2..2fab18d1 100644 --- a/sdk/nodejs/openid/scriptProtocolMapper.ts +++ b/sdk/nodejs/openid/scriptProtocolMapper.ts @@ -27,16 +27,18 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const scriptMapper = new keycloak.openid.ScriptProtocolMapper("scriptMapper", { + * const scriptMapper = new keycloak.openid.ScriptProtocolMapper("script_mapper", { * realmId: realm.id, * clientId: openidClient.id, + * name: "script-mapper", * claimName: "foo", * script: "exports = 'foo';", * }); @@ -54,10 +56,14 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const scriptMapper = new keycloak.openid.ScriptProtocolMapper("scriptMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "client-scope", + * }); + * const scriptMapper = new keycloak.openid.ScriptProtocolMapper("script_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, + * name: "script-mapper", * claimName: "foo", * script: "exports = 'foo';", * }); diff --git a/sdk/nodejs/openid/userAttributeProtocolMapper.ts b/sdk/nodejs/openid/userAttributeProtocolMapper.ts index cfadf813..013e9c25 100644 --- a/sdk/nodejs/openid/userAttributeProtocolMapper.ts +++ b/sdk/nodejs/openid/userAttributeProtocolMapper.ts @@ -23,21 +23,23 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", { - * claimName: "bar", - * clientId: openidClient.id, + * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "test-mapper", * userAttribute: "foo", + * claimName: "bar", * }); * ``` * @@ -50,15 +52,19 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", { - * claimName: "bar", - * clientScopeId: clientScope.id, + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", + * }); + * const userAttributeMapper = new keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "test-mapper", * userAttribute: "foo", + * claimName: "bar", * }); * ``` * diff --git a/sdk/nodejs/openid/userClientRoleProtocolMapper.ts b/sdk/nodejs/openid/userClientRoleProtocolMapper.ts index f16c9ecf..36957a1a 100644 --- a/sdk/nodejs/openid/userClientRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/userClientRoleProtocolMapper.ts @@ -25,16 +25,18 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", { + * const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", { * realmId: realm.id, * clientId: openidClient.id, + * name: "user-client-role-mapper", * claimName: "foo", * }); * ``` @@ -51,10 +53,14 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "client-scope", + * }); + * const userClientRoleMapper = new keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, + * name: "user-client-role-mapper", * claimName: "foo", * }); * ``` diff --git a/sdk/nodejs/openid/userPropertyProtocolMapper.ts b/sdk/nodejs/openid/userPropertyProtocolMapper.ts index 04678e68..15fa87a2 100644 --- a/sdk/nodejs/openid/userPropertyProtocolMapper.ts +++ b/sdk/nodejs/openid/userPropertyProtocolMapper.ts @@ -23,21 +23,23 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", { - * claimName: "email", - * clientId: openidClient.id, + * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "test-mapper", * userProperty: "email", + * claimName: "email", * }); * ``` * @@ -50,15 +52,19 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", { - * claimName: "email", - * clientScopeId: clientScope.id, + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", + * }); + * const userPropertyMapper = new keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "test-mapper", * userProperty: "email", + * claimName: "email", * }); * ``` * diff --git a/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts b/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts index 97afce63..3a3273fa 100644 --- a/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts +++ b/sdk/nodejs/openid/userRealmRoleProtocolMapper.ts @@ -23,20 +23,22 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { - * accessType: "CONFIDENTIAL", + * const openidClient = new keycloak.openid.Client("openid_client", { + * realmId: realm.id, * clientId: "test-client", + * name: "test client", * enabled: true, - * realmId: realm.id, + * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", { - * claimName: "foo", - * clientId: openidClient.id, + * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", { * realmId: realm.id, + * clientId: openidClient.id, + * name: "user-realm-role-mapper", + * claimName: "foo", * }); * ``` * @@ -49,14 +51,18 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", { - * claimName: "foo", - * clientScopeId: clientScope.id, + * const clientScope = new keycloak.openid.ClientScope("client_scope", { * realmId: realm.id, + * name: "test-client-scope", + * }); + * const userRealmRoleMapper = new keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", { + * realmId: realm.id, + * clientScopeId: clientScope.id, + * name: "user-realm-role-mapper", + * claimName: "foo", * }); * ``` * diff --git a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts index 6d408f06..1b6c2408 100644 --- a/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts +++ b/sdk/nodejs/openid/userSessionNoteProtocolMapper.ts @@ -25,16 +25,18 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const openidClient = new keycloak.openid.Client("openidClient", { + * const openidClient = new keycloak.openid.Client("openid_client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "CONFIDENTIAL", * validRedirectUris: ["http://localhost:8080/openid-callback"], * }); - * const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", { + * const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", { * realmId: realm.id, * clientId: openidClient.id, + * name: "user-session-note-mapper", * claimName: "foo", * claimValueType: "String", * sessionNote: "bar", @@ -53,10 +55,14 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const clientScope = new keycloak.openid.ClientScope("clientScope", {realmId: realm.id}); - * const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", { + * const clientScope = new keycloak.openid.ClientScope("client_scope", { + * realmId: realm.id, + * name: "client-scope", + * }); + * const userSessionNoteMapper = new keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", { * realmId: realm.id, * clientScopeId: clientScope.id, + * name: "user-session-note-mapper", * claimName: "foo", * claimValueType: "String", * sessionNote: "bar", diff --git a/sdk/nodejs/realmEvents.ts b/sdk/nodejs/realmEvents.ts index 0d75733c..f57e6ca8 100644 --- a/sdk/nodejs/realmEvents.ts +++ b/sdk/nodejs/realmEvents.ts @@ -17,17 +17,17 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "test"}); - * const realmEvents = new keycloak.RealmEvents("realmEvents", { - * adminEventsDetailsEnabled: true, + * const realmEvents = new keycloak.RealmEvents("realm_events", { + * realmId: realm.id, + * eventsEnabled: true, + * eventsExpiration: 3600, * adminEventsEnabled: true, + * adminEventsDetailsEnabled: true, * enabledEventTypes: [ * "LOGIN", * "LOGOUT", * ], - * eventsEnabled: true, - * eventsExpiration: 3600, * eventsListeners: ["jboss-logging"], - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/realmKeystoreAesGenerated.ts b/sdk/nodejs/realmKeystoreAesGenerated.ts index 45afba31..a1fecce0 100644 --- a/sdk/nodejs/realmKeystoreAesGenerated.ts +++ b/sdk/nodejs/realmKeystoreAesGenerated.ts @@ -17,7 +17,8 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); - * const keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated("keystoreAesGenerated", { + * const keystoreAesGenerated = new keycloak.RealmKeystoreAesGenerated("keystore_aes_generated", { + * name: "my-aes-generated-key", * realmId: realm.id, * enabled: true, * active: true, diff --git a/sdk/nodejs/realmKeystoreEcdsaGenerated.ts b/sdk/nodejs/realmKeystoreEcdsaGenerated.ts index 9f522b60..e0297e59 100644 --- a/sdk/nodejs/realmKeystoreEcdsaGenerated.ts +++ b/sdk/nodejs/realmKeystoreEcdsaGenerated.ts @@ -17,7 +17,8 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); - * const keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated("keystoreEcdsaGenerated", { + * const keystoreEcdsaGenerated = new keycloak.RealmKeystoreEcdsaGenerated("keystore_ecdsa_generated", { + * name: "my-ecdsa-generated-key", * realmId: realm.id, * enabled: true, * active: true, diff --git a/sdk/nodejs/realmKeystoreHmacGenerated.ts b/sdk/nodejs/realmKeystoreHmacGenerated.ts index 605b7758..71b48d5e 100644 --- a/sdk/nodejs/realmKeystoreHmacGenerated.ts +++ b/sdk/nodejs/realmKeystoreHmacGenerated.ts @@ -17,7 +17,8 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); - * const keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated("keystoreHmacGenerated", { + * const keystoreHmacGenerated = new keycloak.RealmKeystoreHmacGenerated("keystore_hmac_generated", { + * name: "my-hmac-generated-key", * realmId: realm.id, * enabled: true, * active: true, diff --git a/sdk/nodejs/realmKeystoreJavaGenerated.ts b/sdk/nodejs/realmKeystoreJavaGenerated.ts index bb6e3e87..094767cb 100644 --- a/sdk/nodejs/realmKeystoreJavaGenerated.ts +++ b/sdk/nodejs/realmKeystoreJavaGenerated.ts @@ -17,7 +17,8 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); - * const javaKeystore = new keycloak.RealmKeystoreJavaGenerated("javaKeystore", { + * const javaKeystore = new keycloak.RealmKeystoreJavaGenerated("java_keystore", { + * name: "my-java-keystore", * realmId: realm.id, * enabled: true, * active: true, diff --git a/sdk/nodejs/realmKeystoreRsaGenerated.ts b/sdk/nodejs/realmKeystoreRsaGenerated.ts index 60b5a6df..5a6b806a 100644 --- a/sdk/nodejs/realmKeystoreRsaGenerated.ts +++ b/sdk/nodejs/realmKeystoreRsaGenerated.ts @@ -17,7 +17,8 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", {realm: "my-realm"}); - * const keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated("keystoreRsaGenerated", { + * const keystoreRsaGenerated = new keycloak.RealmKeystoreRsaGenerated("keystore_rsa_generated", { + * name: "my-rsa-generated-key", * realmId: realm.id, * enabled: true, * active: true, diff --git a/sdk/nodejs/realmUserProfile.ts b/sdk/nodejs/realmUserProfile.ts index 2c128542..785e2576 100644 --- a/sdk/nodejs/realmUserProfile.ts +++ b/sdk/nodejs/realmUserProfile.ts @@ -32,7 +32,7 @@ import * as utilities from "./utilities"; * }, * }); * const userprofile = new keycloak.RealmUserProfile("userprofile", { - * realmId: keycloak_realm.my_realm.id, + * realmId: myRealm.id, * attributes: [ * { * name: "field1", diff --git a/sdk/nodejs/requiredAction.ts b/sdk/nodejs/requiredAction.ts index d9048ca7..5905a0fb 100644 --- a/sdk/nodejs/requiredAction.ts +++ b/sdk/nodejs/requiredAction.ts @@ -20,10 +20,11 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const requiredAction = new keycloak.RequiredAction("requiredAction", { + * const requiredAction = new keycloak.RequiredAction("required_action", { * realmId: realm.realm, * alias: "webauthn-register", * enabled: true, + * name: "Webauthn Register", * }); * ``` * diff --git a/sdk/nodejs/role.ts b/sdk/nodejs/role.ts index 7cb47400..1d8142c5 100644 --- a/sdk/nodejs/role.ts +++ b/sdk/nodejs/role.ts @@ -20,12 +20,13 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const realmRole = new keycloak.Role("realmRole", { - * description: "My Realm Role", + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", + * description: "My Realm Role", * }); * ``` * @@ -38,19 +39,21 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); * const client = new keycloak.openid.Client("client", { - * accessType: "BEARER-ONLY", + * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, - * realmId: realm.id, + * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { - * clientId: keycloak_client.client.id, - * description: "My Client Role", + * const clientRole = new keycloak.Role("client_role", { * realmId: realm.id, + * clientId: clientKeycloakClient.id, + * name: "my-client-role", + * description: "My Client Role", * }); * ``` * @@ -63,25 +66,43 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, + * }); + * // realm roles + * const createRole = new keycloak.Role("create_role", { + * realmId: realm.id, + * name: "create", + * }); + * const readRole = new keycloak.Role("read_role", { + * realmId: realm.id, + * name: "read", + * }); + * const updateRole = new keycloak.Role("update_role", { + * realmId: realm.id, + * name: "update", + * }); + * const deleteRole = new keycloak.Role("delete_role", { + * realmId: realm.id, + * name: "delete", * }); - * const createRole = new keycloak.Role("createRole", {realmId: realm.id}); - * const readRole = new keycloak.Role("readRole", {realmId: realm.id}); - * const updateRole = new keycloak.Role("updateRole", {realmId: realm.id}); - * const deleteRole = new keycloak.Role("deleteRole", {realmId: realm.id}); + * // client role * const client = new keycloak.openid.Client("client", { - * accessType: "BEARER-ONLY", + * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, - * realmId: realm.id, + * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { - * clientId: keycloak_client.client.id, - * description: "My Client Role", + * const clientRole = new keycloak.Role("client_role", { * realmId: realm.id, + * clientId: clientKeycloakClient.id, + * name: "my-client-role", + * description: "My Client Role", * }); - * const adminRole = new keycloak.Role("adminRole", { + * const adminRole = new keycloak.Role("admin_role", { + * realmId: realm.id, + * name: "admin", * compositeRoles: [ * "{keycloak_role.create_role.id}", * "{keycloak_role.read_role.id}", @@ -89,7 +110,6 @@ import * as utilities from "./utilities"; * "{keycloak_role.delete_role.id}", * "{keycloak_role.client_role.id}", * ], - * realmId: realm.id, * }); * ``` * diff --git a/sdk/nodejs/saml/client.ts b/sdk/nodejs/saml/client.ts index 5081d321..eea0cfef 100644 --- a/sdk/nodejs/saml/client.ts +++ b/sdk/nodejs/saml/client.ts @@ -15,60 +15,6 @@ import * as utilities from "../utilities"; * clients are applications that redirect users to Keycloak for authentication * in order to take advantage of Keycloak's user sessions for SSO. * - * ### Example Usage - * - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as fs from "fs"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * enabled: true, - * realm: "my-realm", - * }); - * const samlClient = new keycloak.saml.Client("samlClient", { - * clientId: "test-saml-client", - * includeAuthnStatement: true, - * realmId: realm.id, - * signAssertions: true, - * signDocuments: false, - * signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"), - * signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"), - * }); - * ``` - * - * - * ### Argument Reference - * - * The following arguments are supported: - * - * - `realmId` - (Required) The realm this client is attached to. - * - `clientId` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. - * - `name` - (Optional) The display name of this client in the GUI. - * - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - * - `description` - (Optional) The description of this client in the GUI. - * - `includeAuthnStatement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. - * - `signDocuments` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. - * - `signAssertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. - * - `clientSignatureRequired` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signingCertificate` and `signingPrivateKey`. - * - `forcePostBinding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. - * - `frontChannelLogout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. - * - `nameIdFormat` - (Optional) Sets the Name ID format for the subject. - * - `rootUrl` - (Optional) When specified, this value is prepended to all relative URLs. - * - `validRedirectUris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - * - `baseUrl` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. - * - `masterSamlProcessingUrl` - (Optional) When specified, this URL will be used for all SAML requests. - * - `signingCertificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. - * - `signingPrivateKey` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. - * - `idpInitiatedSsoUrlName` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. - * - `idpInitiatedSsoRelayState` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - * - `assertionConsumerPostUrl` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). - * - `assertionConsumerRedirectUrl` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). - * - `logoutServicePostBindingUrl` - (Optional) SAML POST Binding URL for the client's single logout service. - * - `logoutServiceRedirectBindingUrl` - (Optional) SAML Redirect Binding URL for the client's single logout service. - * - `fullScopeAllowed` - (Optional) - Allow to include all roles mappings in the access token - * * ### Import * * Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `clientKeycloakId` is the unique ID that Keycloak diff --git a/sdk/nodejs/saml/clientDefaultScope.ts b/sdk/nodejs/saml/clientDefaultScope.ts index fe508d49..4c721225 100644 --- a/sdk/nodejs/saml/clientDefaultScope.ts +++ b/sdk/nodejs/saml/clientDefaultScope.ts @@ -6,43 +6,6 @@ import * as utilities from "../utilities"; /** * ## Example Usage - * - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as fs from "fs"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, - * clientId: "saml-client", - * signDocuments: false, - * signAssertions: true, - * includeAuthnStatement: true, - * signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"), - * signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"), - * }); - * const clientScope = new keycloak.saml.ClientScope("clientScope", {realmId: realm.id}); - * const clientDefaultScopes = new keycloak.saml.ClientDefaultScope("clientDefaultScopes", { - * realmId: realm.id, - * clientId: keycloak_saml_client.client.id, - * defaultScopes: [ - * "role_list", - * clientScope.name, - * ], - * }); - * ``` - * - * - * ## Import - * - * This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - * - * on the server. */ export class ClientDefaultScope extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/saml/clientScope.ts b/sdk/nodejs/saml/clientScope.ts index 89235ad0..da79b934 100644 --- a/sdk/nodejs/saml/clientScope.ts +++ b/sdk/nodejs/saml/clientScope.ts @@ -20,8 +20,9 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const samlClientScope = new keycloak.saml.ClientScope("samlClientScope", { + * const samlClientScope = new keycloak.saml.ClientScope("saml_client_scope", { * realmId: realm.id, + * name: "groups", * description: "This scope will map a user's group memberships to SAML assertion", * guiOrder: 1, * }); diff --git a/sdk/nodejs/saml/getClient.ts b/sdk/nodejs/saml/getClient.ts index c423f099..f3e88f50 100644 --- a/sdk/nodejs/saml/getClient.ts +++ b/sdk/nodejs/saml/getClient.ts @@ -20,6 +20,7 @@ import * as utilities from "../utilities"; * realmId: "my-realm", * clientId: "realm-management", * }); + * // use the data source * const admin = realmManagement.then(realmManagement => keycloak.getRole({ * realmId: "my-realm", * clientId: realmManagement.id, @@ -112,6 +113,7 @@ export interface GetClientResult { * realmId: "my-realm", * clientId: "realm-management", * }); + * // use the data source * const admin = realmManagement.then(realmManagement => keycloak.getRole({ * realmId: "my-realm", * clientId: realmManagement.id, diff --git a/sdk/nodejs/saml/getClientInstallationProvider.ts b/sdk/nodejs/saml/getClientInstallationProvider.ts index 06d13abd..e6644c28 100644 --- a/sdk/nodejs/saml/getClientInstallationProvider.ts +++ b/sdk/nodejs/saml/getClientInstallationProvider.ts @@ -6,39 +6,6 @@ import * as utilities from "../utilities"; /** * This data source can be used to retrieve Installation Provider of a SAML Client. - * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aws from "@pulumi/aws"; - * import * as fs from "fs"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, - * clientId: "test-saml-client", - * signDocuments: false, - * signAssertions: true, - * includeAuthnStatement: true, - * signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"), - * signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"), - * }); - * const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({ - * realmId: realm.id, - * clientId: samlClient.id, - * providerId: "saml-idp-descriptor", - * }); - * const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)}); - * ``` - * */ export function getClientInstallationProvider(args: GetClientInstallationProviderArgs, opts?: pulumi.InvokeOptions): Promise { @@ -86,39 +53,6 @@ export interface GetClientInstallationProviderResult { } /** * This data source can be used to retrieve Installation Provider of a SAML Client. - * - * ## Example Usage - * - * In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - * - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as aws from "@pulumi/aws"; - * import * as fs from "fs"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const samlClient = new keycloak.saml.Client("samlClient", { - * realmId: realm.id, - * clientId: "test-saml-client", - * signDocuments: false, - * signAssertions: true, - * includeAuthnStatement: true, - * signingCertificate: fs.readFileSync("saml-cert.pem", "utf8"), - * signingPrivateKey: fs.readFileSync("saml-key.pem", "utf8"), - * }); - * const samlIdpDescriptor = keycloak.saml.getClientInstallationProviderOutput({ - * realmId: realm.id, - * clientId: samlClient.id, - * providerId: "saml-idp-descriptor", - * }); - * const _default = new aws.iam.SamlProvider("default", {samlMetadataDocument: samlIdpDescriptor.apply(samlIdpDescriptor => samlIdpDescriptor.value)}); - * ``` - * */ export function getClientInstallationProviderOutput(args: GetClientInstallationProviderOutputArgs, opts?: pulumi.InvokeOptions): pulumi.Output { return pulumi.output(args).apply((a: any) => getClientInstallationProvider(a, opts)) diff --git a/sdk/nodejs/saml/identityProvider.ts b/sdk/nodejs/saml/identityProvider.ts index 110a1bd1..b87c8163 100644 --- a/sdk/nodejs/saml/identityProvider.ts +++ b/sdk/nodejs/saml/identityProvider.ts @@ -18,18 +18,18 @@ import * as utilities from "../utilities"; * import * as pulumi from "@pulumi/pulumi"; * import * as keycloak from "@pulumi/keycloak"; * - * const realmIdentityProvider = new keycloak.saml.IdentityProvider("realmIdentityProvider", { + * const realmIdentityProvider = new keycloak.saml.IdentityProvider("realm_identity_provider", { + * realm: "my-realm", * alias: "my-idp", + * singleSignOnServiceUrl: "https://domain.com/adfs/ls/", + * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0", * backchannelSupported: true, - * forceAuthn: true, - * postBindingAuthnRequest: true, - * postBindingLogout: true, * postBindingResponse: true, - * realm: "my-realm", - * singleLogoutServiceUrl: "https://domain.com/adfs/ls/?wa=wsignout1.0", - * singleSignOnServiceUrl: "https://domain.com/adfs/ls/", + * postBindingLogout: true, + * postBindingAuthnRequest: true, * storeToken: false, * trustEmail: true, + * forceAuthn: true, * }); * ``` * diff --git a/sdk/nodejs/saml/scriptProtocolMapper.ts b/sdk/nodejs/saml/scriptProtocolMapper.ts index 0710525a..4d37b9fe 100644 --- a/sdk/nodejs/saml/scriptProtocolMapper.ts +++ b/sdk/nodejs/saml/scriptProtocolMapper.ts @@ -23,13 +23,15 @@ import * as utilities from "../utilities"; * realm: "my-realm", * enabled: true, * }); - * const samlClient = new keycloak.saml.Client("samlClient", { + * const samlClient = new keycloak.saml.Client("saml_client", { * realmId: realm.id, * clientId: "saml-client", + * name: "saml-client", * }); - * const samlScriptMapper = new keycloak.saml.ScriptProtocolMapper("samlScriptMapper", { + * const samlScriptMapper = new keycloak.saml.ScriptProtocolMapper("saml_script_mapper", { * realmId: realm.id, * clientId: samlClient.id, + * name: "script-mapper", * script: "exports = 'foo';", * samlAttributeName: "displayName", * samlAttributeNameFormat: "Unspecified", diff --git a/sdk/nodejs/saml/userAttributeProtocolMapper.ts b/sdk/nodejs/saml/userAttributeProtocolMapper.ts index f6213521..4f8f6f2c 100644 --- a/sdk/nodejs/saml/userAttributeProtocolMapper.ts +++ b/sdk/nodejs/saml/userAttributeProtocolMapper.ts @@ -23,19 +23,21 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const samlClient = new keycloak.saml.Client("samlClient", { + * const samlClient = new keycloak.saml.Client("saml_client", { + * realmId: test.id, * clientId: "test-saml-client", - * realmId: keycloak_realm.test.id, + * name: "test-saml-client", * }); - * const samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", { + * const samlUserAttributeMapper = new keycloak.saml.UserAttributeProtocolMapper("saml_user_attribute_mapper", { + * realmId: test.id, * clientId: samlClient.id, - * realmId: keycloak_realm.test.id, + * name: "displayname-user-attribute-mapper", + * userAttribute: "displayName", * samlAttributeName: "displayName", * samlAttributeNameFormat: "Unspecified", - * userAttribute: "displayName", * }); * ``` * diff --git a/sdk/nodejs/saml/userPropertyProtocolMapper.ts b/sdk/nodejs/saml/userPropertyProtocolMapper.ts index 55b67bd4..5dcf4c13 100644 --- a/sdk/nodejs/saml/userPropertyProtocolMapper.ts +++ b/sdk/nodejs/saml/userPropertyProtocolMapper.ts @@ -23,19 +23,21 @@ import * as utilities from "../utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); - * const samlClient = new keycloak.saml.Client("samlClient", { + * const samlClient = new keycloak.saml.Client("saml_client", { + * realmId: test.id, * clientId: "test-saml-client", - * realmId: keycloak_realm.test.id, + * name: "test-saml-client", * }); - * const samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", { + * const samlUserPropertyMapper = new keycloak.saml.UserPropertyProtocolMapper("saml_user_property_mapper", { + * realmId: test.id, * clientId: samlClient.id, - * realmId: keycloak_realm.test.id, + * name: "email-user-property-mapper", + * userProperty: "email", * samlAttributeName: "email", * samlAttributeNameFormat: "Unspecified", - * userProperty: "email", * }); * ``` * diff --git a/sdk/nodejs/user.ts b/sdk/nodejs/user.ts index 360c2947..3b7644c8 100644 --- a/sdk/nodejs/user.ts +++ b/sdk/nodejs/user.ts @@ -23,28 +23,28 @@ import * as utilities from "./utilities"; * import * as keycloak from "@pulumi/keycloak"; * * const realm = new keycloak.Realm("realm", { - * enabled: true, * realm: "my-realm", + * enabled: true, * }); * const user = new keycloak.User("user", { - * email: "bob@domain.com", + * realmId: realm.id, + * username: "bob", * enabled: true, + * email: "bob@domain.com", * firstName: "Bob", * lastName: "Bobson", - * realmId: realm.id, - * username: "bob", * }); - * const userWithInitialPassword = new keycloak.User("userWithInitialPassword", { - * email: "alice@domain.com", + * const userWithInitialPassword = new keycloak.User("user_with_initial_password", { + * realmId: realm.id, + * username: "alice", * enabled: true, + * email: "alice@domain.com", * firstName: "Alice", + * lastName: "Aliceberg", * initialPassword: { - * temporary: true, * value: "some password", + * temporary: true, * }, - * lastName: "Aliceberg", - * realmId: realm.id, - * username: "alice", * }); * ``` * diff --git a/sdk/nodejs/userGroups.ts b/sdk/nodejs/userGroups.ts index 81013b77..3478cdd0 100644 --- a/sdk/nodejs/userGroups.ts +++ b/sdk/nodejs/userGroups.ts @@ -22,55 +22,21 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const group = new keycloak.Group("group", {realmId: realm.id}); - * const user = new keycloak.User("user", { + * const group = new keycloak.Group("group", { * realmId: realm.id, - * username: "my-user", + * name: "foo", * }); - * const userGroups = new keycloak.UserGroups("userGroups", { - * realmId: realm.id, - * userId: user.id, - * groupIds: [group.id], - * }); - * ``` - * - * - * ### Non Exhaustive Groups) - * - * ```typescript - * import * as pulumi from "@pulumi/pulumi"; - * import * as keycloak from "@pulumi/keycloak"; - * - * const realm = new keycloak.Realm("realm", { - * realm: "my-realm", - * enabled: true, - * }); - * const groupFoo = new keycloak.Group("groupFoo", {realmId: realm.id}); - * const groupBar = new keycloak.Group("groupBar", {realmId: realm.id}); * const user = new keycloak.User("user", { * realmId: realm.id, * username: "my-user", * }); - * const userGroupsAssociation1UserGroups = new keycloak.UserGroups("userGroupsAssociation1UserGroups", { - * realmId: realm.id, - * userId: user.id, - * exhaustive: false, - * groupIds: [groupFoo.id], - * }); - * const userGroupsAssociation1Index_userGroupsUserGroups = new keycloak.UserGroups("userGroupsAssociation1Index/userGroupsUserGroups", { + * const userGroups = new keycloak.UserGroups("user_groups", { * realmId: realm.id, * userId: user.id, - * exhaustive: false, - * groupIds: [groupBar.id], + * groupIds: [group.id], * }); * ``` * - * - * ## Import - * - * This resource does not support import. Instead of importing, feel free to create this resource - * - * as if it did not already exist on the server. */ export class UserGroups extends pulumi.CustomResource { /** diff --git a/sdk/nodejs/userRoles.ts b/sdk/nodejs/userRoles.ts index c5d4140a..6e487319 100644 --- a/sdk/nodejs/userRoles.ts +++ b/sdk/nodejs/userRoles.ts @@ -27,19 +27,22 @@ import * as utilities from "./utilities"; * realm: "my-realm", * enabled: true, * }); - * const realmRole = new keycloak.Role("realmRole", { + * const realmRole = new keycloak.Role("realm_role", { * realmId: realm.id, + * name: "my-realm-role", * description: "My Realm Role", * }); * const client = new keycloak.openid.Client("client", { * realmId: realm.id, * clientId: "client", + * name: "client", * enabled: true, * accessType: "BEARER-ONLY", * }); - * const clientRole = new keycloak.Role("clientRole", { + * const clientRole = new keycloak.Role("client_role", { * realmId: realm.id, - * clientId: keycloak_client.client.id, + * clientId: clientKeycloakClient.id, + * name: "my-client-role", * description: "My Client Role", * }); * const user = new keycloak.User("user", { @@ -50,7 +53,7 @@ import * as utilities from "./utilities"; * firstName: "Bob", * lastName: "Bobson", * }); - * const userRoles = new keycloak.UserRoles("userRoles", { + * const userRoles = new keycloak.UserRoles("user_roles", { * realmId: realm.id, * userId: user.id, * roleIds: [ diff --git a/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts b/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts index 7d470c48..ad5f9529 100644 --- a/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts +++ b/sdk/nodejs/userTemplateImporterIdentityProviderMapper.ts @@ -33,8 +33,9 @@ import * as utilities from "./utilities"; * clientSecret: "example_token", * defaultScopes: "openid random profile", * }); - * const usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper("usernameImporter", { + * const usernameImporter = new keycloak.UserTemplateImporterIdentityProviderMapper("username_importer", { * realm: realm.id, + * name: "username-template-importer", * identityProviderAlias: oidc.alias, * template: "${ALIAS}.${CLAIM.email}", * extraConfig: { diff --git a/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py index f0e6e059..04ac2029 100644 --- a/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/attribute_importer_identity_provider_mapper.py @@ -298,10 +298,11 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - test_mapper = keycloak.AttributeImporterIdentityProviderMapper("testMapper", - attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - identity_provider_alias="idp_alias", + test_mapper = keycloak.AttributeImporterIdentityProviderMapper("test_mapper", realm="my-realm", + name="my-mapper", + identity_provider_alias="idp_alias", + attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", user_attribute="lastName") ``` @@ -353,10 +354,11 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - test_mapper = keycloak.AttributeImporterIdentityProviderMapper("testMapper", - attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", - identity_provider_alias="idp_alias", + test_mapper = keycloak.AttributeImporterIdentityProviderMapper("test_mapper", realm="my-realm", + name="my-mapper", + identity_provider_alias="idp_alias", + attribute_name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", user_attribute="lastName") ``` diff --git a/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py b/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py index 9dc72656..4ccc4e4d 100644 --- a/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py +++ b/sdk/python/pulumi_keycloak/attribute_to_role_identity_mapper.py @@ -375,7 +375,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="oidc", authorization_url="https://example.com/auth", @@ -383,12 +383,14 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - oidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper("oidcAttributeToRoleIdentityMapper", + oidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="role-attribute", + identity_provider_alias=oidc.alias, role="my-realm-role", claim_name="my-claim", claim_value="my-value", @@ -446,7 +448,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="oidc", authorization_url="https://example.com/auth", @@ -454,12 +456,14 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - oidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper("oidcAttributeToRoleIdentityMapper", + oidc_attribute_to_role_identity_mapper = keycloak.AttributeToRoleIdentityMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="role-attribute", + identity_provider_alias=oidc.alias, role="my-realm-role", claim_name="my-claim", claim_value="my-value", diff --git a/sdk/python/pulumi_keycloak/authentication/bindings.py b/sdk/python/pulumi_keycloak/authentication/bindings.py index 4855dcc7..f07648a2 100644 --- a/sdk/python/pulumi_keycloak/authentication/bindings.py +++ b/sdk/python/pulumi_keycloak/authentication/bindings.py @@ -292,19 +292,19 @@ def __init__(__self__, realm_id=realm.id, alias="my-flow-alias") # first execution - execution_one = keycloak.authentication.Execution("executionOne", + execution_one = keycloak.authentication.Execution("execution_one", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", requirement="ALTERNATIVE") # second execution - execution_two = keycloak.authentication.Execution("executionTwo", + execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", requirement="ALTERNATIVE", opts=pulumi.ResourceOptions(depends_on=[execution_one])) - browser_authentication_binding = keycloak.authentication.Bindings("browserAuthenticationBinding", + browser_authentication_binding = keycloak.authentication.Bindings("browser_authentication_binding", realm_id=realm.id, browser_flow=flow.alias) ``` @@ -355,19 +355,19 @@ def __init__(__self__, realm_id=realm.id, alias="my-flow-alias") # first execution - execution_one = keycloak.authentication.Execution("executionOne", + execution_one = keycloak.authentication.Execution("execution_one", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", requirement="ALTERNATIVE") # second execution - execution_two = keycloak.authentication.Execution("executionTwo", + execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", requirement="ALTERNATIVE", opts=pulumi.ResourceOptions(depends_on=[execution_one])) - browser_authentication_binding = keycloak.authentication.Bindings("browserAuthenticationBinding", + browser_authentication_binding = keycloak.authentication.Bindings("browser_authentication_binding", realm_id=realm.id, browser_flow=flow.alias) ``` diff --git a/sdk/python/pulumi_keycloak/authentication/execution.py b/sdk/python/pulumi_keycloak/authentication/execution.py index cc7a2d4c..80d08149 100644 --- a/sdk/python/pulumi_keycloak/authentication/execution.py +++ b/sdk/python/pulumi_keycloak/authentication/execution.py @@ -184,13 +184,13 @@ def __init__(__self__, realm_id=realm.id, alias="my-flow-alias") # first execution - execution_one = keycloak.authentication.Execution("executionOne", + execution_one = keycloak.authentication.Execution("execution_one", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", requirement="ALTERNATIVE") # second execution - execution_two = keycloak.authentication.Execution("executionTwo", + execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", @@ -246,13 +246,13 @@ def __init__(__self__, realm_id=realm.id, alias="my-flow-alias") # first execution - execution_one = keycloak.authentication.Execution("executionOne", + execution_one = keycloak.authentication.Execution("execution_one", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="auth-cookie", requirement="ALTERNATIVE") # second execution - execution_two = keycloak.authentication.Execution("executionTwo", + execution_two = keycloak.authentication.Execution("execution_two", realm_id=realm.id, parent_flow_alias=flow.alias, authenticator="identity-provider-redirector", diff --git a/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py b/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py index 7e0da51a..88fcfaaf 100644 --- a/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py +++ b/sdk/python/pulumi_keycloak/custom_identity_provider_mapping.py @@ -206,7 +206,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="oidc", authorization_url="https://example.com/auth", @@ -214,9 +214,10 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - oidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping("oidcCustomIdentityProviderMapping", + oidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="email-attribute-importer", + identity_provider_alias=oidc.alias, identity_provider_mapper="%s-user-attribute-idp-mapper", extra_config={ "syncMode": "INHERIT", @@ -265,7 +266,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="oidc", authorization_url="https://example.com/auth", @@ -273,9 +274,10 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - oidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping("oidcCustomIdentityProviderMapping", + oidc_custom_identity_provider_mapping = keycloak.CustomIdentityProviderMapping("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="email-attribute-importer", + identity_provider_alias=oidc.alias, identity_provider_mapper="%s-user-attribute-idp-mapper", extra_config={ "syncMode": "INHERIT", diff --git a/sdk/python/pulumi_keycloak/custom_user_federation.py b/sdk/python/pulumi_keycloak/custom_user_federation.py index e2b6323c..aa6c1ad3 100644 --- a/sdk/python/pulumi_keycloak/custom_user_federation.py +++ b/sdk/python/pulumi_keycloak/custom_user_federation.py @@ -370,12 +370,13 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - custom_user_federation = keycloak.CustomUserFederation("customUserFederation", - enabled=True, + realm="test", + enabled=True) + custom_user_federation = keycloak.CustomUserFederation("custom_user_federation", + name="custom", + realm_id=realm.id, provider_id="custom", - realm_id=realm.id) + enabled=True) ``` @@ -431,12 +432,13 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - custom_user_federation = keycloak.CustomUserFederation("customUserFederation", - enabled=True, + realm="test", + enabled=True) + custom_user_federation = keycloak.CustomUserFederation("custom_user_federation", + name="custom", + realm_id=realm.id, provider_id="custom", - realm_id=realm.id) + enabled=True) ``` diff --git a/sdk/python/pulumi_keycloak/default_groups.py b/sdk/python/pulumi_keycloak/default_groups.py index ec770857..827b9b7b 100644 --- a/sdk/python/pulumi_keycloak/default_groups.py +++ b/sdk/python/pulumi_keycloak/default_groups.py @@ -97,12 +97,14 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - group = keycloak.Group("group", realm_id=realm.id) + realm="my-realm", + enabled=True) + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") default = keycloak.DefaultGroups("default", - group_ids=[group.id], - realm_id=realm.id) + realm_id=realm.id, + group_ids=[group.id]) ``` @@ -144,12 +146,14 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - group = keycloak.Group("group", realm_id=realm.id) + realm="my-realm", + enabled=True) + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") default = keycloak.DefaultGroups("default", - group_ids=[group.id], - realm_id=realm.id) + realm_id=realm.id, + group_ids=[group.id]) ``` diff --git a/sdk/python/pulumi_keycloak/default_roles.py b/sdk/python/pulumi_keycloak/default_roles.py index eaccce79..7e431df7 100644 --- a/sdk/python/pulumi_keycloak/default_roles.py +++ b/sdk/python/pulumi_keycloak/default_roles.py @@ -114,7 +114,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - default_roles = keycloak.DefaultRoles("defaultRoles", + default_roles = keycloak.DefaultRoles("default_roles", realm_id=realm.id, default_roles=["uma_authorization"]) ``` @@ -164,7 +164,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - default_roles = keycloak.DefaultRoles("defaultRoles", + default_roles = keycloak.DefaultRoles("default_roles", realm_id=realm.id, default_roles=["uma_authorization"]) ``` diff --git a/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py b/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py index 49248b65..da33b99b 100644 --- a/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_client_protocol_mapper.py @@ -272,22 +272,23 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", - client_id="test-client", - realm_id=realm.id) - saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=realm.id, + client_id="test-client") + saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("saml_hardcode_attribute_mapper", + realm_id=realm.id, client_id=saml_client.id, + name="tes-mapper", + protocol="saml", + protocol_mapper="saml-hardcode-attribute-mapper", config={ "attribute.name": "name", "attribute.nameformat": "Basic", "attribute.value": "value", "friendly.name": "display name", - }, - protocol="saml", - protocol_mapper="saml-hardcode-attribute-mapper", - realm_id=realm.id) + }) ``` @@ -344,22 +345,23 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", - client_id="test-client", - realm_id=realm.id) - saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("samlHardcodeAttributeMapper", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=realm.id, + client_id="test-client") + saml_hardcode_attribute_mapper = keycloak.GenericClientProtocolMapper("saml_hardcode_attribute_mapper", + realm_id=realm.id, client_id=saml_client.id, + name="tes-mapper", + protocol="saml", + protocol_mapper="saml-hardcode-attribute-mapper", config={ "attribute.name": "name", "attribute.nameformat": "Basic", "attribute.value": "value", "friendly.name": "display name", - }, - protocol="saml", - protocol_mapper="saml-hardcode-attribute-mapper", - realm_id=realm.id) + }) ``` diff --git a/sdk/python/pulumi_keycloak/generic_client_role_mapper.py b/sdk/python/pulumi_keycloak/generic_client_role_mapper.py index 014324a3..9ea4fa59 100644 --- a/sdk/python/pulumi_keycloak/generic_client_role_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_client_role_mapper.py @@ -187,12 +187,14 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericClientRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper", realm_id=realm.id, client_id=client.id, role_id=realm_role.id) @@ -209,26 +211,30 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_a = keycloak.openid.Client("clientA", + client_a = keycloak.openid.Client("client_a", realm_id=realm.id, client_id="client-a", + name="client-a", enabled=True, access_type="BEARER-ONLY", full_scope_allowed=False) - client_role_a = keycloak.Role("clientRoleA", + client_role_a = keycloak.Role("client_role_a", realm_id=realm.id, client_id=client_a.id, + name="my-client-role", description="My Client Role") - client_b = keycloak.openid.Client("clientB", + client_b = keycloak.openid.Client("client_b", realm_id=realm.id, client_id="client-b", + name="client-b", enabled=True, access_type="BEARER-ONLY") - client_role_b = keycloak.Role("clientRoleB", + client_role_b = keycloak.Role("client_role_b", realm_id=realm.id, client_id=client_b.id, + name="my-client-role", description="My Client Role") - client_b_role_mapper = keycloak.GenericClientRoleMapper("clientBRoleMapper", + client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper", realm_id=realm.id, client_id=client_b.id, role_id=client_role_a.id) @@ -245,11 +251,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - realm_role = keycloak.Role("realmRole", + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, + name="my-client-scope") + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericClientRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=realm_role.id) @@ -269,14 +278,18 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, client_id=client.id, + name="my-client-role", description="My Client Role") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_b_role_mapper = keycloak.GenericClientRoleMapper("clientBRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="my-client-scope") + client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=client_role.id) @@ -336,12 +349,14 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericClientRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper", realm_id=realm.id, client_id=client.id, role_id=realm_role.id) @@ -358,26 +373,30 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_a = keycloak.openid.Client("clientA", + client_a = keycloak.openid.Client("client_a", realm_id=realm.id, client_id="client-a", + name="client-a", enabled=True, access_type="BEARER-ONLY", full_scope_allowed=False) - client_role_a = keycloak.Role("clientRoleA", + client_role_a = keycloak.Role("client_role_a", realm_id=realm.id, client_id=client_a.id, + name="my-client-role", description="My Client Role") - client_b = keycloak.openid.Client("clientB", + client_b = keycloak.openid.Client("client_b", realm_id=realm.id, client_id="client-b", + name="client-b", enabled=True, access_type="BEARER-ONLY") - client_role_b = keycloak.Role("clientRoleB", + client_role_b = keycloak.Role("client_role_b", realm_id=realm.id, client_id=client_b.id, + name="my-client-role", description="My Client Role") - client_b_role_mapper = keycloak.GenericClientRoleMapper("clientBRoleMapper", + client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper", realm_id=realm.id, client_id=client_b.id, role_id=client_role_a.id) @@ -394,11 +413,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - realm_role = keycloak.Role("realmRole", + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, + name="my-client-scope") + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericClientRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericClientRoleMapper("client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=realm_role.id) @@ -418,14 +440,18 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, client_id=client.id, + name="my-client-role", description="My Client Role") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_b_role_mapper = keycloak.GenericClientRoleMapper("clientBRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="my-client-scope") + client_b_role_mapper = keycloak.GenericClientRoleMapper("client_b_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=client_role.id) diff --git a/sdk/python/pulumi_keycloak/generic_protocol_mapper.py b/sdk/python/pulumi_keycloak/generic_protocol_mapper.py index 6d87d412..f7babdac 100644 --- a/sdk/python/pulumi_keycloak/generic_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_protocol_mapper.py @@ -280,12 +280,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client = keycloak.saml.Client("samlClient", + saml_client = keycloak.saml.Client("saml_client", realm_id=realm.id, client_id="test-client") - saml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper("samlHardcodeAttributeMapper", + saml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper("saml_hardcode_attribute_mapper", realm_id=realm.id, client_id=saml_client.id, + name="test-mapper", protocol="saml", protocol_mapper="saml-hardcode-attribute-mapper", config={ @@ -345,12 +346,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client = keycloak.saml.Client("samlClient", + saml_client = keycloak.saml.Client("saml_client", realm_id=realm.id, client_id="test-client") - saml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper("samlHardcodeAttributeMapper", + saml_hardcode_attribute_mapper = keycloak.GenericProtocolMapper("saml_hardcode_attribute_mapper", realm_id=realm.id, client_id=saml_client.id, + name="test-mapper", protocol="saml", protocol_mapper="saml-hardcode-attribute-mapper", config={ diff --git a/sdk/python/pulumi_keycloak/generic_role_mapper.py b/sdk/python/pulumi_keycloak/generic_role_mapper.py index 9dd75e26..fe7e0bdf 100644 --- a/sdk/python/pulumi_keycloak/generic_role_mapper.py +++ b/sdk/python/pulumi_keycloak/generic_role_mapper.py @@ -185,12 +185,14 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericRoleMapper("client_role_mapper", realm_id=realm.id, client_id=client.id, role_id=realm_role.id) @@ -207,26 +209,30 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_a = keycloak.openid.Client("clientA", + client_a = keycloak.openid.Client("client_a", realm_id=realm.id, client_id="client-a", + name="client-a", enabled=True, access_type="BEARER-ONLY", full_scope_allowed=False) - client_role_a = keycloak.Role("clientRoleA", + client_role_a = keycloak.Role("client_role_a", realm_id=realm.id, client_id=client_a.id, + name="my-client-role", description="My Client Role") - client_b = keycloak.openid.Client("clientB", + client_b = keycloak.openid.Client("client_b", realm_id=realm.id, client_id="client-b", + name="client-b", enabled=True, access_type="BEARER-ONLY") - client_role_b = keycloak.Role("clientRoleB", + client_role_b = keycloak.Role("client_role_b", realm_id=realm.id, client_id=client_b.id, + name="my-client-role", description="My Client Role") - client_b_role_mapper = keycloak.GenericRoleMapper("clientBRoleMapper", + client_b_role_mapper = keycloak.GenericRoleMapper("client_b_role_mapper", realm_id=realm.id, client_id=client_b.id, role_id=client_role_a.id) @@ -243,11 +249,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - realm_role = keycloak.Role("realmRole", + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, + name="my-client-scope") + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericRoleMapper("client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=realm_role.id) @@ -267,14 +276,18 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, client_id=client.id, + name="my-client-role", description="My Client Role") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_b_role_mapper = keycloak.GenericRoleMapper("clientBRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="my-client-scope") + client_b_role_mapper = keycloak.GenericRoleMapper("client_b_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=client_role.id) @@ -332,12 +345,14 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericRoleMapper("client_role_mapper", realm_id=realm.id, client_id=client.id, role_id=realm_role.id) @@ -354,26 +369,30 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_a = keycloak.openid.Client("clientA", + client_a = keycloak.openid.Client("client_a", realm_id=realm.id, client_id="client-a", + name="client-a", enabled=True, access_type="BEARER-ONLY", full_scope_allowed=False) - client_role_a = keycloak.Role("clientRoleA", + client_role_a = keycloak.Role("client_role_a", realm_id=realm.id, client_id=client_a.id, + name="my-client-role", description="My Client Role") - client_b = keycloak.openid.Client("clientB", + client_b = keycloak.openid.Client("client_b", realm_id=realm.id, client_id="client-b", + name="client-b", enabled=True, access_type="BEARER-ONLY") - client_role_b = keycloak.Role("clientRoleB", + client_role_b = keycloak.Role("client_role_b", realm_id=realm.id, client_id=client_b.id, + name="my-client-role", description="My Client Role") - client_b_role_mapper = keycloak.GenericRoleMapper("clientBRoleMapper", + client_b_role_mapper = keycloak.GenericRoleMapper("client_b_role_mapper", realm_id=realm.id, client_id=client_b.id, role_id=client_role_a.id) @@ -390,11 +409,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - realm_role = keycloak.Role("realmRole", + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, + name="my-client-scope") + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - client_role_mapper = keycloak.GenericRoleMapper("clientRoleMapper", + client_role_mapper = keycloak.GenericRoleMapper("client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=realm_role.id) @@ -414,14 +436,18 @@ def __init__(__self__, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, client_id=client.id, + name="my-client-role", description="My Client Role") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_b_role_mapper = keycloak.GenericRoleMapper("clientBRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="my-client-scope") + client_b_role_mapper = keycloak.GenericRoleMapper("client_b_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, role_id=client_role.id) diff --git a/sdk/python/pulumi_keycloak/get_client_description_converter.py b/sdk/python/pulumi_keycloak/get_client_description_converter.py index 8b6b70f5..1c666033 100644 --- a/sdk/python/pulumi_keycloak/get_client_description_converter.py +++ b/sdk/python/pulumi_keycloak/get_client_description_converter.py @@ -395,7 +395,7 @@ def get_client_description_converter(body: Optional[str] = None, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client_client_description_converter = keycloak.get_client_description_converter_output(realm_id=realm.id, + saml_client = keycloak.get_client_description_converter_output(realm_id=realm.id, body=\"\"\" @@ -424,9 +424,9 @@ def get_client_description_converter(body: Optional[str] = None, \"\"\") - saml_client_client = keycloak.saml.Client("samlClientClient", + saml_client_client = keycloak.saml.Client("saml_client", realm_id=realm.id, - client_id=saml_client_client_description_converter.client_id) + client_id=saml_client.client_id) ``` @@ -499,7 +499,7 @@ def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client_client_description_converter = keycloak.get_client_description_converter_output(realm_id=realm.id, + saml_client = keycloak.get_client_description_converter_output(realm_id=realm.id, body=\"\"\" @@ -528,9 +528,9 @@ def get_client_description_converter_output(body: Optional[pulumi.Input[str]] = \"\"\") - saml_client_client = keycloak.saml.Client("samlClientClient", + saml_client_client = keycloak.saml.Client("saml_client", realm_id=realm.id, - client_id=saml_client_client_description_converter.client_id) + client_id=saml_client.client_id) ``` diff --git a/sdk/python/pulumi_keycloak/get_realm.py b/sdk/python/pulumi_keycloak/get_realm.py index 36572333..213744a7 100644 --- a/sdk/python/pulumi_keycloak/get_realm.py +++ b/sdk/python/pulumi_keycloak/get_realm.py @@ -576,7 +576,10 @@ def get_realm(attributes: Optional[Mapping[str, Any]] = None, import pulumi_keycloak as keycloak realm = keycloak.get_realm(realm="my-realm") - group = keycloak.Role("group", realm_id=data["keycloak_realm"]["id"]) + # use the data source + group = keycloak.Role("group", + realm_id=id, + name="group") ``` @@ -692,7 +695,10 @@ def get_realm_output(attributes: Optional[pulumi.Input[Optional[Mapping[str, Any import pulumi_keycloak as keycloak realm = keycloak.get_realm(realm="my-realm") - group = keycloak.Role("group", realm_id=data["keycloak_realm"]["id"]) + # use the data source + group = keycloak.Role("group", + realm_id=id, + name="group") ``` diff --git a/sdk/python/pulumi_keycloak/get_user.py b/sdk/python/pulumi_keycloak/get_user.py index 48d2e020..f114e70b 100644 --- a/sdk/python/pulumi_keycloak/get_user.py +++ b/sdk/python/pulumi_keycloak/get_user.py @@ -169,6 +169,7 @@ def get_user(realm_id: Optional[str] = None, import pulumi_keycloak as keycloak master_realm = keycloak.get_realm(realm="master") + # use the keycloak_user data source to grab the admin user's ID default_admin_user = keycloak.get_user(realm_id=master_realm.id, username="keycloak") pulumi.export("keycloakUserId", default_admin_user.id) @@ -214,6 +215,7 @@ def get_user_output(realm_id: Optional[pulumi.Input[str]] = None, import pulumi_keycloak as keycloak master_realm = keycloak.get_realm(realm="master") + # use the keycloak_user data source to grab the admin user's ID default_admin_user = keycloak.get_user(realm_id=master_realm.id, username="keycloak") pulumi.export("keycloakUserId", default_admin_user.id) diff --git a/sdk/python/pulumi_keycloak/get_user_realm_roles.py b/sdk/python/pulumi_keycloak/get_user_realm_roles.py index 34dd342f..c255b348 100644 --- a/sdk/python/pulumi_keycloak/get_user_realm_roles.py +++ b/sdk/python/pulumi_keycloak/get_user_realm_roles.py @@ -88,8 +88,10 @@ def get_user_realm_roles(realm_id: Optional[str] = None, import pulumi_keycloak as keycloak master_realm = keycloak.get_realm(realm="master") + # use the keycloak_user data source to grab the admin user's ID default_admin_user = keycloak.get_user(realm_id=master_realm.id, username="keycloak") + # use the keycloak_user_realm_roles data source to list role names user_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id, user_id=default_admin_user.id) pulumi.export("keycloakUserRoleNames", user_realm_roles.role_names) @@ -128,8 +130,10 @@ def get_user_realm_roles_output(realm_id: Optional[pulumi.Input[str]] = None, import pulumi_keycloak as keycloak master_realm = keycloak.get_realm(realm="master") + # use the keycloak_user data source to grab the admin user's ID default_admin_user = keycloak.get_user(realm_id=master_realm.id, username="keycloak") + # use the keycloak_user_realm_roles data source to list role names user_realm_roles = keycloak.get_user_realm_roles(realm_id=master_realm.id, user_id=default_admin_user.id) pulumi.export("keycloakUserRoleNames", user_realm_roles.role_names) diff --git a/sdk/python/pulumi_keycloak/group.py b/sdk/python/pulumi_keycloak/group.py index 7e882d9e..713bb6b6 100644 --- a/sdk/python/pulumi_keycloak/group.py +++ b/sdk/python/pulumi_keycloak/group.py @@ -166,19 +166,23 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - parent_group = keycloak.Group("parentGroup", realm_id=realm.id) - child_group = keycloak.Group("childGroup", + realm="my-realm", + enabled=True) + parent_group = keycloak.Group("parent_group", + realm_id=realm.id, + name="parent-group") + child_group = keycloak.Group("child_group", + realm_id=realm.id, parent_id=parent_group.id, - realm_id=realm.id) - child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", + name="child-group") + child_group_with_optional_attributes = keycloak.Group("child_group_with_optional_attributes", + realm_id=realm.id, + parent_id=parent_group.id, + name="child-group-with-optional-attributes", attributes={ "key1": "value1", "key2": "value2", - }, - parent_id=parent_group.id, - realm_id=realm.id) + }) ``` @@ -235,19 +239,23 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - parent_group = keycloak.Group("parentGroup", realm_id=realm.id) - child_group = keycloak.Group("childGroup", + realm="my-realm", + enabled=True) + parent_group = keycloak.Group("parent_group", + realm_id=realm.id, + name="parent-group") + child_group = keycloak.Group("child_group", + realm_id=realm.id, parent_id=parent_group.id, - realm_id=realm.id) - child_group_with_optional_attributes = keycloak.Group("childGroupWithOptionalAttributes", + name="child-group") + child_group_with_optional_attributes = keycloak.Group("child_group_with_optional_attributes", + realm_id=realm.id, + parent_id=parent_group.id, + name="child-group-with-optional-attributes", attributes={ "key1": "value1", "key2": "value2", - }, - parent_id=parent_group.id, - realm_id=realm.id) + }) ``` diff --git a/sdk/python/pulumi_keycloak/group_memberships.py b/sdk/python/pulumi_keycloak/group_memberships.py index 48c7763a..95a04477 100644 --- a/sdk/python/pulumi_keycloak/group_memberships.py +++ b/sdk/python/pulumi_keycloak/group_memberships.py @@ -131,16 +131,18 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - group = keycloak.Group("group", realm_id=realm.id) + realm="my-realm", + enabled=True) + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") user = keycloak.User("user", realm_id=realm.id, username="my-user") - group_members = keycloak.GroupMemberships("groupMembers", + group_members = keycloak.GroupMemberships("group_members", + realm_id=realm.id, group_id=group.id, - members=[user.username], - realm_id=realm.id) + members=[user.username]) ``` @@ -191,16 +193,18 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - group = keycloak.Group("group", realm_id=realm.id) + realm="my-realm", + enabled=True) + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") user = keycloak.User("user", realm_id=realm.id, username="my-user") - group_members = keycloak.GroupMemberships("groupMembers", + group_members = keycloak.GroupMemberships("group_members", + realm_id=realm.id, group_id=group.id, - members=[user.username], - realm_id=realm.id) + members=[user.username]) ``` diff --git a/sdk/python/pulumi_keycloak/group_roles.py b/sdk/python/pulumi_keycloak/group_roles.py index 1a7e3880..6d99340d 100644 --- a/sdk/python/pulumi_keycloak/group_roles.py +++ b/sdk/python/pulumi_keycloak/group_roles.py @@ -153,24 +153,29 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - realm_role = keycloak.Role("realmRole", - description="My Realm Role", - realm_id=realm.id) + realm="my-realm", + enabled=True) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", + description="My Realm Role") client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) - group = keycloak.Group("group", realm_id=realm.id) - group_roles = keycloak.GroupRoles("groupRoles", - group_id=group.id, + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") + group_roles = keycloak.GroupRoles("group_roles", + realm_id=realm.id, + group_id=group.id, role_ids=[ realm_role.id, client_role.id, @@ -228,24 +233,29 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - realm_role = keycloak.Role("realmRole", - description="My Realm Role", - realm_id=realm.id) + realm="my-realm", + enabled=True) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", + description="My Realm Role") client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) - group = keycloak.Group("group", realm_id=realm.id) - group_roles = keycloak.GroupRoles("groupRoles", - group_id=group.id, + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") + group = keycloak.Group("group", + realm_id=realm.id, + name="my-group") + group_roles = keycloak.GroupRoles("group_roles", + realm_id=realm.id, + group_id=group.id, role_ids=[ realm_role.id, client_role.id, diff --git a/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py index c0a351d9..a3209a54 100644 --- a/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/hardcoded_attribute_identity_provider_mapper.py @@ -268,16 +268,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", client_id="clientID", client_secret="clientSecret", token_url="https://tokenurl.com") - oidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper("oidcHardcodedAttributeIdentityProviderMapper", + oidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="hardcodedUserSessionAttribute", + identity_provider_alias=oidc.alias, attribute_name="attribute", attribute_value="value", user_session=True, @@ -317,16 +318,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", client_id="clientID", client_secret="clientSecret", token_url="https://tokenurl.com") - oidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper("oidcHardcodedAttributeIdentityProviderMapper", + oidc_hardcoded_attribute_identity_provider_mapper = keycloak.HardcodedAttributeIdentityProviderMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="hardcodedUserSessionAttribute", + identity_provider_alias=oidc.alias, attribute_name="attribute", attribute_value="value", user_session=True, diff --git a/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py b/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py index d47fab40..888c2be4 100644 --- a/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py +++ b/sdk/python/pulumi_keycloak/hardcoded_role_identity_mapper.py @@ -203,19 +203,21 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", client_id="clientID", client_secret="clientSecret", token_url="https://tokenurl.com") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - oidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", + oidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="hardcodedRole", + identity_provider_alias=oidc.alias, role="my-realm-role", extra_config={ "syncMode": "INHERIT", @@ -251,19 +253,21 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - oidc_identity_provider = keycloak.oidc.IdentityProvider("oidcIdentityProvider", + oidc = keycloak.oidc.IdentityProvider("oidc", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", client_id="clientID", client_secret="clientSecret", token_url="https://tokenurl.com") - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") - oidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper("oidcHardcodedRoleIdentityMapper", + oidc_hardcoded_role_identity_mapper = keycloak.HardcodedRoleIdentityMapper("oidc", realm=realm.id, - identity_provider_alias=oidc_identity_provider.alias, + name="hardcodedRole", + identity_provider_alias=oidc.alias, role="my-realm-role", extra_config={ "syncMode": "INHERIT", diff --git a/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py b/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py index b7ae8218..48a11dd9 100644 --- a/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py +++ b/sdk/python/pulumi_keycloak/identity_provider_token_exchange_scope_permission.py @@ -234,10 +234,10 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - token_exchange_realm = keycloak.Realm("tokenExchangeRealm", + token_exchange_realm = keycloak.Realm("token_exchange_realm", realm="token-exchange_destination_realm", enabled=True) - token_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider("tokenExchangeMyOidcIdp", + token_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider("token_exchange_my_oidc_idp", realm=token_exchange_realm.id, alias="myIdp", authorization_url="http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth", @@ -245,8 +245,9 @@ def __init__(__self__, client_id="clientId", client_secret="secret", default_scopes="openid") - token_exchange_webapp_client = keycloak.openid.Client("token-exchangeWebappClient", + token_exchange_webapp_client = keycloak.openid.Client("token-exchange_webapp_client", realm_id=token_exchange_realm.id, + name="webapp_client", client_id="webapp_client", client_secret="secret", description="a webapp client on the destination realm", @@ -254,7 +255,7 @@ def __init__(__self__, standard_flow_enabled=True, valid_redirect_uris=["http://localhost:8080/*"]) #relevant part - oidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", + oidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission("oidc_idp_permission", realm_id=token_exchange_realm.id, provider_alias=token_exchange_my_oidc_idp.alias, policy_type="client", @@ -297,10 +298,10 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - token_exchange_realm = keycloak.Realm("tokenExchangeRealm", + token_exchange_realm = keycloak.Realm("token_exchange_realm", realm="token-exchange_destination_realm", enabled=True) - token_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider("tokenExchangeMyOidcIdp", + token_exchange_my_oidc_idp = keycloak.oidc.IdentityProvider("token_exchange_my_oidc_idp", realm=token_exchange_realm.id, alias="myIdp", authorization_url="http://localhost:8080/auth/realms/someRealm/protocol/openid-connect/auth", @@ -308,8 +309,9 @@ def __init__(__self__, client_id="clientId", client_secret="secret", default_scopes="openid") - token_exchange_webapp_client = keycloak.openid.Client("token-exchangeWebappClient", + token_exchange_webapp_client = keycloak.openid.Client("token-exchange_webapp_client", realm_id=token_exchange_realm.id, + name="webapp_client", client_id="webapp_client", client_secret="secret", description="a webapp client on the destination realm", @@ -317,7 +319,7 @@ def __init__(__self__, standard_flow_enabled=True, valid_redirect_uris=["http://localhost:8080/*"]) #relevant part - oidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission("oidcIdpPermission", + oidc_idp_permission = keycloak.IdentityProviderTokenExchangeScopePermission("oidc_idp_permission", realm_id=token_exchange_realm.id, provider_alias=token_exchange_my_oidc_idp.alias, policy_type="client", diff --git a/sdk/python/pulumi_keycloak/ldap/custom_mapper.py b/sdk/python/pulumi_keycloak/ldap/custom_mapper.py index 5ea67ded..f3af8bce 100644 --- a/sdk/python/pulumi_keycloak/ldap/custom_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/custom_mapper.py @@ -246,7 +246,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -259,9 +260,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - custom_mapper = keycloak.ldap.CustomMapper("customMapper", - realm_id=keycloak_ldap_user_federation["openldap"]["realm_id"], - ldap_user_federation_id=keycloak_ldap_user_federation["openldap"]["id"], + custom_mapper = keycloak.ldap.CustomMapper("custom_mapper", + name="custom-mapper", + realm_id=openldap["realmId"], + ldap_user_federation_id=openldap["id"], provider_id="custom-provider-registered-in-keycloak", provider_type="com.example.custom.ldap.mappers.CustomMapper", config={ @@ -319,7 +321,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -332,9 +335,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - custom_mapper = keycloak.ldap.CustomMapper("customMapper", - realm_id=keycloak_ldap_user_federation["openldap"]["realm_id"], - ldap_user_federation_id=keycloak_ldap_user_federation["openldap"]["id"], + custom_mapper = keycloak.ldap.CustomMapper("custom_mapper", + name="custom-mapper", + realm_id=openldap["realmId"], + ldap_user_federation_id=openldap["id"], provider_id="custom-provider-registered-in-keycloak", provider_type="com.example.custom.ldap.mappers.CustomMapper", config={ diff --git a/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py b/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py index d2a487d1..b74140b4 100644 --- a/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/full_name_mapper.py @@ -221,25 +221,27 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldapFullNameMapper", - ldap_full_name_attribute="cn", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldap_full_name_mapper", + realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - realm_id=realm.id) + name="full-name-mapper", + ldap_full_name_attribute="cn") ``` @@ -289,25 +291,27 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldapFullNameMapper", - ldap_full_name_attribute="cn", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_full_name_mapper = keycloak.ldap.FullNameMapper("ldap_full_name_mapper", + realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - realm_id=realm.id) + name="full-name-mapper", + ldap_full_name_attribute="cn") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/group_mapper.py b/sdk/python/pulumi_keycloak/ldap/group_mapper.py index 7bf09024..873402ac 100644 --- a/sdk/python/pulumi_keycloak/ldap/group_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/group_mapper.py @@ -518,31 +518,33 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_group_mapper = keycloak.ldap.GroupMapper("ldapGroupMapper", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_group_mapper = keycloak.ldap.GroupMapper("ldap_group_mapper", + realm_id=realm.id, + ldap_user_federation_id=ldap_user_federation.id, + name="group-mapper", + ldap_groups_dn="dc=example,dc=org", group_name_ldap_attribute="cn", group_object_classes=["groupOfNames"], - ldap_groups_dn="dc=example,dc=org", - ldap_user_federation_id=ldap_user_federation.id, - memberof_ldap_attribute="memberOf", membership_attribute_type="DN", membership_ldap_attribute="member", membership_user_ldap_attribute="cn", - realm_id=realm.id) + memberof_ldap_attribute="memberOf") ``` @@ -604,31 +606,33 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_group_mapper = keycloak.ldap.GroupMapper("ldapGroupMapper", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_group_mapper = keycloak.ldap.GroupMapper("ldap_group_mapper", + realm_id=realm.id, + ldap_user_federation_id=ldap_user_federation.id, + name="group-mapper", + ldap_groups_dn="dc=example,dc=org", group_name_ldap_attribute="cn", group_object_classes=["groupOfNames"], - ldap_groups_dn="dc=example,dc=org", - ldap_user_federation_id=ldap_user_federation.id, - memberof_ldap_attribute="memberOf", membership_attribute_type="DN", membership_ldap_attribute="member", membership_user_ldap_attribute="cn", - realm_id=realm.id) + memberof_ldap_attribute="memberOf") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py index 75963c21..9466d16d 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_attribute_mapper.py @@ -211,7 +211,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -225,9 +226,10 @@ def __init__(__self__, bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin", sync_registrations=True) - assign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper("assignBarToFoo", + assign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper("assign_bar_to_foo", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-foo-to-bar", attribute_name="foo", attribute_value="bar") ``` @@ -278,7 +280,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -292,9 +295,10 @@ def __init__(__self__, bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin", sync_registrations=True) - assign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper("assignBarToFoo", + assign_bar_to_foo = keycloak.ldap.HardcodedAttributeMapper("assign_bar_to_foo", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-foo-to-bar", attribute_name="foo", attribute_value="bar") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py index 1888f520..2484a68c 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_group_mapper.py @@ -177,7 +177,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -190,10 +191,13 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - realm_group = keycloak.Group("realmGroup", realm_id=realm.id) - assign_group_to_users = keycloak.ldap.HardcodedGroupMapper("assignGroupToUsers", + realm_group = keycloak.Group("realm_group", + realm_id=realm.id, + name="my-group") + assign_group_to_users = keycloak.ldap.HardcodedGroupMapper("assign_group_to_users", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-group-to-users", group=realm_group.name) ``` @@ -240,7 +244,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -253,10 +258,13 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - realm_group = keycloak.Group("realmGroup", realm_id=realm.id) - assign_group_to_users = keycloak.ldap.HardcodedGroupMapper("assignGroupToUsers", + realm_group = keycloak.Group("realm_group", + realm_id=realm.id, + name="my-group") + assign_group_to_users = keycloak.ldap.HardcodedGroupMapper("assign_group_to_users", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-group-to-users", group=realm_group.name) ``` diff --git a/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py b/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py index fae0fea6..5a90610a 100644 --- a/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/hardcoded_role_mapper.py @@ -177,7 +177,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="test", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -190,9 +191,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", + assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assign_admin_role_to_all_users", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-admin-role-to-all-users", role="admin") ``` @@ -240,7 +242,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="test", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -253,9 +256,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assignAdminRoleToAllUsers", + assign_admin_role_to_all_users = keycloak.ldap.HardcodedRoleMapper("assign_admin_role_to_all_users", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="assign-admin-role-to-all-users", role="admin") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py b/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py index 2751f709..d752a2e2 100644 --- a/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/msad_lds_user_account_control_mapper.py @@ -149,7 +149,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="ad", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -163,9 +164,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - msad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper("msadLdsUserAccountControlMapper", + msad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper("msad_lds_user_account_control_mapper", realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id) + ldap_user_federation_id=ldap_user_federation.id, + name="msad-lds-user-account-control-mapper") ``` @@ -214,7 +216,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="ad", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -228,9 +231,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - msad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper("msadLdsUserAccountControlMapper", + msad_lds_user_account_control_mapper = keycloak.ldap.MsadLdsUserAccountControlMapper("msad_lds_user_account_control_mapper", realm_id=realm.id, - ldap_user_federation_id=ldap_user_federation.id) + ldap_user_federation_id=ldap_user_federation.id, + name="msad-lds-user-account-control-mapper") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py b/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py index f0f048e7..2c5f7ed4 100644 --- a/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/msad_user_account_control_mapper.py @@ -174,25 +174,27 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://my-ad-server", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="ad", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="objectGUID", user_object_classes=[ "person", "organizationalPerson", "user", ], - username_ldap_attribute="cn", + connection_url="ldap://my-ad-server", users_dn="dc=example,dc=org", - uuid_ldap_attribute="objectGUID") - msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msad_user_account_control_mapper", + realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - realm_id=realm.id) + name="msad-user-account-control-mapper") ``` @@ -242,25 +244,27 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://my-ad-server", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="ad", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="objectGUID", user_object_classes=[ "person", "organizationalPerson", "user", ], - username_ldap_attribute="cn", + connection_url="ldap://my-ad-server", users_dn="dc=example,dc=org", - uuid_ldap_attribute="objectGUID") - msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msadUserAccountControlMapper", + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + msad_user_account_control_mapper = keycloak.ldap.MsadUserAccountControlMapper("msad_user_account_control_mapper", + realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, - realm_id=realm.id) + name="msad-user-account-control-mapper") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/role_mapper.py b/sdk/python/pulumi_keycloak/ldap/role_mapper.py index 3cdcfe9e..78d26c36 100644 --- a/sdk/python/pulumi_keycloak/ldap/role_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/role_mapper.py @@ -536,7 +536,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -549,9 +550,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - ldap_role_mapper = keycloak.ldap.RoleMapper("ldapRoleMapper", + ldap_role_mapper = keycloak.ldap.RoleMapper("ldap_role_mapper", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="role-mapper", ldap_roles_dn="dc=example,dc=org", role_name_ldap_attribute="cn", role_object_classes=["groupOfNames"], @@ -616,7 +618,8 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, username_ldap_attribute="cn", rdn_ldap_attribute="cn", @@ -629,9 +632,10 @@ def __init__(__self__, users_dn="dc=example,dc=org", bind_dn="cn=admin,dc=example,dc=org", bind_credential="admin") - ldap_role_mapper = keycloak.ldap.RoleMapper("ldapRoleMapper", + ldap_role_mapper = keycloak.ldap.RoleMapper("ldap_role_mapper", realm_id=realm.id, ldap_user_federation_id=ldap_user_federation.id, + name="role-mapper", ldap_roles_dn="dc=example,dc=org", role_name_ldap_attribute="cn", role_object_classes=["groupOfNames"], diff --git a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py index b96a3119..01ccdc45 100644 --- a/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py +++ b/sdk/python/pulumi_keycloak/ldap/user_attribute_mapper.py @@ -376,26 +376,28 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", - ldap_attribute="bar", - ldap_user_federation_id=ldap_user_federation.id, + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldap_user_attribute_mapper", realm_id=realm.id, - user_model_attribute="foo") + ldap_user_federation_id=ldap_user_federation.id, + name="user-attribute-mapper", + user_model_attribute="foo", + ldap_attribute="bar") ``` @@ -454,26 +456,28 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_url="ldap://openldap", - rdn_ldap_attribute="cn", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", realm_id=realm.id, + username_ldap_attribute="cn", + rdn_ldap_attribute="cn", + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") - ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldapUserAttributeMapper", - ldap_attribute="bar", - ldap_user_federation_id=ldap_user_federation.id, + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin") + ldap_user_attribute_mapper = keycloak.ldap.UserAttributeMapper("ldap_user_attribute_mapper", realm_id=realm.id, - user_model_attribute="foo") + ldap_user_federation_id=ldap_user_federation.id, + name="user-attribute-mapper", + user_model_attribute="foo", + ldap_attribute="bar") ``` diff --git a/sdk/python/pulumi_keycloak/ldap/user_federation.py b/sdk/python/pulumi_keycloak/ldap/user_federation.py index e9accede..830a385b 100644 --- a/sdk/python/pulumi_keycloak/ldap/user_federation.py +++ b/sdk/python/pulumi_keycloak/ldap/user_federation.py @@ -1102,24 +1102,25 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", + realm_id=realm.id, enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_timeout="5s", - connection_url="ldap://openldap", - enabled=True, + username_ldap_attribute="cn", rdn_ldap_attribute="cn", - read_timeout="10s", - realm_id=realm.id, + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin", + connection_timeout="5s", + read_timeout="10s") ``` @@ -1225,24 +1226,25 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", + realm="test", + enabled=True) + ldap_user_federation = keycloak.ldap.UserFederation("ldap_user_federation", + name="openldap", + realm_id=realm.id, enabled=True, - realm="test") - ldap_user_federation = keycloak.ldap.UserFederation("ldapUserFederation", - bind_credential="admin", - bind_dn="cn=admin,dc=example,dc=org", - connection_timeout="5s", - connection_url="ldap://openldap", - enabled=True, + username_ldap_attribute="cn", rdn_ldap_attribute="cn", - read_timeout="10s", - realm_id=realm.id, + uuid_ldap_attribute="entryDN", user_object_classes=[ "simpleSecurityObject", "organizationalRole", ], - username_ldap_attribute="cn", + connection_url="ldap://openldap", users_dn="dc=example,dc=org", - uuid_ldap_attribute="entryDN") + bind_dn="cn=admin,dc=example,dc=org", + bind_credential="admin", + connection_timeout="5s", + read_timeout="10s") ``` diff --git a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py index 2d28a4dd..10f32faf 100644 --- a/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/google_identity_provider.py @@ -813,8 +813,8 @@ def __init__(__self__, enabled=True) google = keycloak.oidc.GoogleIdentityProvider("google", realm=realm.id, - client_id=var["google_identity_provider_client_id"], - client_secret=var["google_identity_provider_client_secret"], + client_id=google_identity_provider_client_id, + client_secret=google_identity_provider_client_secret, trust_email=True, hosted_domain="example.com", sync_mode="IMPORT", @@ -883,8 +883,8 @@ def __init__(__self__, enabled=True) google = keycloak.oidc.GoogleIdentityProvider("google", realm=realm.id, - client_id=var["google_identity_provider_client_id"], - client_secret=var["google_identity_provider_client_secret"], + client_id=google_identity_provider_client_id, + client_secret=google_identity_provider_client_secret, trust_email=True, hosted_domain="example.com", sync_mode="IMPORT", diff --git a/sdk/python/pulumi_keycloak/oidc/identity_provider.py b/sdk/python/pulumi_keycloak/oidc/identity_provider.py index 259cbd59..9702c741 100644 --- a/sdk/python/pulumi_keycloak/oidc/identity_provider.py +++ b/sdk/python/pulumi_keycloak/oidc/identity_provider.py @@ -1073,7 +1073,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_identity_provider = keycloak.oidc.IdentityProvider("realmIdentityProvider", + realm_identity_provider = keycloak.oidc.IdentityProvider("realm_identity_provider", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", @@ -1152,7 +1152,7 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_identity_provider = keycloak.oidc.IdentityProvider("realmIdentityProvider", + realm_identity_provider = keycloak.oidc.IdentityProvider("realm_identity_provider", realm=realm.id, alias="my-idp", authorization_url="https://authorizationurl.com", diff --git a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py index 9356f091..781d12d3 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/audience_protocol_mapper.py @@ -314,18 +314,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", + realm_id=realm.id, client_id=openid_client.id, - included_custom_audience="foo", - realm_id=realm.id) + name="audience-mapper", + included_custom_audience="foo") ``` @@ -337,13 +339,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - included_custom_audience="foo", - realm_id=realm.id) + name="audience-mapper", + included_custom_audience="foo") ``` @@ -403,18 +408,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", + realm_id=realm.id, client_id=openid_client.id, - included_custom_audience="foo", - realm_id=realm.id) + name="audience-mapper", + included_custom_audience="foo") ``` @@ -426,13 +433,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - included_custom_audience="foo", - realm_id=realm.id) + name="audience-mapper", + included_custom_audience="foo") ``` diff --git a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py index bc185d82..22b4d2a3 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mapper.py @@ -183,15 +183,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + name="my-audience-resolve-mapper") ``` @@ -205,8 +207,10 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=realm.id, client_scope_id=client_scope.id) ``` @@ -264,15 +268,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + name="my-audience-resolve-mapper") ``` @@ -286,8 +292,10 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=realm.id, client_scope_id=client_scope.id) ``` diff --git a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py index 508c44cc..5e143316 100644 --- a/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py +++ b/sdk/python/pulumi_keycloak/openid/audience_resolve_protocol_mappter.py @@ -188,15 +188,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + name="my-audience-resolve-mapper") ``` @@ -210,8 +212,10 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=realm.id, client_scope_id=client_scope.id) ``` @@ -269,15 +273,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceResolveProtocolMapper("audience_mapper", realm_id=realm.id, - client_id=openid_client.id) + client_id=openid_client.id, + name="my-audience-resolve-mapper") ``` @@ -291,8 +297,10 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=realm.id, client_scope_id=client_scope.id) ``` diff --git a/sdk/python/pulumi_keycloak/openid/client.py b/sdk/python/pulumi_keycloak/openid/client.py index ae2d6774..8de0daf1 100644 --- a/sdk/python/pulumi_keycloak/openid/client.py +++ b/sdk/python/pulumi_keycloak/openid/client.py @@ -1173,13 +1173,14 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) ``` @@ -1253,13 +1254,14 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) ``` diff --git a/sdk/python/pulumi_keycloak/openid/client_default_scopes.py b/sdk/python/pulumi_keycloak/openid/client_default_scopes.py index 3b2e8134..5dd078c6 100644 --- a/sdk/python/pulumi_keycloak/openid/client_default_scopes.py +++ b/sdk/python/pulumi_keycloak/openid/client_default_scopes.py @@ -114,14 +114,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="CONFIDENTIAL", + realm_id=realm.id, client_id="test-client", - realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_default_scopes = keycloak.openid.ClientDefaultScopes("clientDefaultScopes", + access_type="CONFIDENTIAL") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + client_default_scopes = keycloak.openid.ClientDefaultScopes("client_default_scopes", + realm_id=realm.id, client_id=client.id, default_scopes=[ "profile", @@ -129,8 +132,7 @@ def __init__(__self__, "roles", "web-origins", client_scope.name, - ], - realm_id=realm.id) + ]) ``` @@ -165,14 +167,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="CONFIDENTIAL", + realm_id=realm.id, client_id="test-client", - realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_default_scopes = keycloak.openid.ClientDefaultScopes("clientDefaultScopes", + access_type="CONFIDENTIAL") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + client_default_scopes = keycloak.openid.ClientDefaultScopes("client_default_scopes", + realm_id=realm.id, client_id=client.id, default_scopes=[ "profile", @@ -180,8 +185,7 @@ def __init__(__self__, "roles", "web-origins", client_scope.name, - ], - realm_id=realm.id) + ]) ``` diff --git a/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py b/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py index 6757c578..d4f6e282 100644 --- a/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py +++ b/sdk/python/pulumi_keycloak/openid/client_optional_scopes.py @@ -114,22 +114,24 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="CONFIDENTIAL", + realm_id=realm.id, client_id="test-client", - realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_optional_scopes = keycloak.openid.ClientOptionalScopes("clientOptionalScopes", + access_type="CONFIDENTIAL") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + client_optional_scopes = keycloak.openid.ClientOptionalScopes("client_optional_scopes", + realm_id=realm.id, client_id=client.id, optional_scopes=[ "address", "phone", "offline_access", client_scope.name, - ], - realm_id=realm.id) + ]) ``` @@ -164,22 +166,24 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="CONFIDENTIAL", + realm_id=realm.id, client_id="test-client", - realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - client_optional_scopes = keycloak.openid.ClientOptionalScopes("clientOptionalScopes", + access_type="CONFIDENTIAL") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + client_optional_scopes = keycloak.openid.ClientOptionalScopes("client_optional_scopes", + realm_id=realm.id, client_id=client.id, optional_scopes=[ "address", "phone", "offline_access", client_scope.name, - ], - realm_id=realm.id) + ]) ``` diff --git a/sdk/python/pulumi_keycloak/openid/client_policy.py b/sdk/python/pulumi_keycloak/openid/client_policy.py index 9c0294fb..72c4af81 100644 --- a/sdk/python/pulumi_keycloak/openid/client_policy.py +++ b/sdk/python/pulumi_keycloak/openid/client_policy.py @@ -276,19 +276,21 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", client_id="openid_client", + name="openid_client", realm_id=realm.id, access_type="CONFIDENTIAL", service_accounts_enabled=True) - my_permission = keycloak.openid.ClientPermissions("myPermission", + my_permission = keycloak.openid.ClientPermissions("my_permission", realm_id=realm.id, client_id=openid_client.id) realm_management = keycloak.openid.get_client(realm_id="my-realm", client_id="realm-management") - token_exchange = keycloak.openid.ClientPolicy("tokenExchange", + token_exchange = keycloak.openid.ClientPolicy("token_exchange", resource_server_id=realm_management.id, realm_id=realm.id, + name="my-policy", logic="POSITIVE", decision_strategy="UNANIMOUS", clients=[openid_client.id]) @@ -326,19 +328,21 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", client_id="openid_client", + name="openid_client", realm_id=realm.id, access_type="CONFIDENTIAL", service_accounts_enabled=True) - my_permission = keycloak.openid.ClientPermissions("myPermission", + my_permission = keycloak.openid.ClientPermissions("my_permission", realm_id=realm.id, client_id=openid_client.id) realm_management = keycloak.openid.get_client(realm_id="my-realm", client_id="realm-management") - token_exchange = keycloak.openid.ClientPolicy("tokenExchange", + token_exchange = keycloak.openid.ClientPolicy("token_exchange", resource_server_id=realm_management.id, realm_id=realm.id, + name="my-policy", logic="POSITIVE", decision_strategy="UNANIMOUS", clients=[openid_client.id]) diff --git a/sdk/python/pulumi_keycloak/openid/client_scope.py b/sdk/python/pulumi_keycloak/openid/client_scope.py index 4fa19353..e0e08e4b 100644 --- a/sdk/python/pulumi_keycloak/openid/client_scope.py +++ b/sdk/python/pulumi_keycloak/openid/client_scope.py @@ -200,11 +200,12 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client_scope = keycloak.openid.ClientScope("openidClientScope", - description="When requested, this scope will map a user's group memberships to a claim", - realm_id=realm.id) + realm="my-realm", + enabled=True) + openid_client_scope = keycloak.openid.ClientScope("openid_client_scope", + realm_id=realm.id, + name="groups", + description="When requested, this scope will map a user's group memberships to a claim") ``` @@ -253,11 +254,12 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client_scope = keycloak.openid.ClientScope("openidClientScope", - description="When requested, this scope will map a user's group memberships to a claim", - realm_id=realm.id) + realm="my-realm", + enabled=True) + openid_client_scope = keycloak.openid.ClientScope("openid_client_scope", + realm_id=realm.id, + name="groups", + description="When requested, this scope will map a user's group memberships to a claim") ``` diff --git a/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py b/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py index 3b27f6be..fb4135e6 100644 --- a/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py +++ b/sdk/python/pulumi_keycloak/openid/client_service_account_realm_role.py @@ -146,11 +146,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_role = keycloak.Role("realmRole", realm_id=realm.id) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role") client = keycloak.openid.Client("client", realm_id=realm.id, + name="client", service_accounts_enabled=True) - client_service_account_role = keycloak.openid.ClientServiceAccountRealmRole("clientServiceAccountRole", + client_service_account_role = keycloak.openid.ClientServiceAccountRealmRole("client_service_account_role", realm_id=realm.id, service_account_user_id=client.service_account_user_id, role=realm_role.name) @@ -198,11 +201,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_role = keycloak.Role("realmRole", realm_id=realm.id) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role") client = keycloak.openid.Client("client", realm_id=realm.id, + name="client", service_accounts_enabled=True) - client_service_account_role = keycloak.openid.ClientServiceAccountRealmRole("clientServiceAccountRole", + client_service_account_role = keycloak.openid.ClientServiceAccountRealmRole("client_service_account_role", realm_id=realm.id, service_account_user_id=client.service_account_user_id, role=realm_role.name) diff --git a/sdk/python/pulumi_keycloak/openid/client_service_account_role.py b/sdk/python/pulumi_keycloak/openid/client_service_account_role.py index 0daf6222..b93f6b2a 100644 --- a/sdk/python/pulumi_keycloak/openid/client_service_account_role.py +++ b/sdk/python/pulumi_keycloak/openid/client_service_account_role.py @@ -179,16 +179,20 @@ def __init__(__self__, realm="my-realm", enabled=True) # client1 provides a role to other clients - client1 = keycloak.openid.Client("client1", realm_id=realm.id) - client1_role = keycloak.Role("client1Role", + client1 = keycloak.openid.Client("client1", + realm_id=realm.id, + name="client1") + client1_role = keycloak.Role("client1_role", realm_id=realm.id, client_id=client1.id, + name="my-client1-role", description="A role that client1 provides") # client2 is assigned the role of client1 client2 = keycloak.openid.Client("client2", realm_id=realm.id, + name="client2", service_accounts_enabled=True) - client2_service_account_role = keycloak.openid.ClientServiceAccountRole("client2ServiceAccountRole", + client2_service_account_role = keycloak.openid.ClientServiceAccountRole("client2_service_account_role", realm_id=realm.id, service_account_user_id=client2.service_account_user_id, client_id=client1.id, @@ -239,16 +243,20 @@ def __init__(__self__, realm="my-realm", enabled=True) # client1 provides a role to other clients - client1 = keycloak.openid.Client("client1", realm_id=realm.id) - client1_role = keycloak.Role("client1Role", + client1 = keycloak.openid.Client("client1", + realm_id=realm.id, + name="client1") + client1_role = keycloak.Role("client1_role", realm_id=realm.id, client_id=client1.id, + name="my-client1-role", description="A role that client1 provides") # client2 is assigned the role of client1 client2 = keycloak.openid.Client("client2", realm_id=realm.id, + name="client2", service_accounts_enabled=True) - client2_service_account_role = keycloak.openid.ClientServiceAccountRole("client2ServiceAccountRole", + client2_service_account_role = keycloak.openid.ClientServiceAccountRole("client2_service_account_role", realm_id=realm.id, service_account_user_id=client2.service_account_user_id, client_id=client1.id, diff --git a/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py index 43597ed3..2efba16d 100644 --- a/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/full_name_protocol_mapper.py @@ -258,17 +258,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", + full_name_mapper = keycloak.openid.FullNameProtocolMapper("full_name_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="full-name-mapper") ``` @@ -280,12 +282,15 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + full_name_mapper = keycloak.openid.FullNameProtocolMapper("full_name_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="full-name-mapper") ``` @@ -341,17 +346,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", + full_name_mapper = keycloak.openid.FullNameProtocolMapper("full_name_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="full-name-mapper") ``` @@ -363,12 +370,15 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - full_name_mapper = keycloak.openid.FullNameProtocolMapper("fullNameMapper", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + full_name_mapper = keycloak.openid.FullNameProtocolMapper("full_name_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="full-name-mapper") ``` diff --git a/sdk/python/pulumi_keycloak/openid/get_client.py b/sdk/python/pulumi_keycloak/openid/get_client.py index f471f708..2b66b7d6 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client.py +++ b/sdk/python/pulumi_keycloak/openid/get_client.py @@ -473,6 +473,7 @@ def get_client(client_id: Optional[str] = None, realm_management = keycloak.openid.get_client(realm_id="my-realm", client_id="realm-management") + # use the data source admin = keycloak.get_role(realm_id="my-realm", client_id=realm_management.id, name="realm-admin") @@ -575,6 +576,7 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, realm_management = keycloak.openid.get_client(realm_id="my-realm", client_id="realm-management") + # use the data source admin = keycloak.get_role(realm_id="my-realm", client_id=realm_management.id, name="realm-admin") diff --git a/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py b/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py index ad8c452e..3860ff88 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_authorization_policy.py @@ -176,8 +176,9 @@ def get_client_authorization_policy(name: Optional[str] = None, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_with_authz = keycloak.openid.Client("clientWithAuthz", + client_with_authz = keycloak.openid.Client("client_with_authz", client_id="client-with-authz", + name="client-with-authz", realm_id=realm.id, access_type="CONFIDENTIAL", service_accounts_enabled=True, @@ -189,6 +190,7 @@ def get_client_authorization_policy(name: Optional[str] = None, name="Default Permission") resource = keycloak.openid.ClientAuthorizationResource("resource", resource_server_id=client_with_authz.resource_server_id, + name="authorization-resource", realm_id=realm.id, uris=["/endpoint/*"], attributes={ @@ -197,6 +199,7 @@ def get_client_authorization_policy(name: Optional[str] = None, permission = keycloak.openid.ClientAuthorizationPermission("permission", resource_server_id=client_with_authz.resource_server_id, realm_id=realm.id, + name="authorization-permission", policies=[default_permission.id], resources=[resource.id]) ``` @@ -250,8 +253,9 @@ def get_client_authorization_policy_output(name: Optional[pulumi.Input[str]] = N realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_with_authz = keycloak.openid.Client("clientWithAuthz", + client_with_authz = keycloak.openid.Client("client_with_authz", client_id="client-with-authz", + name="client-with-authz", realm_id=realm.id, access_type="CONFIDENTIAL", service_accounts_enabled=True, @@ -263,6 +267,7 @@ def get_client_authorization_policy_output(name: Optional[pulumi.Input[str]] = N name="Default Permission") resource = keycloak.openid.ClientAuthorizationResource("resource", resource_server_id=client_with_authz.resource_server_id, + name="authorization-resource", realm_id=realm.id, uris=["/endpoint/*"], attributes={ @@ -271,6 +276,7 @@ def get_client_authorization_policy_output(name: Optional[pulumi.Input[str]] = N permission = keycloak.openid.ClientAuthorizationPermission("permission", resource_server_id=client_with_authz.resource_server_id, realm_id=realm.id, + name="authorization-permission", policies=[default_permission.id], resources=[resource.id]) ``` diff --git a/sdk/python/pulumi_keycloak/openid/get_client_scope.py b/sdk/python/pulumi_keycloak/openid/get_client_scope.py index 74f7c5d0..2f3503a5 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_scope.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_scope.py @@ -114,9 +114,10 @@ def get_client_scope(name: Optional[str] = None, offline_access = keycloak.openid.get_client_scope(realm_id="my-realm", name="offline_access") # use the data source - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=offline_access.realm_id, client_scope_id=offline_access.id, + name="audience-mapper", included_custom_audience="foo") ``` @@ -158,9 +159,10 @@ def get_client_scope_output(name: Optional[pulumi.Input[str]] = None, offline_access = keycloak.openid.get_client_scope(realm_id="my-realm", name="offline_access") # use the data source - audience_mapper = keycloak.openid.AudienceProtocolMapper("audienceMapper", + audience_mapper = keycloak.openid.AudienceProtocolMapper("audience_mapper", realm_id=offline_access.realm_id, client_scope_id=offline_access.id, + name="audience-mapper", included_custom_audience="foo") ``` diff --git a/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py b/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py index 5bf62ba8..b1c9009a 100644 --- a/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py +++ b/sdk/python/pulumi_keycloak/openid/get_client_service_account_user.py @@ -168,13 +168,14 @@ def get_client_service_account_user(client_id: Optional[str] = None, client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", access_type="CONFIDENTIAL", service_accounts_enabled=True) service_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id, client_id=client.id) offline_access = keycloak.get_role_output(realm_id=realm.id, name="offline_access") - service_account_user_roles = keycloak.UserRoles("serviceAccountUserRoles", + service_account_user_roles = keycloak.UserRoles("service_account_user_roles", realm_id=realm.id, user_id=service_account_user.id, role_ids=[offline_access.id]) @@ -231,13 +232,14 @@ def get_client_service_account_user_output(client_id: Optional[pulumi.Input[str] client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", access_type="CONFIDENTIAL", service_accounts_enabled=True) service_account_user = keycloak.openid.get_client_service_account_user_output(realm_id=realm.id, client_id=client.id) offline_access = keycloak.get_role_output(realm_id=realm.id, name="offline_access") - service_account_user_roles = keycloak.UserRoles("serviceAccountUserRoles", + service_account_user_roles = keycloak.UserRoles("service_account_user_roles", realm_id=realm.id, user_id=service_account_user.id, role_ids=[offline_access.id]) diff --git a/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py index 014e8438..06293bef 100644 --- a/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/group_membership_protocol_mapper.py @@ -307,18 +307,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - claim_name="groups", + group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="group-membership-mapper", + claim_name="groups") ``` @@ -330,13 +332,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - claim_name="groups", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="group-membership-mapper", + claim_name="groups") ``` @@ -394,18 +399,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - claim_name="groups", + group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="group-membership-mapper", + claim_name="groups") ``` @@ -417,13 +424,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("groupMembershipMapper", - claim_name="groups", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + group_membership_mapper = keycloak.openid.GroupMembershipProtocolMapper("group_membership_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="group-membership-mapper", + claim_name="groups") ``` diff --git a/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py index f3d3e327..fc5f97ec 100644 --- a/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/hardcoded_claim_protocol_mapper.py @@ -363,19 +363,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - claim_name="foo", - claim_value="bar", + hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="hardcoded-claim-mapper", + claim_name="foo", + claim_value="bar") ``` @@ -387,14 +389,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - claim_name="foo", - claim_value="bar", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="hardcoded-claim-mapper", + claim_name="foo", + claim_value="bar") ``` @@ -457,19 +462,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - claim_name="foo", - claim_value="bar", + hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="hardcoded-claim-mapper", + claim_name="foo", + claim_value="bar") ``` @@ -481,14 +488,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcodedClaimMapper", - claim_name="foo", - claim_value="bar", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + hardcoded_claim_mapper = keycloak.openid.HardcodedClaimProtocolMapper("hardcoded_claim_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="hardcoded-claim-mapper", + claim_name="foo", + claim_value="bar") ``` diff --git a/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py index 9a1b620f..615a80bf 100644 --- a/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/hardcoded_role_protocol_mapper.py @@ -207,18 +207,22 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - role = keycloak.Role("role", realm_id=realm.id) - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + role = keycloak.Role("role", + realm_id=realm.id, + name="my-role") + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - client_id=openid_client.id, + hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", realm_id=realm.id, + client_id=openid_client.id, + name="hardcoded-role-mapper", role_id=role.id) ``` @@ -231,13 +235,18 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - role = keycloak.Role("role", realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + role = keycloak.Role("role", realm_id=realm.id, + name="my-role") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="hardcoded-role-mapper", role_id=role.id) ``` @@ -293,18 +302,22 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - role = keycloak.Role("role", realm_id=realm.id) - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + role = keycloak.Role("role", + realm_id=realm.id, + name="my-role") + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - client_id=openid_client.id, + hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", realm_id=realm.id, + client_id=openid_client.id, + name="hardcoded-role-mapper", role_id=role.id) ``` @@ -317,13 +330,18 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - role = keycloak.Role("role", realm_id=realm.id) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcodedRoleMapper", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + role = keycloak.Role("role", realm_id=realm.id, + name="my-role") + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + hardcoded_role_mapper = keycloak.openid.HardcodedRoleProtocolMapper("hardcoded_role_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="hardcoded-role-mapper", role_id=role.id) ``` diff --git a/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py index c410b42b..e4179755 100644 --- a/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/script_protocol_mapper.py @@ -415,15 +415,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - script_mapper = keycloak.openid.ScriptProtocolMapper("scriptMapper", + script_mapper = keycloak.openid.ScriptProtocolMapper("script_mapper", realm_id=realm.id, client_id=openid_client.id, + name="script-mapper", claim_name="foo", script="exports = 'foo';") ``` @@ -439,10 +441,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - script_mapper = keycloak.openid.ScriptProtocolMapper("scriptMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + script_mapper = keycloak.openid.ScriptProtocolMapper("script_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="script-mapper", claim_name="foo", script="exports = 'foo';") ``` @@ -510,15 +515,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - script_mapper = keycloak.openid.ScriptProtocolMapper("scriptMapper", + script_mapper = keycloak.openid.ScriptProtocolMapper("script_mapper", realm_id=realm.id, client_id=openid_client.id, + name="script-mapper", claim_name="foo", script="exports = 'foo';") ``` @@ -534,10 +541,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - script_mapper = keycloak.openid.ScriptProtocolMapper("scriptMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + script_mapper = keycloak.openid.ScriptProtocolMapper("script_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="script-mapper", claim_name="foo", script="exports = 'foo';") ``` diff --git a/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py index 28204be0..3e9e480b 100644 --- a/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_attribute_protocol_mapper.py @@ -429,19 +429,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - claim_name="bar", - client_id=openid_client.id, + user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", realm_id=realm.id, - user_attribute="foo") + client_id=openid_client.id, + name="test-mapper", + user_attribute="foo", + claim_name="bar") ``` @@ -453,14 +455,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - claim_name="bar", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, - user_attribute="foo") + name="test-client-scope") + user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="test-mapper", + user_attribute="foo", + claim_name="bar") ``` @@ -526,19 +531,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - claim_name="bar", - client_id=openid_client.id, + user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", realm_id=realm.id, - user_attribute="foo") + client_id=openid_client.id, + name="test-mapper", + user_attribute="foo", + claim_name="bar") ``` @@ -550,14 +557,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("userAttributeMapper", - claim_name="bar", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, - user_attribute="foo") + name="test-client-scope") + user_attribute_mapper = keycloak.openid.UserAttributeProtocolMapper("user_attribute_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="test-mapper", + user_attribute="foo", + claim_name="bar") ``` diff --git a/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py index ac30ce63..73ff6da1 100644 --- a/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_client_role_protocol_mapper.py @@ -447,15 +447,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", + user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", realm_id=realm.id, client_id=openid_client.id, + name="user-client-role-mapper", claim_name="foo") ``` @@ -470,10 +472,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="user-client-role-mapper", claim_name="foo") ``` @@ -539,15 +544,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", + user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", realm_id=realm.id, client_id=openid_client.id, + name="user-client-role-mapper", claim_name="foo") ``` @@ -562,10 +569,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("userClientRoleMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + user_client_role_mapper = keycloak.openid.UserClientRoleProtocolMapper("user_client_role_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="user-client-role-mapper", claim_name="foo") ``` diff --git a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py index dcdee9b0..07454463 100644 --- a/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_property_protocol_mapper.py @@ -363,19 +363,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - claim_name="email", - client_id=openid_client.id, + user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", realm_id=realm.id, - user_property="email") + client_id=openid_client.id, + name="test-mapper", + user_property="email", + claim_name="email") ``` @@ -387,14 +389,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - claim_name="email", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, - user_property="email") + name="test-client-scope") + user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="test-mapper", + user_property="email", + claim_name="email") ``` @@ -457,19 +462,21 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - claim_name="email", - client_id=openid_client.id, + user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", realm_id=realm.id, - user_property="email") + client_id=openid_client.id, + name="test-mapper", + user_property="email", + claim_name="email") ``` @@ -481,14 +488,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("userPropertyMapper", - claim_name="email", - client_scope_id=client_scope.id, + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", realm_id=realm.id, - user_property="email") + name="test-client-scope") + user_property_mapper = keycloak.openid.UserPropertyProtocolMapper("user_property_mapper", + realm_id=realm.id, + client_scope_id=client_scope.id, + name="test-mapper", + user_property="email", + claim_name="email") ``` diff --git a/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py index f3206a0b..a8885876 100644 --- a/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_realm_role_protocol_mapper.py @@ -405,18 +405,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - claim_name="foo", + user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="user-realm-role-mapper", + claim_name="foo") ``` @@ -428,13 +430,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - claim_name="foo", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="user-realm-role-mapper", + claim_name="foo") ``` @@ -500,18 +505,20 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - openid_client = keycloak.openid.Client("openidClient", - access_type="CONFIDENTIAL", + realm="my-realm", + enabled=True) + openid_client = keycloak.openid.Client("openid_client", + realm_id=realm.id, client_id="test-client", + name="test client", enabled=True, - realm_id=realm.id, + access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - claim_name="foo", + user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", + realm_id=realm.id, client_id=openid_client.id, - realm_id=realm.id) + name="user-realm-role-mapper", + claim_name="foo") ``` @@ -523,13 +530,16 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("userRealmRoleMapper", - claim_name="foo", + realm="my-realm", + enabled=True) + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="test-client-scope") + user_realm_role_mapper = keycloak.openid.UserRealmRoleProtocolMapper("user_realm_role_mapper", + realm_id=realm.id, client_scope_id=client_scope.id, - realm_id=realm.id) + name="user-realm-role-mapper", + claim_name="foo") ``` diff --git a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py index 09f0fc3e..bf434987 100644 --- a/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/openid/user_session_note_protocol_mapper.py @@ -348,15 +348,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", + user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", realm_id=realm.id, client_id=openid_client.id, + name="user-session-note-mapper", claim_name="foo", claim_value_type="String", session_note="bar") @@ -373,10 +375,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="user-session-note-mapper", claim_name="foo", claim_value_type="String", session_note="bar") @@ -441,15 +446,17 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - openid_client = keycloak.openid.Client("openidClient", + openid_client = keycloak.openid.Client("openid_client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="CONFIDENTIAL", valid_redirect_uris=["http://localhost:8080/openid-callback"]) - user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", + user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", realm_id=realm.id, client_id=openid_client.id, + name="user-session-note-mapper", claim_name="foo", claim_value_type="String", session_note="bar") @@ -466,10 +473,13 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - client_scope = keycloak.openid.ClientScope("clientScope", realm_id=realm.id) - user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("userSessionNoteMapper", + client_scope = keycloak.openid.ClientScope("client_scope", + realm_id=realm.id, + name="client-scope") + user_session_note_mapper = keycloak.openid.UserSessionNoteProtocolMapper("user_session_note_mapper", realm_id=realm.id, client_scope_id=client_scope.id, + name="user-session-note-mapper", claim_name="foo", claim_value_type="String", session_note="bar") diff --git a/sdk/python/pulumi_keycloak/realm_events.py b/sdk/python/pulumi_keycloak/realm_events.py index 1cb9e7fe..b440c294 100644 --- a/sdk/python/pulumi_keycloak/realm_events.py +++ b/sdk/python/pulumi_keycloak/realm_events.py @@ -220,17 +220,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="test") - realm_events = keycloak.RealmEvents("realmEvents", - admin_events_details_enabled=True, + realm_events = keycloak.RealmEvents("realm_events", + realm_id=realm.id, + events_enabled=True, + events_expiration=3600, admin_events_enabled=True, + admin_events_details_enabled=True, enabled_event_types=[ "LOGIN", "LOGOUT", ], - events_enabled=True, - events_expiration=3600, - events_listeners=["jboss-logging"], - realm_id=realm.id) + events_listeners=["jboss-logging"]) ``` @@ -268,17 +268,17 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="test") - realm_events = keycloak.RealmEvents("realmEvents", - admin_events_details_enabled=True, + realm_events = keycloak.RealmEvents("realm_events", + realm_id=realm.id, + events_enabled=True, + events_expiration=3600, admin_events_enabled=True, + admin_events_details_enabled=True, enabled_event_types=[ "LOGIN", "LOGOUT", ], - events_enabled=True, - events_expiration=3600, - events_listeners=["jboss-logging"], - realm_id=realm.id) + events_listeners=["jboss-logging"]) ``` diff --git a/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py index 3847c39b..faa332fb 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_aes_generated.py @@ -243,7 +243,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_aes_generated = keycloak.RealmKeystoreAesGenerated("keystoreAesGenerated", + keystore_aes_generated = keycloak.RealmKeystoreAesGenerated("keystore_aes_generated", + name="my-aes-generated-key", realm_id=realm.id, enabled=True, active=True, @@ -292,7 +293,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_aes_generated = keycloak.RealmKeystoreAesGenerated("keystoreAesGenerated", + keystore_aes_generated = keycloak.RealmKeystoreAesGenerated("keystore_aes_generated", + name="my-aes-generated-key", realm_id=realm.id, enabled=True, active=True, diff --git a/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py index 7ffc14c5..9a77793b 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_ecdsa_generated.py @@ -243,7 +243,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated("keystoreEcdsaGenerated", + keystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated("keystore_ecdsa_generated", + name="my-ecdsa-generated-key", realm_id=realm.id, enabled=True, active=True, @@ -292,7 +293,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated("keystoreEcdsaGenerated", + keystore_ecdsa_generated = keycloak.RealmKeystoreEcdsaGenerated("keystore_ecdsa_generated", + name="my-ecdsa-generated-key", realm_id=realm.id, enabled=True, active=True, diff --git a/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py index ba7cbe44..661166ee 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_hmac_generated.py @@ -276,7 +276,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated("keystoreHmacGenerated", + keystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated("keystore_hmac_generated", + name="my-hmac-generated-key", realm_id=realm.id, enabled=True, active=True, @@ -327,7 +328,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated("keystoreHmacGenerated", + keystore_hmac_generated = keycloak.RealmKeystoreHmacGenerated("keystore_hmac_generated", + name="my-hmac-generated-key", realm_id=realm.id, enabled=True, active=True, diff --git a/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py index ef439d83..38c61a62 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_java_generated.py @@ -371,7 +371,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - java_keystore = keycloak.RealmKeystoreJavaGenerated("javaKeystore", + java_keystore = keycloak.RealmKeystoreJavaGenerated("java_keystore", + name="my-java-keystore", realm_id=realm.id, enabled=True, active=True, @@ -428,7 +429,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - java_keystore = keycloak.RealmKeystoreJavaGenerated("javaKeystore", + java_keystore = keycloak.RealmKeystoreJavaGenerated("java_keystore", + name="my-java-keystore", realm_id=realm.id, enabled=True, active=True, diff --git a/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py b/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py index b12a0669..a52cd5ba 100644 --- a/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py +++ b/sdk/python/pulumi_keycloak/realm_keystore_rsa_generated.py @@ -276,7 +276,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated("keystoreRsaGenerated", + keystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated("keystore_rsa_generated", + name="my-rsa-generated-key", realm_id=realm.id, enabled=True, active=True, @@ -327,7 +328,8 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", realm="my-realm") - keystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated("keystoreRsaGenerated", + keystore_rsa_generated = keycloak.RealmKeystoreRsaGenerated("keystore_rsa_generated", + name="my-rsa-generated-key", realm_id=realm.id, enabled=True, active=True, diff --git a/sdk/python/pulumi_keycloak/realm_user_profile.py b/sdk/python/pulumi_keycloak/realm_user_profile.py index 000092ad..f24a3bd5 100644 --- a/sdk/python/pulumi_keycloak/realm_user_profile.py +++ b/sdk/python/pulumi_keycloak/realm_user_profile.py @@ -159,7 +159,7 @@ def __init__(__self__, "userProfileEnabled": True, }) userprofile = keycloak.RealmUserProfile("userprofile", - realm_id=keycloak_realm["my_realm"]["id"], + realm_id=my_realm["id"], attributes=[ keycloak.RealmUserProfileAttributeArgs( name="field1", @@ -270,7 +270,7 @@ def __init__(__self__, "userProfileEnabled": True, }) userprofile = keycloak.RealmUserProfile("userprofile", - realm_id=keycloak_realm["my_realm"]["id"], + realm_id=my_realm["id"], attributes=[ keycloak.RealmUserProfileAttributeArgs( name="field1", diff --git a/sdk/python/pulumi_keycloak/required_action.py b/sdk/python/pulumi_keycloak/required_action.py index b4007137..d03bb745 100644 --- a/sdk/python/pulumi_keycloak/required_action.py +++ b/sdk/python/pulumi_keycloak/required_action.py @@ -244,10 +244,11 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - required_action = keycloak.RequiredAction("requiredAction", + required_action = keycloak.RequiredAction("required_action", realm_id=realm.realm, alias="webauthn-register", - enabled=True) + enabled=True, + name="Webauthn Register") ``` @@ -293,10 +294,11 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - required_action = keycloak.RequiredAction("requiredAction", + required_action = keycloak.RequiredAction("required_action", realm_id=realm.realm, alias="webauthn-register", - enabled=True) + enabled=True, + name="Webauthn Register") ``` diff --git a/sdk/python/pulumi_keycloak/role.py b/sdk/python/pulumi_keycloak/role.py index a17b4c23..4f8adcd8 100644 --- a/sdk/python/pulumi_keycloak/role.py +++ b/sdk/python/pulumi_keycloak/role.py @@ -198,11 +198,12 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - realm_role = keycloak.Role("realmRole", - description="My Realm Role", - realm_id=realm.id) + realm="my-realm", + enabled=True) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", + description="My Realm Role") ``` @@ -214,17 +215,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", + realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") ``` @@ -236,30 +239,43 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - create_role = keycloak.Role("createRole", realm_id=realm.id) - read_role = keycloak.Role("readRole", realm_id=realm.id) - update_role = keycloak.Role("updateRole", realm_id=realm.id) - delete_role = keycloak.Role("deleteRole", realm_id=realm.id) + realm="my-realm", + enabled=True) + # realm roles + create_role = keycloak.Role("create_role", + realm_id=realm.id, + name="create") + read_role = keycloak.Role("read_role", + realm_id=realm.id, + name="read") + update_role = keycloak.Role("update_role", + realm_id=realm.id, + name="update") + delete_role = keycloak.Role("delete_role", + realm_id=realm.id, + name="delete") + # client role client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) - admin_role = keycloak.Role("adminRole", + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", + realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") + admin_role = keycloak.Role("admin_role", + realm_id=realm.id, + name="admin", composite_roles=[ "{keycloak_role.create_role.id}", "{keycloak_role.read_role.id}", "{keycloak_role.update_role.id}", "{keycloak_role.delete_role.id}", "{keycloak_role.client_role.id}", - ], - realm_id=realm.id) + ]) ``` @@ -310,11 +326,12 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - realm_role = keycloak.Role("realmRole", - description="My Realm Role", - realm_id=realm.id) + realm="my-realm", + enabled=True) + realm_role = keycloak.Role("realm_role", + realm_id=realm.id, + name="my-realm-role", + description="My Realm Role") ``` @@ -326,17 +343,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", + realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") ``` @@ -348,30 +367,43 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - create_role = keycloak.Role("createRole", realm_id=realm.id) - read_role = keycloak.Role("readRole", realm_id=realm.id) - update_role = keycloak.Role("updateRole", realm_id=realm.id) - delete_role = keycloak.Role("deleteRole", realm_id=realm.id) + realm="my-realm", + enabled=True) + # realm roles + create_role = keycloak.Role("create_role", + realm_id=realm.id, + name="create") + read_role = keycloak.Role("read_role", + realm_id=realm.id, + name="read") + update_role = keycloak.Role("update_role", + realm_id=realm.id, + name="update") + delete_role = keycloak.Role("delete_role", + realm_id=realm.id, + name="delete") + # client role client = keycloak.openid.Client("client", - access_type="BEARER-ONLY", + realm_id=realm.id, client_id="client", + name="client", enabled=True, - realm_id=realm.id) - client_role = keycloak.Role("clientRole", - client_id=keycloak_client["client"]["id"], - description="My Client Role", - realm_id=realm.id) - admin_role = keycloak.Role("adminRole", + access_type="BEARER-ONLY") + client_role = keycloak.Role("client_role", + realm_id=realm.id, + client_id=client_keycloak_client["id"], + name="my-client-role", + description="My Client Role") + admin_role = keycloak.Role("admin_role", + realm_id=realm.id, + name="admin", composite_roles=[ "{keycloak_role.create_role.id}", "{keycloak_role.read_role.id}", "{keycloak_role.update_role.id}", "{keycloak_role.delete_role.id}", "{keycloak_role.client_role.id}", - ], - realm_id=realm.id) + ]) ``` diff --git a/sdk/python/pulumi_keycloak/saml/client.py b/sdk/python/pulumi_keycloak/saml/client.py index 034c13ab..f0c7ae68 100644 --- a/sdk/python/pulumi_keycloak/saml/client.py +++ b/sdk/python/pulumi_keycloak/saml/client.py @@ -928,57 +928,6 @@ def __init__(__self__, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. - ### Example Usage - - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", - client_id="test-saml-client", - include_authn_statement=True, - realm_id=realm.id, - sign_assertions=True, - sign_documents=False, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - ``` - - - ### Argument Reference - - The following arguments are supported: - - - `realm_id` - (Required) The realm this client is attached to. - - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. - - `name` - (Optional) The display name of this client in the GUI. - - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - - `description` - (Optional) The description of this client in the GUI. - - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. - - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. - - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. - - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. - - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. - - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. - - `name_id_format` - (Optional) Sets the Name ID format for the subject. - - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. - - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. - - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. - - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. - - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. - - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. - - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). - - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). - - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. - - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. - - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token - ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak @@ -1004,57 +953,6 @@ def __init__(__self__, clients are applications that redirect users to Keycloak for authentication in order to take advantage of Keycloak's user sessions for SSO. - ### Example Usage - - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", - client_id="test-saml-client", - include_authn_statement=True, - realm_id=realm.id, - sign_assertions=True, - sign_documents=False, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - ``` - - - ### Argument Reference - - The following arguments are supported: - - - `realm_id` - (Required) The realm this client is attached to. - - `client_id` - (Required) The unique ID of this client, referenced in the URI during authentication and in issued tokens. - - `name` - (Optional) The display name of this client in the GUI. - - `enabled` - (Optional) When false, this client will not be able to initiate a login or obtain access tokens. Defaults to `true`. - - `description` - (Optional) The description of this client in the GUI. - - `include_authn_statement` - (Optional) When `true`, an `AuthnStatement` will be included in the SAML response. - - `sign_documents` - (Optional) When `true`, the SAML document will be signed by Keycloak using the realm's private key. - - `sign_assertions` - (Optional) When `true`, the SAML assertions will be signed by Keycloak using the realm's private key, and embedded within the SAML XML Auth response. - - `client_signature_required` - (Optional) When `true`, Keycloak will expect that documents originating from a client will be signed using the certificate and/or key configured via `signing_certificate` and `signing_private_key`. - - `force_post_binding` - (Optional) When `true`, Keycloak will always respond to an authentication request via the SAML POST Binding. - - `front_channel_logout` - (Optional) When `true`, this client will require a browser redirect in order to perform a logout. - - `name_id_format` - (Optional) Sets the Name ID format for the subject. - - `root_url` - (Optional) When specified, this value is prepended to all relative URLs. - - `valid_redirect_uris` - (Optional) When specified, Keycloak will use this list to validate given Assertion Consumer URLs specified in the authentication request. - - `base_url` - (Optional) When specified, this URL will be used whenever Keycloak needs to link to this client. - - `master_saml_processing_url` - (Optional) When specified, this URL will be used for all SAML requests. - - `signing_certificate` - (Optional) If documents or assertions from the client are signed, this certificate will be used to verify the signature. - - `signing_private_key` - (Optional) If documents or assertions from the client are signed, this private key will be used to verify the signature. - - `idp_initiated_sso_url_name` - (Optional) URL fragment name to reference client when you want to do IDP Initiated SSO. - - `idp_initiated_sso_relay_state` - (Optional) Relay state you want to send with SAML request when you want to do IDP Initiated SSO. - - `assertion_consumer_post_url` - (Optional) SAML POST Binding URL for the client's assertion consumer service (login responses). - - `assertion_consumer_redirect_url` - (Optional) SAML Redirect Binding URL for the client's assertion consumer service (login responses). - - `logout_service_post_binding_url` - (Optional) SAML POST Binding URL for the client's single logout service. - - `logout_service_redirect_binding_url` - (Optional) SAML Redirect Binding URL for the client's single logout service. - - `full_scope_allowed` - (Optional) - Allow to include all roles mappings in the access token - ### Import Clients can be imported using the format `{{realm_id}}/{{client_keycloak_id}}`, where `client_keycloak_id` is the unique ID that Keycloak diff --git a/sdk/python/pulumi_keycloak/saml/client_default_scope.py b/sdk/python/pulumi_keycloak/saml/client_default_scope.py index f36774c1..474617e1 100644 --- a/sdk/python/pulumi_keycloak/saml/client_default_scope.py +++ b/sdk/python/pulumi_keycloak/saml/client_default_scope.py @@ -132,39 +132,6 @@ def __init__(__self__, """ ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client", - sign_documents=False, - sign_assertions=True, - include_authn_statement=True, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - client_scope = keycloak.saml.ClientScope("clientScope", realm_id=realm.id) - client_default_scopes = keycloak.saml.ClientDefaultScope("clientDefaultScopes", - realm_id=realm.id, - client_id=keycloak_saml_client["client"]["id"], - default_scopes=[ - "role_list", - client_scope.name, - ]) - ``` - - - ## Import - - This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - - on the server. - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] client_id: The ID of the client to attach default scopes to. Note that this is the unique ID of the client generated by Keycloak. @@ -180,39 +147,6 @@ def __init__(__self__, """ ## Example Usage - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="saml-client", - sign_documents=False, - sign_assertions=True, - include_authn_statement=True, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - client_scope = keycloak.saml.ClientScope("clientScope", realm_id=realm.id) - client_default_scopes = keycloak.saml.ClientDefaultScope("clientDefaultScopes", - realm_id=realm.id, - client_id=keycloak_saml_client["client"]["id"], - default_scopes=[ - "role_list", - client_scope.name, - ]) - ``` - - - ## Import - - This resource does not support import. Instead of importing, feel free to create this resource as if it did not already exist - - on the server. - :param str resource_name: The name of the resource. :param ClientDefaultScopeArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_keycloak/saml/client_scope.py b/sdk/python/pulumi_keycloak/saml/client_scope.py index ae89f2c6..63eb6533 100644 --- a/sdk/python/pulumi_keycloak/saml/client_scope.py +++ b/sdk/python/pulumi_keycloak/saml/client_scope.py @@ -212,8 +212,9 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client_scope = keycloak.saml.ClientScope("samlClientScope", + saml_client_scope = keycloak.saml.ClientScope("saml_client_scope", realm_id=realm.id, + name="groups", description="This scope will map a user's group memberships to SAML assertion", gui_order=1) ``` @@ -262,8 +263,9 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client_scope = keycloak.saml.ClientScope("samlClientScope", + saml_client_scope = keycloak.saml.ClientScope("saml_client_scope", realm_id=realm.id, + name="groups", description="This scope will map a user's group memberships to SAML assertion", gui_order=1) ``` diff --git a/sdk/python/pulumi_keycloak/saml/get_client.py b/sdk/python/pulumi_keycloak/saml/get_client.py index cc184794..0ff1e42d 100644 --- a/sdk/python/pulumi_keycloak/saml/get_client.py +++ b/sdk/python/pulumi_keycloak/saml/get_client.py @@ -402,6 +402,7 @@ def get_client(client_id: Optional[str] = None, realm_management = keycloak.saml.get_client(realm_id="my-realm", client_id="realm-management") + # use the data source admin = keycloak.get_role(realm_id="my-realm", client_id=realm_management.id, name="realm-admin") @@ -476,6 +477,7 @@ def get_client_output(client_id: Optional[pulumi.Input[str]] = None, realm_management = keycloak.saml.get_client(realm_id="my-realm", client_id="realm-management") + # use the data source admin = keycloak.get_role(realm_id="my-realm", client_id=realm_management.id, name="realm-admin") diff --git a/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py b/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py index 1df00bb6..ce2375aa 100644 --- a/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py +++ b/sdk/python/pulumi_keycloak/saml/get_client_installation_provider.py @@ -90,34 +90,6 @@ def get_client_installation_provider(client_id: Optional[str] = None, """ This data source can be used to retrieve Installation Provider of a SAML Client. - ## Example Usage - - In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - - - ```python - import pulumi - import pulumi_aws as aws - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="test-saml-client", - sign_documents=False, - sign_assertions=True, - include_authn_statement=True, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id, - client_id=saml_client.id, - provider_id="saml-idp-descriptor") - default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value) - ``` - - :param str client_id: The ID of the SAML client. The `id` attribute of a `keycloak_client` resource should be used here. :param str provider_id: The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc. @@ -146,34 +118,6 @@ def get_client_installation_provider_output(client_id: Optional[pulumi.Input[str """ This data source can be used to retrieve Installation Provider of a SAML Client. - ## Example Usage - - In the example below, we extract the SAML metadata IDPSSODescriptor to pass it to the AWS IAM SAML Provider. - - - ```python - import pulumi - import pulumi_aws as aws - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - saml_client = keycloak.saml.Client("samlClient", - realm_id=realm.id, - client_id="test-saml-client", - sign_documents=False, - sign_assertions=True, - include_authn_statement=True, - signing_certificate=(lambda path: open(path).read())("saml-cert.pem"), - signing_private_key=(lambda path: open(path).read())("saml-key.pem")) - saml_idp_descriptor = keycloak.saml.get_client_installation_provider_output(realm_id=realm.id, - client_id=saml_client.id, - provider_id="saml-idp-descriptor") - default = aws.iam.SamlProvider("default", saml_metadata_document=saml_idp_descriptor.value) - ``` - - :param str client_id: The ID of the SAML client. The `id` attribute of a `keycloak_client` resource should be used here. :param str provider_id: The ID of the SAML installation provider. Could be one of `saml-idp-descriptor`, `keycloak-saml`, `saml-sp-descriptor`, `keycloak-saml-subsystem`, `mod-auth-mellon`, etc. diff --git a/sdk/python/pulumi_keycloak/saml/identity_provider.py b/sdk/python/pulumi_keycloak/saml/identity_provider.py index 4a492bac..7ea3e6a7 100644 --- a/sdk/python/pulumi_keycloak/saml/identity_provider.py +++ b/sdk/python/pulumi_keycloak/saml/identity_provider.py @@ -1292,18 +1292,18 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - realm_identity_provider = keycloak.saml.IdentityProvider("realmIdentityProvider", + realm_identity_provider = keycloak.saml.IdentityProvider("realm_identity_provider", + realm="my-realm", alias="my-idp", + single_sign_on_service_url="https://domain.com/adfs/ls/", + single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", backchannel_supported=True, - force_authn=True, - post_binding_authn_request=True, - post_binding_logout=True, post_binding_response=True, - realm="my-realm", - single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", - single_sign_on_service_url="https://domain.com/adfs/ls/", + post_binding_logout=True, + post_binding_authn_request=True, store_token=False, - trust_email=True) + trust_email=True, + force_authn=True) ``` @@ -1411,18 +1411,18 @@ def __init__(__self__, import pulumi import pulumi_keycloak as keycloak - realm_identity_provider = keycloak.saml.IdentityProvider("realmIdentityProvider", + realm_identity_provider = keycloak.saml.IdentityProvider("realm_identity_provider", + realm="my-realm", alias="my-idp", + single_sign_on_service_url="https://domain.com/adfs/ls/", + single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", backchannel_supported=True, - force_authn=True, - post_binding_authn_request=True, - post_binding_logout=True, post_binding_response=True, - realm="my-realm", - single_logout_service_url="https://domain.com/adfs/ls/?wa=wsignout1.0", - single_sign_on_service_url="https://domain.com/adfs/ls/", + post_binding_logout=True, + post_binding_authn_request=True, store_token=False, - trust_email=True) + trust_email=True, + force_authn=True) ``` diff --git a/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py index ff5e9d2b..d8e94623 100644 --- a/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/script_protocol_mapper.py @@ -344,12 +344,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client = keycloak.saml.Client("samlClient", + saml_client = keycloak.saml.Client("saml_client", realm_id=realm.id, - client_id="saml-client") - saml_script_mapper = keycloak.saml.ScriptProtocolMapper("samlScriptMapper", + client_id="saml-client", + name="saml-client") + saml_script_mapper = keycloak.saml.ScriptProtocolMapper("saml_script_mapper", realm_id=realm.id, client_id=saml_client.id, + name="script-mapper", script="exports = 'foo';", saml_attribute_name="displayName", saml_attribute_name_format="Unspecified") @@ -412,12 +414,14 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - saml_client = keycloak.saml.Client("samlClient", + saml_client = keycloak.saml.Client("saml_client", realm_id=realm.id, - client_id="saml-client") - saml_script_mapper = keycloak.saml.ScriptProtocolMapper("samlScriptMapper", + client_id="saml-client", + name="saml-client") + saml_script_mapper = keycloak.saml.ScriptProtocolMapper("saml_script_mapper", realm_id=realm.id, client_id=saml_client.id, + name="script-mapper", script="exports = 'foo';", saml_attribute_name="displayName", saml_attribute_name_format="Unspecified") diff --git a/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py index 7246b3fa..78c5b6aa 100644 --- a/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/user_attribute_protocol_mapper.py @@ -248,17 +248,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=test["id"], client_id="test-saml-client", - realm_id=keycloak_realm["test"]["id"]) - saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", + name="test-saml-client") + saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("saml_user_attribute_mapper", + realm_id=test["id"], client_id=saml_client.id, - realm_id=keycloak_realm["test"]["id"], + name="displayname-user-attribute-mapper", + user_attribute="displayName", saml_attribute_name="displayName", - saml_attribute_name_format="Unspecified", - user_attribute="displayName") + saml_attribute_name_format="Unspecified") ``` @@ -311,17 +313,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=test["id"], client_id="test-saml-client", - realm_id=keycloak_realm["test"]["id"]) - saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("samlUserAttributeMapper", + name="test-saml-client") + saml_user_attribute_mapper = keycloak.saml.UserAttributeProtocolMapper("saml_user_attribute_mapper", + realm_id=test["id"], client_id=saml_client.id, - realm_id=keycloak_realm["test"]["id"], + name="displayname-user-attribute-mapper", + user_attribute="displayName", saml_attribute_name="displayName", - saml_attribute_name_format="Unspecified", - user_attribute="displayName") + saml_attribute_name_format="Unspecified") ``` diff --git a/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py b/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py index d1943ca5..29e35ba0 100644 --- a/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py +++ b/sdk/python/pulumi_keycloak/saml/user_property_protocol_mapper.py @@ -248,17 +248,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=test["id"], client_id="test-saml-client", - realm_id=keycloak_realm["test"]["id"]) - saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", + name="test-saml-client") + saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("saml_user_property_mapper", + realm_id=test["id"], client_id=saml_client.id, - realm_id=keycloak_realm["test"]["id"], + name="email-user-property-mapper", + user_property="email", saml_attribute_name="email", - saml_attribute_name_format="Unspecified", - user_property="email") + saml_attribute_name_format="Unspecified") ``` @@ -311,17 +313,19 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") - saml_client = keycloak.saml.Client("samlClient", + realm="my-realm", + enabled=True) + saml_client = keycloak.saml.Client("saml_client", + realm_id=test["id"], client_id="test-saml-client", - realm_id=keycloak_realm["test"]["id"]) - saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("samlUserPropertyMapper", + name="test-saml-client") + saml_user_property_mapper = keycloak.saml.UserPropertyProtocolMapper("saml_user_property_mapper", + realm_id=test["id"], client_id=saml_client.id, - realm_id=keycloak_realm["test"]["id"], + name="email-user-property-mapper", + user_property="email", saml_attribute_name="email", - saml_attribute_name_format="Unspecified", - user_property="email") + saml_attribute_name_format="Unspecified") ``` diff --git a/sdk/python/pulumi_keycloak/user.py b/sdk/python/pulumi_keycloak/user.py index 888c3d17..1a8ea6b7 100644 --- a/sdk/python/pulumi_keycloak/user.py +++ b/sdk/python/pulumi_keycloak/user.py @@ -325,26 +325,26 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) user = keycloak.User("user", - email="bob@domain.com", + realm_id=realm.id, + username="bob", enabled=True, + email="bob@domain.com", first_name="Bob", - last_name="Bobson", + last_name="Bobson") + user_with_initial_password = keycloak.User("user_with_initial_password", realm_id=realm.id, - username="bob") - user_with_initial_password = keycloak.User("userWithInitialPassword", - email="alice@domain.com", + username="alice", enabled=True, + email="alice@domain.com", first_name="Alice", + last_name="Aliceberg", initial_password=keycloak.UserInitialPasswordArgs( - temporary=True, value="some password", - ), - last_name="Aliceberg", - realm_id=realm.id, - username="alice") + temporary=True, + )) ``` @@ -396,26 +396,26 @@ def __init__(__self__, import pulumi_keycloak as keycloak realm = keycloak.Realm("realm", - enabled=True, - realm="my-realm") + realm="my-realm", + enabled=True) user = keycloak.User("user", - email="bob@domain.com", + realm_id=realm.id, + username="bob", enabled=True, + email="bob@domain.com", first_name="Bob", - last_name="Bobson", + last_name="Bobson") + user_with_initial_password = keycloak.User("user_with_initial_password", realm_id=realm.id, - username="bob") - user_with_initial_password = keycloak.User("userWithInitialPassword", - email="alice@domain.com", + username="alice", enabled=True, + email="alice@domain.com", first_name="Alice", + last_name="Aliceberg", initial_password=keycloak.UserInitialPasswordArgs( - temporary=True, value="some password", - ), - last_name="Aliceberg", - realm_id=realm.id, - username="alice") + temporary=True, + )) ``` diff --git a/sdk/python/pulumi_keycloak/user_groups.py b/sdk/python/pulumi_keycloak/user_groups.py index 5344dbbc..d086c60e 100644 --- a/sdk/python/pulumi_keycloak/user_groups.py +++ b/sdk/python/pulumi_keycloak/user_groups.py @@ -179,50 +179,19 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - group = keycloak.Group("group", realm_id=realm.id) - user = keycloak.User("user", - realm_id=realm.id, - username="my-user") - user_groups = keycloak.UserGroups("userGroups", + group = keycloak.Group("group", realm_id=realm.id, - user_id=user.id, - group_ids=[group.id]) - ``` - - - ### Non Exhaustive Groups) - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - group_foo = keycloak.Group("groupFoo", realm_id=realm.id) - group_bar = keycloak.Group("groupBar", realm_id=realm.id) + name="foo") user = keycloak.User("user", realm_id=realm.id, username="my-user") - user_groups_association1_user_groups = keycloak.UserGroups("userGroupsAssociation1UserGroups", + user_groups = keycloak.UserGroups("user_groups", realm_id=realm.id, user_id=user.id, - exhaustive=False, - group_ids=[group_foo.id]) - user_groups_association1_index_user_groups_user_groups = keycloak.UserGroups("userGroupsAssociation1Index/userGroupsUserGroups", - realm_id=realm.id, - user_id=user.id, - exhaustive=False, - group_ids=[group_bar.id]) + group_ids=[group.id]) ``` - ## Import - - This resource does not support import. Instead of importing, feel free to create this resource - - as if it did not already exist on the server. - :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[bool] exhaustive: Indicates if the list of the user's groups is exhaustive. In this case, groups that are manually added to the user will be removed. Defaults to `true`. @@ -253,50 +222,19 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - group = keycloak.Group("group", realm_id=realm.id) - user = keycloak.User("user", - realm_id=realm.id, - username="my-user") - user_groups = keycloak.UserGroups("userGroups", + group = keycloak.Group("group", realm_id=realm.id, - user_id=user.id, - group_ids=[group.id]) - ``` - - - ### Non Exhaustive Groups) - - ```python - import pulumi - import pulumi_keycloak as keycloak - - realm = keycloak.Realm("realm", - realm="my-realm", - enabled=True) - group_foo = keycloak.Group("groupFoo", realm_id=realm.id) - group_bar = keycloak.Group("groupBar", realm_id=realm.id) + name="foo") user = keycloak.User("user", realm_id=realm.id, username="my-user") - user_groups_association1_user_groups = keycloak.UserGroups("userGroupsAssociation1UserGroups", + user_groups = keycloak.UserGroups("user_groups", realm_id=realm.id, user_id=user.id, - exhaustive=False, - group_ids=[group_foo.id]) - user_groups_association1_index_user_groups_user_groups = keycloak.UserGroups("userGroupsAssociation1Index/userGroupsUserGroups", - realm_id=realm.id, - user_id=user.id, - exhaustive=False, - group_ids=[group_bar.id]) + group_ids=[group.id]) ``` - ## Import - - This resource does not support import. Instead of importing, feel free to create this resource - - as if it did not already exist on the server. - :param str resource_name: The name of the resource. :param UserGroupsArgs args: The arguments to use to populate this resource's properties. :param pulumi.ResourceOptions opts: Options for the resource. diff --git a/sdk/python/pulumi_keycloak/user_roles.py b/sdk/python/pulumi_keycloak/user_roles.py index 860dc789..11352f23 100644 --- a/sdk/python/pulumi_keycloak/user_roles.py +++ b/sdk/python/pulumi_keycloak/user_roles.py @@ -184,17 +184,20 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, - client_id=keycloak_client["client"]["id"], + client_id=client_keycloak_client["id"], + name="my-client-role", description="My Client Role") user = keycloak.User("user", realm_id=realm.id, @@ -203,7 +206,7 @@ def __init__(__self__, email="bob@domain.com", first_name="Bob", last_name="Bobson") - user_roles = keycloak.UserRoles("userRoles", + user_roles = keycloak.UserRoles("user_roles", realm_id=realm.id, user_id=user.id, role_ids=[ @@ -262,17 +265,20 @@ def __init__(__self__, realm = keycloak.Realm("realm", realm="my-realm", enabled=True) - realm_role = keycloak.Role("realmRole", + realm_role = keycloak.Role("realm_role", realm_id=realm.id, + name="my-realm-role", description="My Realm Role") client = keycloak.openid.Client("client", realm_id=realm.id, client_id="client", + name="client", enabled=True, access_type="BEARER-ONLY") - client_role = keycloak.Role("clientRole", + client_role = keycloak.Role("client_role", realm_id=realm.id, - client_id=keycloak_client["client"]["id"], + client_id=client_keycloak_client["id"], + name="my-client-role", description="My Client Role") user = keycloak.User("user", realm_id=realm.id, @@ -281,7 +287,7 @@ def __init__(__self__, email="bob@domain.com", first_name="Bob", last_name="Bobson") - user_roles = keycloak.UserRoles("userRoles", + user_roles = keycloak.UserRoles("user_roles", realm_id=realm.id, user_id=user.id, role_ids=[ diff --git a/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py b/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py index 899385cc..1a477b48 100644 --- a/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py +++ b/sdk/python/pulumi_keycloak/user_template_importer_identity_provider_mapper.py @@ -223,8 +223,9 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - username_importer = keycloak.UserTemplateImporterIdentityProviderMapper("usernameImporter", + username_importer = keycloak.UserTemplateImporterIdentityProviderMapper("username_importer", realm=realm.id, + name="username-template-importer", identity_provider_alias=oidc.alias, template="${ALIAS}.${CLAIM.email}", extra_config={ @@ -288,8 +289,9 @@ def __init__(__self__, client_id="example_id", client_secret="example_token", default_scopes="openid random profile") - username_importer = keycloak.UserTemplateImporterIdentityProviderMapper("usernameImporter", + username_importer = keycloak.UserTemplateImporterIdentityProviderMapper("username_importer", realm=realm.id, + name="username-template-importer", identity_provider_alias=oidc.alias, template="${ALIAS}.${CLAIM.email}", extra_config={